On Wed, 17 Mar 2010 21:45:19 -0400 Michael Gilbert wrote: > On Wed, 17 Mar 2010 23:55:28 +0100 Francesco Poli wrote: > > > Hi everybody, > > DSA-2015-1 [1] mentions CVE-2009-3725 as a CVE about a similar issue. > > This reference caused the DSA tracker page [2] to be linked with the > > CVE-2009-3725 tracker page [3]. > > > > I am not sure this is correct, from a tracker's point of view. > > Maybe a TEMP issue should be created for the still CVE-less drbd8 > > vulnerability and the DSA-2015-1 tracker page should be unlinked from > > CVE-2009-3725 ... > > hi, > > since this is just one of the many CAP_SYS_ADMIN checks added in > various parts of the kernel to address CVE-2009-3725, it is appropriate > to track it under that CVE. the fact that the code happens to reside > in a different package in lenny is irrelevant.
on second thought since affected kernel versions differ significantly, and since a separate CVE was requested, it should be tracked separately. mike -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
