Re: CVE-2009-3725

To: debian-security-tracker@lists.debian.org
Subject: Re: CVE-2009-3725
From: Michael Gilbert <michael.s.gilbert@gmail.com>
Date: Tue, 10 Nov 2009 11:36:00 -0500
Message-id: <[🔎] 20091110113600.35f7b288.michael.s.gilbert@gmail.com>
In-reply-to: <[🔎] 1257842940.29589.114.camel@localhost>
References: <[🔎] 1257673575.21003.16.camel@localhost> <[🔎] 20091108100802.GA4552@galadriel.inutil.org> <[🔎] 1257842940.29589.114.camel@localhost>

On Tue, 10 Nov 2009 09:49:00 +0100, Laurent Bonnaud wrote:
> On Sun, 2009-11-08 at 11:08 +0100, Moritz Muehlenhoff wrote:
> 
> > Thanks, fixed in SVN.
> 
> Thanks !  However version 2.6.31-1 in sid is still marked as vulnerable.
> The comment at the end of the page says:
> 
>   two issues fixed in 2.6.31-1 and two issues still yet to be resolved
> 
> However, when I look at:
> 
>   http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.5 
> 
> it seems that the 4 issues are fixed:
> 
>   uvesafb/connector: Disallow unpliviged users to send netlink packets
>   pohmelfs/connector: Disallow unpliviged users to configure pohmelfs
>   dst/connector: Disallow unpliviged users to configure dst
>   dm/connector: Only process connector packages from privileged processes

you are correct (those commit messages have the wrong upstream commit
numbers, which is why i didn't see them). i've updated the tracker.
thanks for spotting this.

mike

Reply to:

References:
- CVE-2009-3725
  - From: Laurent Bonnaud <Laurent.Bonnaud@inpg.fr>
- Re: CVE-2009-3725
  - From: Moritz Muehlenhoff <jmm@inutil.org>
- Re: CVE-2009-3725
  - From: Laurent Bonnaud <Laurent.Bonnaud@inpg.fr>

Prev by Date: Re: CVE-2009-3725
Next by Date: TEMP-0546829-001264 update
Previous by thread: Re: CVE-2009-3725
Next by thread: MBF: embedded copies of Python modules
Index(es):
- Date
- Thread