[Secure-testing-commits] r15100 - in data: . CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Mon Aug 2 04:46:03 UTC 2010


Author: jmm-guest
Date: 2010-08-02 04:45:59 +0000 (Mon, 02 Aug 2010)
New Revision: 15100

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
prewikka no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-08-02 04:24:34 UTC (rev 15099)
+++ data/CVE/list	2010-08-02 04:45:59 UTC (rev 15100)
@@ -2191,8 +2191,8 @@
 	- rpm 4.8.1-1 (bug #584257; unimportant)
 	NOTE: Marking as unimportant since rpm isn't used as a package manager
 CVE-2010-2058 (setup.py in Prewikka 0.9.14 installs prewikka.conf with world-readable ...)
-	- prewikka 1.0.0-1.1 (medium; bug #584469)
-	NOTE: set to medium as this might as well expose the db administrator password
+	- prewikka 1.0.0-1.1 (low; bug #584469)
+	[lenny] - prewikka <no-dsa> (The insecure permissions only apply for a very short timeframe during pkg update)
 CVE-2010-2057
 	RESERVED
 CVE-2010-2056 (GNU gv before 3.7.0 allows local users to overwrite arbitrary files ...)

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2010-08-02 04:24:34 UTC (rev 15099)
+++ data/spu-candidates.txt	2010-08-02 04:45:59 UTC (rev 15100)
@@ -411,6 +411,12 @@
 
 --
 
+prewikka (CVE-2010-2058)
+#584469
+
+
+--
+
 puppet (CVE-2009-3564)
 #551073
 notified maintainer in initial bug report




More information about the Secure-testing-commits mailing list