Date: Sun, 6 Nov 2016 21:50:35 +0200 From: Eyal Itkin <eyal.itkin@...il.com> To: secalert@...hat.com Cc: oss-security@...ts.openwall.com Subject: Re: [engineering.redhat.com #426293] CVE Request - firewire driver RCE - linux 4.8 Hello, The security patch was deployed yesterday in the official git repository of linux, after the fix was reviewed and approved by me. Therefore, CVE 2016-8633 can now be publicly disclosed. Commit id of the fix: 667121ace9dbafb368618dbabcf07901c962ddac https://git.kernel.org/linus/667121ace9db Commit id of the mainline merge: 03daa36f089f31002a2d0fb22088d3ebe3e28d98 https://git.kernel.org/linus/03daa36f089f Public disclosure details in my security blog: https://eyalitkin.wordpress.com/2016/11/06/cve- publication-cve-2016-8633/ P.S. I CCed oss-security since in a second CVE (not public yet) I was told by your colleague to send the publication request to oss-security. Thanks for your help, Eyal Itkin. On Thu, Nov 3, 2016 at 1:03 PM, Red Hat Product Security < secalert@...hat.com> wrote: > On Wed Nov 02 22:41:25 2016, eyal.itkin@...il.com wrote: > > Hello, > > > > In a short security audit i made to the firewire driver in the linux > > kernel, version 4.8, I found severe security vulnerabilities. > > > > After contacting security@...nel.org, the driver's contributors have > > confirmed my findings and have written a patch that fixes the > > vulnerability: > > > > http://git.kernel.org/cgit/linux/kernel/git/ieee1394/ > > linux1394.git/commit/?h=testing&id=ff89027279ec57d69797cbae7c6816 > 72f1dbea71 > > > > [...] > > Hello Eyal, > > Thank you for reporting this issue and for your extensive analysis. > Please, use > CVE-2016-8633 for this issue. We'll treat this issue as embargoed for now. > > Best Regards, > > -- > Adam Mariš / Red Hat Product Security > >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.