Date: Tue, 14 Nov 2017 08:37:20 +0100 From: Greg KH <greg@...ah.com> To: oss-security@...ts.openwall.com Cc: Vladis Dronov <vdronov@...hat.com> Subject: Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver On Mon, Nov 13, 2017 at 07:42:27PM -0500, David A. Wheeler wrote: > On Mon, 13 Nov 2017 16:15:24 +0100, Greg KH <greg@...ah.com> wrote: > > It's the arbitrarily nature here that I am curious about, it feels like > > it should be "all or nothing", for CVEs to mean much here. Right now it > > seems like it is just, "all that we care to track"? :) > > "All" would be awesome, though unlikely. But even if that's the eventual goal, > "good starts" are still good starts. But really, this isn't even a "good start", it's identifying a bug fixed over a year ago for a kernel that only one company seems to care about because they are _not_ following the recommended upstream stable kernel patches because they "know better" :) That's my objection here. thanks, greg k-h
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.