Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 12 Aug 2011 13:31:26 +0800
From: Eugene Teo <>
CC: Moritz Muehlenhoff <>,
        "Steven M. Christey" <>
Subject: Re: CVE requests: Two kernel issues

On 08/11/2011 01:23 AM, Moritz Muehlenhoff wrote:
> On Wed, Aug 10, 2011 at 06:49:59AM +0800, Eugene Teo wrote:
>> On 08/10/2011 04:42 AM, Moritz Muehlenhoff wrote:
>>> Hi,
>>> the following two issues also seem to warrant a CVE assignment:
>>> 1. staging: comedi: fix infoleak to userspace
>>> (It's a staging driver and I'm unsure whether we have assigned
>>>  CVE IDs for staging drivers in the past. OTOH, this driver
>>>  is enabled in the Debian 6.0 kernel)
>> We don't as code from the staging drivers are usually are substandard
>> and usually not supported.
> I agree on that approach for new drivers in the works (e.g. gma500), but
> the Comedi driver is quite old and in use outside the kernel/staging
> version as well. (Debian is providing a separate comedi source package 
> since 2002.).

Please use CVE-2011-2909.

>> Btw, can you please mail me a copy of the /boot/config of the most
>> recent Debian kernel for my reference?
> Please let me know if you need anything in addition to the files
> Yves-Alexis sent you.

I didn't receive his mail.


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ