[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: CVE request -- Linux kernel - kvm: x86: out-of-bounds memory access in pit_ioport
From:       Petr Matousek <pmatouse () redhat ! com>
Date:       2015-06-25 10:44:47
Message-ID: 20150625104447.GI18896 () dhcp-25-225 ! brq ! redhat ! com
[Download RAW message or body]

On Thu, Jun 25, 2015 at 06:42:41AM -0400, cve-assign@mitre.org wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> > Doesn't this fall under different code base?
> 
> No. There would be separate CVE IDs if it were a conceptually
> identical vulnerability in different code found in different
> codebases. We do not assign multiple CVE IDs to the same vulnerability
> in the same piece of code, regardless of how or why that code has been
> copied into different projects. This is a case with reuse of an entire
> substantial function: the function name is the same, the code
> structure is the same, names of variables and structure members are
> largely the same, etc. The reuse extends to pit_ioport_write as well.

Fair enough.

Thanks,
-- 
Petr Matousek / Red Hat Product Security
PGP: 0xC44977CA 8107 AF16 A416 F9AF 18F3  D874 3E78 6F42 C449 77CA
[prev in list] [next in list] [prev in thread] [next in thread]