oss-sec mailing list archives

Re: CVE request: acl 2.2.47 always follows symlinks

From: "Steven M. Christey" <coley () linus mitre org>
Date: Wed, 23 Dec 2009 16:50:56 -0500 (EST)


On Wed, 23 Dec 2009, Hanno B??ck wrote:

setfacl/getfacl (part of package acl-2.2.47) contains a bug that it ignores
the --physical/-P parameter that means don't follow symlinks on -R
(recursive).


Use CVE-2009-4411, to be filled in later.

- Steve

Current thread:

CVE request: acl 2.2.47 always follows symlinks Hanno Böck (Dec 23)
- Re: CVE request: acl 2.2.47 always follows symlinks Steven M. Christey (Dec 23)
- <Possible follow-ups>
- Re: CVE request: acl 2.2.47 always follows symlinks Brandon Philips (Dec 23)