[Secure-testing-commits] r3540 - data/CVE
Florian Weimer
fw at costa.debian.org
Sun Feb 26 16:16:30 UTC 2006
Author: fw
Date: 2006-02-26 16:16:25 +0000 (Sun, 26 Feb 2006)
New Revision: 3540
Modified:
data/CVE/list
Log:
CVE-2005-4158, CVE-2006-0151: sudo fixed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-02-26 16:11:28 UTC (rev 3539)
+++ data/CVE/list 2006-02-26 16:16:25 UTC (rev 3540)
@@ -1803,7 +1803,7 @@
NOT-FOR-US: phpChamber
CVE-2006-0151 (sudo 1.6.8 and other versions does not clear the PYTHONINSPECT ...)
{DSA-946-1}
- - sudo <unfixed>
+ - sudo 1.6.8p12-1 (medium)
NOTE: The whole black list approach is flawed, for the DSA we'll switch to
NOTE: a white list approach of known to be safe env vars.
CVE-2006-0150 (Multiple format string vulnerabilities in the auth_ldap_log_reason ...)
@@ -3129,7 +3129,7 @@
NOT-FOR-US: Simple Machines Forum
CVE-2005-4158 (Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear ...)
{DSA-946-1}
- - sudo <unfixed> (bug #342948; medium)
+ - sudo 1.6.8p12-1 (bug #342948; medium)
CVE-2005-4157 (Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 ...)
NOT-FOR-US: Kerio Firewall
CVE-2005-4156 (Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), ...)
More information about the Secure-testing-commits
mailing list