[Secure-testing-commits] r2869 - data/CVE
Micah Anderson
micah at costa.debian.org
Sun Nov 27 17:57:18 UTC 2005
Author: micah
Date: 2005-11-27 17:57:14 +0000 (Sun, 27 Nov 2005)
New Revision: 2869
Modified:
data/CVE/list
Log:
Trackballs fix
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-11-27 11:49:03 UTC (rev 2868)
+++ data/CVE/list 2005-11-27 17:57:14 UTC (rev 2869)
@@ -8822,8 +8822,10 @@
CVE-2005-XXXX [Logging bypassing through SIGHUP in syslog-ng]
- syslog-ng 1.6.5-2.1
CVE-2005-XXXX [trackballs: Follows symlinks as gid games]
- - trackballs <unfixed> (bug #302454; medium)
- NOTE: CVE request sent to mitre
+ - trackballs 1.1.1-1 (bug #302454; medium)
+ NOTE: CVE request sent to mitre (who sent this? any response?)
+ NOTE: Trackballs doesn't run as gid games anymore, high-score files are
+ NOTE: stored in user's home directories instead.
TODO: check possibility of exploitation via scripting language,
TODO: as mentioned in the bug report as a separate issue
CVE-2005-XXXX [Less secure default setting in pwgen or the lack documentation about it]
More information about the Secure-testing-commits
mailing list