gave up on thunderbird build for now, reclaimed advisory 9 for bluez

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@1751 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: Joey Hess <joeyh@debian.org> 2005-08-31 19:03:01 +0000
committer: Joey Hess <joeyh@debian.org> 2005-08-31 19:03:01 +0000
commit: b7fcd369a3b982c03336dbb08ea43dca1353ed87 (patch)
tree: 323bdc79e7072ec85073f8b35092a491fdc29143 /data/DTSA/advs/9-bluez-utils.adv
parent: 0c2266703283c6dfaaa4934d0b58ca67b03cb168 (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/data/DTSA/advs/9-bluez-utils.adv b/data/DTSA/advs/9-bluez-utils.adv
new file mode 100644
index 0000000000..b91e1851e6
--- /dev/null
+++ b/data/DTSA/advs/9-bluez-utils.adv
@@ -0,0 +1,14 @@
+dtsa: DTSA-9-1
+source: bluez-utils
+date: August 31st, 2005
+author: Joey Hess
+vuln-type: bad device name escaping
+problem-scope: remote
+debian-specific: no
+cve: CAN-2005-2547
+testing-fix: 2.19-0.1etch1
+sid-fix: 2.19-1
+
+A bug in bluez-utils allows remote attackers to execute arbitrary commands
+via shell metacharacters in the Bluetooth device name when invoking the PIN
+helper.
author	Joey Hess <joeyh@debian.org>	2005-08-31 19:03:01 +0000
committer	Joey Hess <joeyh@debian.org>	2005-08-31 19:03:01 +0000
commit	b7fcd369a3b982c03336dbb08ea43dca1353ed87 (patch)
tree	323bdc79e7072ec85073f8b35092a491fdc29143 /data/DTSA/advs/9-bluez-utils.adv
parent	0c2266703283c6dfaaa4934d0b58ca67b03cb168 (diff)