Date: Thu, 31 Dec 2009 14:37:22 -0500 (EST) From: "Steven M. Christey" <coley@...us.mitre.org> To: Eugene Teo <eugene@...hat.com> cc: oss-security@...ts.openwall.com, "Steven M. Christey" <coley@...us.mitre.org> Subject: Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389 >>> Issue #1 >>> Fabian claimed that CVE-2009-1385 has an incorrect fix: >>> http://git.kernel.org/linus/ea30e11970a96cfe5e32c03a29332554573b4a10. >> [...] Use CVE-2009-4536 >>> Issue #2 >>> The fix for CVE-2009-1389 regarding the r8169 driver introduces a >>> similar security problem as this: >>> http://git.kernel.org/linus/fdd7b4c3302c93f6833e338903ea77245eb510b4 is >>> a revert of this: >>> http://git.kernel.org/linus/126fa4b9ca5d9d7cb7d46f779ad3bd3631ca387c. >> >> Patches update can be found here: >> https://bugzilla.redhat.com/show_bug.cgi?id=550907#c4 Use CVE-2009-4537 > Issue #3 > I noticed that the e1000e driver also needs a similar fix as issue #1. > https://bugzilla.redhat.com/show_bug.cgi?id=551214 Use CVE-2009-4538 - Steve
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ