Does someone have more information about this issue than:
Committed by stef-guest at 2008-01-22 23:47:35 +0200 (Tue, 22 Jan 2008):
"""
CVE-2008-XXXX [apt-cacher arbitrary command execution]
- apt-cacher 1.6.1
[etch] - apt-cacher <not-affected> (vulnerable code introduced in 1.6.0)
[sarge] - apt-cacher <not-affected> (vulnerable code introduced in
1.6.0)
"""
What is the correct change in version control? How about changelog-entry? There
seems to be old similar issue:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1854
"""
[03 Aug 2005] DSA-772-1 apt-cacher - missing input sanitising
{CVE-2005-1854}
[sarge] - apt-cacher 0.9.4sarge1 (high)
NOTE: not fixed in testing at time of DSA (not uploaded to unstable yet)
"""
Best regards,
Henri Salo
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: http://lists.debian.org/[email protected]
