Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.51.0904241824590.13343@faron.mitre.org>
Date: Fri, 24 Apr 2009 18:28:45 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE request: kernel: ipv6: null pointer dereference
 in __inet6_check_established()


On Thu, 23 Apr 2009, Eugene Teo wrote:

> > The bug exists since 2.6.27.
> >
> > http://git.kernel.org/linus/3f53a38131a4e7a053c0aa060aba0411242fb6b9
>
> This was assigned with CVE-2009-1360.
>
> Somehow http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1360
> missed this reference even though this email was posted before
> xorl.wordpress.com wrote about it.

The URL above is equivalent to the http://git.kernel.org CONFIRM that's
currently in the CVE.

We have two main input streams for CVE: incoming requests, and
already-public information in mailing lists or vuln DBs that we monitor.
oss-security contains incoming requests but it also becomes public
information that's monitored by other vuln DBs.  Sometimes those VDBs pick
up your CVE requests before we do.  That's probably what happened here.
(I wasn't the original CVE analyst for this bug.)

- Steve

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.