mailing list archives
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
From: "Jason A. Donenfeld" <Jason () zx2c4 com>
Date: Wed, 27 Feb 2013 00:05:33 +0100
On Tue, Feb 26, 2013 at 10:05 PM, Kurt Seifried
The problem with security is you have to basically do it 100%
correctly 100% of the time, otherwise things fall through the cracks
(like this VFAT thing).
Also, what about the tmpfs one from yesterday? Nobody involved in the
patch reported that as a security bug to this list, until I saw it
myself, just by chance, as a random person on the internet, and posted
it to the list. In that case, it was clearly marked "use-after-free",
but nobody involved requested a CVE.