LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Kernel security, year to date

Kernel security, year to date

Posted Sep 12, 2008 10:03 UTC (Fri) by eteo (guest, #36711)
In reply to: Kernel security, year to date by nix
Parent article: Kernel security, year to date

> They don't have CVE numbers and perhaps the authors didn't even bother to

They have CVE names now. CVE-2008-3915 for commit 91b80969, and CVE-2008-3911 for commit 27df6f25.

> isolate the commit that introduced the problem. How terrifying, I'm sure
> the fix is much worse as a consequence.

I don't really understand what you are trying to say.

(Log in to post comments)

Kernel security, year to date

Posted Sep 12, 2008 10:10 UTC (Fri) by nix (subscriber, #2304) [Link]

The drumbeat here has been that security problems which aren't a)
identified as such with the magic word 'security' and b) don't have CVE
numbers shouldn't even have their fixes committed in case the bad guys
spot the fix (as far as I can tell). I'm trying to point out that even
when they're not identified as such, it's often quite easy to identify
them.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds