Date
1 - 1 of 1
Who is looking at CVEs to prevent them?
Dan Carpenter <error27@...>
On Thu, Jan 19, 2023 at 09:14:53AM +0900, Masami Ichikawa wrote:
CVE-2023-0210: ksmbd: check nt_len to be at least CIFS_ENCPWD_SIZE inSorry, I have kind of hijacked the cip-dev email list... I use these lists to figure out where we are failing. I created a static checker warning for this bug. I also wrote a blog stepping through the process: https://staticthinking.wordpress.com/2023/03/07/triaging-security-bugs/ If anyone wants to review the warnings, just email me and I can send them to you. I Cc'd LWN because I was going to post the warnings but I chickened out because that didn't feel like responsible disclosure. The instructions for how to find these yourself are kind of right there in the blog so it's not too hard to generate these results yourself... I don't really have enough time to review static checker warnings anymore but I don't know who wants to do that job now. regards, dan carpenter |
|