Date: Mon, 20 Apr 2015 06:24:27 +0300 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Subject: Re: CVE request Sorry for bikeshedding, but: On Sun, Apr 19, 2015 at 10:21:00PM -0400, Dan McDonald wrote: > Illumos bug #5853 (https://www.illumos.org/issues/5853), now fixed, can be exploited to escalate privilege. It's not easy to do so, but it is enough to cause concern and ask for a CVE number. http://oss-security.openwall.org/wiki/mailing-lists/oss-security#list-content-guidelines "When applicable, the message Subject must include the name and version(s) of affected software, and vulnerability type. For example, a Subject saying only "CVE request" or "CVE-2099-99999" is not appropriate, whereas "CVE request - Acme Placeholder 1.0 buffer overflow" or "CVE-2099-99999 - Acme Placeholder 1.0 buffer overflow" would be OK." > At least two distros already have this fix in place. I'd appreciate a CVE number (and if possible a way to request these on a non-public list... sorry if I missed the FAQ). If you're OK with posting a CVE request in public, please do so - like you did this time (just with a better Subject). For other cases, see: http://www.openwall.com/lists/oss-security/2015/04/13/6 and the followups to that message (click "thread-next"). Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ