[Secure-testing-commits] r21210 - data/CVE
Salvatore Bonaccorso
carnil at alioth.debian.org
Sat Feb 9 10:41:02 UTC 2013
Author: carnil
Date: 2013-02-09 10:41:02 +0000 (Sat, 09 Feb 2013)
New Revision: 21210
Modified:
data/CVE/list
Log:
update for CVE-2012-6120, puppet log directory word readable
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-02-09 10:05:22 UTC (rev 21209)
+++ data/CVE/list 2013-02-09 10:41:02 UTC (rev 21210)
@@ -4330,8 +4330,9 @@
NOTE: Upstream patch: https://github.com/roundcube/roundcubemail/commit/74cd0a9b62f11bc07c5a1d3ba0098b54883eb0ba
CVE-2012-6120 [Directory /var/log/puppet is world readable]
RESERVED
- - puppet <unfixed>
- TODO: check if Red Hat specific
+ - puppet <not-affected> (puppet-common postinst sets dpkg-statoverride --update --add puppet puppet 0750 /var/log/puppet)
+ [squeeze] - puppet <unfixed>
+ TODO: report bug for Squeeze?
CVE-2012-6119
RESERVED
CVE-2012-6118
More information about the Secure-testing-commits
mailing list