[Secure-testing-commits] r1532 - data/CAN

Joey Hess Sat, 06 Aug 2005 20:54:10 -0700

Author: joeyh
Date: 2005-08-07 03:53:37 +0000 (Sun, 07 Aug 2005)
New Revision: 1532


Modified:
   data/CAN/list
Log:
various security holes discovered by jfs


Modified: data/CAN/list
===================================================================
--- data/CAN/list       2005-08-05 23:22:58 UTC (rev 1531)
+++ data/CAN/list       2005-08-07 03:53:37 UTC (rev 1532)
@@ -1,3 +1,32 @@
+CAN-2005-XXXX [wine: Unsafe use of temporary files in winelauncher]
+       - wine (unfixed; bug #321470; low)
+CAN-2005-XXXX [inkscape: Unsafe temporary file handling in ps2epsi extension]
+       - inkscape (unfixed; bug #321501; low)
+CAN-2005-XXXX [DoS to users to prevent usage of showpartial through _hard_ 
links]
+       - metamail (unfixed; bug #321473; low)
+CAN-2005-XXXX [Insecure usage of temporary files in x11perfcomp and other 
security issues]
+       - xbase-clients (unfixed; bug #321447; low)
+CAN-2005-XXXX [kdebase: startkde does not check lnusertemp's result?]
+       - kdebase (unfixed; bug #292078; medium)
+CAN-2005-XXXX [gs-esp: Insecure usage of /tmp in source code]
+       - gs-eps (unfixed; bug #291452; low)
+CAN-2005-XXXX [Format string bug in sysklogd's syslog_tst sources]
+       NOTE: binary not shipped
+       - sysklogd (unfixed; bug #281448; low)
+CAN-2005-XXXX [fftw3-dev: Insecure tempfile usage in fftw-wisdom-to-conf 
script]
+       - fftw3-dev (unfixed; bug #321566; low)
+CAN-2005-XXXX [clamav-getfile: Insecure use of temporary files]
+       - clamav-getfiles (unfixed; bug #321446; medium)
+CAN-2005-XXXX [cgiwrap: Minimum UID does not include all system users]
+       - cgiwrap (unfixed; bug #316881; low)
+CAN-2005-XXXX [cgiwrap: CGIs can be used to disclose system information]
+       - cgiwrap (unfixed; bug #316901; low)
+CAN-2005-XXXX [libnet-ssleay-perl: /tmp/entropy insecure]
+       - libnet-ssleay-perl (unfixed; bug #296112; low)
+CAN-2005-XXXX [nvi: init.d recover file security bugs]
+       - nvi 1.79-22 (medium)
+CAN-2005-XXXX [bugzilla: Maintainer's postinst script use temporary files in 
an unsafe way]
+       - bugzilla (unfixed; bug #321567; medium)
 CAN-2005-XXXX [Unspecified XSS in hiki]
        - hiki 0.8.3-1
 CAN-2005-XXXX [Crypto weakness in Tor's handshaking process]


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r1532 - data/CAN

Reply via email to