| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <265fb3da-8961-4f4f-8f81-c271e5aceebc@suse.de> Date: Wed, 6 Mar 2024 10:23:37 +0100 From: Robert Frohl <rfrohl@...e.de> To: Red Hat Product Security <secalert@...hat.com> Cc: security@...e.de, cve@...nel.org, linux-kernel@...r.kernel.org, Greg KH <gregkh@...uxfoundation.org> Subject: Re: CVE-2023-52572: cifs: Fix UAF in cifs_demultiplex_thread() On 06.03.24 10:16, Greg KH wrote: > On Tue, Mar 05, 2024 at 10:30:08AM -0800, Red Hat Product Security wrote: >> >> Hello Robert, >> Thank you for reaching to Red Hat Product Security. >> I have reviewed the flaws, CVE-2023-1192 has the correct patch used in the reference. > > What do you mean by "reference"? > > CVE-2023-1192 points to a patch for a totally different filesystem > (ntfs3). Will that be fixed? This is also stated in the RH bugzilla, that the initial patch was wrong: https://bugzilla.redhat.com/show_bug.cgi?id=2154178#c28 > > And please stop responding in HTML format, the mailing lists reject this :( > > thanks, > > greg k-h -- Security Engineer, SUSE Software Solutions Germany GmbH, Frankenstraße 146, 90461 Nürnberg, Germany, GF: Ivo Totev, Andrew McDonald, Werner Knoblich (HRB 36809, AG Nürnberg) GPG: D29F 82AA 9FD5 9D6E 74B1 6370 089E DB3D 230A 2404 Download attachment "OpenPGP_0x089EDB3D230A2404.asc" of type "application/pgp-keys" (11850 bytes) Download attachment "OpenPGP_signature.asc" of type "application/pgp-signature" (841 bytes)
Powered by blists - more mailing lists