Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 14 Nov 2017 08:37:20 +0100
From: Greg KH <greg@...ah.com>
To: oss-security@...ts.openwall.com
Cc: Vladis Dronov <vdronov@...hat.com>
Subject: Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due
 to a race condition in [legousbtower] driver

On Mon, Nov 13, 2017 at 07:42:27PM -0500, David A. Wheeler wrote:
> On Mon, 13 Nov 2017 16:15:24 +0100, Greg KH <greg@...ah.com> wrote:
> > It's the arbitrarily nature here that I am curious about, it feels like
> > it should be "all or nothing", for CVEs to mean much here.  Right now it
> > seems like it is just, "all that we care to track"?  :)
> 
> "All" would be awesome, though unlikely.  But even if that's the eventual goal,
> "good starts" are still good starts.

But really, this isn't even a "good start", it's identifying a bug fixed
over a year ago for a kernel that only one company seems to care about
because they are _not_ following the recommended upstream stable kernel
patches because they "know better" :)

That's my objection here.

thanks,

greg k-h

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ