Author: white Date: 2010-01-21 12:06:30 +0000 (Thu, 21 Jan 2010) New Revision: 13872 Modified: data/CVE/list Log: no-dsa for acl issue, can be fixed via s-p-u Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-01-21 02:30:38 UTC (rev 13871) +++ data/CVE/list 2010-01-21 12:06:30 UTC (rev 13872) @@ -1063,6 +1063,7 @@ CVE-2009-4411 (The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when ...) - acl <unfixed> (low; bug #499076) [etch] - acl <not-affected> (Vulnerable code not present) + [lenny] - acl <no-dsa> (Minor issue, symlink attack not always as root) NOTE: bug was closed but the fix seems incomplete NOTE: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499076#51 CVE-2009-4409 (The (1) CHAP and (2) MS-CHAP-V2 authentication capabilities in the PPP ...)