[Git][security-tracker-team/security-tracker][master] Mark CVE-2009-1143/open-vm-tools as ignored for buster
Utkarsh Gupta (@utkarsh)
utkarsh at debian.org
Wed Aug 16 18:08:47 BST 2023
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c5d8f3ab by Utkarsh Gupta at 2023-08-16T22:38:25+05:30
Mark CVE-2009-1143/open-vm-tools as ignored for buster
It's a very minor issue and mount.vmhgfs is not suid in Debian.
Also, dropping that from buster entirely might break some users
and we don't want that. So let's leave it as-is.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -594931,7 +594931,7 @@ CVE-2009-1144 (Untrusted search path vulnerability in the Gentoo package of Xpdf
CVE-2009-1143 (An issue was discovered in open-vm-tools 2009.03.18-154848. Local user ...)
- open-vm-tools 2:12.0.0-1
[bullseye] - open-vm-tools <ignored> (Minor issue; mount.vmhgfs not suid root in Debian)
- [buster] - open-vm-tools <postponed> (Minor issue; mount.vmhgfs not suid root in Debian)
+ [buster] - open-vm-tools <ignored> (Minor issue; mount.vmhgfs not suid root in Debian)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=372070
NOTE: Removing hgfsmounter/mount.vmhgfs: https://github.com/vmware/open-vm-tools/commit/61331a189a0eeb76f014db28288b06c0323bc0b9 (stable-12.0.0)
CVE-2009-1142 (An issue was discovered in open-vm-tools 2009.03.18-154848. Local user ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5d8f3abd729786d3c84e44f5edc8c036033265d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5d8f3abd729786d3c84e44f5edc8c036033265d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230816/64c7d218/attachment.htm>
More information about the debian-security-tracker-commits
mailing list