From aa463350a838692503e8094c7d21409a6e6cfaf3 Mon Sep 17 00:00:00 2001
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Fri, 26 Mar 2010 13:59:11 +0000
Subject: more issue to ignored, it's only a buglet and won't be  fixed
 upstream

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1797 e094ebfe-e918-0410-adfb-c712417f3574
---
 ignored/CVE-2009-file-permission-bypass | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 ignored/CVE-2009-file-permission-bypass

(limited to 'ignored')

diff --git a/ignored/CVE-2009-file-permission-bypass b/ignored/CVE-2009-file-permission-bypass
new file mode 100644
index 00000000..a96a2b01
--- /dev/null
+++ b/ignored/CVE-2009-file-permission-bypass
@@ -0,0 +1,20 @@
+Candidate:
+Description:
+ file permissions can be circumvented via information in /proc
+References:
+ http://securityfocus.com/archive/1/507386/30/30/threaded
+ http://lwn.net/Articles/359219
+Notes:
+ from discussion on bugtraq, it appears that this problem is exposed because of
+ some debian-specific patches (upstream is not affected).  at this point, i am
+ noting the issue because there appears to be something to it, but i have not
+ studied it in detail nor verified any claims.
+ .
+ dannf> I don't see anything debian-specific about it. I can reproduce on 2.6.32
+        and RHEL5.
+Bugs:
+upstream: ignored "no upstream fix"
+linux-2.6: ignored "no upstream fix"
+2.6.18-etch-security: ignored "no upstream fix"
+2.6.24-etch-security: ignored "no upstream fix"
+2.6.26-lenny-security: ignored "no upstream fix"
-- 
cgit v1.2.3