Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 20 Jan 2010 07:03:09 -0800
From: Greg KH <greg@...ah.com>
To: oss-security@...ts.openwall.com
Cc: Josh Bressers <bressers@...hat.com>,
	"Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE request - kernel: untangle the do_mremap()
	mess

On Wed, Jan 20, 2010 at 12:41:04AM -0500, Steven M. Christey wrote:
>
> On Wed, 20 Jan 2010, Eugene Teo wrote:
>
>> Anyway, Al summarised the mess here:
>> http://marc.info/?l=linux-arch&m=126004438008670&w=2
>>
>> And the pile of upstream commits were meant to address the problems 
>> described AFAIK. It will probably make more sense to associate all these 
>> related commits to just one CVE name.
>
> I defer to Josh on this, but in a series of patches that is referred to as 
> "mremap/mmap mess" in some linux-kernel subject lines, for which a 
> specialist like Eugene is not entirely certain about, in which some of the 
> patches are assembly-level changes for individual architectures, and where 
> few of the patch diffs make it clear what the underlying problem was - we 
> could collectively spend a week of labor trying to figure everything out 
> from a purist CVE perspective, or anchor on a single series of commits that 
> are hopefully attached to a single kernel RC or minor version release.  I 
> suspect the latter would be more helpful to the general CVE consumer 
> community, so my recommendation is for a single CVE, assuming that all of 
> these patches make it into a single kernel update.

They are all in the 2.6.32.4 release.

thanks,

greg k-h

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.