Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAO4UgPQxZg7QT0QiE9G4VBenBG55KVNomNCWOZ5_CEdbmEUSTA@mail.gmail.com>
Date: Wed, 20 Jan 2016 14:15:14 +0000
From: Wade Mealing <wmealing@...il.com>
To: kernel-hardening@...ts.openwall.com
Subject: Re: 2015 kernel CVEs

On Wed, Jan 20, 2016 at 9:19 PM Hanno Böck <hanno@...eck.de> wrote:

> On Tue, 19 Jan 2016 12:49:17 +0100
> Hanno Böck <hanno@...eck.de> wrote:
>
> > > There was only one that might have come from a USB fuzzer.
> > > We probably should be testing those things better.
> >
> > This is surprising to me. There was a talk at black hat amsterdam in
> > 2014 about a project trying to do exactly this. They sounded like they
> > have dozends of crashers that just need to be sorted and reported
> > upstream. Here's the code [2] and the talk [3].
>
>
> https://packetstormsecurity.com/files/133892/RedHat-Enterprise-Linux-7.1-Denial-Of-Service.html
>
> It seems they have started reporting issues and got limited replies.
>
>
Disclaimer: I work for Red Hat Product Security group in the kernel sub
group with Vladis.

So from what I can see:

- The CVE has been assigned.
- A kernel has been built with a patch
- Communicated with upstream about accepting the patch.
- The issue is awaiting testing on the reporter since 24th of November last
year.
- This is not the only bugs that has been reported and worked between Ralf
and Vladis ( https://goo.gl/5G1cnw )

I'm all about improving process, I imagine I would have done the same
steps.   What changes to the responses would need to be made to be less
limited ?  Understand that i'm not taking this personally and consider this
an opportunity for Red Hat Security to improve as a group.

If you want to take this off list, I'm cool with that.

Thanks,

Wade Mealing
-- 
Thanks,

Wade Mealing

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.