apt-cacher: TEMP-0000000-62D57E

To: debian-security-tracker@lists.debian.org
Cc: Stefan Fritsch <sf@sfritsch.de>, Eduard Bloch <blade@debian.org>
Subject: apt-cacher: TEMP-0000000-62D57E
From: Henri Salo <henri@nerv.fi>
Date: Sat, 6 Aug 2011 13:25:56 +0300
Message-id: <20110806102556.GA12555@foo.fgeek.fi>

Does someone have more information about this issue than:

Committed by stef-guest at 2008-01-22 23:47:35 +0200 (Tue, 22 Jan 2008):
"""
CVE-2008-XXXX [apt-cacher arbitrary command execution]
        - apt-cacher 1.6.1
        [etch] - apt-cacher <not-affected> (vulnerable code introduced in 1.6.0)
        [sarge] - apt-cacher <not-affected> (vulnerable code introduced in 1.6.0)
"""

What is the correct change in version control? How about changelog-entry? There seems to be old similar issue: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1854

"""
[03 Aug 2005] DSA-772-1 apt-cacher - missing input sanitising
        {CVE-2005-1854}
        [sarge] - apt-cacher 0.9.4sarge1 (high)
        NOTE: not fixed in testing at time of DSA (not uploaded to unstable yet)
"""

Best regards,
Henri Salo

Reply to:

Follow-Ups:
- Re: apt-cacher: TEMP-0000000-62D57E
  - From: Stefan Fritsch <sf@sfritsch.de>

Prev by Date: mailscanner: lock/pid file location symlink attack / TEMP-0000000-477739
Next by Date: Re: apt-cacher: TEMP-0000000-62D57E
Previous by thread: mailscanner: lock/pid file location symlink attack / TEMP-0000000-477739
Next by thread: Re: apt-cacher: TEMP-0000000-62D57E
Index(es):
- Date
- Thread