[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousb
From: Vladis Dronov <vdronov () redhat ! com>
Date: 2017-11-13 15:07:00
Message-ID: 640892254.31427608.1510585620318.JavaMail.zimbra () redhat ! com
[Download RAW message or body]
Hello, Greg, all,
My fault here was indeed not stating that a Red Hat's product is
vulnerable (thus, a CVE was assigned), but stating that only Linux
kernel is vulnerable (while indeed it was fixed a long ago). Please,
accept my apologies.
> I hate to ask, but why are you getting CVEs for bugs fixed over a year
> ago, and are already in all stable kernel releases a year ago? Why does
> it matter?
I'm afraid, you won't like the answer, but in a short word, the Red Hat
is a CNA (CVE Numbering Authority) for Red Hat's products and the Linux
kernel and we've decided to assign this CVE.
Best regards,
Vladis Dronov | Red Hat, Inc. | Product Security Engineer
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic