Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
From: "Jason A. Donenfeld" <Jason () zx2c4 com>
Date: Wed, 27 Feb 2013 00:05:33 +0100

On Tue, Feb 26, 2013 at 10:05 PM, Kurt Seifried
The problem with security is you have to basically do it 100%
correctly 100% of the time, otherwise things fall through the cracks
(like this VFAT thing).

Also, what about the tmpfs one from yesterday? Nobody involved in the
patch reported that as a security bug to this list, until I saw it
myself, just by chance, as a random person on the internet, and posted
it to the list. In that case, it was clearly marked "use-after-free",
but nobody involved requested a CVE.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]