Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 7 Jul 2010 12:44:34 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re: kernel: hvc_console: Fix race between hvc_close
 and hvc_remove


On Wed, 30 Jun 2010, dann frazier wrote:

>> i see that hvc_console is disabled by default in the debian kernels,
>
> Actually, upon review, I see that it is enabled (see the powerpc64
> image). Therefore, I'd like to request a CVE ID for it.
>

Use CVE-2010-2653

Let's ignore the default case.  If there's a feature that's available to 
some set of users, no matter how small, then CVE assignment is reasonable, 
even if it's not the default.  It's not much different than if you have an 
issue that only affects a particular chip set or compiler.

- Steve

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.