Date: Sun, 03 Mar 2013 19:01:26 +0400 From: Michael Tokarev <mjt@....msk.ru> To: oss-security@...ts.openwall.com CC: Piotr Karbowski <piotr.karbowski@...il.com> Subject: Re: CVE id request: busybox 03.03.2013 18:33, Piotr Karbowski wrote: > On 03/03/2013 11:19 AM, Michael Tokarev wrote: >> What it has to do with Debian, besides that debian was first >> to actually submit this bug into its own bug tracker? > > Acctualy not the first, the bug was reported to busybox mailinglist on 18 Dec 2012. That's where I noticed it and submitted a bugreport to Debian BTS from there. Note that I didn't want to request a CVE# for that, and used a somewhat low severify value for the report in the Debian BTS (which was quite some time after the initial report). If I thought it deserves a CVE, I'd request one right after seeing the discussion in question :) But I guess we're muddling waters for too much already. I merely commented on the joke about Debian, -- the issue is definitely not debian-specific, Debian does not even use mdev from busybox (but allows to use it to the users). Thanks, /mjt
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.