oss-sec mailing list archives
Re: CVE Request: alsa: kernel information leak vulnerability in Linux sound/core/timer
From: Kangjie Lu <kangjielu () gmail com>
Date: Wed, 11 May 2016 11:41:41 -0400
On Wed, May 11, 2016 at 10:34 AM, Takashi Iwai <tiwai () suse de> wrote:
On Wed, 11 May 2016 16:26:55 +0200, cve-assign () mitre org wrote:https://git.kernel.org/cgit/linux/kernel/git/tiwai/sound.git/commit/?h=for-next&id=cec8f96e49d9be372fdb0c3836dcf31ec71e457eALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMShttps://git.kernel.org/cgit/linux/kernel/git/tiwai/sound.git/commit/?h=for-next&id=9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6ALSA: timer: Fix leak in events via snd_timer_user_ccallbackhttps://git.kernel.org/cgit/linux/kernel/git/tiwai/sound.git/commit/?h=for-next&id=e4ec8cc8039a7063e24204299b462bd1383184a5ALSA: timer: Fix leak in events via snd_timer_user_tinterruptMaybe we can foldThat is not what we are going to do. Because the meaning of CVE-2016-4569 was already established to be the http://comments.gmane.org/gmane.linux.kernel/2214250 issue with the "tread" object, which is only cec8f96e49d9be372fdb0c3836dcf31ec71e457e, we are keeping that ID assignment the same. Use CVE-2016-4578 for both 9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6 and e4ec8cc8039a7063e24204299b462bd1383184a5.Fair enough. (And, at the next time, please put the maintainer into Cc from the beginning. This would have saved lots of time in both sides.)
Thank you all! Sure, will do that next time. Kangjie
thanks, Takashi
Current thread:
- CVE Request: alsa: kernel information leak vulnerability in Linux sound/core/timer Kangjie Lu (May 10)
- Re: CVE Request: alsa: kernel information leak vulnerability in Linux sound/core/timer Takashi Iwai (May 11)
- Re: CVE Request: alsa: kernel information leak vulnerability in Linux sound/core/timer cve-assign (May 11)
- Re: CVE Request: alsa: kernel information leak vulnerability in Linux sound/core/timer Takashi Iwai (May 11)
- Re: CVE Request: alsa: kernel information leak vulnerability in Linux sound/core/timer cve-assign (May 11)
- <Possible follow-ups>
- Re: CVE Request: alsa: kernel information leak vulnerability in Linux sound/core/timer Kangjie Lu (May 11)
- Re: CVE Request: alsa: kernel information leak vulnerability in Linux sound/core/timer Takashi Iwai (May 11)