Date: Fri, 31 Jan 2014 21:20:39 +0400 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Subject: Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) On Fri, Jan 31, 2014 at 05:34:05PM +0100, rf@...eap.de wrote: > >>>>> "SD" == Solar Designer <solar@...nwall.com> writes: > SD> This is CVE-2014-0038 (assigned shortly after Kees sent the > SD> message below). > Are you sure this is the correct CVE? Pretty sure, yes. I am not aware of a reason to think otherwise. It was kindly assigned by Petr Matousek (of Red Hat, even though their products are not affected) on Wed, 29 Jan 2014 10:01:59 +0100. > It was assigned already beginning of Dec. last year. The "assigned" date seen on CVE IDs often indicates when a pool of CVE IDs was created and then assigned to a CNA (Red Hat in this case), not when individual CVE IDs are assigned to actual issues. It is perfectly normal (albeit confusing) for the "assigned" date to be earlier than the vulnerability discovery date. This was discussed in here before: http://www.openwall.com/lists/oss-security/2012/01/23/4 CNAs: http://cve.mitre.org/cve/cna.html Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.