Bug#1000886: CVE-2013-7445: Direct Rendering Manager (DRM) subsystem in the Linux Kernel through 4.x mishandles requests for GEM object

To: Salvatore Bonaccorso <carnil@debian.org>, 1000886@bugs.debian.org
Subject: Bug#1000886: CVE-2013-7445: Direct Rendering Manager (DRM) subsystem in the Linux Kernel through 4.x mishandles requests for GEM object
From: "Jeremiah C. Foster" <jeremiah@jeremiahfoster.com>
Date: Tue, 30 Nov 2021 18:55:07 -0500
Message-id: <[🔎] b64daf07-0004-2216-6142-a3fdd0910897@jeremiahfoster.com>
Reply-to: "Jeremiah C. Foster" <jeremiah@jeremiahfoster.com>, 1000886@bugs.debian.org
In-reply-to: <YaaDW2t/c7FtyE2A@eldamar.lan>
References: <5090e46e-8405-4477-a6ab-c2d6550196b4@jeremiahfoster.com> <YaaDW2t/c7FtyE2A@eldamar.lan> <5090e46e-8405-4477-a6ab-c2d6550196b4@jeremiahfoster.com>

On 11/30/21 3:02 PM, Salvatore Bonaccorso wrote:

Control: tags -1 + security
Control: notfound -1 4.0


Hi Salvatore,

Thank you for your reply.

Thank you. It's usually not necessary to fill bugs for CVEs for
src:linux, we are already tracking them and are aware.  > In the


Sorry for the noise.

particular case you can look up  CVE-2013-7445 and it's unlikely that
it will be addressed. Furthermore CVEs for linux are specifically
tracked in the kernel-team as well.

What about the other CVEs in the unreported list?(https://security-tracker.debian.org/tracker/status/unreported) Is itworthwhile to try to get them reported? Or is this a low prioritybecause they've already been triaged?


Thanks again,

Jeremiah

Reply to:

Next by Date: Processed: reassign 1000735 to src:linux, tagging 974779, found 1000798 in 2.3.2+r586-7 ..., tagging 977403 ...
Next by thread: Processed: reassign 1000735 to src:linux, tagging 974779, found 1000798 in 2.3.2+r586-7 ..., tagging 977403 ...
Index(es):
- Date
- Thread