gilbert-guest at alioth.debian.org
2009-Feb-25 05:24 UTC
[Secure-testing-commits] r11259 - data/CVE
Author: gilbert-guest Date: 2009-02-25 05:24:29 +0000 (Wed, 25 Feb 2009) New Revision: 11259 Modified: data/CVE/list Log: adding no-root issue to tracker Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-02-24 00:13:00 UTC (rev 11258) +++ data/CVE/list 2009-02-25 05:24:29 UTC (rev 11259) @@ -1,3 +1,6 @@ +CVE-2009-XXXX [debian-installer: no-root option in expert installer exposes locally exploitable security flaw] + - debian-installer <unfixed> (bug #517018; low) + NOTE: should a CVE be requested for this problem? CVE-2009-XXXX [Http double slash request arbitrary file access vulnerability in mldonkey] - mldonkey <unfixed> (bug #516829; medium) NOTE: daemon is run as non-root and can only be exploited via localhost