Date: Fri, 14 Oct 2016 13:13:39 +0200 From: Petr Matousek <pmatouse@...hat.com> To: John Haxby <john.haxby@...cle.com> Cc: oss-security@...ts.openwall.com Subject: Re: kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) On Fri, Oct 14, 2016 at 01:01:07PM +0200, Petr Matousek wrote: > On Fri, Oct 14, 2016 at 11:57:15AM +0100, John Haxby wrote: > > On 14/10/16 07:18, P J P wrote: > > > +-- On Thu, 13 Oct 2016, John Haxby wrote --+ > > > | On 13/10/16 13:46, Vladis Dronov wrote: > > > | > https://bugzilla.redhat.com/show_bug.cgi?id=1373499 (reproducer, patch) > > > | > > > | This bug isn't accessible. Do you think you could post the reproducer > > > | or open the bug please? > > > > > > Please see this one: > > > -> https://bugzilla.redhat.com/show_bug.cgi?id=1373966 > > > > > > Thank you. > > > > Sorry, that's not why I was asking. You provided links to two bugs: one > > has the patch and a reproducer, the other has the patch. Unfortunately > > the former is a link to a bug that no one outside Red Hat has access to. > > In the past when people have posted links to oss-security that do not > > have general access the access permissions have been relaxed or the > > relevant content posted on the list. > > > > That's what I was asking for: inaccessible links are not helpful on an > > open list. > > The other link to internal bug was posted by mistake. I am sorry for > that. https://bugzilla.redhat.com/show_bug.cgi?id=1373966 has all the > information we can share. Scratch that. 1373966 is a Fedora bug so I opened it. It is accessible now. Thanks, -- Petr Matousek / Red Hat Product Security PGP: 0xC44977CA 8107 AF16 A416 F9AF 18F3 D874 3E78 6F42 C449 77CA
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ