lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAJedcCz1ynutATi9qev1t3-moXti_19ZJSzgC2t-5q4JAYG3dw@mail.gmail.com>
Date:   Sun, 16 Jul 2023 10:11:13 +0800
From:   Zheng Hacker <hackerzheng666@...il.com>
To:     Sergey Shtylyov <s.shtylyov@....ru>
Cc:     Lee Jones <lee@...nel.org>, Jakub Kicinski <kuba@...nel.org>,
        Zheng Wang <zyytlz.wz@....com>, davem@...emloft.net,
        linyunsheng@...wei.com, edumazet@...gle.com, pabeni@...hat.com,
        netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
        1395428693sheep@...il.com, alex000young@...il.com
Subject: Re: [PATCH net v3] net: ravb: Fix possible UAF bug in ravb_remove

Hello,

This bug is found by static analysis. I'm sorry that my friends apply
for a CVE number before we really fix it. We made a list about the
bugs we have submitted and wouldn't disclose them before the fix. But
we had a inconsistent situation last month. And we applied it by
mistake foe we thought we had fixed it. And so sorry about my late
reply, I'll see the patch right now.

Best regards,
Zheng Wang

Sergey Shtylyov <s.shtylyov@....ru> 于2023年7月16日周日 04:48写道:
>
> On 7/15/23 7:07 PM, Zheng Hacker wrote:
>
> > Sorry for my late reply. I'll see what I can do later.
>
>    That's good to hear!
>    Because I'm now only able to look at it during weekends...
>
> > Lee Jones <lee@...nel.org> 于2023年7月12日周三 19:56写道:
> >>
> >> On Mon, 10 Jul 2023, Jakub Kicinski wrote:
> >>
> >>> On Mon, 10 Jul 2023 12:42:53 +0100 Lee Jones wrote:
> >>>> For better or worse, it looks like this issue was assigned a CVE.
> >>>
> >>> Ugh, what a joke.
> >>
> >> I think that's putting it politely. :)
> >>
> >> --
> >> Lee Jones [李琼斯]
>
> MBR, Sergey

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ