[Secure-testing-commits] r46967 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Dec 11 16:18:18 UTC 2016
Author: carnil
Date: 2016-12-11 16:18:18 +0000 (Sun, 11 Dec 2016)
New Revision: 46967
Modified:
data/CVE/list
Log:
Add CVE-2013-1430
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-11 15:21:24 UTC (rev 46966)
+++ data/CVE/list 2016-12-11 16:18:18 UTC (rev 46967)
@@ -106826,8 +106826,14 @@
CVE-2013-1431 (The Wocky module in Telepathy Gabble before 0.16.6 and 0.17.x before ...)
{DSA-2702-1}
- telepathy-gabble 0.16.6-1
-CVE-2013-1430
+CVE-2013-1430 [xrdp create ~/.vnc/sesman_${username}_passwd with (equivalent of) clear text password of user]
RESERVED
+ - xrdp 0.9.1~2016121126+git5171fa7-1
+ NOTE: https://github.com/neutrinolabs/xrdp/pull/497
+ NOTE: When successfully logging in using RDP into a xrdp session, the file
+ NOTE: ~/.vnc/sesman_${username}_passwd is created. Its content is the
+ NOTE: equivalent of the users clear text password, DES encrypted with a known
+ NOTE: key.
CVE-2013-1429 [Lintian unsafe symlinks]
RESERVED
- lintian 2.5.10.5 (bug #705553; unimportant)
More information about the Secure-testing-commits
mailing list