Moritz Muehlenhoff
2005-Aug-26 10:09 UTC
[Secure-testing-commits] r1652 - in data: CAN DSA
Author: jmm-guest
Date: 2005-08-26 10:09:11 +0000 (Fri, 26 Aug 2005)
New Revision: 1652
Modified:
data/CAN/list
data/DSA/list
Log:
new backup-manager dsa
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-08-26 09:14:19 UTC (rev 1651)
+++ data/CAN/list 2005-08-26 10:09:11 UTC (rev 1652)
@@ -3820,11 +3820,13 @@
NOTE: not-for-us (arshell)
CAN-2005-1857
NOTE: reserved
+CAN-2005-1856 [backup-manager: Potential symlink attack through hard coded file
name]
+ NOTE: reserved
{DSA-786-1}
-CAN-2005-1856
+ - backup-manager 0.5.8-2 (low)
+CAN-2005-1855 [Insecure default permissions in backup-manager]
NOTE: reserved
-CAN-2005-1855
- NOTE: reserved
+ - backup-manager 0.5.8-2 (medium)
CAN-2005-1854 (Unknown vulnerability in apt-cacher in Debian 3.1, related to
"missing ...)
{DSA-772-1}
CAN-2005-1853 (gopher.c in the Gopher client 3.0.5 does not properly create
temporary ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2005-08-26 09:14:19 UTC (rev 1651)
+++ data/DSA/list 2005-08-26 10:09:11 UTC (rev 1652)
@@ -1,3 +1,7 @@
+[26 Aug 2005] DSA-787-1 backup-manager - insecure permissions and tempfile
+ {CAN-2005-1855 CAN-2005-1856}
+ - backup-manager 0.5.8-2 (medium)
+ NOTE: fixed in testing at time of DSA
[26 Aug 2005] DSA-786-1 simpleproxy - format string vulnerability
{CAN-2005-1857}
- simpleproxy 3.2-4 (medium)