[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Linux kernel: nfc: null ptr dereference in llcp_sock_getname
From:       Mohammad Tausif Siddiqui <msiddiqu () redhat ! com>
Date:       2021-08-24 9:01:59
Message-ID: CAC5HUDwRAzx657HLVrADOUrnJBKfEEu_dbpV-_B7D1R6ygzpFQ () mail ! gmail ! com
[Download RAW message or body]


[Update] Root CNA MITRE marked rejected CVE-2021-3587 for CVE-2021-38208.

CVE-2021-38208 to be used for this issue.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3587
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38208


On Tue, Aug 17, 2021 at 5:57 PM Salvatore Bonaccorso <carnil@debian.org>
wrote:

> Hi,
>
> On Tue, Aug 17, 2021 at 04:17:38PM +0800, butt3rflyh4ck wrote:
> > Hi, MITRE has assigned CVE-2021-38208 to this issue,
> > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38208
> >
> > The CVE-2021-3587 assigned by Redhat was 'RESERVED' now.
> > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3587
> >
> > There was some confusion here, Maybe CVE-2021-3587 should be 'REJECT'.
>
> I wonder if it would actually be better the other way around, but
> leaving the decision to MITRE CNA and Red Hat: Several downstream
> Linux distrubutions seem to have already used CVE-2021-3587 in their
> advisories, so rejecting CVE-2021-38208 would seem to cause less
> turnarounds). But I have a biased view here, at least Debian, Ubuntu,
> Slackware, Fedora and Mageia used already accordingly CVE-2021-3587.
>
> Regards,
> Salvatore
>
>

-- 

*Tausif Siddiqui* | RED HAT PRODUCT SECURITY

0EE1 F6BF 8991 9A65 0A79 A0A7 5849 60EC 88B8 2C71

secalert@redhat.com <https://access.redhat.com/security/team/contact> for
urgent response.


[prev in list] [next in list] [prev in thread] [next in thread]