Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1227013019.4166.41.camel@dhcp-lab-164.englab.brq.redhat.com>
Date: Tue, 18 Nov 2008 13:56:59 +0100
From: Jan Lieskovsky <jlieskov@...hat.com>
To: coley@...re.org
Cc: oss-security@...ts.openwall.com, Jamie Strandboge <jamie@...onical.com>
Subject: CVE Request - ecryptfs-utils

Hello Steve,

  noticed, the following issue still lacks a separate CVE identifier:

References:
http://secunia.com/Advisories/32382/
http://www.openwall.com/lists/oss-security/2008/10/23/3
http://www.openwall.com/lists/oss-security/2008/10/29/4
http://www.openwall.com/lists/oss-security/2008/10/29/7

Upstream commits:

http://git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git;a=commit;h=06de99afd53f03fe07eda0ad9d61ac6d5d4d9f53
http://git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git;a=commit;h=0af27a5d514dc4bbc077f07cf33a5d5b362a9193

Affected ecryptfs-utils versions:
  Jamie mentions ecryptfs-utils > 45 for ecryptfs-setup-private script,
  but the upstream commit applies also for ecryptfs_{add, wrap}_passphrase.c
  utilities present in previous versions (checked presence in ecryptfs-utils-41-1).

Could you please allocate a new CVE id for this one?

Thanks, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team



Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.