Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 14 Oct 2016 13:13:39 +0200
From: Petr Matousek <pmatouse@...hat.com>
To: John Haxby <john.haxby@...cle.com>
Cc: oss-security@...ts.openwall.com
Subject: Re: kernel: Stack corruption while reading /proc/keys
 (CVE-2016-7042)

On Fri, Oct 14, 2016 at 01:01:07PM +0200, Petr Matousek wrote:
> On Fri, Oct 14, 2016 at 11:57:15AM +0100, John Haxby wrote:
> > On 14/10/16 07:18, P J P wrote:
> > > +-- On Thu, 13 Oct 2016, John Haxby wrote --+
> > > | On 13/10/16 13:46, Vladis Dronov wrote:
> > > | > https://bugzilla.redhat.com/show_bug.cgi?id=1373499 (reproducer, patch)
> > > | 
> > > | This bug isn't accessible.   Do you think you could post the reproducer
> > > | or open the bug please?
> > > 
> > > Please see this one:
> > >   -> https://bugzilla.redhat.com/show_bug.cgi?id=1373966
> > > 
> > > Thank you.
> > 
> > Sorry, that's not why I was asking.  You provided links to two bugs: one
> > has the patch and a reproducer, the other has the patch.  Unfortunately
> > the former is a link to a bug that no one outside Red Hat has access to.
> >  In the past when people have posted links to oss-security that do not
> > have general access the access permissions have been relaxed or the
> > relevant content posted on the list.
> > 
> > That's what I was asking for:  inaccessible links are not helpful on an
> > open list.
> 
> The other link to internal bug was posted by mistake. I am sorry for
> that. https://bugzilla.redhat.com/show_bug.cgi?id=1373966 has all the
> information we can share.

Scratch that. 1373966 is a Fedora bug so I opened it. It is accessible
now.

Thanks,
-- 
Petr Matousek / Red Hat Product Security
PGP: 0xC44977CA 8107 AF16 A416 F9AF 18F3  D874 3E78 6F42 C449 77CA

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ