[Secure-testing-commits] r1113 - sarge-checks/CAN
Moritz Muehlenhoff
jmm-guest@costa.debian.org
Fri, 20 May 2005 12:08:54 +0000
Author: jmm-guest
Date: 2005-05-20 12:08:51 +0000 (Fri, 20 May 2005)
New Revision: 1113
Modified:
sarge-checks/CAN/list
Log:
flawed open() call in shadow doesn't affect the version in Sarge.
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-05-20 12:04:52 UTC (rev 1112)
+++ sarge-checks/CAN/list 2005-05-20 12:08:51 UTC (rev 1113)
@@ -1404,7 +1404,7 @@
CAN-2005-1365 (Pico Server (pServ) 3.2 and earlier allows remote attackers to execute ...)
TODO: check
CAN-2005-XXXX [Insecure mailbox generation in passwd's useradd
- - shadow (unfixed; bug #307259)
+ NOTE: Incorrect open() call was introduced after 4.0.3 (the version in Sarge, fixed in 4.0.8)
CAN-2005-XXXX [Insecure tempfile generation in shadow's vipw]
NOTE: Fixed in 4.0.3-33 for sid, Sarge would need an update through t-p-u
- shadow 4.0.3-33