lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <80cd3f46783cd5702b3abd40c11f3f08f64717ec.1743576485.git.siddh.raman.pant@oracle.com>
Date: Wed,  2 Apr 2025 12:21:52 +0530
From: Siddh Raman Pant <siddh.raman.pant@...cle.com>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: linux-kernel <linux-kernel@...r.kernel.org>
Subject: [PATCH 1/2] published: CVE-2025-0927: Fix up JSON schema.

It doesn't match the schema of other CVEs as it was not generated
by bippy.

Fixed by hand / manually.

programFiles were added from the info in mbox.

Signed-off-by: Siddh Raman Pant <siddh.raman.pant@...cle.com>
---
 cve/published/2025/CVE-2025-0927.json | 36 ++++++++-------------------
 1 file changed, 11 insertions(+), 25 deletions(-)

diff --git a/cve/published/2025/CVE-2025-0927.json b/cve/published/2025/CVE-2025-0927.json
index 0a61961ede76..743e70d4b100 100644
--- a/cve/published/2025/CVE-2025-0927.json
+++ b/cve/published/2025/CVE-2025-0927.json
@@ -4,8 +4,13 @@
             "affected": [
                 {
                     "defaultStatus": "unaffected",
-                    "product": "Linux Kernel",
+                    "product": "Linux",
                     "vendor": "Linux",
+                    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
+                    "programFiles": [
+                        "fs/hfs/bnode.c",
+                        "fs/hfsplus/bnode.c",
+                    ]
                     "versions": [
                         {
                             "status": "affected",
@@ -17,26 +22,10 @@
             "descriptions": [
                 {
                     "lang": "en",
-                    "supportingMedia": [
-                        {
-                            "base64": false,
-                            "type": "text/html",
-                            "value": "In the Linux kernel, the following vulnerability has been found:<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;  <br>A heap overflow in the hfs and hfsplus filesystems can happen if a user mounts a manually crafted filesystem.<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;  <br>At this point in time, it is not fixed in any released kernel version, this is a stop-gap report to notify that kernel.org is now the owner of this CVE id.  &nbsp; &nbsp; <br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;  <br>The Linux kernel CVE team has been assigned CVE-2025-0927 as it was incorrectly created by a different CNA that really should have known better to not have done this.to this issue.<br>"
-                        }
-                    ],
-                    "value": "In the Linux kernel, the following vulnerability has been found:\n               \nA heap overflow in the hfs and hfsplus filesystems can happen if a user mounts a manually crafted filesystem.\n               \nAt this point in time, it is not fixed in any released kernel version, this is a stop-gap report to notify that kernel.org is now the owner of this CVE id.      \n               \nThe Linux kernel CVE team has been assigned CVE-2025-0927 as it was incorrectly created by a different CNA that really should have known better to not have done this.to this issue."
-                }
-            ],
-            "problemTypes": [
-                {
-                    "descriptions": [
-                        {
-                            "description": "heap overflow in the hfs and hfsplus filesystems with manually crafted filesystem",
-                            "lang": "en"
-                        }
-                    ]
+                    "value": "In the Linux kernel, the following vulnerability has been found:\n\nA heap overflow in the hfs and hfsplus filesystems can happen if a user\nmounts a manually crafted filesystem.\n\nAt this point in time, it is not fixed in any released kernel version,\nthis is a stop-gap report to notify that kernel.org is now the owner of\nthis CVE id.\n\nThe Linux kernel CVE team has been assigned CVE-2025-0927 as it was\nincorrectly created by a different CNA that really should have known\nbetter to not have done this to this issue."
                 }
             ],
+            "title": "heap overflow in the hfs and hfsplus filesystems with manually crafted filesystem",
             "providerMetadata": {
                 "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
             },
@@ -45,21 +34,18 @@
                     "url": "https://www.kernel.org/"
                 }
             ],
-            "source": {
-                "discovery": "UNKNOWN"
-            },
             "x_generator": {
-                "engine": "Vulnogram 0.2.0"
+                "engine": "Human fixing output of Vulnogram 0.2.0 for Linux"
             }
         }
     },
     "cveMetadata": {
         "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
-        "cveId": "CVE-2025-0927",
+        "cveID": "CVE-2025-0927",
         "requesterUserId": "gregkh@...nel.org",
         "serial": 1,
         "state": "PUBLISHED"
     },
     "dataType": "CVE_RECORD",
-    "dataVersion": "5.1"
+    "dataVersion": "5.0"
 }
-- 
2.47.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ