Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <51B63974.1050202@redhat.com>
Date: Mon, 10 Jun 2013 14:39:16 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Jonathan Salwan <jonathan.salwan@...il.com>
Subject: Re: CVE Request: Linux Kernel - Leak information in
 cdrom driver.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/06/2013 02:19 AM, Jonathan Salwan wrote:
> Hi,
> 
> When we read a block from the disk it normally fills a buffer but
> if the drive is malfunctioning there is a chance that it would only
> be partially filled. The result is an leak information to
> userspace.
> 
> Patch applied and committed in the next-line :
> 
> http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/drivers/cdrom/cdrom.c?id=050e4b8fb7cdd7096c987a9cd556029c622c7fe2
>
> 
> 
> Could you allocate a CVE id for this?
> 
> Thanks,
> 
> -- Jonathan

Please use CVE-2013-2164  for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRtjl0AAoJEBYNRVNeJnmT4jYP/j5kSrPLMXfLHBJbR785g2Fw
ujkzjDE7i3X8VhQRHHkdCzxbFQR8dgyo56yHY0QDc6medL0oCH59lqYB8Wtn0T0E
k2FalBNnjRz5Le0u2GCeokMQGBcb03wSnnQ5sBLWsJEWcZHm3RQWfR7QSdUKcPfs
Q3fTb8hvqDikCEivmBbRbFUPP2wxJkLOoWeyrcpzrkCEsMLFUT3DAS7mKrAZui2G
hvuVFtQvAHidLuURxf0MqbQVvPZKZPsAY63EWEz8k7fPfg8p3PrhfArZzRqMRkHH
pXj3fglBbMTnmq4EV7ipHwL9PgCcN5xBm9xmp21KGSxb76RGpUDkF/n9kxDSEApH
7Gz7rAmJeoNkGHzwqF1pS2G4Z4KQ39TBU51CQdSydFJyA8PVg7FruqouJkSh5GyT
LHliNqiS//hD+GLkRhrCwBaNUcN4NXrevcYSp7k5zoJwxgUiy3EVz03YS+aKZAqi
+d3bOlHbikZL7naHcNw8ESDVjPDtydoGYBUqhZ7XW7IR+wgDwUIzVYx1GYIO8ddf
h598y3ezPcvOhSVnMVp94TLvmRgONxoQHZLbD47voLhzxl+81DBtURTyHbuiqiTa
GS1jAczPRXewapLi0H941jN/aivxCJKzxufgeBolvKfiF5bsdN/PGzS7CSI0e1Lj
6TLZ6TEKBtXhBNTpLE8P
=7/Nf
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.