Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 19 Sep 2015 07:08:18 +0900
From: sfjro@...rs.sourceforge.net
To: Ben Hutchings <ben@...adent.org.uk>,
    oss-security <oss-security@...ts.openwall.com>
Subject: Re: CVE request: Use-after-free in Linux kernel with aufs mmap patch


sfjro@...rs.sourceforge.net:
> Ben Hutchings:
> > The aufs (Advanced Union Filesystem) project provides an optional patch
> > for the Linux kernel, called either aufs3-mmap.patch or
> 	:::
> > I posted a patch here that works for me:
> > http://sourceforge.net/p/aufs/mailman/message/34449209/
> >
> > Please assign a CVE ID to this.
>
> I know this is a bug but I don't have time to fix it or test your patch.
	:::
> I have no objection to assign a CVE ID, but I don't think it is fixed or
> at least I didn't confirmt yet.

Mainly to oss-security people,

FYI, I confirmed that Ben Hutchings' patch is correct and fixed the
problem. Actually I've released aufs officially after applying his patch.


J. R. Okajima

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.