Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20151116125652.GA18548@openwall.com>
Date: Mon, 16 Nov 2015 15:56:52 +0300
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request-HUAWEI P8 GRA-UL00

On Mon, Nov 16, 2015 at 02:56:41AM +0000, ?????? wrote:
> Code below will lead P8 restart :

As a moderator, I reluctantly approved this, but I could not confirm
that the phone's software in question (a modified Linux kernel? or a
kernel module?) is Open Source.  If it is not, then this is off-topic
for oss-security.  Google web search for hi6402dbg did not find
anything, suggesting the code in question has not been published.

A maybe-relevant detail is that if this is a Linux kernel patch, then
the code must be made public per the GPL.  It is unclear whether this
makes the vulnerability detail on-topic for oss-security or not yet
(maybe not until the code is actually published).  I think it's the
first time an issue like this (in code that is meant to be published,
but is not yet) is brought up in here (although I might have missed
other examples - e.g., maybe the joke postings about a North Korean
Linux distro would also fall under this category).

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.