[kernel-sec-discuss] r1703 - active
Dann Frazier
dannf at alioth.debian.org
Mon Feb 1 00:07:20 UTC 2010
Author: dannf
Date: 2010-02-01 00:07:18 +0000 (Mon, 01 Feb 2010)
New Revision: 1703
Modified:
active/CVE-2009-file-permission-bypass
Log:
update status/notes
Modified: active/CVE-2009-file-permission-bypass
===================================================================
--- active/CVE-2009-file-permission-bypass 2010-02-01 00:06:08 UTC (rev 1702)
+++ active/CVE-2009-file-permission-bypass 2010-02-01 00:07:18 UTC (rev 1703)
@@ -5,13 +5,16 @@
http://securityfocus.com/archive/1/507386/30/30/threaded
http://lwn.net/Articles/359219
Notes:
- from discussion on bugtraq, it appears that this problem is exposed because of some
- debian-specific patches (upstream is not affected). at this point, i am noting the
- issue because there appears to be something to it, but i have not studied it in
- detail nor verified any claims.
+ from discussion on bugtraq, it appears that this problem is exposed because of
+ some debian-specific patches (upstream is not affected). at this point, i am
+ noting the issue because there appears to be something to it, but i have not
+ studied it in detail nor verified any claims.
+ .
+ dannf> I don't see anything debian-specific about it. I can reproduce on 2.6.32
+ and RHEL5.
Bugs:
-upstream:
-linux-2.6:
-2.6.18-etch-security:
-2.6.24-etch-security:
-2.6.26-lenny-security:
+upstream: ignored "no upstream fix"
+linux-2.6: ignored "no upstream fix"
+2.6.18-etch-security: ignored "no upstream fix"
+2.6.24-etch-security: ignored "no upstream fix"
+2.6.26-lenny-security: ignored "no upstream fix"
More information about the kernel-sec-discuss
mailing list