[Secure-testing-commits] r35196 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Jun 28 13:25:17 UTC 2015
Author: carnil
Date: 2015-06-28 13:25:17 +0000 (Sun, 28 Jun 2015)
New Revision: 35196
Modified:
data/CVE/list
Log:
Update CVE-2015-3243/rsyslog, mark as unimportant
NOTE for reviewers: Please double check if you agree on the assesment.
rsyslog in Debian set's in the package provided rsyslog.conf
$FileCreateMode to 0640. Post of Kurt Seifried on oss-security
https://marc.info/?l=oss-security&m=143465023811345&w=2 mentions more
details on the issue on Red Hat's side.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-06-28 12:09:06 UTC (rev 35195)
+++ data/CVE/list 2015-06-28 13:25:17 UTC (rev 35196)
@@ -4574,8 +4574,9 @@
RESERVED
CVE-2015-3243 [some log files are created world-readable]
RESERVED
- - rsyslog <undetermined>
- TODO: check
+ - rsyslog <unfixed> (unimportant)
+ NOTE: The default for syslog is $FileCreateMode 0644 but the rsyslog.conf
+ NOTE: provided by the Debian package sets $FileCreateMode 0640
CVE-2015-3242
RESERVED
NOTE: To be rejected
More information about the Secure-testing-commits
mailing list