Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAHmME9p6HmVKkUy_aXM54oB5H_TZbJotNFPaimG4ov3QiahDNQ@mail.gmail.com>
Date: Wed, 27 Feb 2013 18:43:24 +0100
From: "Jason A. Donenfeld" <Jason@...c4.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request - Linux kernel: VFAT slab-based buffer overflow

On Wed, Feb 27, 2013 at 3:48 PM, Greg KH <greg@...ah.com> wrote:
> That's not going to happen, and you know that, to do so would be totally
> irresponsible of us and directly harm your users.

At least send oss-sec an email after the commit goes into the tree.
The people who are up to no good will see the commit and notice it (if
they didn't already notice it when the vuln was committed prior).
Might as well let distros and CVE people know about it too so they can
backport it into whatever stable kernel they maintain. Right now
there'll be a commit in the public repo for a bug sent to security@,
and oss-sec isn't informed.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.