[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request - kernel: ima: fix null pointer dereference
From: Eugene Teo <eugene () redhat ! com>
Date: 2010-02-09 16:16:58
Message-ID: 4B718A7A.7080201 () redhat ! com
[Download RAW message or body]
On 02/10/2010 12:13 AM, Mark J Cox wrote:
>>> Do we need CVE numbers for issues that never showed up in a released
>>> kernel version? I don't see how this could affect anyone, unless they
>>> were foolish enough to ship a product on a non-released kernel :)
>>
>> You got a point there, but I requested this in order to keep track of
>> security issues that we might need to backport in our future kernels.
>
> It shouldn't get a CVE name. If someone at some point in the future
> ships a vulnerable version (by selective backporting, or similar) then
> it would get a name. Cheers, Mark
Thanks for clarifying.
Eugene
--
Eugene Teo / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic