Date: Tue, 14 Nov 2017 08:37:20 +0100 From: Greg KH <greg@...ah.com> To: oss-security@...ts.openwall.com Cc: Vladis Dronov <vdronov@...hat.com> Subject: Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver On Mon, Nov 13, 2017 at 07:42:27PM -0500, David A. Wheeler wrote: > On Mon, 13 Nov 2017 16:15:24 +0100, Greg KH <greg@...ah.com> wrote: > > It's the arbitrarily nature here that I am curious about, it feels like > > it should be "all or nothing", for CVEs to mean much here. Right now it > > seems like it is just, "all that we care to track"? :) > > "All" would be awesome, though unlikely. But even if that's the eventual goal, > "good starts" are still good starts. But really, this isn't even a "good start", it's identifying a bug fixed over a year ago for a kernel that only one company seems to care about because they are _not_ following the recommended upstream stable kernel patches because they "know better" :) That's my objection here. thanks, greg k-h
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ