Author: carnil Date: 2015-12-23 18:38:24 +0000 (Wed, 23 Dec 2015) New Revision: 38501
Modified: data/CVE/list Log: Add new linux issue in overlayfs Modified: data/CVE/list =================================================================== --- data/CVE/list 2015-12-23 18:32:09 UTC (rev 38500) +++ data/CVE/list 2015-12-23 18:38:24 UTC (rev 38501) @@ -1,3 +1,11 @@ +CVE-2015-XXXX [overlay: fix permission checking for setattr] + - linux <unfixed> + [jessie] - linux <not-affected> (Vulnerable code not present) + [wheezy] - linux <not-affected> (Vulnerable code not present) + - linux-2.6 <not-affected> (Vulnerable code not present) + NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=acff81ec2c79492b180fade3c2894425cd35a545 (v4.4-rc4) + NOTE: OverlayFS introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9be9d5e76e34872f0c37d72e25bc27fe9e2c54c (v3.18-rc2) + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/12/23/5 CVE-2015-8621 [t-coffee: creates world-writable directories] - t-coffee 11.00.8cbe486-2 (low; bug #751579) [squeeze] - t-coffee <not-affected> (version in Squeeze uses system() and umask is handled correctly by sh (as opposed to later versions that use mkdir())) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits