Package: linux-2.6 Severity: normal Tags: security Hi, a CVE has been issued against JFFS2 which is included in the linux kernel. CVE-2007-4849[0]: JFFS2, as used on One Laptop Per Child (OLPC) build 542 and possibly other Linux systems, when POSIX ACL support is enabled, does not properly store permissions during (1) inode creation or (2) ACL setting, which might allow local users to access restricted files or directories after a remount of a filesystem, related to "legacy modes" and an inconsistency between dentry permissions and inode permissions. If you fix this issue please include the CVE id in the changelog. [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4849 Kind regards Nico -- Nico Golde - http://ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
pgppknSBgc13P.pgp
Description: PGP signature