[Secure-testing-team] [Secure-testing-commits] r12170 - data/CVE
Nico Golde
debian-secure-testing+ml at ngolde.de
Fri Jun 19 20:37:02 UTC 2009
Hi,
* Michael S. Gilbert <michael.s.gilbert at gmail.com> [2009-06-19 21:44]:
> On Fri, 19 Jun 2009 19:28:05 +0000, Nico Golde wrote:
> > Author: nion
> > Date: 2009-06-19 19:28:04 +0000 (Fri, 19 Jun 2009)
> > New Revision: 12170
> >
> > Modified:
> > data/CVE/list
> > Log:
> > adjust impact of CVE-2009-2042, rather obscure "exploit" scenario
>
> agreed. worst that can happen is a read of sensitive memory, not code
> injection.
This should be bad enough but in this case you probably only
get memory from the webserver and the leaked data is pretty
small from what I see.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20090619/8631d4bd/attachment.pgp>
More information about the Secure-testing-team
mailing list