nion at alioth.debian.org
2008-Dec-21 19:54 UTC
[Secure-testing-commits] r10768 - data/CVE
Author: nion Date: 2008-12-21 19:54:07 +0000 (Sun, 21 Dec 2008) New Revision: 10768 Modified: data/CVE/list Log: CVE-2008-5369 fixed in no-ip 2.1.9-1 Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-12-21 18:16:17 UTC (rev 10767) +++ data/CVE/list 2008-12-21 19:54:07 UTC (rev 10768) @@ -747,7 +747,7 @@ - pvpgn 1.8.1-2 (low; bug #509336) [etch] - pvpgn <no-dsa> (Contrib not supported) CVE-2008-5369 (noip2 in noip2 2.1.7 allows local users to overwrite arbitrary files ...) - - no-ip <unfixed> (unimportant; bug #509348) + - no-ip 2.1.9-1 (unimportant; bug #509348) NOTE: original issue doesn''t seem to be present, however there is a tmprace in the init NOTE: script if it is used to debug with strace and a missing check for mkstemp failing NOTE: but these situations are really corner cases