[Secure-testing-commits] r1980 - data/CAN
Joey Hess
joeyh at costa.debian.org
Wed Sep 14 16:22:17 UTC 2005
Author: joeyh
Date: 2005-09-14 16:22:14 +0000 (Wed, 14 Sep 2005)
New Revision: 1980
Modified:
data/CAN/list
Log:
a bug was filed on that silly tar "vulnerability". Track as unimportant
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-09-14 16:21:19 UTC (rev 1979)
+++ data/CAN/list 2005-09-14 16:22:14 UTC (rev 1980)
@@ -1127,6 +1127,7 @@
CAN-2005-2541 (Tar 1.15.1 does not properly warn the user when extracting setuid or ...)
NOTE: This is intended behaviour, after all tar is an archiving tool and you
NOTE: need to give -p as a command line flag
+ - tar (unfixed; bug #328228; unimportant)
CAN-2005-2540 (CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier ...)
NOTE: not-for-us (FlatNuke)
CAN-2005-2539 (Multiple cross-site scripting (XSS) vulnerabilities in FlatNuke 2.5.5 ...)
More information about the Secure-testing-commits
mailing list