Author: joeyh Date: 2009-04-23 21:14:16 +0000 (Thu, 23 Apr 2009) New Revision: 11703 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-04-23 19:48:33 UTC (rev 11702) +++ data/CVE/list 2009-04-23 21:14:16 UTC (rev 11703) @@ -101,12 +101,12 @@ NOT-FOR-US: Windows Media Player CVE-2009-XXXX [linux-2.6: /dev/mem rootkit vulnerability] - linux-2.6 2.6.29-1 (low; bug #524373) - [etch] - linux-2.6 <no-dsa> (the solution, STRICT_DEVMEM=Y, could potentially lead to unanticipated compatibility problems in the stable releases) - [lenny] - linux-2.6 <no-dsa> (the solution, STRICT_DEVMEM=Y, could potentially lead to unanticipated compatiblity problems in the stable releases) + [etch] - linux-2.6 <no-dsa> (the solution, STRICT_DEVMEM=Y, could potentially lead to unanticipated compatibility problems in the stable releases) + [lenny] - linux-2.6 <no-dsa> (the solution, STRICT_DEVMEM=Y, could potentially lead to unanticipated compatiblity problems in the stable releases) NOTE: This is about an additional hardening feature, not a security issue - NOTE: - isn''t hardening an aspect of security? - NOTE: - if you can make it "harder" for an attacker to hide himself, shouldn''t you do so? - NOTE: - this problem has been fixed in unstable, so it should be tracked with a non-unimportant urgency + NOTE: - isn''t hardening an aspect of security? + NOTE: - if you can make it "harder" for an attacker to hide himself, shouldn''t you do so? + NOTE: - this problem has been fixed in unstable, so it should be tracked with a non-unimportant urgency CVE-2009-XXXX [pptp-linux: unrestrictive pptpsetup permissions] - pptp-linux <unfixed> (low; bug #523476) CVE-2009-XXXX [slurm-llnl doesn''t drop supplementary groups]