[Secure-testing-commits] r3324 - data/DSA
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Fri Jan 20 10:42:20 UTC 2006
Author: jmm-guest
Date: 2006-01-20 10:42:19 +0000 (Fri, 20 Jan 2006)
New Revision: 3324
Modified:
data/DSA/list
Log:
new sudo DSA
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2006-01-19 21:14:24 UTC (rev 3323)
+++ data/DSA/list 2006-01-20 10:42:19 UTC (rev 3324)
@@ -1,3 +1,13 @@
+[20 Jan 2006] DSA-946-1 sudo - missing input sanitising
+ {CVE-2005-4158 CVE-2006-0151}
+ [woody] - sudo 1.6.6-1.5
+ [sarge] - sudo 1.6.8p7-1.3
+ NOTE: fixed in testing at time of DSA
+ NOTE: The fix for stable and oldstable switched from a black list
+ NOTE: of dangerous env vars to a white list of known-to-be-safe env vars
+ NOTE: sid's 1.6.8p12 still has the black list (although with the strong
+ NOTE: recommendation to use env_reset, which basically does the same),
+ NOTE: but 1.7 will have a white list as well
[17 Jan 2006] DSA-945-1 antiword - insecure temporary file
{CVE-2005-3126}
[woody] - antiword 0.32-2woody0
More information about the Secure-testing-commits
mailing list