Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 16 Jun 2014 09:42:15 +0200
From: Yves-Alexis Perez <corsac@...ian.org>
To: Ben Hutchings <ben@...adent.org.uk>, oss-sec
	 <oss-security@...ts.openwall.com>
Cc: team@...urity.debian.org, 751417@...s.debian.org
Subject: Re: Bug#751417: linux-image-3.2.0-4-5kc-malta: no SIGKILL after
 prctl(PR_SET_SECCOMP, 1, ...) on MIPS

On dim., 2014-06-15 at 19:31 +0100, Ben Hutchings wrote:
> Please can you assign a CVE ID to this bug?

Hi Ben,

we usually don't assign CVE from our pool for public issues, and I'm
especially reluctant here as I don't know if someone else aware of this
issue could have assign one.

So I'm asking on oss-sec to assign one so it gets some publicity for
security people and someone has a chance to yell if a CVE has already
been assigned.

oss-sec / MITRE: it seems that SECCOMP on MIPS doesn't behave properly
(see [1] for all the details). I'm unsure when it started (I guess when
seccomp was first added to MIPS, it seems at least 3.2 is affected), and
it's fixed in 3.15 (with 137f7df8cead00688524c82360930845396b8a21).

Can someone assign a CVE is this is indeed a new issue?

Regards,

[1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751417
-- 
Yves-Alexis

Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.