Author: joeyh Date: 2005-08-07 03:53:37 +0000 (Sun, 07 Aug 2005) New Revision: 1532 Modified: data/CAN/list Log: various security holes discovered by jfs Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-08-05 23:22:58 UTC (rev 1531) +++ data/CAN/list 2005-08-07 03:53:37 UTC (rev 1532) @@ -1,3 +1,32 @@ +CAN-2005-XXXX [wine: Unsafe use of temporary files in winelauncher] + - wine (unfixed; bug #321470; low) +CAN-2005-XXXX [inkscape: Unsafe temporary file handling in ps2epsi extension] + - inkscape (unfixed; bug #321501; low) +CAN-2005-XXXX [DoS to users to prevent usage of showpartial through _hard_ links] + - metamail (unfixed; bug #321473; low) +CAN-2005-XXXX [Insecure usage of temporary files in x11perfcomp and other security issues] + - xbase-clients (unfixed; bug #321447; low) +CAN-2005-XXXX [kdebase: startkde does not check lnusertemp''s result?] + - kdebase (unfixed; bug #292078; medium) +CAN-2005-XXXX [gs-esp: Insecure usage of /tmp in source code] + - gs-eps (unfixed; bug #291452; low) +CAN-2005-XXXX [Format string bug in sysklogd''s syslog_tst sources] + NOTE: binary not shipped + - sysklogd (unfixed; bug #281448; low) +CAN-2005-XXXX [fftw3-dev: Insecure tempfile usage in fftw-wisdom-to-conf script] + - fftw3-dev (unfixed; bug #321566; low) +CAN-2005-XXXX [clamav-getfile: Insecure use of temporary files] + - clamav-getfiles (unfixed; bug #321446; medium) +CAN-2005-XXXX [cgiwrap: Minimum UID does not include all system users] + - cgiwrap (unfixed; bug #316881; low) +CAN-2005-XXXX [cgiwrap: CGIs can be used to disclose system information] + - cgiwrap (unfixed; bug #316901; low) +CAN-2005-XXXX [libnet-ssleay-perl: /tmp/entropy insecure] + - libnet-ssleay-perl (unfixed; bug #296112; low) +CAN-2005-XXXX [nvi: init.d recover file security bugs] + - nvi 1.79-22 (medium) +CAN-2005-XXXX [bugzilla: Maintainer''s postinst script use temporary files in an unsafe way] + - bugzilla (unfixed; bug #321567; medium) CAN-2005-XXXX [Unspecified XSS in hiki] - hiki 0.8.3-1 CAN-2005-XXXX [Crypto weakness in Tor''s handshaking process]