[Secure-testing-commits] r2470 - data/CVE
Joey Hess
joeyh at costa.debian.org
Thu Oct 20 02:20:20 UTC 2005
Author: joeyh
Date: 2005-10-20 02:20:16 +0000 (Thu, 20 Oct 2005)
New Revision: 2470
Modified:
data/CVE/list
Log:
new yiff-server hole
add a second bug to gcjwebplugin hole
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-10-20 00:45:41 UTC (rev 2469)
+++ data/CVE/list 2005-10-20 02:20:16 UTC (rev 2470)
@@ -1,3 +1,5 @@
+CVE-2005-XXXX [yiff-server: runs as root and opens any file a client asks for]
+ - yiff-server <unfixed> (bug #334616; high)
CVE-2005-3256 (The key selection dialogue in Enigmail before 0.92.1 can incorrectly ...)
TODO: check
CVE-2005-3253
@@ -2295,7 +2297,7 @@
CVE-2005-XXXX [downloads.ini writable by group users, world-readable]
- mldonkey 2.5.28.1-1 (bug #300560; low)
CVE-2005-XXXX [Should include "UNRESTRICTED access to your computer" warning somewhere]
- - gcjwebplugin <unfixed> (bug #267040; high)
+ - gcjwebplugin <unfixed> (bug #267040; bug #301134; high)
CVE-2005-XXXX [Inconsistent escaping of user supplied data in dbauthpgsql.c]
- dbmail-pgsql <unfixed> (bug #290833; medium)
CVE-2005-XXXX [time delay of password check proves account existence to attackers]
More information about the Secure-testing-commits
mailing list