Hi, I am looking at this page:
http://security-tracker.debian.org/tracker/CVE-2011-1833 and kernel 3.2.12-1 in sid and wheezy is marked as vulnerable. However the fix for this bug is here: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=764355487ea220fdc2faf128d577d7f679b91f97 and one can check in the Debian source package that this fix is present: $ grep -r check_ruid . ./linux-2.6-3.2.12/fs/ecryptfs/main.c: * @check_ruid: set to 1 if device uid should be checked against the ruid ./linux-2.6-3.2.12/fs/ecryptfs/main.c: uid_t *check_ruid) ./linux-2.6-3.2.12/fs/ecryptfs/main.c: *check_ruid = 0; ./linux-2.6-3.2.12/fs/ecryptfs/main.c: *check_ruid = 1; ./linux-2.6-3.2.12/fs/ecryptfs/main.c: uid_t check_ruid; ./linux-2.6-3.2.12/fs/ecryptfs/main.c: rc = ecryptfs_parse_options(sbi, raw_data, &check_ruid); ./linux-2.6-3.2.12/fs/ecryptfs/main.c: if (check_ruid && path.dentry->d_inode->i_uid != current_uid()) { So could somebody mark this bug as fixed in sid+wheezy? -- Laurent Bonnaud <[email protected]> -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/1332515008.24467.85.camel@vougeot
