[Secure-testing-commits] r38501 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Dec 23 18:38:24 UTC 2015
Author: carnil
Date: 2015-12-23 18:38:24 +0000 (Wed, 23 Dec 2015)
New Revision: 38501
Modified:
data/CVE/list
Log:
Add new linux issue in overlayfs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-12-23 18:32:09 UTC (rev 38500)
+++ data/CVE/list 2015-12-23 18:38:24 UTC (rev 38501)
@@ -1,3 +1,11 @@
+CVE-2015-XXXX [overlay: fix permission checking for setattr]
+ - linux <unfixed>
+ [jessie] - linux <not-affected> (Vulnerable code not present)
+ [wheezy] - linux <not-affected> (Vulnerable code not present)
+ - linux-2.6 <not-affected> (Vulnerable code not present)
+ NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=acff81ec2c79492b180fade3c2894425cd35a545 (v4.4-rc4)
+ NOTE: OverlayFS introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9be9d5e76e34872f0c37d72e25bc27fe9e2c54c (v3.18-rc2)
+ NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/12/23/5
CVE-2015-8621 [t-coffee: creates world-writable directories]
- t-coffee 11.00.8cbe486-2 (low; bug #751579)
[squeeze] - t-coffee <not-affected> (version in Squeeze uses system() and umask is handled correctly by sh (as opposed to later versions that use mkdir()))
More information about the Secure-testing-commits
mailing list