$summary
0.90 is a fixed version.
I added ecryptfs-utils-90 to CVS.
Thanks Tim. just checking it and works. Close as noglsa per ~arch package.
CVE-2011-1837 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1837): The lock-counter implementation in utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 allows local users to overwrite arbitrary files via unspecified vectors. CVE-2011-1836 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1836): utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process. CVE-2011-1835 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1835): The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps. CVE-2011-1834 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1834): utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly maintain the mtab file during error conditions, which allows local users to cause a denial of service (table corruption) or bypass intended unmounting restrictions via a umount system call. CVE-2011-1832 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1832): utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to remove directories via a umount system call. CVE-2011-1831 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1831): utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to effectively replace any directory with a new filesystem, and consequently gain privileges, via a mount system call.
