Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Wed, 7 Jul 2010 12:44:34 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re: kernel: hvc_console: Fix race between hvc_close
 and hvc_remove


On Wed, 30 Jun 2010, dann frazier wrote:

>> i see that hvc_console is disabled by default in the debian kernels,
>
> Actually, upon review, I see that it is enabled (see the powerpc64
> image). Therefore, I'd like to request a CVE ID for it.
>

Use CVE-2010-2653

Let's ignore the default case.  If there's a feature that's available to 
some set of users, no matter how small, then CVE assignment is reasonable, 
even if it's not the default.  It's not much different than if you have an 
issue that only affects a particular chip set or compiler.

- Steve

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ