Author: fw
Date: 2005-10-08 08:32:52 +0000 (Sat, 08 Oct 2005)
New Revision: 2346
Modified:
data/CAN/list
data/DSA/list
Log:
Two new DSAs (masqmail and dia).
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-10-07 21:14:18 UTC (rev 2345)
+++ data/CAN/list 2005-10-08 08:32:52 UTC (rev 2346)
@@ -1309,9 +1309,9 @@
CAN-2005-2664 (Whisper 32 1.16, and possibly earlier versions, stores passwords
in ...)
NOT-FOR-US: Whisper
CAN-2005-2663 (masqmail before 0.2.18 allows local users to overwrite arbitrary
files ...)
- - masqmail <unfixed> (low; bug #329307)
+ - masqmail 0.2.20-1sarge1 (low; bug #329307)
CAN-2005-2662 (masqmail before 0.2.18 allows remote attackers to execute
arbitrary ...)
- - masqmail <unfixed> (high; bug #329307)
+ - masqmail 0.2.20-1sarge1 (high; bug #329307)
CAN-2005-2661
RESERVED
CAN-2005-2660 (apachetop 0.12.5 and earlier, when running in debug mode, allows
local ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2005-10-07 21:14:18 UTC (rev 2345)
+++ data/DSA/list 2005-10-08 08:32:52 UTC (rev 2346)
@@ -1,3 +1,11 @@
+[08 Oct 2005] DSA-848-1 masqmail - several
+ {CAN-2005-2662 CAN-2005-2663}
+ - masqmail 0.2.20-1sarge1
+ NOTE: not fixed in testing at time of DSA (not fixed in unstable)
+[08 Oct 2005] DSA-847-1 dia - missing input sanitising
+ {CAN-2005-2966}
+ - dia 0.94.0-15 (bug #330890; medium)
+ NOTE: not fixed in testing at time of DSA, missing sparc build, gcc-4.0
[07 Oct 2005] DSA-846-1 cpio - several
{CAN-2005-1111 CAN-2005-1229}
- cpio 2.6-6