[Secure-testing-commits] r1078 - sarge-checks/CAN

Joey Hess joeyh@costa.debian.org
Mon, 16 May 2005 23:55:08 +0000


Author: joeyh
Date: 2005-05-16 23:55:06 +0000 (Mon, 16 May 2005)
New Revision: 1078

Modified:
   sarge-checks/CAN/list
Log:
xpm sercurity fix was not very good and added new security issues

I don't think this affects the corresponding fix in libtiff, since we
spotted problems with s_popen there and backported newer x.org fixes.


Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-05-16 23:50:12 UTC (rev 1077)
+++ sarge-checks/CAN/list	2005-05-16 23:55:06 UTC (rev 1078)
@@ -1,3 +1,5 @@
+CAN-2005-XXX [libxpm4: new s_popen() function is insecure garbage]
+	- libxpm4 (unfixed; bug #308783)
 CAN-2005-1589
 	NOTE: reserved
 CAN-2005-1588 (SQL injection vulnerability in index.php for Quick.cart 0.3.0 allows ...)