CVE-2010-0318 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0318): The replay functionality for ZFS Intent Log (ZIL) in FreeBSD 7.1, 7.2, and 8.0, when creating files during replay of a setattr transaction, uses 7777 permissions instead of the original permissions, which might allow local users to read or modify unauthorized files in opportunistic circumstances after a system crash or power failure.
FYI: Upstream patch had already been applied to portage tree.
Thank you, Naohiro. Do you know which version in portage was the first fixed?
From ChangeLog: > *freebsd-sources-8.0 (19 Mar 2010) > > 19 Mar 2010; Alexis Ballier <aballier@gentoo.org> > +freebsd-sources-8.0.ebuild, +files/freebsd-sources-8.0-gentoo.patch, > +files/freebsd-sources-8.0-sparc64.patch, > +files/freebsd-sources-8.0-subnet-route-pr40133.patch, > +files/freebsd-sources-8.0-werror.patch, > +files/freebsd-sources-8.0-zfs.patch: > bump to 8.0 from the bsd overlay > *freebsd-sources-7.2-r3 (09 Jan 2010) > > 09 Jan 2010; Alexis Ballier <aballier@gentoo.org> > +freebsd-sources-7.2-r3.ebuild, +files/freebsd-sources-7.2-zfs712.patch: > add patch for FreeBSD-SA-10:03.zfs freebsd-sources-7.2-r3 and freebsd-sources-8.0 include the fix.
Great, thank you. Closing noglsa.
