[Secure-testing-commits] r2009 - data/DTSA/advs
Micah Anderson
micah at costa.debian.org
Thu Sep 15 23:03:32 UTC 2005
Author: micah
Date: 2005-09-15 23:03:31 +0000 (Thu, 15 Sep 2005)
New Revision: 2009
Added:
data/DTSA/advs/17-lm-sensors.adv
data/DTSA/advs/18-kdelibs.adv
Removed:
data/DTSA/advs/17-kdelibs.adv
data/DTSA/advs/18-lm-sensors.adv
Log:
Moving kdelibs up so i can release lm-sensors
Deleted: data/DTSA/advs/17-kdelibs.adv
===================================================================
--- data/DTSA/advs/17-kdelibs.adv 2005-09-15 22:36:11 UTC (rev 2008)
+++ data/DTSA/advs/17-kdelibs.adv 2005-09-15 23:03:31 UTC (rev 2009)
@@ -1,15 +0,0 @@
-source: kdelibs
-date: September 13th, 2005
-author: Moritz Muehlenhoff
-vuln-type: insecure default permissions
-problem-scope: local
-debian-specifc: no
-cve: CAN-2005-1920
-vendor-advisory:
-testing-fix: 4:3.3.2-6.1etch1
-sid-fix: 4:3.4.2-1
-upgrade: apt-get install kdelibs4
-
-kate always created backup files for edited files with default permissions,
-even if the original permissions were stricter. This could lead to information
-disclosure.
\ No newline at end of file
Copied: data/DTSA/advs/17-lm-sensors.adv (from rev 2008, data/DTSA/advs/18-lm-sensors.adv)
Copied: data/DTSA/advs/18-kdelibs.adv (from rev 2006, data/DTSA/advs/17-kdelibs.adv)
Deleted: data/DTSA/advs/18-lm-sensors.adv
===================================================================
--- data/DTSA/advs/18-lm-sensors.adv 2005-09-15 22:36:11 UTC (rev 2008)
+++ data/DTSA/advs/18-lm-sensors.adv 2005-09-15 23:03:31 UTC (rev 2009)
@@ -1,19 +0,0 @@
-source: lm-sensors
-date: September 15th, 2005
-author: Micah Anderson
-vuln-type: insecure temporary file
-problem-scope: local
-debian-specifc: no
-cve: CAN-2005-2672
-vendor-advisory:
-testing-fix: lm-sensors_1:2.9.1-6etch1
-sid-fix: 1:2.9.1-7
-upgrade: apt-get install lm-sensors
-
-Javier Fernández-Sanguino Peña discovered that a script included in
-lm-sensors, used to read temperature/voltage/fan sensors, creates a temporary
-file with a predictable filename, leaving it vulnerable for a symlink
-attack.
-
-Note that this is the same set of security fixes put into stable in
-DSA-814-1.
More information about the Secure-testing-commits
mailing list