[Secure-testing-commits] r1012 - sarge-checks/CAN

Moritz Muehlenhoff jmm-guest@costa.debian.org
Fri, 06 May 2005 14:44:16 +0000


Author: jmm-guest
Date: 2005-05-06 14:44:13 +0000 (Fri, 06 May 2005)
New Revision: 1012

Modified:
   sarge-checks/CAN/list
Log:
More unfixed security issues from the BTS.


Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-05-06 14:29:40 UTC (rev 1011)
+++ sarge-checks/CAN/list	2005-05-06 14:44:13 UTC (rev 1012)
@@ -1,3 +1,15 @@
+CAN-2005-XXXX [Temp file races in gs-gpl addons scripts]
+	- gs-gpl (unfixed; bug #291373)
+CAN-2005-XXXX [Possible SQL injection in freeradius]
+	- freeradius (unfixed; bug #307720)
+CAN-2005-XXXX [Insecure temp file handling in Thunderbird]
+	- mozilla-thunderbird (unfixed; bug #306893)
+CAN-2005-XXXX [Directory traversal in unzoo]
+	- unzoo (unfixed; bug #306164)
+CAN-2005-XXXX [base-config: World readable config file might reveal password data]
+	- base-config (unfixed; bug #305142)
+CAN-2005-XXXX [Logging bypassing through SIGHUP in syslog-ng]
+	- syslog-ng (unfixed; bug #304894)
 CAN-2005-XXXX [tracksballs: Missing checks for symlinks when writing to predictable file names]
 	- trackballs (unfixed; bug #302454)
 CAN-2005-XXXX [Less secure default setting in pwgen or the lack documentation about it]