On Wed, 17 Mar 2010 23:55:28 +0100 Francesco Poli wrote: > Hi everybody, > DSA-2015-1 [1] mentions CVE-2009-3725 as a CVE about a similar issue. > This reference caused the DSA tracker page [2] to be linked with the > CVE-2009-3725 tracker page [3]. > > I am not sure this is correct, from a tracker's point of view. > Maybe a TEMP issue should be created for the still CVE-less drbd8 > vulnerability and the DSA-2015-1 tracker page should be unlinked from > CVE-2009-3725 ...
hi, since this is just one of the many CAP_SYS_ADMIN checks added in various parts of the kernel to address CVE-2009-3725, it is appropriate to track it under that CVE. the fact that the code happens to reside in a different package in lenny is irrelevant. mike -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
