Moritz Muehlenhoff
2005-Oct-20 11:51 UTC
[Secure-testing-commits] r2501 - in data: CVE DSA
Author: jmm-guest
Date: 2005-10-20 11:51:05 +0000 (Thu, 20 Oct 2005)
New Revision: 2501
Modified:
data/CVE/list
data/DSA/list
Log:
new module-assistant DSA
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-10-20 11:19:24 UTC (rev 2500)
+++ data/CVE/list 2005-10-20 11:51:05 UTC (rev 2501)
@@ -310,8 +310,10 @@
RESERVED
CVE-2005-3122
RESERVED
-CVE-2005-3121
+CVE-2005-3121 [Insecure temp file generation in module-assistant]
RESERVED
+ - module-assistant 0.9.10
+ TODO: Check, whether this version really fixes the issue, it''s not
mentioned in the changelog
CVE-2005-3120 (Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6
and ...)
- lynx <unfixed> (bug #334423; high)
- lynx-cur 2.8.6-16 (bug #334423; high)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2005-10-20 11:19:24 UTC (rev 2500)
+++ data/DSA/list 2005-10-20 11:51:05 UTC (rev 2501)
@@ -1,3 +1,8 @@
+[20 Oct 2005] DSA-867-1 module-assistant - insecure temporary file
+ {CVE-2005-3121}
+ [woody] - module-assistant <not-affected> (not part of Woody)
+ [sarge] - module-assistant 0.9sarge1
+ NOTE: fixed in testing at time of DSA
[20 Oct 2005] DSA-866-1 mozilla - several
{CVE-2005-2871 CVE-2005-2701 CVE-2005-2702 CVE-2005-2703 CVE-2005-2704
CVE-2005-2705 CVE-2005-2706 CVE-2005-2707 CVE-2005-2968}
[woody] - mozilla <unfixed>
Florian Weimer
2006-Mar-13 12:28 UTC
[Secure-testing-team] Re: [Secure-testing-commits] r2501 - in data: CVE DSA
* Moritz Muehlenhoff:> +[20 Oct 2005] DSA-867-1 module-assistant - insecure temporary file > + {CVE-2005-3121} > + [woody] - module-assistant <not-affected> (not part of Woody)Thanks for adding these tags. I''m not sure if <not-affected> tags are really necessary when the package is not part of the indicated release. Maybe it''s like <removed> and I''m wrong, though.