Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 1 Feb 2014 10:27:47 +0100
From: Yves-Alexis Perez <corsac@...ian.org>
To: oss-security@...ts.openwall.com
Cc: Solar Designer <solar@...nwall.com>
Subject: Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32
 (CVE-2014-0038)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Sat, Feb 01, 2014 at 03:45:14AM +0100, PaX Team wrote:
> > http://googleonlinesecurity.blogspot.com/2013/10/going-beyond-vulnerability-rewards.html
> > 
> > ... but finding a vulnerability would probably not fall under the latter
> > program.
> 
> yes, that's a somewhat different kettle of fish though bugfixes may
> be eligible if it's about fixing or mitigating entire classes (not
> the case here obviously).

But I'm pretty sure one of your “pet projet” would qualify (multiple
time), should you want to go that road :)

Regards,
- -- 
Yves-Alexis Perez
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBCgAGBQJS7L4QAAoJEG3bU/KmdcCldt4H/RuMevjw5wglr83nfTkxNGio
boepSFmDfycX2jk+sBrPb1jFpY1xLW+KRTzsvedKb1CTCSmKLvnhHeU9ZC5FdTao
7AxoJq3C7JQuelB9eElmHAtzgTynF3nvKaKYqWJVHg1Htjs4FpH1gCvRz3iv1VpI
gJ7sPdeiCxc7GM8VCA5yX593avCMIaYm1O3wdfMwSOv7fE+hbCs0U+3y/+9THmIT
uLGUf0AjWLFH0z3NhUrx5yaNO+R9+0hEnk8Nlq1l1PEOI+5sH5hk7OwBEyD6EVYd
E4X4s82/JEcDbKNV0HAUUX/hR7VrWmGkMA6E0BEMOLhQLdTeyIxGplSIiCDF3PY=
=6PpH
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ