Date: Sat, 19 Sep 2015 07:08:18 +0900 From: sfjro@...rs.sourceforge.net To: Ben Hutchings <ben@...adent.org.uk>, oss-security <oss-security@...ts.openwall.com> Subject: Re: CVE request: Use-after-free in Linux kernel with aufs mmap patch sfjro@...rs.sourceforge.net: > Ben Hutchings: > > The aufs (Advanced Union Filesystem) project provides an optional patch > > for the Linux kernel, called either aufs3-mmap.patch or > ::: > > I posted a patch here that works for me: > > http://sourceforge.net/p/aufs/mailman/message/34449209/ > > > > Please assign a CVE ID to this. > > I know this is a bug but I don't have time to fix it or test your patch. ::: > I have no objection to assign a CVE ID, but I don't think it is fixed or > at least I didn't confirmt yet. Mainly to oss-security people, FYI, I confirmed that Ben Hutchings' patch is correct and fixed the problem. Actually I've released aufs officially after applying his patch. J. R. Okajima
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ