Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 15 Nov 2010 11:36:37 +0800
From: Eugene Teo <eugene@...hat.com>
To: oss-security@...ts.openwall.com
CC: Dan Rosenberg <dan.j.rosenberg@...il.com>
Subject: Re: econet iovec

Thomas, thanks for the heads-up. Appreciated it.

On 11/15/2010 12:09 AM, Dan Rosenberg wrote:
> This also raises a question of whether it's worth assigning CVEs to
> every vulnerability that was fixed by a single change in the core
> code.  I'm leaning towards "no".

Yeah, It wouldn't make much sense too.

Distros should backport the changes made to mitigate such issues. See 
https://bugzilla.redhat.com/651927, and the following patches:
http://git.kernel.org/linus/253eacc070b114c2ec1f81b067d2fed7305467b0
http://git.kernel.org/linus/8acfe468b0384e834a303f08ebc4953d72fb690a

Thanks, Eugene
-- 
main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ