[Secure-testing-commits] r2206 - data/CAN
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Wed Sep 28 10:22:42 UTC 2005
Author: jmm-guest
Date: 2005-09-28 10:22:39 +0000 (Wed, 28 Sep 2005)
New Revision: 2206
Modified:
data/CAN/list
Log:
new sudo issue; dump fixed
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-09-28 10:09:48 UTC (rev 2205)
+++ data/CAN/list 2005-09-28 10:22:39 UTC (rev 2206)
@@ -250,8 +250,9 @@
RESERVED
CAN-2005-2960
RESERVED
-CAN-2005-2959
+CAN-2005-2959 [Sudo does not sanitize SHELLOPTS and PS4 shell env vars before starting sudoed apps]
RESERVED
+ - sudo 1.6.8p9-3 (medium)
CAN-2005-2958
RESERVED
CAN-2005-2957 (Stack-based buffer overflow in AVIRA Desktop for Windows 1.00.00.68 ...)
@@ -3419,7 +3420,7 @@
NOTE: exploitability using this hole.
- dpkg 1.13.11 (bug #317967; medium)
- zsync 0.4.0-2 (medium)
- - dump <unfixed> (bug #317966; medium)
+ - dump 0.4b40-1 (bug #317966; medium)
- aide 0.10-6.1.1 (bug #317523; medium)
- amd64-libs <unfixed> (bug #317970; medium)
- ia32-libs <unfixed> (bug #317971; medium)
More information about the Secure-testing-commits
mailing list