From owner-svn-src-all@freebsd.org Tue Apr 26 21:26:52 2016 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4CEE5B1DAE1 for ; Tue, 26 Apr 2016 21:26:52 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-qg0-x22b.google.com (mail-qg0-x22b.google.com [IPv6:2607:f8b0:400d:c04::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 024951EA9 for ; Tue, 26 Apr 2016 21:26:52 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: by mail-qg0-x22b.google.com with SMTP id f74so10386847qge.2 for ; Tue, 26 Apr 2016 14:26:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd-org.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=gXbDyNBTRJkZCJ0mSr58Xv7q42BXd+GeayZQRj/MOxU=; b=I9C86fzFypXb9aZu2oGYyY4dtsftC0zxrE4ftbZ3TsQow54j8Cwc2p0CoN0Gl6zha1 Rj6OTSlGCpbhSsQSd4+hvHUNsGAQOtk4/CU2B8r2k1IiaOwlSGd0txgSkBIZRJleaF6z wSN2p86+3e2mQgIYJ1KwzZbE6jwgbsJwgTlOku/VcHAytQ0q87Qkl7y3ynWjXVR5mkvD /tNtg7Tb2/qjdTLodJkuguSM6DOgDx/HCPQz6gtBHPW8mprDOjbjLFgS3eJVk2c84ST4 1xRgzh6yW5mnlh28wVGPVJOOfbqyBms5oMZJTYktNoJwh4K2uz/6X7d5UjGwzaMtlJGo /cYQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=gXbDyNBTRJkZCJ0mSr58Xv7q42BXd+GeayZQRj/MOxU=; b=V7CprBJ2qr7xyzk3GKdERak5woMIDxA8y7v95KUEcBcF8S5N4RHoQAoRGe93qdMvVP lj+RoGClFFhFShG3VjZhPV3Py4Dpwp01Riyn7oufIKnuRvQ272j3JNztLvsPKkMFoamt lwnYxxzXxcS72TsNOy7CKhl8HmeusTDH9/pzJrbk23+Qm6BaeN8LDONHgQC7oB25Fzib SXchTILX+QyR7OrNjVyvnlwOXLfW2r+K3I2TpHS0S3Nemcujv/ludGoC4EDQ1csWeUsc J5HqJtEkxANdXp1dkUjadmj+p7UZMqggqjtgVafUOgpgzBahG8wWGW9Gl6ATYnr8H27M JOwA== X-Gm-Message-State: AOPr4FX+1jyz9y29Ok3PrxO/AtHIFOiG/LcYuvO9EVZKU7hcui4ExtDAPIJXNE1EXy+SQfcp X-Received: by 10.140.101.137 with SMTP id u9mr4599367qge.92.1461706011127; Tue, 26 Apr 2016 14:26:51 -0700 (PDT) Received: from mutt-hardenedbsd (c-73-135-80-144.hsd1.md.comcast.net. [73.135.80.144]) by smtp.gmail.com with ESMTPSA id r18sm218435qhb.35.2016.04.26.14.26.49 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 26 Apr 2016 14:26:50 -0700 (PDT) Date: Tue, 26 Apr 2016 17:26:48 -0400 From: Shawn Webb To: Kristof Provost Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org, secteam@freebsd.org Subject: Re: svn commit: r298664 - head/sys/fs/msdosfs Message-ID: <20160426212648.GC13055@mutt-hardenedbsd> References: <201604262036.u3QKaWto038435@repo.freebsd.org> <20160426210138.GA13055@mutt-hardenedbsd> <2190C480-1B7A-47F8-BFB4-D7C8E6F25385@FreeBSD.org> <20160426211804.GB13055@mutt-hardenedbsd> <116F3C09-CD22-42EC-80BF-4EAD6CA1C824@FreeBSD.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="7qSK/uQB79J36Y4o" Content-Disposition: inline In-Reply-To: <116F3C09-CD22-42EC-80BF-4EAD6CA1C824@FreeBSD.org> X-Operating-System: FreeBSD mutt-hardenedbsd 11.0-CURRENT-HBSD FreeBSD 11.0-CURRENT-HBSD X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0x6A84658F52456EEE User-Agent: Mutt/1.5.24 (2015-08-30) X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Apr 2016 21:26:52 -0000 --7qSK/uQB79J36Y4o Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Apr 26, 2016 at 11:22:32PM +0200, Kristof Provost wrote: >=20 > > On 26 Apr 2016, at 23:18, Shawn Webb wrote: > > Was secteam@ even involved, then? Seems like a user-facing kernel buffer > > overflow ought to have involved secteam@. > >=20 > No, it wasn???t. This bug had been open for quite a while, and I just hap= pend to see the report and look at it. Now CC'ing secteam@. I'm wondering if a CVE should be filed. Or, at the very least, a FreeBSD Security Advisory. Thanks, --=20 Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --7qSK/uQB79J36Y4o Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXH90XAAoJEGqEZY9SRW7ufiMP/j/hEb6/bnYByK7pnh6cPACm SWlGU3lpkpEAmwL6YNVmv2b/USi+PbVYAD/fFvM7pdlETzB5QA9JpQsIQ0Vzrsbd xgxTVjJs6pQe9A1mgHmi7HcFs3hB2atXapzEbbl4IvSkQB9pw9bFo/YaruM07wOB GoflLRuFRvTKzZu+tSTf6bMjC4+BjtKiJRzC4r/EmzsD8WWy2febFr+Km3hfLcL2 nYjj0g5tmUY3J2AEGkbA32oBBU5x/rLouG6+9Mnox4359i6dNo9maXw2ph5LG8Jj cuD9By9mbBB4wn9/cYDTlYK8JzUt6gXPjL8PiXLbyX/le1aYzTboHQe5r0iS16q3 Mi8+VKtowyr/tOCq/n2X8mwBOcQzdp6w35e50vAW5fttKREZvvz9kB+dUdrWkvBy 8jPjIjTc60dErQVIyeDdVbAUi2WljnjYd/deDKIXCC6Z9G8Ftdsz0y+5UQRlHQs1 LghQfO5kolfMevZ/svNed14xVF1BY9DPstiNMrtunbC6hjikx8DP+9lPgPGKNJ5I vTLVdghvkltjHUOfUaeyCCZO84RDpki8rG+TCSrgN5jbP4MF7f8szPoiSWIKoeBT UrjSXGRgd2Ev0hkRh1lN1bTKoKq8Ygb+sptRNCzwBi7L2kYJGPqaTHXgQ+KU4uK2 VwEGOvpJBjEZ6sw8wKJu =KA2d -----END PGP SIGNATURE----- --7qSK/uQB79J36Y4o--