Re: DSA-2015-1 vs. tracker

To: Debian-security-tracker <debian-security-tracker@lists.debian.org>
Subject: Re: DSA-2015-1 vs. tracker
From: Michael Gilbert <michael.s.gilbert@gmail.com>
Date: Wed, 17 Mar 2010 21:45:19 -0400
Message-id: <20100317214519.bc3ba57d.michael.s.gilbert@gmail.com>
In-reply-to: <20100317235528.85c0c5d4.frx@firenze.linux.it>
References: <20100317235528.85c0c5d4.frx@firenze.linux.it>

On Wed, 17 Mar 2010 23:55:28 +0100 Francesco Poli wrote:

> Hi everybody,
> DSA-2015-1 [1] mentions CVE-2009-3725 as a CVE about a similar issue.
> This reference caused the DSA tracker page [2] to be linked with the
> CVE-2009-3725 tracker page [3].
> 
> I am not sure this is correct, from a tracker's point of view.
> Maybe a TEMP issue should be created for the still CVE-less drbd8
> vulnerability and the DSA-2015-1 tracker page should be unlinked from
> CVE-2009-3725 ...

hi,

since this is just one of the many CAP_SYS_ADMIN checks added in
various parts of the kernel to address CVE-2009-3725, it is appropriate
to track it under that CVE.  the fact that the code happens to reside
in a different package in lenny is irrelevant.

mike

Reply to:

Follow-Ups:
- Re: DSA-2015-1 vs. tracker
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>

References:
- DSA-2015-1 vs. tracker
  - From: Francesco Poli <frx@firenze.linux.it>

Prev by Date: DSA-2015-1 vs. tracker
Next by Date: Re: DSA-2015-1 vs. tracker
Previous by thread: DSA-2015-1 vs. tracker
Next by thread: Re: DSA-2015-1 vs. tracker
Index(es):
- Date
- Thread