Your message dated Thu, 25 Oct 2007 13:18:57 +0200
with message-id <[EMAIL PROTECTED]>
and subject line closing
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: linux-2.6
Severity: important
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for linux-2.6.
CVE-2007-4571[0]:
| The snd_mem_proc_read function in sound/core/memalloc.c in the
| Advanced Linux Sound Architecture (ALSA) in the Linux kernel before
| 2.6.22.8 does not return the correct write size, which allows local
| users to obtain sensitive information (kernel memory contents) via a
| small count argument, as demonstrated by multiple reads of
| /proc/driver/snd-page-alloc.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
You can find a fix on:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ccec6e2c4a74adf76ed4e2478091a311b1806212
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4571
Kind regards
Nico
--
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpGcy3qhb05r.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Hi,
referring to the 2.6.22-5 changelog this is fixed so I am
closing this bug.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgp8OpeSMP97j.pgp
Description: PGP signature
--- End Message ---
