[Secure-testing-commits] r13872 - data/CVE
Steffen Joeris
white at alioth.debian.org
Thu Jan 21 12:06:37 UTC 2010
Author: white
Date: 2010-01-21 12:06:30 +0000 (Thu, 21 Jan 2010)
New Revision: 13872
Modified:
data/CVE/list
Log:
no-dsa for acl issue, can be fixed via s-p-u
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-01-21 02:30:38 UTC (rev 13871)
+++ data/CVE/list 2010-01-21 12:06:30 UTC (rev 13872)
@@ -1063,6 +1063,7 @@
CVE-2009-4411 (The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when ...)
- acl <unfixed> (low; bug #499076)
[etch] - acl <not-affected> (Vulnerable code not present)
+ [lenny] - acl <no-dsa> (Minor issue, symlink attack not always as root)
NOTE: bug was closed but the fix seems incomplete
NOTE: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499076#51
CVE-2009-4409 (The (1) CHAP and (2) MS-CHAP-V2 authentication capabilities in the PPP ...)
More information about the Secure-testing-commits
mailing list