Re: Incorrect classification of CVE-2009-4411?

To: debian-security-tracker@lists.debian.org
Subject: Re: Incorrect classification of CVE-2009-4411?
From: Michael Gilbert <michael.s.gilbert@gmail.com>
Date: Sat, 13 Nov 2010 21:44:06 -0500
Message-id: <[🔎] 20101113214406.d70be6fe.michael.s.gilbert@gmail.com>
In-reply-to: <[🔎] 2fl4obltxtx.fsf@login1.uio.no>
References: <[🔎] 2fl4obltxtx.fsf@login1.uio.no>

On Sat, 13 Nov 2010 09:46:50 +0100 Petter Reinholdtsen wrote:

> 
> According to debsecan on one of my Lenny boxes, CVE-2009-4411 can be
> fixed by upgrading:
> 
>   *** Available security updates
> 
>   CVE-2009-4411 The (1) setfacl and (2) getfacl commands in XFS acl...
>     <http://security-tracker.debian.net/tracker/CVE-2009-4411>
>     - libacl1 (low urgency)
> 
> But when I try to upgrade the Lenny machine, there is no update
> available.  Is the hole incorrectly classified?

On my lenny box, debsecan lists that issue as an open/unfixed
vulnerability.  Are you using a different suite in debsecan?  If I use
the "--suite sid" option, then it does indicate that there is an
available security update.

Mike

Reply to:

References:
- Incorrect classification of CVE-2009-4411?
  - From: Petter Reinholdtsen <pere@hungry.com>

Prev by Date: Re: Debian BTS report for CVE-2010-2941 (cups)
Next by Date: vlc Windows-only security bug
Previous by thread: Incorrect classification of CVE-2009-4411?
Next by thread: Debian BTS report for CVE-2010-2941 (cups)
Index(es):
- Date
- Thread