[Secure-testing-commits] r1355 - in data: CAN DSA
Joey Hess
joeyh@costa.debian.org
Sat, 09 Jul 2005 13:13:37 +0000
Author: joeyh
Date: 2005-07-09 13:13:35 +0000 (Sat, 09 Jul 2005)
New Revision: 1355
Modified:
data/CAN/list
data/DSA/list
Log:
- base-config issue fixed in svn
- gzip bug affects aide
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-07-08 17:03:31 UTC (rev 1354)
+++ data/CAN/list 2005-07-09 13:13:35 UTC (rev 1355)
@@ -1,3 +1,5 @@
+CAN-2005-XXXX [base-config log should not be world readable]
+ - base-config 2.68 (low)
CAN-2005-2169 (Directory traversal vulnerability in source.php in Quick & Dirty ...)
TODO: check
CAN-2005-2168 (delete.php in Plague News System 0.6 and earlier allows remote ...)
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2005-07-08 17:03:31 UTC (rev 1354)
+++ data/DSA/list 2005-07-09 13:13:35 UTC (rev 1355)
@@ -17,6 +17,9 @@
[06 Jul 2005] DSA-740-1 zlib - buffer overflow
{CAN-2005-2096}
- zlib 1.2.2-7 (medium)
+ NOTE: anything statically linking zlib needs rebuild
+ TODO: check rest/coord with Kurt Roeckx
+ - aide (unfixed; bug #317523; medium)
NOTE: not fixed in testing at time of DSA (embargoed disclosure)
[06 Jul 2005] DSA-739-1 trac - missing input sanitising
{CAN-2005-2007}