Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 15 Jan 2012 12:49:57 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Huzaifa Sidhpurwala <huzaifas@...hat.com>,
        Agostino Sarubbo <ago@...too.org>
Subject: Re: CVE request: Wireshark multiple vulnerabilities

On 01/12/2012 10:55 PM, Huzaifa Sidhpurwala wrote:
>
> There are 6 file format crashes here. In the interest of vendors,
> which dont always rebase to the newer version, would it be convenient
> to split these into 6 CVEs?
>
> I doubt some older versions are affected by only some crashers.
>
>

I agree in principle, however in practice this is a lot of work (as you
well know =). I guess my question/concern would be is who does the
research to verify all this, and what if it varies by version (i.e. it
is 6 separate issues in an older version but the newer version combined
some code into a common library for example so it's only a single issue,
but with multiple avenues of attack/etc.). In other words a lot of
potential work.

-- 

-- Kurt Seifried / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ