Moritz Muehlenhoff
2006-Feb-13 08:21 UTC
[Secure-testing-commits] r3464 - in data: CVE DSA
Author: jmm-guest
Date: 2006-02-13 08:21:23 +0000 (Mon, 13 Feb 2006)
New Revision: 3464
Modified:
data/CVE/list
data/DSA/list
Log:
noweb DSA
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-02-13 08:17:38 UTC (rev 3463)
+++ data/CVE/list 2006-02-13 08:21:23 UTC (rev 3464)
@@ -4978,8 +4978,9 @@
CVE-2005-3343 (tkdiff before 4.1.1 allows local users to overwrite arbitrary
files ...)
{DSA-927-1}
- tkdiff 1:4.0.2-2 (low)
-CVE-2005-3342
+CVE-2005-3342 [insecure temp file in noweb]
RESERVED
+ - noweb 2.10c-3.2 (low)
CVE-2005-3340 (The tuxpaint-import.sh script in Tux Paint (tuxpaint) 0.9.14 and
...)
{DSA-941-1}
- tuxpaint 1:0.9.15b-1 (low)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2006-02-13 08:17:38 UTC (rev 3463)
+++ data/DSA/list 2006-02-13 08:21:23 UTC (rev 3464)
@@ -1,3 +1,8 @@
+[13 Feb 2006] DSA-968-1 noweb - insecure temporary file
+ {CVE-2005-3342}
+ [woody] - noweb 2.9a-7.4
+ [sarge] - noweb 2.10c-3.2
+ NOTE: not fixed in testing at time of DSA (too young)
[10 Feb 2006] DSA-967-1 elog - several
{CVE-2005-4439 CVE-2006-0347 CVE-2006-0348 CVE-2006-0597 CVE-2006-0598
CVE-2006-0599 CVE-2006-0600}
[sarge] - elog 2.5.7+r1558-4+sarge2