[Secure-testing-commits] r3464 - in data: CVE DSA

[Moritz Muehlenhoff]

Author: jmm-guest
Date: 2006-02-13 08:21:23 +0000 (Mon, 13 Feb 2006)
New Revision: 3464

Modified:
   data/CVE/list
   data/DSA/list
Log:
noweb DSA


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-02-13 08:17:38 UTC (rev 3463)
+++ data/CVE/list	2006-02-13 08:21:23 UTC (rev 3464)
@@ -4978,8 +4978,9 @@
 CVE-2005-3343 (tkdiff before 4.1.1 allows local users to overwrite arbitrary files ...)
 	{DSA-927-1}
 	- tkdiff 1:4.0.2-2 (low)
-CVE-2005-3342
+CVE-2005-3342 [insecure temp file in noweb]
 	RESERVED
+	- noweb 2.10c-3.2 (low)
 CVE-2005-3340 (The tuxpaint-import.sh script in Tux Paint (tuxpaint) 0.9.14 and ...)
 	{DSA-941-1}
 	- tuxpaint 1:0.9.15b-1 (low)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2006-02-13 08:17:38 UTC (rev 3463)
+++ data/DSA/list	2006-02-13 08:21:23 UTC (rev 3464)
@@ -1,3 +1,8 @@
+[13 Feb 2006] DSA-968-1 noweb - insecure temporary file
+        {CVE-2005-3342}
+        [woody] - noweb 2.9a-7.4
+        [sarge] - noweb 2.10c-3.2
+	NOTE: not fixed in testing at time of DSA (too young)
 [10 Feb 2006] DSA-967-1 elog - several
         {CVE-2005-4439 CVE-2006-0347 CVE-2006-0348 CVE-2006-0597 CVE-2006-0598 CVE-2006-0599 CVE-2006-0600}
         [sarge] - elog 2.5.7+r1558-4+sarge2