Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 29 Apr 2009 16:27:09 +0800
From: Eugene Teo <eugene@...hat.com>
To: oss-security@...ts.openwall.com
CC: Steven French <sfrench@...ibm.com>, security@...nel.org,
        jlayton@...hat.com
Subject: Re: CVE request? buffer overflow in CIFS in 2.6.*

Hi Dann,

> Also, I now notice that CVE-2009-1439 was assigned for
> the nativeFileSystem fixes, so looks like the status is:
> 
> CVE-2009-1439:
>  http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.29.y.git;a=commitdiff;h=15bd8021d870d2c4fbf8c16578d72d03cfddd3a7
>  http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commitdiff;h=f083def68f84b04fe3f97312498911afce79609e

b363b3304bcf68c4541683b2eff70b29f0446a5b
f083def68f84b04fe3f97312498911afce79609e (fix for b363b330)
22c9d52bc03b880045ab1081890a38f11b272ae7 (remove unneeded pointer)

> CVE-2009-NOT-YET-ASSIGNED:
>  http://git.kernel.org/linus/27b87fe52baba0a55e9723030e76fce94fabcea4
>  http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commit;h=7b0c8fcff47a885743125dd843db64af41af5a61
>  http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commit;h=968460ebd8006d55661dec0fb86712b40d71c413
>  + some others in progress

Yes.

> Does that look accurate?

Yes, that's my understanding as well.

Thanks, Eugene
-- 
Eugene Teo / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ