oss-sec mailing list archives
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs
From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 07 Mar 2013 02:30:36 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/07/2013 02:19 AM, Solar Designer wrote:
Kurt - On Thu, Mar 07, 2013 at 02:13:37AM -0700, Kurt Seifried wrote:Bundling the following into a single CVE:[...]Please use CVE-2012-6138 for these issues.I think this is wrong. I would understand if those issues were all in the same subsystem at least (or if you assigned per-subsystem CVE IDs for these), but this is not the case. Many distros will fix some, but not the others, or not all at the same time. There's room for a little bit of bundling here, but not that much. Alexander
This raises a valid point, Steve what do we consider to be "same codebase"? Linux Kernel? Various subsystems? In general I have applied it at the project level typically (e.g. samba contains a server, a client and utilities but I consider it to be one code base). - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJROF48AAoJEBYNRVNeJnmTE4kQAIrsT+xItxI8awk2BvSOtumW ZrgPVuOFw+zXEnRuAgTA/nvacjixcuL4KajWtEUFmZu8rffPS76CcFRRdd0xapi2 TZwhZmlkszF5kMT1U12YN1K7m0u15tQ7Kw+iNmUtZ4b9Ghyq9Fonlp6Czsb73nVS pg4Y7a44JBsgIssTcQGbeGLzRH4/e7rrAYwx/3K0Gq1KvWFlKsTO/fX8npjzu809 YSVfWxPpANcDx3NV9jbDilPReFEcqoOwOdf8zEjlMuCc9kVx8aopFeNAfkLY+mys R0xnJ7rR0X07ve4SL9om4i6YYMygBb/jmDku9Wx78Ba+Cc7kSdhl5s3JobfwW+56 o78PN4Bd6o3+UJOubpUBrRbrWzncTnG1HPSaVfkazUNO4OvHgh/uZK8y+dpXDyct wm6tj3bajyob+tAD4pIqV7/Vx9MY+Tw0NEaLZdHiOvMavD82P1hl0YJIXinqtBtK +mpYuxK1hw6PMbPvgg/b39GoFPu3nSRxLosdPbABHUV/iyN5dRD/6TBXe8UMPkF8 XpO1hv+22T/Jd+e4HBJ7KZXVgpgsct0Pz+zPfeflyMsKDa9vbRRjOJdl0nPv/Vdr dhe8bG4h7DAo1mArll8pNC/NFnw0zC4T4iZHrPfsDUbnENxBhyNASCfZACdn00zM MIcPRnp0+wAQ/ANPNzET =C+ij -----END PGP SIGNATURE-----
Current thread:
- CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Mathias Krause (Mar 05)
- Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Kurt Seifried (Mar 06)
- Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Mathias Krause (Mar 06)
- Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Kurt Seifried (Mar 07)
- Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Solar Designer (Mar 07)
- Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Kurt Seifried (Mar 07)
- RE: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Christey, Steven M. (Mar 07)
- Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Solar Designer (Mar 07)
- Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Petr Matousek (Mar 07)
- Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Kurt Seifried (Mar 07)
- Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Thomas Biege (Mar 08)
- Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Solar Designer (Mar 07)
- Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Kurt Seifried (Mar 06)