Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 11 May 2016 11:41:41 -0400
From: Kangjie Lu <kangjielu@...il.com>
To: Takashi Iwai <tiwai@...e.de>
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, 
	Chengyu Song <csong84@...ech.edu>, Insu Yun <insu@...ech.edu>, Taesoo Kim <taesoo@...ech.edu>
Subject: Re: CVE Request: alsa: kernel information leak vulnerability in Linux sound/core/timer

On Wed, May 11, 2016 at 10:34 AM, Takashi Iwai <tiwai@...e.de> wrote:

> On Wed, 11 May 2016 16:26:55 +0200,
> cve-assign@...re.org wrote:
> >
> > >
> https://git.kernel.org/cgit/linux/kernel/git/tiwai/sound.git/commit/?h=for-next&id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e
> > >   ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS
> > >
> > >
> https://git.kernel.org/cgit/linux/kernel/git/tiwai/sound.git/commit/?h=for-next&id=9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6
> > >   ALSA: timer: Fix leak in events via snd_timer_user_ccallback
> > >
> > >
> https://git.kernel.org/cgit/linux/kernel/git/tiwai/sound.git/commit/?h=for-next&id=e4ec8cc8039a7063e24204299b462bd1383184a5
> > >   ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt
> >
> >
> > > Maybe we can fold
> >
> > That is not what we are going to do. Because the meaning of
> > CVE-2016-4569 was already established to be the
> > http://comments.gmane.org/gmane.linux.kernel/2214250 issue with the
> > "tread" object, which is only
> > cec8f96e49d9be372fdb0c3836dcf31ec71e457e, we are keeping that
> > ID assignment the same.
> >
> > Use CVE-2016-4578 for both 9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6
> > and e4ec8cc8039a7063e24204299b462bd1383184a5.
>
> Fair enough.
>
> (And, at the next time, please put the maintainer into Cc from the
>  beginning.  This would have saved lots of time in both sides.)
>

Thank you all! Sure, will do that next time.

Kangjie

>
>
> thanks,
>
> Takashi
>

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ