Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 20 Jan 2010 11:19:59 -0500 (EST)
From: Josh Bressers <bressers@...hat.com>
To: "Steven M. Christey" <coley@...us.mitre.org>
Cc: oss-security@...ts.openwall.com
Subject: Re: CVE request - kernel: untangle the do_mremap()
 mess

----- "Steven M. Christey" <coley@...us.mitre.org> wrote:
> On Wed, 20 Jan 2010, Eugene Teo wrote:
> 
> > Anyway, Al summarised the mess here:
> > http://marc.info/?l=linux-arch&m=126004438008670&w=2
> >
> > And the pile of upstream commits were meant to address the problems
> > described AFAIK. It will probably make more sense to associate all
> > these related commits to just one CVE name.
> 
> I defer to Josh on this, but in a series of patches that is referred to
> as "mremap/mmap mess" in some linux-kernel subject lines, for which a
> specialist like Eugene is not entirely certain about, in which some of
> the patches are assembly-level changes for individual architectures, and
> where few of the patch diffs make it clear what the underlying problem
> was - we could collectively spend a week of labor trying to figure
> everything out from a purist CVE perspective, or anchor on a single
> series of commits that are hopefully attached to a single kernel RC or
> minor version release.  I suspect the latter would be more helpful to the
> general CVE consumer community, so my recommendation is for a single CVE,
> assuming that all of these patches make it into a single kernel update.
> 

Let's use CVE-2010-0291 for this one.

Thanks.

-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.