Re: DSA-2015-1 vs. tracker

To: Debian-security-tracker <debian-security-tracker@lists.debian.org>
Subject: Re: DSA-2015-1 vs. tracker
From: Michael Gilbert <michael.s.gilbert@gmail.com>
Date: Wed, 17 Mar 2010 22:03:09 -0400
Message-id: <20100317220309.c6b65642.michael.s.gilbert@gmail.com>
In-reply-to: <20100317214519.bc3ba57d.michael.s.gilbert@gmail.com>
References: <20100317235528.85c0c5d4.frx@firenze.linux.it> <20100317214519.bc3ba57d.michael.s.gilbert@gmail.com>

On Wed, 17 Mar 2010 21:45:19 -0400 Michael Gilbert wrote:

> On Wed, 17 Mar 2010 23:55:28 +0100 Francesco Poli wrote:
> 
> > Hi everybody,
> > DSA-2015-1 [1] mentions CVE-2009-3725 as a CVE about a similar issue.
> > This reference caused the DSA tracker page [2] to be linked with the
> > CVE-2009-3725 tracker page [3].
> > 
> > I am not sure this is correct, from a tracker's point of view.
> > Maybe a TEMP issue should be created for the still CVE-less drbd8
> > vulnerability and the DSA-2015-1 tracker page should be unlinked from
> > CVE-2009-3725 ...
> 
> hi,
> 
> since this is just one of the many CAP_SYS_ADMIN checks added in
> various parts of the kernel to address CVE-2009-3725, it is appropriate
> to track it under that CVE.  the fact that the code happens to reside
> in a different package in lenny is irrelevant.

on second thought since affected kernel versions differ significantly,
and since a separate CVE was requested, it should be tracked
separately.

mike

Reply to:

Follow-Ups:
- Re: DSA-2015-1 vs. tracker
  - From: Francesco Poli <frx@firenze.linux.it>

References:
- DSA-2015-1 vs. tracker
  - From: Francesco Poli <frx@firenze.linux.it>
- Re: DSA-2015-1 vs. tracker
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>

Prev by Date: Re: DSA-2015-1 vs. tracker
Next by Date: dtsa-candidates returns an HTTP 502
Previous by thread: Re: DSA-2015-1 vs. tracker
Next by thread: Re: DSA-2015-1 vs. tracker
Index(es):
- Date
- Thread