[Secure-testing-commits] r1532 - data/CAN
Joey Hess
joeyh at costa.debian.org
Sun Aug 7 03:53:41 UTC 2005
Author: joeyh
Date: 2005-08-07 03:53:37 +0000 (Sun, 07 Aug 2005)
New Revision: 1532
Modified:
data/CAN/list
Log:
various security holes discovered by jfs
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-08-05 23:22:58 UTC (rev 1531)
+++ data/CAN/list 2005-08-07 03:53:37 UTC (rev 1532)
@@ -1,3 +1,32 @@
+CAN-2005-XXXX [wine: Unsafe use of temporary files in winelauncher]
+ - wine (unfixed; bug #321470; low)
+CAN-2005-XXXX [inkscape: Unsafe temporary file handling in ps2epsi extension]
+ - inkscape (unfixed; bug #321501; low)
+CAN-2005-XXXX [DoS to users to prevent usage of showpartial through _hard_ links]
+ - metamail (unfixed; bug #321473; low)
+CAN-2005-XXXX [Insecure usage of temporary files in x11perfcomp and other security issues]
+ - xbase-clients (unfixed; bug #321447; low)
+CAN-2005-XXXX [kdebase: startkde does not check lnusertemp's result?]
+ - kdebase (unfixed; bug #292078; medium)
+CAN-2005-XXXX [gs-esp: Insecure usage of /tmp in source code]
+ - gs-eps (unfixed; bug #291452; low)
+CAN-2005-XXXX [Format string bug in sysklogd's syslog_tst sources]
+ NOTE: binary not shipped
+ - sysklogd (unfixed; bug #281448; low)
+CAN-2005-XXXX [fftw3-dev: Insecure tempfile usage in fftw-wisdom-to-conf script]
+ - fftw3-dev (unfixed; bug #321566; low)
+CAN-2005-XXXX [clamav-getfile: Insecure use of temporary files]
+ - clamav-getfiles (unfixed; bug #321446; medium)
+CAN-2005-XXXX [cgiwrap: Minimum UID does not include all system users]
+ - cgiwrap (unfixed; bug #316881; low)
+CAN-2005-XXXX [cgiwrap: CGIs can be used to disclose system information]
+ - cgiwrap (unfixed; bug #316901; low)
+CAN-2005-XXXX [libnet-ssleay-perl: /tmp/entropy insecure]
+ - libnet-ssleay-perl (unfixed; bug #296112; low)
+CAN-2005-XXXX [nvi: init.d recover file security bugs]
+ - nvi 1.79-22 (medium)
+CAN-2005-XXXX [bugzilla: Maintainer's postinst script use temporary files in an unsafe way]
+ - bugzilla (unfixed; bug #321567; medium)
CAN-2005-XXXX [Unspecified XSS in hiki]
- hiki 0.8.3-1
CAN-2005-XXXX [Crypto weakness in Tor's handshaking process]
More information about the Secure-testing-commits
mailing list