Author: joeyh Date: 2005-09-14 16:22:14 +0000 (Wed, 14 Sep 2005) New Revision: 1980 Modified: data/CAN/list Log: a bug was filed on that silly tar "vulnerability". Track as unimportant Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-09-14 16:21:19 UTC (rev 1979) +++ data/CAN/list 2005-09-14 16:22:14 UTC (rev 1980) @@ -1127,6 +1127,7 @@ CAN-2005-2541 (Tar 1.15.1 does not properly warn the user when extracting setuid or ...) NOTE: This is intended behaviour, after all tar is an archiving tool and you NOTE: need to give -p as a command line flag + - tar (unfixed; bug #328228; unimportant) CAN-2005-2540 (CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier ...) NOTE: not-for-us (FlatNuke) CAN-2005-2539 (Multiple cross-site scripting (XSS) vulnerabilities in FlatNuke 2.5.5 ...)