Re: [PATCH 1/9] Known exploit detection

From: Dan Carpenter
Date: Fri Dec 13 2013 - 06:49:23 EST

Next message: Greg Kroah-Hartman: "Re: [PATCH 1/9] Known exploit detection"
Previous message: Tejun Heo: "Re: [patch 7/8] mm, memcg: allow processes handling oomnotifications to access reserves"
In reply to: Alexander Holler: "Re: [PATCH 1/9] Known exploit detection"
Next in thread: Greg Kroah-Hartman: "Re: [PATCH 1/9] Known exploit detection"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Dec 13, 2013 at 11:31:48AM +0100, Alexander Holler wrote:
> I've never seen a comment inside the kernel sources which does point
> to a CVE, so I assume there already does exists some agreement about
> not doing so.

We do occasionally put CVE numbers in the commit message, but normally
the commit comes first before we ask for a CVE number.

If you want a list of kernel CVEs then you can use the Ubuntu list:
https://launchpad.net/ubuntu-cve-tracker
http://people.canonical.com/~ubuntu-security/cve/main.html
It has the commit which introduced the bug and commit which fixes the
bug. Suse has a public CVE list as well.

You are right that probably some security commits don't get a CVE. When
you spot one then feel free to ask for a CVE from the
oss-security@xxxxxxxxxxxxxxxxxx email list.

regards,
dan carpenter

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg Kroah-Hartman: "Re: [PATCH 1/9] Known exploit detection"
Previous message: Tejun Heo: "Re: [patch 7/8] mm, memcg: allow processes handling oomnotifications to access reserves"
In reply to: Alexander Holler: "Re: [PATCH 1/9] Known exploit detection"
Next in thread: Greg Kroah-Hartman: "Re: [PATCH 1/9] Known exploit detection"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]