[Secure-testing-commits] r21235 - data/CVE
Salvatore Bonaccorso
carnil at alioth.debian.org
Mon Feb 11 14:58:29 UTC 2013
Author: carnil
Date: 2013-02-11 14:58:29 +0000 (Mon, 11 Feb 2013)
New Revision: 21235
Modified:
data/CVE/list
Log:
update tracking for CVE-2012-6120 and add a NOTE, thanks jmm for helping fixing the entry
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-02-11 13:46:52 UTC (rev 21234)
+++ data/CVE/list 2013-02-11 14:58:29 UTC (rev 21235)
@@ -4338,8 +4338,10 @@
NOTE: Upstream patch: https://github.com/roundcube/roundcubemail/commit/74cd0a9b62f11bc07c5a1d3ba0098b54883eb0ba
CVE-2012-6120 [Directory /var/log/puppet is world readable]
RESERVED
- - puppet <not-affected> (puppet-common postinst sets dpkg-statoverride --update --add puppet puppet 0750 /var/log/puppet)
+ - puppet 2.6.4-2
[squeeze] - puppet <unfixed>
+ NOTE: puppet-common postinst in unstable sets dpkg-statoverride --update --add puppet puppet 0750 /var/log/puppet
+ NOTE: After starting puppetmaster permissions on directory are restricted
TODO: report bug for Squeeze?
CVE-2012-6119
RESERVED
More information about the Secure-testing-commits
mailing list