[Secure-testing-commits] r1012 - sarge-checks/CAN
Moritz Muehlenhoff
jmm-guest@costa.debian.org
Fri, 06 May 2005 14:44:16 +0000
Author: jmm-guest
Date: 2005-05-06 14:44:13 +0000 (Fri, 06 May 2005)
New Revision: 1012
Modified:
sarge-checks/CAN/list
Log:
More unfixed security issues from the BTS.
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-05-06 14:29:40 UTC (rev 1011)
+++ sarge-checks/CAN/list 2005-05-06 14:44:13 UTC (rev 1012)
@@ -1,3 +1,15 @@
+CAN-2005-XXXX [Temp file races in gs-gpl addons scripts]
+ - gs-gpl (unfixed; bug #291373)
+CAN-2005-XXXX [Possible SQL injection in freeradius]
+ - freeradius (unfixed; bug #307720)
+CAN-2005-XXXX [Insecure temp file handling in Thunderbird]
+ - mozilla-thunderbird (unfixed; bug #306893)
+CAN-2005-XXXX [Directory traversal in unzoo]
+ - unzoo (unfixed; bug #306164)
+CAN-2005-XXXX [base-config: World readable config file might reveal password data]
+ - base-config (unfixed; bug #305142)
+CAN-2005-XXXX [Logging bypassing through SIGHUP in syslog-ng]
+ - syslog-ng (unfixed; bug #304894)
CAN-2005-XXXX [tracksballs: Missing checks for symlinks when writing to predictable file names]
- trackballs (unfixed; bug #302454)
CAN-2005-XXXX [Less secure default setting in pwgen or the lack documentation about it]