Author: jmm-guest Date: 2005-09-13 20:46:01 +0000 (Tue, 13 Sep 2005) New Revision: 1964 Added: data/DTSA/advs/17-kdelibs.adv Removed: data/DTSA/advs/17-kdebase.adv Log: kdebase FTBFS with gcc 4, so I''ll prepare the kdelibs/kate fix first (with included fix), and once kdelibs is fixed I''ll prepare a fixed kdebase package that depends upon the DTSA-fixed version from kdelibs. Deleted: data/DTSA/advs/17-kdebase.adv ==================================================================--- data/DTSA/advs/17-kdebase.adv 2005-09-13 20:30:22 UTC (rev 1963) +++ data/DTSA/advs/17-kdebase.adv 2005-09-13 20:46:01 UTC (rev 1964) @@ -1,13 +0,0 @@ -source: kdebase -date: September 10th, 2005 -author: Moritz Muehlenhoff -vuln-type: insecure permissions, race condition -problem-scope: local -debian-specifc: no -cve: CAN-2005-1920 CAN-2005-2494 -vendor-advisory: -testing-fix: xxx -sid-fix: 4:3.4.2-2 -upgrade: apt-get install xxxx - -xxx multiline description here Added: data/DTSA/advs/17-kdelibs.adv ==================================================================--- data/DTSA/advs/17-kdelibs.adv 2005-09-13 20:30:22 UTC (rev 1963) +++ data/DTSA/advs/17-kdelibs.adv 2005-09-13 20:46:01 UTC (rev 1964) @@ -0,0 +1,15 @@ +source: kdelibs +date: September 13th, 2005 +author: Moritz Muehlenhoff +vuln-type: insecure default permissions +problem-scope: local +debian-specifc: no +cve: CAN-2005-1920 +vendor-advisory: +testing-fix: 4:3.3.2-6.1etch1 +sid-fix: 4:3.4.2-1 +upgrade: apt-get install kdelibs4 + +kate always created backup files for edited files with default permissions, +even if the original permissions were stricter. This could lead to information +disclosure. \ No newline at end of file