[Secure-testing-commits] r7966 - in data: . CVE
thijs at alioth.debian.org
thijs at alioth.debian.org
Sat Jan 19 10:51:14 UTC 2008
Author: thijs
Date: 2008-01-19 10:51:13 +0000 (Sat, 19 Jan 2008)
New Revision: 7966
Modified:
data/CVE/list
data/spu-candidates.txt
Log:
duplicity sarge/etch not affected
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-01-18 22:33:49 UTC (rev 7965)
+++ data/CVE/list 2008-01-19 10:51:13 UTC (rev 7966)
@@ -5227,10 +5227,11 @@
RESERVED
CVE-2007-5201 (The FTP backend for Duplicity sends the password as a command line ...)
- duplicity 0.4.3-2 (low; bug #442840)
- [etch] - duplicity <no-dsa> (Minor issue, inherently insecure feature anyway)
- [sarge] - duplicity <no-dsa> (Minor issue, inherently insecure feature anyway)
+ [etch] - duplicity <not-affected> (Vulnerable code introduced in 0.4.3)
+ [sarge] - duplicity <not-affected> (Vulnerable code introduced in 0.4.3)
NOTE: ftp is an inherently insecure protocol, any security-sensitive data would
NOTE: be transferred through the scp, sftp or rsync backends.
+ NOTE: http://lists.debian.org/debian-release/2008/01/msg00190.html
CVE-2007-5200 (hugin, as used on various operating systems including SUSE openSUSE ...)
{DTSA-74-1}
- hugin 0.6.1-1.1 (low; bug #447344)
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2008-01-18 22:33:49 UTC (rev 7965)
+++ data/spu-candidates.txt 2008-01-19 10:51:13 UTC (rev 7966)
@@ -21,12 +21,6 @@
--
-duplicity (CVE-2007-5201)
-#442840
-notified maintainer
-
---
-
flac123 (CVE-2007-3507)
notified maintainer
More information about the Secure-testing-commits
mailing list