Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 29 Apr 2009 16:27:09 +0800
From: Eugene Teo <eugene@...hat.com>
To: oss-security@...ts.openwall.com
CC: Steven French <sfrench@...ibm.com>, security@...nel.org,
        jlayton@...hat.com
Subject: Re: CVE request? buffer overflow in CIFS in 2.6.*

Hi Dann,

> Also, I now notice that CVE-2009-1439 was assigned for
> the nativeFileSystem fixes, so looks like the status is:
> 
> CVE-2009-1439:
>  http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.29.y.git;a=commitdiff;h=15bd8021d870d2c4fbf8c16578d72d03cfddd3a7
>  http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commitdiff;h=f083def68f84b04fe3f97312498911afce79609e

b363b3304bcf68c4541683b2eff70b29f0446a5b
f083def68f84b04fe3f97312498911afce79609e (fix for b363b330)
22c9d52bc03b880045ab1081890a38f11b272ae7 (remove unneeded pointer)

> CVE-2009-NOT-YET-ASSIGNED:
>  http://git.kernel.org/linus/27b87fe52baba0a55e9723030e76fce94fabcea4
>  http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commit;h=7b0c8fcff47a885743125dd843db64af41af5a61
>  http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commit;h=968460ebd8006d55661dec0fb86712b40d71c413
>  + some others in progress

Yes.

> Does that look accurate?

Yes, that's my understanding as well.

Thanks, Eugene
-- 
Eugene Teo / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.