Re: [PATCH 1/2] published: CVE-2025-0927: Fix up JSON schema.
From: gregkh@xxxxxxxxxxxxxxxxxxx
Date: Wed Apr 02 2025 - 03:43:35 EST
On Wed, Apr 02, 2025 at 07:16:33AM +0000, Siddh Raman Pant wrote:
> On Wed, Apr 02 2025 at 12:36:20 +0530, Greg Kroah-Hartman wrote:
> > On Wed, Apr 02, 2025 at 12:21:52PM +0530, Siddh Raman Pant wrote:
> > > It doesn't match the schema of other CVEs as it was not generated
> > > by bippy.
> >
> > It was created by vulnogram for obvious reasons :(
> >
> > Also, please cc: cve@xxxxxxxxxx for stuff like this.
>
> Okay, noted.
>
> >
> > > Fixed by hand / manually.
> > >
> > > programFiles were added from the info in mbox.
> >
> > So this did two different things? Why does the layout matter here?
> > Eventually it will be created properly when someone gets the fix
> > upstream, I'm waiting for Canonical to do it as they are responsible for
> > fixing this mess at the moment, but don't seem to be responding to my
> > emails anymore...
>
> Apparently, they fixed it in February and backported it:
>
> https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?h=Ubuntu-6.8.0-54.56&id=09ad3b1e99befe042ae5219e4020eb54411d98ef
>
> https://ubuntu.com/security/CVE-2025-0927
Yes, they did that without telling anyone, and assigned a CVE for it
which they are not allowed to do at all, which is why I had to
hand-create this one when it was transferred to kernel.org. They should
be working to get that change upstream properly, but again, they seem to
be ignoring us totally at the moment :(
greg k-h