| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025010329-kelp-chump-18ac@gregkh>
Date: Fri, 3 Jan 2025 07:52:15 +0100
From: Greg KH <gregkh@...uxfoundation.org>
To: Harshit Mogalapalli <harshit.m.mogalapalli@...cle.com>
Cc: cve@...nel.org, vegard.nossum@...cle.com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] CVE-2024-26929: Add vulnerable commit information
On Thu, Jan 02, 2025 at 12:48:26PM -0800, Harshit Mogalapalli wrote:
> This CVE fixes: 4895009c4bb7 ("scsi: qla2xxx: Prevent command send on
> chip reset") so add that information in vulnerable commit.
>
> Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@...cle.com>
> ---
> cve/published/2024/CVE-2024-26929.vulnerable | 1 +
> 1 file changed, 1 insertion(+)
> create mode 100644 cve/published/2024/CVE-2024-26929.vulnerable
>
> diff --git a/cve/published/2024/CVE-2024-26929.vulnerable b/cve/published/2024/CVE-2024-26929.vulnerable
> new file mode 100644
> index 000000000000..b946d6f2786b
> --- /dev/null
> +++ b/cve/published/2024/CVE-2024-26929.vulnerable
> @@ -0,0 +1 @@
> +4895009c4bb72f71f2e682f1e7d2c2d96e482087
> --
> 2.46.0
>
>
Ok, by doing this it means this whole CVE needs to be rejected as the
vulnerable commit never shows up in a a release on its own. Are you
sure about this? If so, let's just reject the CVE.
thanks,
greg k-h
Powered by blists - more mailing lists