Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 20 Apr 2015 06:24:27 +0300
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request

Sorry for bikeshedding, but:

On Sun, Apr 19, 2015 at 10:21:00PM -0400, Dan McDonald wrote:
> Illumos bug #5853 (https://www.illumos.org/issues/5853), now fixed, can be exploited to escalate privilege.  It's not easy to do so, but it is enough to cause concern and ask for a CVE number.

http://oss-security.openwall.org/wiki/mailing-lists/oss-security#list-content-guidelines

"When applicable, the message Subject must include the name and
version(s) of affected software, and vulnerability type.  For example, a
Subject saying only "CVE request" or "CVE-2099-99999" is not appropriate,
whereas "CVE request - Acme Placeholder 1.0 buffer overflow" or
"CVE-2099-99999 - Acme Placeholder 1.0 buffer overflow" would be OK."

> At least two distros already have this fix in place.  I'd appreciate a CVE number (and if possible a way to request these on a non-public list... sorry if I missed the FAQ).

If you're OK with posting a CVE request in public, please do so - like
you did this time (just with a better Subject).  For other cases, see:

http://www.openwall.com/lists/oss-security/2015/04/13/6

and the followups to that message (click "thread-next").

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ