[Secure-testing-commits] r1964 - data/DTSA/advs

Moritz Muehlenhoff jmm-guest at costa.debian.org
Tue Sep 13 20:46:01 UTC 2005


Author: jmm-guest
Date: 2005-09-13 20:46:01 +0000 (Tue, 13 Sep 2005)
New Revision: 1964

Added:
   data/DTSA/advs/17-kdelibs.adv
Removed:
   data/DTSA/advs/17-kdebase.adv
Log:
kdebase FTBFS with gcc 4, so I'll prepare the kdelibs/kate
fix first (with included fix), and once kdelibs is fixed
I'll prepare a fixed kdebase package that depends upon the
DTSA-fixed version from kdelibs.


Deleted: data/DTSA/advs/17-kdebase.adv
===================================================================
--- data/DTSA/advs/17-kdebase.adv	2005-09-13 20:30:22 UTC (rev 1963)
+++ data/DTSA/advs/17-kdebase.adv	2005-09-13 20:46:01 UTC (rev 1964)
@@ -1,13 +0,0 @@
-source: kdebase
-date: September 10th, 2005
-author: Moritz Muehlenhoff
-vuln-type: insecure permissions, race condition
-problem-scope: local
-debian-specifc: no
-cve: CAN-2005-1920 CAN-2005-2494
-vendor-advisory: 
-testing-fix: xxx
-sid-fix: 4:3.4.2-2
-upgrade: apt-get install xxxx
-
-xxx multiline description here

Added: data/DTSA/advs/17-kdelibs.adv
===================================================================
--- data/DTSA/advs/17-kdelibs.adv	2005-09-13 20:30:22 UTC (rev 1963)
+++ data/DTSA/advs/17-kdelibs.adv	2005-09-13 20:46:01 UTC (rev 1964)
@@ -0,0 +1,15 @@
+source: kdelibs
+date: September 13th, 2005
+author: Moritz Muehlenhoff
+vuln-type: insecure default permissions
+problem-scope: local
+debian-specifc: no
+cve: CAN-2005-1920
+vendor-advisory: 
+testing-fix: 4:3.3.2-6.1etch1
+sid-fix: 4:3.4.2-1
+upgrade: apt-get install kdelibs4
+
+kate always created backup files for edited files with default permissions,
+even if the original permissions were stricter. This could lead to information
+disclosure.
\ No newline at end of file




More information about the Secure-testing-commits mailing list