[Secure-testing-commits] r2206 - data/CAN

Moritz Muehlenhoff jmm-guest at costa.debian.org
Wed Sep 28 10:22:42 UTC 2005


Author: jmm-guest
Date: 2005-09-28 10:22:39 +0000 (Wed, 28 Sep 2005)
New Revision: 2206

Modified:
   data/CAN/list
Log:
new sudo issue; dump fixed


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-09-28 10:09:48 UTC (rev 2205)
+++ data/CAN/list	2005-09-28 10:22:39 UTC (rev 2206)
@@ -250,8 +250,9 @@
 	RESERVED
 CAN-2005-2960
 	RESERVED
-CAN-2005-2959
+CAN-2005-2959 [Sudo does not sanitize SHELLOPTS and PS4 shell env vars before starting sudoed apps]
 	RESERVED
+	- sudo 1.6.8p9-3 (medium)
 CAN-2005-2958
 	RESERVED
 CAN-2005-2957 (Stack-based buffer overflow in AVIRA Desktop for Windows 1.00.00.68 ...)
@@ -3419,7 +3420,7 @@
 	NOTE: exploitability using this hole.
 	- dpkg 1.13.11 (bug #317967; medium)
 	- zsync 0.4.0-2 (medium)
-	- dump <unfixed> (bug #317966; medium)
+	- dump 0.4b40-1 (bug #317966; medium)
 	- aide 0.10-6.1.1 (bug #317523; medium)
 	- amd64-libs <unfixed> (bug #317970; medium)
 	- ia32-libs <unfixed> (bug #317971; medium)




More information about the Secure-testing-commits mailing list