Author: gilbert-guest Date: 2009-04-23 15:44:30 +0000 (Thu, 23 Apr 2009) New Revision: 11698 Modified: data/CVE/list Log: info on /dev/mem issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-04-23 09:14:13 UTC (rev 11697) +++ data/CVE/list 2009-04-23 15:44:30 UTC (rev 11698) @@ -100,8 +100,13 @@ CVE-2009-1331 (Integer overflow in Microsoft Windows Media Player (WMP) ...) NOT-FOR-US: Windows Media Player CVE-2009-XXXX [linux-2.6: /dev/mem rootkit vulnerability] - - linux-2.6 2.6.29-1 (unimportant; bug #524373) + - linux-2.6 2.6.29-1 (low; bug #524373) + [etch] - linux-2.6 <no-dsa> (the solution, STRICT_DEVMEM=Y, could potentially lead to unanticipated compatibility problems in the stable releases) + [lenny] - linux-2.6 <no-dsa> (the solution, STRICT_DEVMEM=Y, could potentially lead to unanticipated compatiblity problems in the stable releases) NOTE: This is about an additional hardening feature, not a security issue + NOTE: - isn''t hardening an aspect of security? + NOTE: - if you can make it "harder" for an attacker to hide himself, shouldn''t you do so? + NOTE: - this problem has been fixed in unstable, so it should be tracked with a non-unimportant urgency CVE-2009-XXXX [pptp-linux: unrestrictive pptpsetup permissions] - pptp-linux <unfixed> (low; bug #523476) CVE-2009-XXXX [slurm-llnl doesn''t drop supplementary groups]