[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: kernel: ipv6: null pointer dereference
From:       "Steven M. Christey" <coley () linus ! mitre ! org>
Date:       2009-04-24 22:28:45
Message-ID: Pine.GSO.4.51.0904241824590.13343 () faron ! mitre ! org
[Download RAW message or body]


On Thu, 23 Apr 2009, Eugene Teo wrote:

> > The bug exists since 2.6.27.
> >
> > http://git.kernel.org/linus/3f53a38131a4e7a053c0aa060aba0411242fb6b9
>
> This was assigned with CVE-2009-1360.
>
> Somehow http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1360
> missed this reference even though this email was posted before
> xorl.wordpress.com wrote about it.

The URL above is equivalent to the http://git.kernel.org CONFIRM that's
currently in the CVE.

We have two main input streams for CVE: incoming requests, and
already-public information in mailing lists or vuln DBs that we monitor.
oss-security contains incoming requests but it also becomes public
information that's monitored by other vuln DBs.  Sometimes those VDBs pick
up your CVE requests before we do.  That's probably what happened here.
(I wasn't the original CVE analyst for this bug.)

- Steve
[prev in list] [next in list] [prev in thread] [next in thread]