Date: Wed, 11 May 2016 11:41:41 -0400 From: Kangjie Lu <kangjielu@...il.com> To: Takashi Iwai <tiwai@...e.de> Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, Chengyu Song <csong84@...ech.edu>, Insu Yun <insu@...ech.edu>, Taesoo Kim <taesoo@...ech.edu> Subject: Re: CVE Request: alsa: kernel information leak vulnerability in Linux sound/core/timer On Wed, May 11, 2016 at 10:34 AM, Takashi Iwai <tiwai@...e.de> wrote: > On Wed, 11 May 2016 16:26:55 +0200, > cve-assign@...re.org wrote: > > > > > > https://git.kernel.org/cgit/linux/kernel/git/tiwai/sound.git/commit/?h=for-next&id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e > > > ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS > > > > > > > https://git.kernel.org/cgit/linux/kernel/git/tiwai/sound.git/commit/?h=for-next&id=9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6 > > > ALSA: timer: Fix leak in events via snd_timer_user_ccallback > > > > > > > https://git.kernel.org/cgit/linux/kernel/git/tiwai/sound.git/commit/?h=for-next&id=e4ec8cc8039a7063e24204299b462bd1383184a5 > > > ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt > > > > > > > Maybe we can fold > > > > That is not what we are going to do. Because the meaning of > > CVE-2016-4569 was already established to be the > > http://comments.gmane.org/gmane.linux.kernel/2214250 issue with the > > "tread" object, which is only > > cec8f96e49d9be372fdb0c3836dcf31ec71e457e, we are keeping that > > ID assignment the same. > > > > Use CVE-2016-4578 for both 9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6 > > and e4ec8cc8039a7063e24204299b462bd1383184a5. > > Fair enough. > > (And, at the next time, please put the maintainer into Cc from the > beginning. This would have saved lots of time in both sides.) > Thank you all! Sure, will do that next time. Kangjie > > > thanks, > > Takashi >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ