From: Marcus Meissner <meissner@suse.de>
To: kernel-hardening@lists.openwall.com
Cc: Josh Boyer <jwboyer@fedoraproject.org>,
Peter Hurley <peter@hurleysoftware.com>,
Dan Carpenter <dan.carpenter@oracle.com>,
"Linux-Kernel@Vger. Kernel. Org" <linux-kernel@vger.kernel.org>
Subject: Re: [kernel-hardening] Re: 2015 kernel CVEs
Date: Wed, 20 Jan 2016 08:12:08 +0100 [thread overview]
Message-ID: <20160120071208.GA14085@suse.de> (raw)
In-Reply-To: <20160119175154.GA7485@kroah.com>
On Tue, Jan 19, 2016 at 09:51:54AM -0800, Greg KH wrote:
> On Tue, Jan 19, 2016 at 12:00:57PM -0500, Josh Boyer wrote:
> > On Tue, Jan 19, 2016 at 11:57 AM, Peter Hurley <peter@hurleysoftware.com> wrote:
> > > On 01/19/2016 03:28 AM, Dan Carpenter wrote:
> > >> I like to look back over old CVEs to see how we could do better. Here
> > >> is the list from 2015. I got most of this information from the Ubuntu
> > >> CVE tracker. Thanks Ubuntu!. If it doesn't have a hash that means it
> > >> might not be fixed yet.
> > >
> > > [...]
> > >
> > >> CVE-2015-4170 cf872776fc84: tty: hang in tty
> > >
> > > Makes no sense that this was assigned a CVE.
> > > I fixed this _2 yrs before_ it was reported and the patch was CC'd stable.
> >
> > I'm guessing the CVE was assigned because there are distributions that
> > ship based on kernels earlier than 3.13. Those distributors need to
> > verify if they have the fix, etc.
>
> Yes, that's what happened here, Red Hat asked for it from what I
> remember. I complained loudly on the oss-security list about it, but oh
> well...
The question for CVE assignment is more if this bug existed in shipped kernel releases, not
when it was fixed in relation to assignment.
Ciao, Marcus
next prev parent reply other threads:[~2016-01-20 7:12 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-19 11:28 [kernel-hardening] 2015 kernel CVEs Dan Carpenter
2016-01-19 11:49 ` Hanno Böck
2016-01-19 15:49 ` Quentin Casasnovas
2016-01-20 11:19 ` Hanno Böck
2016-01-20 14:15 ` Wade Mealing
2016-01-20 17:48 ` Hanno Böck
2016-01-19 13:13 ` Wade Mealing
2016-01-19 14:56 ` [kernel-hardening] " One Thousand Gnomes
2016-01-19 16:32 ` [kernel-hardening] " Ben Hutchings
2016-01-19 17:54 ` Greg KH
2016-01-20 17:05 ` Ben Hutchings
2016-01-20 18:04 ` Greg KH
2016-01-21 15:18 ` Jiri Kosina
2016-01-21 18:46 ` Ben Hutchings
2016-01-19 16:57 ` [kernel-hardening] " Peter Hurley
2016-01-19 17:00 ` Josh Boyer
2016-01-19 17:51 ` Greg KH
2016-01-20 7:12 ` Marcus Meissner [this message]
2016-01-19 17:57 ` [kernel-hardening] " Theodore Ts'o
2016-01-19 18:00 ` [kernel-hardening] " Al Viro
2016-01-19 22:41 ` Eric W. Biederman
2016-01-19 22:47 ` [kernel-hardening] " Eric W. Biederman
2016-01-20 20:11 ` Jann Horn
2016-01-20 21:26 ` One Thousand Gnomes
2016-01-19 23:35 ` Kees Cook
2016-01-20 9:57 ` [kernel-hardening] " Miroslav Benes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160120071208.GA14085@suse.de \
--to=meissner@suse.de \
--cc=dan.carpenter@oracle.com \
--cc=jwboyer@fedoraproject.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=peter@hurleysoftware.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).