Re: CVE-2009-3725
On Tue, 10 Nov 2009 09:49:00 +0100, Laurent Bonnaud wrote:
> On Sun, 2009-11-08 at 11:08 +0100, Moritz Muehlenhoff wrote:
>
> > Thanks, fixed in SVN.
>
> Thanks ! However version 2.6.31-1 in sid is still marked as vulnerable.
> The comment at the end of the page says:
>
> two issues fixed in 2.6.31-1 and two issues still yet to be resolved
>
> However, when I look at:
>
> http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.5
>
> it seems that the 4 issues are fixed:
>
> uvesafb/connector: Disallow unpliviged users to send netlink packets
> pohmelfs/connector: Disallow unpliviged users to configure pohmelfs
> dst/connector: Disallow unpliviged users to configure dst
> dm/connector: Only process connector packages from privileged processes
you are correct (those commit messages have the wrong upstream commit
numbers, which is why i didn't see them). i've updated the tracker.
thanks for spotting this.
mike
Reply to: