Bug#444571: marked as done (CVE-2007-4571 sensitive information disclosure)

To: Nico Golde <nion@debian.org>
Subject: Bug#444571: marked as done (CVE-2007-4571 sensitive information disclosure)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Thu, 25 Oct 2007 11:21:04 +0000
Message-id: <[🔎] handler.444571.D444571.119331120931331.ackdone@bugs.debian.org>
References: <20071025111857.GA30571@ngolde.de> <20070929130253.GA23280@ngolde.de>

Your message dated Thu, 25 Oct 2007 13:18:57 +0200
with message-id <20071025111857.GA30571@ngolde.de>
and subject line closing
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---

To: submit@bugs.debian.org
Subject: CVE-2007-4571 sensitive information disclosure
From: Nico Golde <nion@debian.org>
Date: Sat, 29 Sep 2007 15:02:53 +0200
Message-id: <20070929130253.GA23280@ngolde.de>

Package: linux-2.6
Severity: important
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for linux-2.6.

CVE-2007-4571[0]:
| The snd_mem_proc_read function in sound/core/memalloc.c in the
| Advanced Linux Sound Architecture (ALSA) in the Linux kernel before
| 2.6.22.8 does not return the correct write size, which allows local
| users to obtain sensitive information (kernel memory contents) via a
| small count argument, as demonstrated by multiple reads of
| /proc/driver/snd-page-alloc.

If you fix this vulnerability please also include the CVE id
in your changelog entry.

You can find a fix on: 
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ccec6e2c4a74adf76ed4e2478091a311b1806212

For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4571

Kind regards
Nico

-- 
Nico Golde - http://ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgpUBfypaaTYz.pgp
Description: PGP signature

--- End Message ---

--- Begin Message ---

To: 444571-done@bugs.debian.org

Subject: closing

From: Nico Golde <nion@debian.org>

Date: Thu, 25 Oct 2007 13:18:57 +0200

Message-id: <20071025111857.GA30571@ngolde.de>
Hi,
referring to the 2.6.22-5 changelog this is fixed so I am 
closing this bug.
Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
Attachment: pgpc9gB2xOFA1.pgp
Description: PGP signature

--- End Message ---

Reply to:

Prev by Date: linux-modules-contrib-2.6_2.6.22-3_i386.changes is NEW
Next by Date: Re: Meeting for etch and a half
Previous by thread: linux-modules-contrib-2.6_2.6.22-3_i386.changes is NEW
Next by thread: Bug#319878: Atenção - Sua senha de E-mail foi alterada!
Index(es):
- Date
- Thread