| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHC9VhSLcgU-_R5W5_1Vh-Kc-Pd+HEhLu+H7m1hE7Po6wDg8Yw@mail.gmail.com> Date: Thu, 15 Jan 2026 17:34:01 -0500 From: Paul Moore <paul@...l-moore.com> To: Willy Tarreau <w@....eu> Cc: Stephen Smalley <stephen.smalley.work@...il.com>, security@...nel.org, selinux@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: Suspected off-by-one in context_struct_to_string() On Thu, Jan 15, 2026 at 3:19 PM Willy Tarreau <w@....eu> wrote: > > Hello, > > we've received a suspected vulnerability report on the kernel security > list, that was clearly generated by AI and really not clear at all on > the root causes nor impacts. We first dismissed it and it kept coming > back a few times. I'm not pasting it because it's more confusing than > interesting, though I can pass it to the maintainers if desired. I'm > also purposely *not* CCing the reporter, as the address changed a few > times, and once you respond you receive a new copy of the same report. > Clearly this bot deserves a bit more tuning. It's funny, I had to rescue this email from my spam folder just now too. Unfortunately I have to step away for the evening right now so I can't look at this, but if you don't hear from Stephen or anyone else by tomorrow I'll take a closer look then. I'm intentionally trimming the rest of the email to potentially work around the spammy bits, but who knows. If you happen to be seeing this for the first time, Willy's original message was captured on lore and can be found at the link below: https://lore.kernel.org/selinux/aWlLs1o5gk7k5osk@1wt.eu -- paul-moore.com
Powered by blists - more mailing lists