[Secure-testing-commits] r10343 - data/CVE

joeyh at alioth.debian.org joeyh at alioth.debian.org
Sat Nov 8 09:14:14 UTC 2008 

Author: joeyh
Date: 2008-11-08 09:14:13 +0000 (Sat, 08 Nov 2008)
New Revision: 10343

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-11-08 09:09:46 UTC (rev 10342)
+++ data/CVE/list	2008-11-08 09:14:13 UTC (rev 10343)
@@ -3500,17 +3500,17 @@
 	NOTE: cdbf6dba28e8e6268c8420857696309470009fd9 (ext3)
 	NOTE: bd39597cbd42a784105a04010100e27267481c67 (ext2)
 	NOTE: 9d9f177572d9e4eba0f2e18523b44f90dd51fe74 (ext4)
-        NOTE: Comment from tytso:
-        NOTE: Note: some people thinks this represents a security bug, since it
-        NOTE: might make the system go away while it is printing a large number of
-        NOTE: console messages, especially if a serial console is involved.  Hence,
-        NOTE: it has been assigned CVE-2008-3528, but it requires that the attacker
-        NOTE: either has physical access to your machine to insert a USB disk with a
-        NOTE: corrupted filesystem image (at which point why not just hit the power
-        NOTE: button), or is otherwise able to convince the system administrator to
-        NOTE: mount an arbitrary filesystem image (at which point why not just
-        NOTE: include a setuid shell or world-writable hard disk device file or some
-        NOTE: such).  Me, I think they're just being silly.
+	NOTE: Comment from tytso:
+	NOTE: Note: some people thinks this represents a security bug, since it
+	NOTE: might make the system go away while it is printing a large number of
+	NOTE: console messages, especially if a serial console is involved.  Hence,
+	NOTE: it has been assigned CVE-2008-3528, but it requires that the attacker
+	NOTE: either has physical access to your machine to insert a USB disk with a
+	NOTE: corrupted filesystem image (at which point why not just hit the power
+	NOTE: button), or is otherwise able to convince the system administrator to
+	NOTE: mount an arbitrary filesystem image (at which point why not just
+	NOTE: include a setuid shell or world-writable hard disk device file or some
+	NOTE: such).  Me, I think they're just being silly.
 CVE-2008-3527 (arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects ...)
 	TODO: check
 CVE-2008-3526 (Integer overflow in the sctp_setsockopt_auth_key function in ...)

More information about the Secure-testing-commits mailing list