Author: white Date: 2009-09-19 12:37:16 +0000 (Sat, 19 Sep 2009) New Revision: 12856 Modified: data/CVE/list Log: backuppc requires access to the backup location, can go through s-p-u Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-09-19 09:14:22 UTC (rev 12855) +++ data/CVE/list 2009-09-19 12:37:16 UTC (rev 12856) @@ -1314,7 +1314,8 @@ NOT-FOR-US: Basilic CVE-2009-XXXX [BackupPC ClientNameAlias ssh rsync backup security bypass] - backuppc 3.1.0-7 (low; bug #542218) - NOTE: no-dsa candidate + [etch] - backuppc <no-dsa> (Requires access) + [lenny] - backuppc <no-dsa> (Requires access) TODO: request CVE id CVE-2009-XXXX [burn: Insecure escaping of file names] - burn 0.4.5-1 (low; bug #542329)