Author: carnil Date: 2015-06-28 13:25:17 +0000 (Sun, 28 Jun 2015) New Revision: 35196
Modified: data/CVE/list Log: Update CVE-2015-3243/rsyslog, mark as unimportant NOTE for reviewers: Please double check if you agree on the assesment. rsyslog in Debian set's in the package provided rsyslog.conf $FileCreateMode to 0640. Post of Kurt Seifried on oss-security https://marc.info/?l=oss-security&m=143465023811345&w=2 mentions more details on the issue on Red Hat's side. Modified: data/CVE/list =================================================================== --- data/CVE/list 2015-06-28 12:09:06 UTC (rev 35195) +++ data/CVE/list 2015-06-28 13:25:17 UTC (rev 35196) @@ -4574,8 +4574,9 @@ RESERVED CVE-2015-3243 [some log files are created world-readable] RESERVED - - rsyslog <undetermined> - TODO: check + - rsyslog <unfixed> (unimportant) + NOTE: The default for syslog is $FileCreateMode 0644 but the rsyslog.conf + NOTE: provided by the Debian package sets $FileCreateMode 0640 CVE-2015-3242 RESERVED NOTE: To be rejected _______________________________________________ Secure-testing-commits mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
