Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20181031210023.GF4132@kroah.com>
Date: Wed, 31 Oct 2018 22:00:23 +0100
From: Greg KH <greg@...ah.com>
To: oss-security@...ts.openwall.com
Subject: Re: Linux 4.19.0-rc3 Bluetooth out-of-bounds-read and
 use-after-free

On Wed, Oct 31, 2018 at 03:11:38PM +0100, Solar Designer wrote:
> As you can see below, in one message the sender offered to coordinate
> with security@k.o and asked for a CVE ID.  However, this was in response
> to my questions about those aspects as it relates to the sender's other
> message, and I don't know whether the sender actually proceeded to
> coordinate with security@k.o (I tried asking the sender and got no
> response) and no CVE ID was assigned by distros (since the sender also
> didn't respond to my inquiry about security relevance).

security@k.o generally tells all people who submit syzbot reports to
just contact the upstream developers on their mailing list for issues
reported by that tool, as that is what the tool's team does.

And I think we did that for this report as well, but never heard
anything back :(

thanks,

greg k-h

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.