Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 04 Apr 2012 06:47:08 -1000
From: akuster <akuster@...sta.com>
To: Kurt Seifried <kseifried@...hat.com>
CC: oss-security@...ts.openwall.com, 
 "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: fix to CVE-2009-4307



On 4/3/12 4:55 PM, Kurt Seifried wrote:
> On 04/03/2012 04:32 PM, akuster wrote:
>> Hello,
>>
>> Was there a CVE assigned to commit d50f2ab6f050311dbf7b8f5501b25f0bf64a439b?
>>
>> Commit 503358ae01b70ce6909d19dd01287093f6b6271c ("ext4: avoid divide by
>> zero when trying to mount a corrupted file system") fixes CVE-2009-4307
>> by performing a sanity check on s_log_groups_per_flex, since it can be
>> set to a bogus value by an attacker.
>>
>> - Armin
> 
> I assume you are talking about this:
> 
> http://git.kernel.org/?p=virt/kvm/kvm.git;a=commitdiff;h=d50f2ab6f050311dbf7b8f5501b25f0bf64a439b

Yes.

<snippet>

> 
> What specific do you want a CVE assigned for?
> 
> For #1 I can see a CVE of the "a previous patch didn't completely fix
> the issue, yada yada" type.

Yeah, just wondering since I have seen this in the past.

thanks,

- Armin

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.