Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 12 Aug 2011 13:31:26 +0800
From: Eugene Teo <eugene@...hat.com>
To: oss-security@...ts.openwall.com
CC: Moritz Muehlenhoff <jmm@...ian.org>,
        "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE requests: Two kernel issues

On 08/11/2011 01:23 AM, Moritz Muehlenhoff wrote:
> On Wed, Aug 10, 2011 at 06:49:59AM +0800, Eugene Teo wrote:
>> On 08/10/2011 04:42 AM, Moritz Muehlenhoff wrote:
>>> Hi,
>>> the following two issues also seem to warrant a CVE assignment:
>>>
>>> 1. staging: comedi: fix infoleak to userspace
>>> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=819cbb120eaec7e014e5abd029260db1ca8c5735
>>>
>>> (It's a staging driver and I'm unsure whether we have assigned
>>>  CVE IDs for staging drivers in the past. OTOH, this driver
>>>  is enabled in the Debian 6.0 kernel)
>>
>> We don't as code from the staging drivers are usually are substandard
>> and usually not supported.
> 
> I agree on that approach for new drivers in the works (e.g. gma500), but
> the Comedi driver is quite old and in use outside the kernel/staging
> version as well. (Debian is providing a separate comedi source package 
> since 2002.).

Please use CVE-2011-2909.

>> Btw, can you please mail me a copy of the /boot/config of the most
>> recent Debian kernel for my reference?
> 
> Please let me know if you need anything in addition to the files
> Yves-Alexis sent you.

I didn't receive his mail.

Eugene

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ