oss-sec mailing list archives
Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow)
From: Greg KH <greg () kroah com>
Date: Mon, 4 Mar 2013 10:12:53 +0800
On Mon, Mar 04, 2013 at 05:44:38AM +0400, Solar Designer wrote:
In my opinion, it'd be best if Linus, Greg, et al. would reconsider their approach.
Reconsider just what specifically? You bring up a bunch of issues that the distros need to consider, what can the Linux kernel security team do differently? We were asked to notify the linux-distro list, and now we will be doing that. Should we not and just go back to how things were before?
Overall, I think we should bite the bullet and accept sko's notifications to linux-distros, with a grace period of up to 7 days. Whenever a distro is ready to release an update, they should be able to insist on doing so within another 1 day, even if the initially planned grace period would expire later. Would sko be OK with this? Greg?
Again, I don't think anyone that is part of security () kernel org minds about having the issues publicized, after linux-distro has their time to get things fixed and to their users. If the linux-distro people care about that, that does not seem to be a security () kernel org group issue, right? totally confused, greg k-h
Current thread:
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow, (continued)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Petr Matousek (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Petr Matousek (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Eugene Teo (Feb 28)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Petr Matousek (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
- handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Solar Designer (Mar 03)
- Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Greg KH (Mar 03)
- Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Solar Designer (Mar 03)
- Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Greg KH (Mar 03)
- Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Michael Gilbert (Mar 03)
- Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Greg KH (Mar 03)
- Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Eric Lacombe (Mar 04)
- Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Greg KH (Mar 04)
- Re: handling of Linux kernel vulnerabilities Kurt Seifried (Mar 04)
- Re: handling of Linux kernel vulnerabilities Solar Designer (Mar 04)
- Re: handling of Linux kernel vulnerabilities Noel Butler (Mar 05)
- Re: handling of Linux kernel vulnerabilities Solar Designer (Mar 05)