[Secure-testing-commits] r169 - sarge-checks/CAN
Joey Hess
joeyh@haydn.debian.org
Fri, 03 Dec 2004 15:02:18 -0700
Author: joeyh
Date: 2004-12-03 15:02:06 -0700 (Fri, 03 Dec 2004)
New Revision: 169
Modified:
sarge-checks/CAN/list
Log:
checked recent CANs
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2004-12-03 20:28:06 UTC (rev 168)
+++ sarge-checks/CAN/list 2004-12-03 22:02:06 UTC (rev 169)
@@ -1,57 +1,59 @@
CAN-2004-1120
- TODO: check
+ - prozilla (unfixed; bug filed)
CAN-2004-1119
- TODO: check
+ NOTE: not-for-us (Winamp)
CAN-2004-1118
- TODO: check
+ NOTE: not-for-us (WodFtpDLX.ocx ActiveX component)
CAN-2004-1117
- TODO: check
+ NOTE: not-for-us (ChessBrain)
CAN-2004-1116
- TODO: check
+ NOTE: not-for-us (GIMPS)
CAN-2004-1115
- TODO: check
+ NOTE: gentoo-specific permissions problems in setaiathome
CAN-2004-1114
- TODO: check
+ NOTE: not-for-us (Skype)
CAN-2004-1113
- TODO: check
+ NOTE: not-for-us (SQLgrey Postfix greylisting serivce)
CAN-2004-1112
- TODO: check
+ NOTE: not-for-us (Cisco)
CAN-2004-1111
- TODO: check
+ NOTE: not-for-us (Cisco)
CAN-2004-1110
- TODO: check
+ - mtink (unfixed; bug filed)
+ NOTE: debian not vulnerale except in edge case)
CAN-2004-1109
- TODO: check
+ NOTE: not-for-us (Kerio Personal Firewall)
CAN-2004-1108
- TODO: check
+ NOTE: not-for-us (Gentoolkit)
CAN-2004-1107
- TODO: check
+ NOTE: not-for-us (Portage)
CAN-2004-1106
- TODO: check
+ - gallery 1.4.4-pl4-1
CAN-2004-1105
- TODO: check
+ NOTE: not-for-us (Nortel Networks Contivity VPN Client)
CAN-2004-1104
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2004-1103
- TODO: check
+ NOTE: not-for-us (MailPost)
CAN-2004-1102
- TODO: check
+ NOTE: not-for-us (MailPost)
CAN-2004-1101
- TODO: check
+ NOTE: not-for-us (MailPost)
CAN-2004-1100
- TODO: check
+ NOTE: not-for-us (MailPost)
CAN-2004-1099
- TODO: check
+ NOTE: not-for-us (Cisco)
CAN-2004-1098
- TODO: check
+ - mime-tools 5.415-1
CAN-2004-1097
- TODO: check
+ NOTE: not-for-us (Cherokee)
CAN-2004-1096
- TODO: check
+ - libarchive-zip-perl 1.14-1
CAN-2004-1095
- TODO: check
+ - zgv (unfixed; bug filed)
+ - xzgv (unfixed; bug filed)
CAN-2004-1094
- TODO: check
+ NOTE: not-for-us (RealPlayer)
CAN-2004-1093
NOTE: reserved
CAN-2004-1092
@@ -79,9 +81,9 @@
CAN-2004-1081
NOTE: reserved
CAN-2004-1080
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2004-1079
- TODO: check
+ - ncpfs 2.2.5-2
CAN-2004-1078
NOTE: reserved
CAN-2004-1077
@@ -89,21 +91,21 @@
CAN-2004-1076
NOTE: reserved
CAN-2004-1075
- TODO: check
+ - zope-zwiki (unfixed; bug #282944)
CAN-2004-1074
- TODO: check
+ TODO: check with kernel people
CAN-2004-1073
- TODO: check
+ TODO: check with kernel people
CAN-2004-1072
- TODO: check
+ TODO: check with kernel people
CAN-2004-1071
- TODO: check
+ TODO: check with kernel people
CAN-2004-1070
- TODO: check
+ TODO: check with kernel people
CAN-2004-1069
- TODO: check
+ TODO: check with kernel people
CAN-2004-1068
- TODO: check
+ TODO: check with kernel people
CAN-2004-1067
NOTE: reserved
CAN-2004-1066
@@ -167,7 +169,7 @@
CAN-2004-1038
NOTE: not-for-us (IEEE1394 specification bug, physical security)
CAN-2004-1037
- TODO: check
+ - twiki 20030201-6
CAN-2004-1036
- squirrelmail 2:1.4.3a-3
CAN-2004-1035
@@ -184,7 +186,7 @@
CAN-2004-1030
- fcron 2.9.5.1-1
CAN-2004-1029
- TODO: check
+ NOTE: not-for-us (Sun JRE)
CAN-2004-1028
NOTE: reserved
CAN-2004-1027
@@ -200,7 +202,7 @@
CAN-2004-1022
NOTE: reserved
CAN-2004-1021
- TODO: check
+ NOTE: not-for-us (MacOS)
CAN-2004-1020
NOTE: reserved
CAN-2004-1019
@@ -212,25 +214,27 @@
CAN-2004-1016
NOTE: reserved
CAN-2004-1015
- TODO: check
+ - cyrus-imapd (unfixed; bug filed)
+ - cyrus21-imapd (unfixed; bug filed)
CAN-2004-1014
NOTE: reserved
CAN-2004-1013
{DSA-597-1}
- NOTE: see http://security.e-matters.de/advisories/152004.html
- - cyrus-imapd 2.1.17-1
+ - cyrus-imapd 1.5.19-20
+ - cyrus21-imapd 2.1.17-1
CAN-2004-1012
{DSA-597-1}
- NOTE: see http://security.e-matters.de/advisories/152004.html
- - cyrus-imapd 2.1.17-1
+ - cyrus-imapd 1.5.19-20
+ - cyrus21-imapd 2.1.17-1
CAN-2004-1011
- TODO: check
+ - cyrus-imapd (unfixed; bug filed)
+ - cyrus21-imapd (unfixed; bug filed)
CAN-2004-1010
- zip 2.30-8
CAN-2004-1009
NOTE: reserved
CAN-2004-1008
- TODO: check
+ - putty 0.56-1
CAN-2004-1007
- bogofilter 0.92.8-1
CAN-2004-1006
@@ -256,7 +260,8 @@
CAN-2004-0997
NOTE: reserved
CAN-2004-0996
- TODO: check
+ - cscope (unfixed; bug #282815)
+ NOTE: Patch in debian bts from ubuntu is good. All other patches are crap.
CAN-2004-0995
NOTE: reserved
CAN-2004-0994
@@ -265,7 +270,7 @@
NOTE: reserved
{DSA-604-1}
CAN-2004-0992
- TODO: check
+ NOTE: not-for-us (Proxytunnel)
CAN-2004-0991
NOTE: reserved
CAN-2004-0990
@@ -336,7 +341,7 @@
CAN-2004-0966
- gettext 0.14.1-6
CAN-2004-0965
- TODO: check
+ NOTE: not-for-us (HP-UX)
CAN-2004-0964
{DSA-587-1}
NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
@@ -345,7 +350,7 @@
CAN-2004-0963
NOTE: not-for-us (windows)
CAN-2004-0962
- TODO: check
+ NOTE: not-for-us (Apple Remote Desktop Client)
CAN-2004-0961
- freeradius 1.0.1
CAN-2004-0960
@@ -367,7 +372,7 @@
CAN-2004-0954
NOTE: rejected
CAN-2004-0953
- TODO: check
+ NOTE: jabber version 2 is vulnerable, we have an older version that seems not
CAN-2004-0952
NOTE: reserved
CAN-2004-0951
@@ -375,7 +380,7 @@
CAN-2004-0950
NOTE: not-for-us (NetOp Host)
CAN-2004-0949
- TODO: check
+ NOTE: check with kernel people
CAN-2004-0948
NOTE: reserved
CAN-2004-0947
@@ -510,7 +515,7 @@
CAN-2004-0893
NOTE: reserved
CAN-2004-0892
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2004-0891
- gaim 1.0.2
CAN-2004-0890
@@ -531,7 +536,7 @@
CAN-2004-0884
{DSA-568-1 DSA-563-1}
CAN-2004-0883
- TODO: check
+ TODO: check with kernel people
CAN-2004-0882
NOTE: details http://security.e-matters.de/advisories/132004.html
- samba 3.0.7
@@ -670,7 +675,8 @@
CAN-2004-0817
{DSA-548-1}
CAN-2004-0816
- TODO: check
+ NOTE: fixed in 2.6.8, what about 2.4 series?
+ TODO: check with kernel people
CAN-2004-0815
{DSA-600-1}
CAN-2004-0814
@@ -689,7 +695,7 @@
CAN-2004-0811
- apache2 2.0.52
CAN-2004-0810
- TODO: check
+ NOTE: not-for-us (Netopia Timbuktu)
CAN-2004-0809
{DSA-558-1}
- apache2 2.0.51-1
@@ -960,7 +966,7 @@
CAN-2004-0686
- samba 3.0.5
CAN-2004-0685
- TODO: check
+ TODO: check with kernel people
CAN-2004-0684
NOTE: not-for-us (WebSphere Edge Server)
CAN-2004-0683
@@ -1041,7 +1047,7 @@
CAN-2004-0647
- shorewall 2.0.3a
CAN-2004-0646
- TODO: check
+ NOTE: not-for-us (JRun)
CAN-2004-0645
{DSA-579-1 DSA-550-1}
CAN-2004-0644
@@ -1134,7 +1140,7 @@
CAN-2004-0602
NOTE: not-for-us (FreeBSD)
CAN-2004-0601
- TODO: check
+ - disctcc 2.18.1-4
CAN-2004-0600
- samba 3.0.5
CAN-2004-0599
@@ -1144,7 +1150,7 @@
CAN-2004-0597
{DSA-536}
CAN-2004-0596
- TODO: fix line below: what version?
+ TODO: check with kernel people
CAN-2004-0595
{DSA-531}
CAN-2004-0594