[kernel-sec-discuss] r1790 - active retired

Moritz Muehlenhoff jmm at alioth.debian.org
Thu Mar 25 10:52:11 UTC 2010 

Author: jmm
Date: 2010-03-25 10:52:04 +0000 (Thu, 25 Mar 2010)
New Revision: 1790

Added:
   retired/CVE-2009-3725
Removed:
   active/CVE-2009-3725
Log:
retire issue


Deleted: active/CVE-2009-3725
===================================================================
--- active/CVE-2009-3725	2010-03-25 10:50:44 UTC (rev 1789)
+++ active/CVE-2009-3725	2010-03-25 10:52:04 UTC (rev 1790)
@@ -1,18 +0,0 @@
-Candidate: CVE-2009-3725
-Description:
- certain priviledged routines can be executed by an unpriviledged user, potentially 
- leading to arbitrary code execution as the priviledged user
-References:
- http://www.openwall.com/lists/oss-security/2009/11/02/1
- http://xorl.wordpress.com/2009/10/31/linux-kernel-multiple-capabilities-missing-checks/
-Notes:
- - multiple issues that were introduced and fixed in various versions of the kernel
- - two issues are already fixed in 2.6.31-1, and two issues remain to be fixed (currently
-   in upstream's staging branch)
-Bugs:
-upstream: released (2.6.32-rc3) [cc44578b5a508889beb8ae3ccd4d2bbdf17bc86c, 98a5783af02f4c9b87b676d7bbda6258045cfc76, 5788c56891cfb310e419c4f9ae20427851797431, 24836479a126e02be691e073c2b6cad7e7ab836a], released (2.6.31.5) [127f1bdba584bc2aa2f910273b6b5701d5bad3ed, 85a79fc56eaee6587d19971b5348261773c1c507, 060425ef1d42f59b9b3faed31406e9e59c7464a0, e1a7338bc0da30633357c84be4df222a1bdbfd99]
-linux-2.6: released (2.6.32-1)
-2.6.18-etch-security: N/A
-2.6.24-etch-security: ignored (EOL)
-2.6.26-lenny-security: released (2.6.26-21lenny4) [bugfix/all/connector-keep-the-skb-in-cn_callback_data.patch, bugfix/all/connector-provide-the-sender-s-credentials-to-the-callback.patch, bugfix/all/connector-removed-the-destruct_data-callback-since-it-is-always-kfree_skb.patch, bugfix/all/uvesafb-connector-disallow-unpliviged-users-to-send-netlink-packets.patch]
-2.6.32-squeeze-security: released (2.6.32-1)

Copied: retired/CVE-2009-3725 (from rev 1786, active/CVE-2009-3725)
===================================================================
--- retired/CVE-2009-3725	                        (rev 0)
+++ retired/CVE-2009-3725	2010-03-25 10:52:04 UTC (rev 1790)
@@ -0,0 +1,18 @@
+Candidate: CVE-2009-3725
+Description:
+ certain priviledged routines can be executed by an unpriviledged user, potentially 
+ leading to arbitrary code execution as the priviledged user
+References:
+ http://www.openwall.com/lists/oss-security/2009/11/02/1
+ http://xorl.wordpress.com/2009/10/31/linux-kernel-multiple-capabilities-missing-checks/
+Notes:
+ - multiple issues that were introduced and fixed in various versions of the kernel
+ - two issues are already fixed in 2.6.31-1, and two issues remain to be fixed (currently
+   in upstream's staging branch)
+Bugs:
+upstream: released (2.6.32-rc3) [cc44578b5a508889beb8ae3ccd4d2bbdf17bc86c, 98a5783af02f4c9b87b676d7bbda6258045cfc76, 5788c56891cfb310e419c4f9ae20427851797431, 24836479a126e02be691e073c2b6cad7e7ab836a], released (2.6.31.5) [127f1bdba584bc2aa2f910273b6b5701d5bad3ed, 85a79fc56eaee6587d19971b5348261773c1c507, 060425ef1d42f59b9b3faed31406e9e59c7464a0, e1a7338bc0da30633357c84be4df222a1bdbfd99]
+linux-2.6: released (2.6.32-1)
+2.6.18-etch-security: N/A
+2.6.24-etch-security: ignored (EOL)
+2.6.26-lenny-security: released (2.6.26-21lenny4) [bugfix/all/connector-keep-the-skb-in-cn_callback_data.patch, bugfix/all/connector-provide-the-sender-s-credentials-to-the-callback.patch, bugfix/all/connector-removed-the-destruct_data-callback-since-it-is-always-kfree_skb.patch, bugfix/all/uvesafb-connector-disallow-unpliviged-users-to-send-netlink-packets.patch]
+2.6.32-squeeze-security: released (2.6.32-1)


Property changes on: retired/CVE-2009-3725
___________________________________________________________________
Added: svn:mergeinfo
   +

More information about the kernel-sec-discuss mailing list