[Secure-testing-commits] r2097 - in data: CAN DSA
Florian Weimer
fw at costa.debian.org
Thu Sep 22 16:42:00 UTC 2005
Author: fw
Date: 2005-09-22 16:41:56 +0000 (Thu, 22 Sep 2005)
New Revision: 2097
Modified:
data/CAN/list
data/DSA/list
Log:
mozilla-thunderbird is actually exploitable for the shell script
injection issue (mea culpa).
Add DSA-818-1 on kdeedu.
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-09-22 14:56:28 UTC (rev 2096)
+++ data/CAN/list 2005-09-22 16:41:56 UTC (rev 2097)
@@ -2,6 +2,7 @@
- arc 5.21m-1 (low)
CAN-2005-XXXX [Firefox passes URLs with backticks from external programs to the shell]
- mozilla-firefox not-affected (Debian ships a non-vulnerable wrapper script)
+ - mozilla-thunderbird (unfixed; bug #329667; high)
CAN-2005-XXXX [Incorrect handling of "safe levels" in Ruby]
- ruby1.6 1.6.8-13 (medium)
- ruby1.8 1.8.3-1 (medium)
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2005-09-22 14:56:28 UTC (rev 2096)
+++ data/DSA/list 2005-09-22 16:41:56 UTC (rev 2097)
@@ -1,3 +1,7 @@
+[22 Sep 2005] DSA-818-1 kdeedu - insecure temporary files
+ { CAN-2005-2101 }
+ - kdeedu 4:3.4.2-1
+ NOTE: not fixed in testing at time of DSA
[22 Sep 2005] DSA-817-1 python2.2 - integer overflow
{ CAN-2005-2491 }
- python2.2 2.2.3dfsg-4 (medium)
More information about the Secure-testing-commits
mailing list