[Secure-testing-commits] r48995 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Feb 16 15:54:32 UTC 2017
Author: carnil
Date: 2017-02-16 15:54:31 +0000 (Thu, 16 Feb 2017)
New Revision: 48995
Modified:
data/CVE/list
Log:
Mark CVE-2017-2621/heat as not-affected
Note for reviewers: I checked back the version in git, and looks that
the chmod in postinst was there from the beginning. So this should mean
heat in Debian is not affected. Might need double-check for corner
cases.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-02-16 12:28:06 UTC (rev 48994)
+++ data/CVE/list 2017-02-16 15:54:31 UTC (rev 48995)
@@ -9421,9 +9421,8 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1420992
CVE-2017-2621 [/var/log/heat/ is world readable]
RESERVED
- - heat <unfixed>
- NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2621
- TODO: check
+ - heat <not-affected> (heat-common postinst chmod's 0750 /var/log/heat)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1420990
CVE-2017-2620
RESERVED
CVE-2017-2619
More information about the Secure-testing-commits
mailing list