[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request - kernel: ima: fix null pointer dereference
From:       Eugene Teo <eugene () redhat ! com>
Date:       2010-02-09 16:16:58
Message-ID: 4B718A7A.7080201 () redhat ! com
[Download RAW message or body]

On 02/10/2010 12:13 AM, Mark J Cox wrote:
>>> Do we need CVE numbers for issues that never showed up in a released
>>> kernel version? I don't see how this could affect anyone, unless they
>>> were foolish enough to ship a product on a non-released kernel :)
>>
>> You got a point there, but I requested this in order to keep track of
>> security issues that we might need to backport in our future kernels.
>
> It shouldn't get a CVE name. If someone at some point in the future
> ships a vulnerable version (by selective backporting, or similar) then
> it would get a name. Cheers, Mark

Thanks for clarifying.

Eugene
-- 
Eugene Teo / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]