[Secure-testing-commits] r192 - sarge-checks/CAN
Joey Hess
joeyh@haydn.debian.org
Fri, 10 Dec 2004 12:52:10 -0700
Author: joeyh
Date: 2004-12-10 12:51:57 -0700 (Fri, 10 Dec 2004)
New Revision: 192
Modified:
sarge-checks/CAN/list
Log:
checked new CANs, skipping some window injection vulns
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2004-12-10 19:31:29 UTC (rev 191)
+++ sarge-checks/CAN/list 2004-12-10 19:51:57 UTC (rev 192)
@@ -1,38 +1,38 @@
CAN-2004-1171
- TODO: check
+ - kdelibs (unfixed; bug filed)
+ - kdebase (unfixed; bug filed)
CAN-2004-1170
- TODO: check
+ - a2ps 1:4.13b-4.2
CAN-2004-1169
- TODO: check
+ - maxdb-webtools 7.5.00.19-1
CAN-2004-1168
- TODO: check
+ - maxdb-webtools 7.5.00.19-1
CAN-2004-1167
- TODO: check
+ NOTE: not-for-us (gentoo mirrorselect)
CAN-2004-1166
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2004-1165
- TODO: check
+ - konqueror (unfixed; bug filed)
CAN-2004-1164
- TODO: check
+ NOTE: not-for-us (Cisco)
CAN-2004-1163
- TODO: check
+ NOTE: not-for-us (Cisco)
CAN-2004-1162
- TODO: check
+ - scponly (unfixed; bug #284176)
CAN-2004-1161
- TODO: check
+ - rssh (unfixed; bug #284207)
CAN-2004-1160
- TODO: check
+ NOTE: not-for-us (Netscape)
CAN-2004-1159
NOTE: rejected
- TODO: check
CAN-2004-1158
TODO: check
CAN-2004-1157
- TODO: check
+ NOTE: not-for-us (Opera)
CAN-2004-1156
TODO: check
CAN-2004-1155
- TODO: check
+ NOTE: not-for-us (Microsoft MSIE)
CAN-2004-1154
NOTE: reserved
CAN-2004-1153
@@ -98,7 +98,7 @@
CAN-2004-1123
NOTE: not-for-us (Darwin Streaming Server)
CAN-2004-1122
- TODO: check
+ NOTE: not-for-us (Safari)
CAN-2004-1121
NOTE: reserved
CAN-2004-1120
@@ -212,7 +212,9 @@
NOTE: fixed in kernel team svn, 2.6 only issue
TODO: make sure it gets to testing, add release version
CAN-2004-1067
- TODO: check
+ NOTE: verified cyrus21-imapd 2.1.17-3 is not vulnerable, seems
+ NOTE: to only affect 2.2 series.
+ NOTE: 1.5.19 also seems ok
CAN-2004-1066
NOTE: not-for-us (FreeBSD)
CAN-2004-1065
@@ -297,7 +299,8 @@
CAN-2004-1027
NOTE: sarge's unarj is from a different code base, probably not vulnerable
CAN-2004-1026
- TODO: check
+ - imlib (unfixed; bug #284925)
+ - imlib-png2 (unfixed; bug #284925)
CAN-2004-1025
NOTE: reserved
CAN-2004-1024
@@ -320,7 +323,7 @@
NOTE: reserved
CAN-2004-1015
NOTE: cyrus-imapd not vulnerable
- NOTE: cyrus21-imapd not vulnetale
+ NOTE: cyrus21-imapd not vulnerable
CAN-2004-1014
{DSA-606-1}
CAN-2004-1013
@@ -1524,7 +1527,7 @@
CAN-2004-0467
NOTE: reserved
CAN-2004-0466
- NOTE: reserved
+ {DSA-357}
CAN-2004-0465
NOTE: reserved
CAN-2004-0464