[kernel-sec-discuss] r1797 - active ignored

Moritz Muehlenhoff jmm at alioth.debian.org
Fri Mar 26 13:59:12 UTC 2010 

Author: jmm
Date: 2010-03-26 13:59:11 +0000 (Fri, 26 Mar 2010)
New Revision: 1797

Added:
   ignored/CVE-2009-file-permission-bypass
Removed:
   active/CVE-2009-file-permission-bypass
Log:
more issue to ignored, it's only a buglet and won't be
 fixed upstream


Deleted: active/CVE-2009-file-permission-bypass
===================================================================
--- active/CVE-2009-file-permission-bypass	2010-03-26 13:46:25 UTC (rev 1796)
+++ active/CVE-2009-file-permission-bypass	2010-03-26 13:59:11 UTC (rev 1797)
@@ -1,20 +0,0 @@
-Candidate:
-Description:
- file permissions can be circumvented via information in /proc
-References:
- http://securityfocus.com/archive/1/507386/30/30/threaded
- http://lwn.net/Articles/359219
-Notes:
- from discussion on bugtraq, it appears that this problem is exposed because of
- some debian-specific patches (upstream is not affected).  at this point, i am
- noting the issue because there appears to be something to it, but i have not
- studied it in detail nor verified any claims.
- .
- dannf> I don't see anything debian-specific about it. I can reproduce on 2.6.32
-        and RHEL5.
-Bugs:
-upstream: ignored "no upstream fix"
-linux-2.6: ignored "no upstream fix"
-2.6.18-etch-security: ignored "no upstream fix"
-2.6.24-etch-security: ignored "no upstream fix"
-2.6.26-lenny-security: ignored "no upstream fix"

Copied: ignored/CVE-2009-file-permission-bypass (from rev 1786, active/CVE-2009-file-permission-bypass)
===================================================================
--- ignored/CVE-2009-file-permission-bypass	                        (rev 0)
+++ ignored/CVE-2009-file-permission-bypass	2010-03-26 13:59:11 UTC (rev 1797)
@@ -0,0 +1,20 @@
+Candidate:
+Description:
+ file permissions can be circumvented via information in /proc
+References:
+ http://securityfocus.com/archive/1/507386/30/30/threaded
+ http://lwn.net/Articles/359219
+Notes:
+ from discussion on bugtraq, it appears that this problem is exposed because of
+ some debian-specific patches (upstream is not affected).  at this point, i am
+ noting the issue because there appears to be something to it, but i have not
+ studied it in detail nor verified any claims.
+ .
+ dannf> I don't see anything debian-specific about it. I can reproduce on 2.6.32
+        and RHEL5.
+Bugs:
+upstream: ignored "no upstream fix"
+linux-2.6: ignored "no upstream fix"
+2.6.18-etch-security: ignored "no upstream fix"
+2.6.24-etch-security: ignored "no upstream fix"
+2.6.26-lenny-security: ignored "no upstream fix"


Property changes on: ignored/CVE-2009-file-permission-bypass
___________________________________________________________________
Added: svn:mergeinfo
   +

More information about the kernel-sec-discuss mailing list