From $URL : This was originally reported by Jann Horn (jannhorn@googlemail.com): mount discloses information about folders not accessible for a user: $ ls -ld /root/.ssh ls: cannot access /root/.ssh: Permission denied $ ls -ld /root/.foo ls: cannot access /root/.foo: Permission denied First variant: $ mount --guess-fstype /root/.ssh/../../dev/sda1 ext4 $ mount --guess-fstype /root/.foo/../../dev/sda1 unknown Second one: $ mount /root/.ssh/../../dev/cdrom mount: no medium found on /dev/sr0 $ mount /root/.foo/../../dev/cdrom mount: can't find /root/.foo/../../dev/cdrom in /etc/fstab or /etc/mtab These issues were, as far as I can see, fixed in the following upstream commits: - 0377ef91270d06592a0d4dd009c29e7b1ff9c9b8 - 33c5fd0c5a774458470c86f9d318d8c48a9c9ccb - 5ebbc3865d1e53ef42e5f121c41faab23dd59075 - cc8cc8f32c863f3ae6a8a88e97b47bcd6a21825f External references: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697464
Added to existing GLSA request.
This issue was resolved and addressed in GLSA 201405-15 at http://security.gentoo.org/glsa/glsa-201405-15.xml by GLSA coordinator Sean Amoss (ackle).
