Author: fw
Date: 2006-02-26 16:16:25 +0000 (Sun, 26 Feb 2006)
New Revision: 3540
Modified:
data/CVE/list
Log:
CVE-2005-4158, CVE-2006-0151: sudo fixed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-02-26 16:11:28 UTC (rev 3539)
+++ data/CVE/list 2006-02-26 16:16:25 UTC (rev 3540)
@@ -1803,7 +1803,7 @@
NOT-FOR-US: phpChamber
CVE-2006-0151 (sudo 1.6.8 and other versions does not clear the PYTHONINSPECT
...)
{DSA-946-1}
- - sudo <unfixed>
+ - sudo 1.6.8p12-1 (medium)
NOTE: The whole black list approach is flawed, for the DSA we'll switch
to
NOTE: a white list approach of known to be safe env vars.
CVE-2006-0150 (Multiple format string vulnerabilities in the
auth_ldap_log_reason ...)
@@ -3129,7 +3129,7 @@
NOT-FOR-US: Simple Machines Forum
CVE-2005-4158 (Sudo before 1.6.8 p12, when the Perl taint flag is off, does
not clear ...)
{DSA-946-1}
- - sudo <unfixed> (bug #342948; medium)
+ - sudo 1.6.8p12-1 (bug #342948; medium)
CVE-2005-4157 (Unspecified vulnerability in Kerio WinRoute Firewall before
6.1.3 ...)
NOT-FOR-US: Kerio Firewall
CVE-2005-4156 (Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5
(1.0.9), ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
