[Secure-testing-commits] r1532 - data/CAN

Joey Hess joeyh at costa.debian.org
Sun Aug 7 03:53:41 UTC 2005 

Author: joeyh
Date: 2005-08-07 03:53:37 +0000 (Sun, 07 Aug 2005)
New Revision: 1532

Modified:
   data/CAN/list
Log:
various security holes discovered by jfs


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-08-05 23:22:58 UTC (rev 1531)
+++ data/CAN/list	2005-08-07 03:53:37 UTC (rev 1532)
@@ -1,3 +1,32 @@
+CAN-2005-XXXX [wine: Unsafe use of temporary files in winelauncher]
+	- wine (unfixed; bug #321470; low)
+CAN-2005-XXXX [inkscape: Unsafe temporary file handling in ps2epsi extension]
+	- inkscape (unfixed; bug #321501; low)
+CAN-2005-XXXX [DoS to users to prevent usage of showpartial through _hard_ links]
+	- metamail (unfixed; bug #321473; low)
+CAN-2005-XXXX [Insecure usage of temporary files in x11perfcomp and other security issues]
+	- xbase-clients (unfixed; bug #321447; low)
+CAN-2005-XXXX [kdebase: startkde does not check lnusertemp's result?]
+	- kdebase (unfixed; bug #292078; medium)
+CAN-2005-XXXX [gs-esp: Insecure usage of /tmp in source code]
+	- gs-eps (unfixed; bug #291452; low)
+CAN-2005-XXXX [Format string bug in sysklogd's syslog_tst sources]
+	NOTE: binary not shipped
+	- sysklogd (unfixed; bug #281448; low)
+CAN-2005-XXXX [fftw3-dev: Insecure tempfile usage in fftw-wisdom-to-conf script]
+	- fftw3-dev (unfixed; bug #321566; low)
+CAN-2005-XXXX [clamav-getfile: Insecure use of temporary files]
+	- clamav-getfiles (unfixed; bug #321446; medium)
+CAN-2005-XXXX [cgiwrap: Minimum UID does not include all system users]
+	- cgiwrap (unfixed; bug #316881; low)
+CAN-2005-XXXX [cgiwrap: CGIs can be used to disclose system information]
+	- cgiwrap (unfixed; bug #316901; low)
+CAN-2005-XXXX [libnet-ssleay-perl: /tmp/entropy insecure]
+	- libnet-ssleay-perl (unfixed; bug #296112; low)
+CAN-2005-XXXX [nvi: init.d recover file security bugs]
+	- nvi 1.79-22 (medium)
+CAN-2005-XXXX [bugzilla: Maintainer's postinst script use temporary files in an unsafe way]
+	- bugzilla (unfixed; bug #321567; medium)
 CAN-2005-XXXX [Unspecified XSS in hiki]
 	- hiki 0.8.3-1
 CAN-2005-XXXX [Crypto weakness in Tor's handshaking process]

More information about the Secure-testing-commits mailing list