CVE-2011-1833
Hi,
I am looking at this page:
http://security-tracker.debian.org/tracker/CVE-2011-1833
and kernel 3.2.12-1 in sid and wheezy is marked as vulnerable. However
the fix for this bug is here:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=764355487ea220fdc2faf128d577d7f679b91f97
and one can check in the Debian source package that this fix is present:
$ grep -r check_ruid .
./linux-2.6-3.2.12/fs/ecryptfs/main.c: * @check_ruid: set to 1 if device uid should be checked against the ruid
./linux-2.6-3.2.12/fs/ecryptfs/main.c: uid_t *check_ruid)
./linux-2.6-3.2.12/fs/ecryptfs/main.c: *check_ruid = 0;
./linux-2.6-3.2.12/fs/ecryptfs/main.c: *check_ruid = 1;
./linux-2.6-3.2.12/fs/ecryptfs/main.c: uid_t check_ruid;
./linux-2.6-3.2.12/fs/ecryptfs/main.c: rc = ecryptfs_parse_options(sbi, raw_data, &check_ruid);
./linux-2.6-3.2.12/fs/ecryptfs/main.c: if (check_ruid && path.dentry->d_inode->i_uid != current_uid()) {
So could somebody mark this bug as fixed in sid+wheezy?
--
Laurent Bonnaud <Laurent.Bonnaud@inpg.fr>
Reply to: