Bug#1000886: CVE-2013-7445: Direct Rendering Manager (DRM) subsystem in the Linux Kernel through 4.x mishandles requests for GEM object
On 11/30/21 3:02 PM, Salvatore Bonaccorso wrote: Control: tags -1 + security Control: notfound -1 4.0 Hi Salvatore, Thank you for your reply. Thank you. It's usually not necessary to fill bugs for CVEs for src:linux, we are already tracking them and are aware. > In the Sorry for the noise. particular case you can look up CVE-2013-7445 and it's unlikely that it will be addressed. Furthermore CVEs for linux are specifically tracked in the kernel-team as well. What about the other CVEs in the unreported list? (https://security-tracker.debian.org/tracker/status/unreported) Is it worthwhile to try to get them reported? Or is this a low priority because they've already been triaged? Thanks again, Jeremiah
Bug#1000886: CVE-2013-7445: Direct Rendering Manager (DRM) subsystem in the Linux Kernel through 4.x mishandles requests for GEM object
Control: tags -1 + security Control: notfound -1 4.0 Hi Jeremiah, On Tue, Nov 30, 2021 at 12:56:50PM -0500, Jeremiah C. Foster wrote: > Package: linux > Source: linux > Version: 4.0 > Severity: important > Tags: upstream > > Dear Maintainer, > > There is a list of unreported issues in the Debian Security-tracker: > https://security-tracker.debian.org/tracker/status/unreported This > issue was the first one in the tracker which led me to file this issue > > in Debian's bug tracking system. Thank you. It's usually not necessary to fill bugs for CVEs for src:linux, we are already tracking them and are aware. In the particular case you can look up CVE-2013-7445 and it's unlikely that it will be addressed. Furthermore CVEs for linux are specifically tracked in the kernel-team as well. It's not necessary to fill bugs for CVE for src:linux, we already track them, so this would just cause some unnecessary overhead (in particular for such on old CVE ;-)). Regards, Salvatore
Bug#1000886: CVE-2013-7445: Direct Rendering Manager (DRM) subsystem in the Linux Kernel through 4.x mishandles requests for GEM object
Package: linux Source: linux Version: 4.0 Severity: important Tags: upstream Dear Maintainer, There is a list of unreported issues in the Debian Security-tracker: https://security-tracker.debian.org/tracker/status/unreported This issue was the first one in the tracker which led me to file this issue in Debian's bug tracking system. Regards, Jeremiah -- System Information: Debian Release: 11.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-9-amd64 (SMP w/8 CPU threads) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled