[Secure-testing-commits] r48996 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Feb 16 16:12:41 UTC 2017
Author: carnil
Date: 2017-02-16 16:12:41 +0000 (Thu, 16 Feb 2017)
New Revision: 48996
Modified:
data/CVE/list
Log:
Add note for mistral issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-02-16 15:54:31 UTC (rev 48995)
+++ data/CVE/list 2017-02-16 16:12:41 UTC (rev 48996)
@@ -9419,6 +9419,11 @@
RESERVED
- mistral <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1420992
+ NOTE: tracing the installation shows that mkdir -p /var/log/mistral
+ NOTE: is executed, which depending on the umask might end in wrong
+ NOTE: permissions. But for Debian the final permissions seem to end
+ NOTE: to 0750, despite, owned by mistral:adm. Thus might need more
+ NOTE: investigation to determine the affected status.
CVE-2017-2621 [/var/log/heat/ is world readable]
RESERVED
- heat <not-affected> (heat-common postinst chmod's 0750 /var/log/heat)
More information about the Secure-testing-commits
mailing list