Author: joeyh Date: 2005-10-20 02:20:16 +0000 (Thu, 20 Oct 2005) New Revision: 2470 Modified: data/CVE/list Log: new yiff-server hole add a second bug to gcjwebplugin hole Modified: data/CVE/list ==================================================================--- data/CVE/list 2005-10-20 00:45:41 UTC (rev 2469) +++ data/CVE/list 2005-10-20 02:20:16 UTC (rev 2470) @@ -1,3 +1,5 @@ +CVE-2005-XXXX [yiff-server: runs as root and opens any file a client asks for] + - yiff-server <unfixed> (bug #334616; high) CVE-2005-3256 (The key selection dialogue in Enigmail before 0.92.1 can incorrectly ...) TODO: check CVE-2005-3253 @@ -2295,7 +2297,7 @@ CVE-2005-XXXX [downloads.ini writable by group users, world-readable] - mldonkey 2.5.28.1-1 (bug #300560; low) CVE-2005-XXXX [Should include "UNRESTRICTED access to your computer" warning somewhere] - - gcjwebplugin <unfixed> (bug #267040; high) + - gcjwebplugin <unfixed> (bug #267040; bug #301134; high) CVE-2005-XXXX [Inconsistent escaping of user supplied data in dbauthpgsql.c] - dbmail-pgsql <unfixed> (bug #290833; medium) CVE-2005-XXXX [time delay of password check proves account existence to attackers]