| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Z_0aBN-20w20-UiD@casper.infradead.org> Date: Mon, 14 Apr 2025 15:21:56 +0100 From: Matthew Wilcox <willy@...radead.org> To: Christian Brauner <brauner@...nel.org> Cc: now4yreal <now4yreal@...mail.com>, Jan Kara <jack@...e.com>, Viro <viro@...iv.linux.org.uk>, Bacik <josef@...icpanda.com>, Stone <leocstone@...il.com>, Sandeen <sandeen@...hat.com>, Johnson <jeff.johnson@....qualcomm.com>, linux-fsdevel <linux-fsdevel@...r.kernel.org>, linux-kernel <linux-kernel@...r.kernel.org> Subject: Re: [Bug Report] OOB-read BUG in HFS+ filesystem On Mon, Apr 14, 2025 at 04:18:27PM +0200, Christian Brauner wrote: > On Mon, Apr 14, 2025 at 09:45:25PM +0800, now4yreal wrote: > > Dear Linux Security Maintainers, > > I would like to report a OOB-read vulnerability in the HFS+ file > > system, which I discovered using our in-house developed kernel fuzzer, > > Symsyz. > > Bug reports from non-official syzbot instances are generally not > accepted. > > hfs and hfsplus are orphaned filesystems since at least 2014. Bug > reports for such filesystems won't receive much attention from the core > maintainers. > > I'm very very close to putting them on the chopping block as they're > slowly turning into pointless burdens. I've tried asking some people who are long term Apple & Linux people, but haven't been able to find anyone interested in becoming maintainer. Let's drop both hfs & hfsplus. Ten years of being unmaintained is long enough.
Powered by blists - more mailing lists