Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAG_fn=Vht4hg7MQFkhkzP7MQrM5Rj3DHp1dr+n3WknWo=vXQ0g@mail.gmail.com>
Date: Tue, 3 Jul 2018 17:13:14 +0200
From: Alexander Potapenko <glider@...gle.com>
To: Vladis Dronov <vdronov@...hat.com>
Cc: oss-security@...ts.openwall.com
Subject: Re: CVE-2018-1000204: Linux kernel 3.18 to 4.16
 infoleak due to incorrect handling of SG_IO ioctl

On Tue, Jun 26, 2018 at 6:54 PM Vladis Dronov <vdronov@...hat.com> wrote:
>
> Hello, Alexander,
>
> > > I may not got smth correctly, but for now I do not see CVE-2018-1000204
> > > as a security flaw and I believe a reject request to MITRE should be
> > > issued.
> > How do I proceed with this?
>
> I believe it is: https://cveform.mitre.org/ -> Request an update to an existing
> CVE Entry -> Rejection
I've issued a reject request, but the CVE entry is currently marked as
"Disputed" (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000204)
Not sure if that's the desired result.
> Best regards,
> Vladis Dronov | Red Hat, Inc. | Product Security Engineer
>


-- 
Alexander Potapenko
Software Engineer

Google Germany GmbH
Erika-Mann-Straße, 33
80636 München

Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.