[Secure-testing-commits] r42323 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Jun 5 12:44:26 UTC 2016
Author: carnil
Date: 2016-06-05 12:44:26 +0000 (Sun, 05 Jun 2016)
New Revision: 42323
Modified:
data/CVE/list
Log:
Add additional bug reference for CVE-2016-2568, #812512
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-06-05 12:42:12 UTC (rev 42322)
+++ data/CVE/list 2016-06-05 12:44:26 UTC (rev 42323)
@@ -7615,7 +7615,7 @@
NOTE: Upstream confirmed it does not affect squid 2.7.x
CVE-2016-2568 [Program run via pkexec as unprivileged user can escape to parent session via TIOCSTI ioctl]
RESERVED
- - policykit-1 <unfixed> (bug #816062)
+ - policykit-1 <unfixed> (bug #816062; bug #812512)
[jessie] - policykit-1 <no-dsa> (Minor issue)
[wheezy] - policykit-1 <no-dsa> (Minor issue)
NOTE: Restricting ioctl on the kernel side seems the better approach
More information about the Secure-testing-commits
mailing list