Date: Fri, 12 Aug 2011 13:31:26 +0800 From: Eugene Teo <eugene@...hat.com> To: oss-security@...ts.openwall.com CC: Moritz Muehlenhoff <jmm@...ian.org>, "Steven M. Christey" <coley@...us.mitre.org> Subject: Re: CVE requests: Two kernel issues On 08/11/2011 01:23 AM, Moritz Muehlenhoff wrote: > On Wed, Aug 10, 2011 at 06:49:59AM +0800, Eugene Teo wrote: >> On 08/10/2011 04:42 AM, Moritz Muehlenhoff wrote: >>> Hi, >>> the following two issues also seem to warrant a CVE assignment: >>> >>> 1. staging: comedi: fix infoleak to userspace >>> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=819cbb120eaec7e014e5abd029260db1ca8c5735 >>> >>> (It's a staging driver and I'm unsure whether we have assigned >>> CVE IDs for staging drivers in the past. OTOH, this driver >>> is enabled in the Debian 6.0 kernel) >> >> We don't as code from the staging drivers are usually are substandard >> and usually not supported. > > I agree on that approach for new drivers in the works (e.g. gma500), but > the Comedi driver is quite old and in use outside the kernel/staging > version as well. (Debian is providing a separate comedi source package > since 2002.). Please use CVE-2011-2909. >> Btw, can you please mail me a copy of the /boot/config of the most >> recent Debian kernel for my reference? > > Please let me know if you need anything in addition to the files > Yves-Alexis sent you. I didn't receive his mail. Eugene
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ