[Git][security-tracker-team/security-tracker][master] Mark CVE-2009-1143/open-vm-tools as ignored for buster

Wed, 16 Aug 2023 10:08:55 -0700 


Utkarsh Gupta pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c5d8f3ab by Utkarsh Gupta at 2023-08-16T22:38:25+05:30
Mark CVE-2009-1143/open-vm-tools as ignored for buster

It's a very minor issue and mount.vmhgfs is not suid in Debian.
Also, dropping that from buster entirely might break some users
and we don't want that. So let's leave it as-is.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -594931,7 +594931,7 @@ CVE-2009-1144 (Untrusted search path vulnerability in 
the Gentoo package of Xpdf
 CVE-2009-1143 (An issue was discovered in open-vm-tools 2009.03.18-154848. 
Local user ...)
        - open-vm-tools 2:12.0.0-1
        [bullseye] - open-vm-tools <ignored> (Minor issue; mount.vmhgfs not 
suid root in Debian)
-       [buster] - open-vm-tools <postponed> (Minor issue; mount.vmhgfs not 
suid root in Debian)
+       [buster] - open-vm-tools <ignored> (Minor issue; mount.vmhgfs not suid 
root in Debian)
        NOTE: https://bugzilla.suse.com/show_bug.cgi?id=372070
        NOTE: Removing hgfsmounter/mount.vmhgfs: 
https://github.com/vmware/open-vm-tools/commit/61331a189a0eeb76f014db28288b06c0323bc0b9
 (stable-12.0.0)
 CVE-2009-1142 (An issue was discovered in open-vm-tools 2009.03.18-154848. 
Local user ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5d8f3abd729786d3c84e44f5edc8c036033265d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5d8f3abd729786d3c84e44f5edc8c036033265d
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to