Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/07/2013 02:19 AM, Solar Designer wrote:
> Kurt -
>
> On Thu, Mar 07, 2013 at 02:13:37AM -0700, Kurt Seifried wrote:
> > Bundling the following into a single CVE:
> [...]
> > Please use CVE-2012-6138 for these issues.
>
> I think this is wrong.  I would understand if those issues were all
> in the same subsystem at least (or if you assigned per-subsystem
> CVE IDs for these), but this is not the case.  Many distros will
> fix some, but not the others, or not all at the same time.  There's
> room for a little bit of bundling here, but not that much.
>
> Alexander

This raises a valid point, Steve what do we consider to be "same
codebase"? Linux Kernel? Various subsystems? In general I have applied
it at the project level typically (e.g. samba contains a server, a
client and utilities but I consider it to be one code base).


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJROF48AAoJEBYNRVNeJnmTE4kQAIrsT+xItxI8awk2BvSOtumW
ZrgPVuOFw+zXEnRuAgTA/nvacjixcuL4KajWtEUFmZu8rffPS76CcFRRdd0xapi2
TZwhZmlkszF5kMT1U12YN1K7m0u15tQ7Kw+iNmUtZ4b9Ghyq9Fonlp6Czsb73nVS
pg4Y7a44JBsgIssTcQGbeGLzRH4/e7rrAYwx/3K0Gq1KvWFlKsTO/fX8npjzu809
YSVfWxPpANcDx3NV9jbDilPReFEcqoOwOdf8zEjlMuCc9kVx8aopFeNAfkLY+mys
R0xnJ7rR0X07ve4SL9om4i6YYMygBb/jmDku9Wx78Ba+Cc7kSdhl5s3JobfwW+56
o78PN4Bd6o3+UJOubpUBrRbrWzncTnG1HPSaVfkazUNO4OvHgh/uZK8y+dpXDyct
wm6tj3bajyob+tAD4pIqV7/Vx9MY+Tw0NEaLZdHiOvMavD82P1hl0YJIXinqtBtK
+mpYuxK1hw6PMbPvgg/b39GoFPu3nSRxLosdPbABHUV/iyN5dRD/6TBXe8UMPkF8
XpO1hv+22T/Jd+e4HBJ7KZXVgpgsct0Pz+zPfeflyMsKDa9vbRRjOJdl0nPv/Vdr
dhe8bG4h7DAo1mArll8pNC/NFnw0zC4T4iZHrPfsDUbnENxBhyNASCfZACdn00zM
MIcPRnp0+wAQ/ANPNzET
=C+ij
-----END PGP SIGNATURE-----