From 65ef0730881bbc378239bd00a2086506c64ecf37 Mon Sep 17 00:00:00 2001
From: Rohan Kumar <seirdy@seirdy.one>
Date: Thu, 3 Feb 2022 22:29:46 -0800
Subject: [PATCH] Link to oss-security thread on CVE-2022-0185

---
 content/posts/floss-security.gmi | 1 +
 content/posts/floss-security.md  | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/content/posts/floss-security.gmi b/content/posts/floss-security.gmi
index cd13c59..3872b33 100644
--- a/content/posts/floss-security.gmi
+++ b/content/posts/floss-security.gmi
@@ -168,6 +168,7 @@ Fuzzing frequently catches bugs that are only apparent by running a program, not
 
 A recent example of how fuzzing helps spot a vulnerability in an open-source project is CVE-2022-0185: a Linux 0-day found by the Crusaders of Rust a few weeks ago. It was discovered using the syzkaller kernel fuzzer.
 
+=> https://www.openwall.com/lists/oss-security/2022/01/18/7 oss-security: Linux kernel: Heap buffer overflow in fs_context.c since version 5.1
 => https://github.com/google/syzkaller Syzkaller
 
 The process was documented on Will's Root:
diff --git a/content/posts/floss-security.md b/content/posts/floss-security.md
index 75f8b4d..3f46c99 100644
--- a/content/posts/floss-security.md
+++ b/content/posts/floss-security.md
@@ -132,7 +132,7 @@ If you want to get started with fuzzing, I recommend checking out [the quick-sta
 
 ### Example: CVE-2022-0185
 
-A recent example of how fuzzing helps spot a vulnerability in an open-source project is CVE-2022-0185: a Linux 0-day found by the Crusaders of Rust a few weeks ago. It was discovered using the [syzkaller](https://github.com/google/syzkaller) kernel fuzzer. The process was documented on Will's Root:
+A recent example of how fuzzing helps spot a vulnerability in an open-source project is [CVE-2022-0185](https://www.openwall.com/lists/oss-security/2022/01/18/7): a Linux 0-day found by the Crusaders of Rust a few weeks ago. It was discovered using the [syzkaller](https://github.com/google/syzkaller) kernel fuzzer. The process was documented on Will's Root:
 
 [CVE-2022-0185 - Winning a $31337 Bounty after Pwning Ubuntu and Escaping Google's KCTF Containers](https://www.willsroot.io/2022/01/cve-2022-0185.html)