Date: Fri, 17 Apr 2015 14:50:32 -0700 From: Tavis Ormandy <taviso@...gle.com> To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Subject: Problems in automatic crash analysis frameworks On Fri, Apr 17, 2015 at 1:54 PM, Grandma Eubanks <tborland1@...il.com> wrote: > Just to enter into the fray, I reported a simple dmesg_restrict bypass and > found a lot of these recent more recent 'information' disclosures a while > ago with minimal changes: > > https://bugzilla.redhat.com/show_bug.cgi?id=1128400 > Ugh, definitely needs to be fixed. I've been waiting for some commits before I look any further, as I don't know if each issue is going to be addressed individually or if some rearchitecturing will resolve everything. Tavis.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ