nion at alioth.debian.org
2008-Sep-04 10:52 UTC
[Secure-testing-commits] r9742 - in data: CVE DTSA
Author: nion Date: 2008-09-04 10:52:20 +0000 (Thu, 04 Sep 2008) New Revision: 9742 Modified: data/CVE/list data/DTSA/list Log: releasing DTSA-164-2 (newsbeuter) Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-09-04 09:14:11 UTC (rev 9741) +++ data/CVE/list 2008-09-04 10:52:20 UTC (rev 9742) @@ -127,7 +127,7 @@ [lenny] - wordnet 3.0-11+lenny1 [etch] - wordnet 1:2.1-4+etch1 CVE-2008-XXXX [code execution in newsbeuter via crafted url when opened in external browser] - [lenny] - newsbeuter 0.9.1-1+lenny2 + [lenny] - newsbeuter 0.9.1-1+lenny3 - newsbeuter 1.2-1 (medium) NOTE: medium as versions < 1.0-1 didn''t include a patch to wrap long article URLs so the NOTE: crafted part of the URL can be hidden. This of course only affects people not reading Modified: data/DTSA/list ==================================================================--- data/DTSA/list 2008-09-04 09:14:11 UTC (rev 9741) +++ data/DTSA/list 2008-09-04 10:52:20 UTC (rev 9742) @@ -481,3 +481,7 @@ [lenny] - wordnet 3.0-11+lenny1 [September 2nd, 2008] DTSA-164-1 newsbeuter - command injection [lenny] - newsbeuter 0.9.1-1+lenny2 +[September 4th, 2008] DTSA-164-2 newsbeuter - command injection + [lenny] - newsbeuter 0.9.1-1+lenny3 + NOTE: the preivous DTSA fixed the appended the URL twice +