[kernel-sec-discuss] r1091 - active retired

dannf at alioth.debian.org dannf at alioth.debian.org
Thu Jan 17 22:49:47 UTC 2008 

Author: dannf
Date: 2008-01-17 22:49:47 +0000 (Thu, 17 Jan 2008)
New Revision: 1091

Added:
   retired/CVE-2004-1190
Removed:
   active/CVE-2004-1190
Log:
permanently ignore CVE-2004-1190  for 2.4 and retire

Deleted: active/CVE-2004-1190
===================================================================
--- active/CVE-2004-1190	2008-01-17 22:46:32 UTC (rev 1090)
+++ active/CVE-2004-1190	2008-01-17 22:49:47 UTC (rev 1091)
@@ -1,19 +0,0 @@
-Candidate: CVE-2004-1190
-References: 
- http://www.novell.com/linux/security/advisories/2004_42_kernel.html
- http://xforce.iss.net/xforce/xfdb/18370
-Description:
- SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not
- properly check commands sent to CD devices that have been opened read-only,
- which could allow local users to conduct unauthorized write activities to
- modify the firmware of associated SCSI devices.
- .
- dannf> skipping for 2.4/sarge3 - not sure if 2.4 is affected, but we should
-        revisit
-Notes: 
-Bugs: 300162
-upstream: released (2.6.10)
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-14) [scsi-ioctl-cmd-warned.dpatch, scsi-ioctl-remove-dup.dpatch, scsi-ioctl-permit.dpatch, SG_IO-cap.dpatch, SG_IO-safe-commands-2.dpatch, SG_IO-safe-commands-3.dpatch, SG_IO-safe-commands-5.dpatch]
-2.4.27-sarge-security: ignored (2.4.27-10sarge3)
-2.6.18-etch-security: N/A

Copied: retired/CVE-2004-1190 (from rev 1089, active/CVE-2004-1190)
===================================================================
--- retired/CVE-2004-1190	                        (rev 0)
+++ retired/CVE-2004-1190	2008-01-17 22:49:47 UTC (rev 1091)
@@ -0,0 +1,19 @@
+Candidate: CVE-2004-1190
+References: 
+ http://www.novell.com/linux/security/advisories/2004_42_kernel.html
+ http://xforce.iss.net/xforce/xfdb/18370
+Description:
+ SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not
+ properly check commands sent to CD devices that have been opened read-only,
+ which could allow local users to conduct unauthorized write activities to
+ modify the firmware of associated SCSI devices.
+ .
+ dannf> skipping for 2.4/sarge3 - not sure if 2.4 is affected, but we should
+        revisit
+Notes: 
+Bugs: 300162
+upstream: released (2.6.10)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-14) [scsi-ioctl-cmd-warned.dpatch, scsi-ioctl-remove-dup.dpatch, scsi-ioctl-permit.dpatch, SG_IO-cap.dpatch, SG_IO-safe-commands-2.dpatch, SG_IO-safe-commands-3.dpatch, SG_IO-safe-commands-5.dpatch]
+2.4.27-sarge-security: ignored
+2.6.18-etch-security: N/A

More information about the kernel-sec-discuss mailing list