Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 03 Mar 2013 19:01:26 +0400
From: Michael Tokarev <mjt@....msk.ru>
To: oss-security@...ts.openwall.com
CC: Piotr Karbowski <piotr.karbowski@...il.com>
Subject: Re: CVE id request: busybox

03.03.2013 18:33, Piotr Karbowski wrote:
> On 03/03/2013 11:19 AM, Michael Tokarev wrote:
>> What it has to do with Debian, besides that debian was first
>> to actually submit this bug into its own bug tracker?
> 
> Acctualy not the first, the bug was reported to busybox mailinglist on 18 Dec 2012.

That's where I noticed it and submitted a bugreport to
Debian BTS from there.

Note that I didn't want to request a CVE# for that, and used a
somewhat low severify value for the report in the Debian BTS
(which was quite some time after the initial report).

If I thought it deserves a CVE, I'd request one right after
seeing the discussion in question :)

But I guess we're muddling waters for too much already.  I
merely commented on the joke about Debian, -- the issue is
definitely not debian-specific, Debian does not even use
mdev from busybox (but allows to use it to the users).

Thanks,

/mjt

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.