[Secure-testing-commits] r2973 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Wed Dec 7 15:47:15 UTC 2005


Author: jmm-guest
Date: 2005-12-07 15:47:07 +0000 (Wed, 07 Dec 2005)
New Revision: 2973

Modified:
   data/CVE/list
Log:
correct libnet-server-perl/format string fix


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-12-07 15:00:30 UTC (rev 2972)
+++ data/CVE/list	2005-12-07 15:47:07 UTC (rev 2973)
@@ -10429,7 +10429,10 @@
 CVE-2005-1128 (Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier allow ...)
 	NOT-FOR-US: VHCS
 CVE-2005-1127 (Format string vulnerability in the log function in Net::Server 0.87 ...)
-	- libnet-server-perl 0.89-1
+	- libnet-server-perl 0.87-1
+	NOTE: This was already fixed in 0.87-1, although the changelog doesn't mention
+	NOTE: the security implication, which was noticed later. I've verified both fixes
+	NOTE: are identical
 CVE-2005-1126 (The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 ...)
 	NOT-FOR-US: Free BSD
 CVE-2005-1125 (Race condition in libsafe 2.0.16 and earlier, when running in ...)




More information about the Secure-testing-commits mailing list