[Secure-testing-commits] r76 - sarge-checks/CAN
Joey Hess
joeyh@haydn.debian.org
Thu, 04 Nov 2004 15:01:50 -0700
Author: joeyh
Date: 2004-11-04 15:01:43 -0700 (Thu, 04 Nov 2004)
New Revision: 76
Modified:
sarge-checks/CAN/list
Log:
finished my block
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2004-11-04 20:20:53 UTC (rev 75)
+++ sarge-checks/CAN/list 2004-11-04 22:01:43 UTC (rev 76)
@@ -53,8 +53,10 @@
NOTE: reserved
CAN-2004-0982
NOTE: reserved
+ - mpg123 0.59r-17
CAN-2004-0981
NOTE: reserved
+ - imagemagick 6:6.0.6.2-1.5
CAN-2004-0980
NOTE: reserved
CAN-2004-0979
@@ -394,6 +396,7 @@
NOTE: not-fos-us (AIX)
CAN-2004-0827
NOTE: covered by DSA-547-1
+ - imagemagick 5:6.0.7.1-1
CAN-2004-0826
NOTE: not-for-us (netscape NSS)
CAN-2004-0825
@@ -442,6 +445,7 @@
- cdrtools 4:2.0+a34-2
CAN-2004-0805
NOTE: covered by DSA-564-1
+ - mpg123 0.59r-16
CAN-2004-0804
NOTE: covered by DSA-567-1
CAN-2004-0803
@@ -1097,6 +1101,7 @@
- apache2 2.0.50-1
CAN-2004-0492
NOTE: covered by DSA-525
+ - apache 1.3.31-2
CAN-2004-0491
NOTE: reserved
CAN-2004-0490
@@ -2871,65 +2876,63 @@
NOTE: not-for-us (Apple)
CAN-2003-0600
NOTE: reserved
-
-begin claimed by joeyh
-
CAN-2003-0599
NOTE: covered by DSA-365
CAN-2003-0598
NOTE: rejected
CAN-2003-0597
- TODO: check
+ NOTE: not-for-us (Unixware)
CAN-2003-0596
- NOTE: covered by DSA-352
+ - fdclone 2.02a
CAN-2003-0595
- TODO: check
+ NOTE: not-for-us (WiTango Application Server and Tango 2000)
CAN-2003-0594
+ NOTE: cannot find reference to it being fixed.
TODO: check
CAN-2003-0593
- TODO: check
+ NOTE: not-for-us (opera)
CAN-2003-0592
NOTE: covered by DSA-459
CAN-2003-0591
NOTE: rejected
CAN-2003-0590
- TODO: check
+ NOTE: not-for-us (Splatt Forum)
CAN-2003-0589
- TODO: check
+ NOTE: not-for-us (Digi-ads)
CAN-2003-0588
- TODO: check
+ NOTE: not-for-us (Digi-news)
CAN-2003-0587
- TODO: check
+ NOTE: not-for-us (Infopop Ultimate Bulletin Board (UBB))
CAN-2003-0586
- TODO: check
+ NOTE: not-for-us (Brooky eStore)
CAN-2003-0585
- TODO: check
+ NOTE: not-for-us (Brooky eStore)
CAN-2003-0584
- TODO: check
+ NOTE: not-for-us (BRU)
CAN-2003-0583
- - usermin 1.090-1
+ NOTE: not-for-us (BRU)
CAN-2003-0582
NOTE: rejected
CAN-2003-0581
NOTE: covered by DSA-360
CAN-2003-0580
- TODO: check
+ NOTE: not-for-us (IBM U2 UniVerse)
CAN-2003-0579
- TODO: check
+ NOTE: not-for-us (IBM U2 UniVerse)
CAN-2003-0578
- TODO: check
+ NOTE: not-for-us (IBM U2 UniVerse)
CAN-2003-0577
- TODO: check
+ - mpg123 (unfixed; bug filed)
CAN-2003-0576
- TODO: check
+ NOTE: not-for-us (IRIX)
CAN-2003-0575
- TODO: check
+ NOTE: not-for-us (IRIX)
CAN-2003-0574
- TODO: check
+ NOTE: not-for-us (IRIX)
CAN-2003-0573
- TODO: check
+ NOTE: not-for-us (IRIX)
CAN-2003-0572
- TODO: check
+ NOTE: not-for-us (IRIX)
CAN-2003-0571
NOTE: reserved
CAN-2003-0570
@@ -2939,35 +2942,39 @@
CAN-2003-0568
NOTE: reserved
CAN-2003-0567
- TODO: check
+ NOTE: not-for-us (Cisco)
CAN-2003-0566
NOTE: reserved
CAN-2003-0565
- TODO: check
+ NOTE: affects many implementations of the X.400 protocol
+ TODO: see if anything in debian uses X.400 and is vulnerable.
CAN-2003-0564
- TODO: check
+ NOTE: affects multiple S/MIME implementations
+ NOTE: checked current mozilla, which contains safe NSS 3.9.1
+ - mozilla 2:1.7.3
+ TODO: see if anything else in debian uses S/MIME and is vulnerable.
CAN-2003-0563
NOTE: reserved
CAN-2003-0562
- TODO: check
+ NOTE: not-for-us (Novell Netware)
CAN-2003-0561
- TODO: check
+ NOTE: not-for-us (IglooFTP)
CAN-2003-0560
- TODO: check
+ NOTE: not-for-us (VP-ASP)
CAN-2003-0559
- TODO: check
+ NOTE: not-for-us (phpforum)
CAN-2003-0558
- TODO: check
+ NOTE: not-for-us (LeapFTP)
CAN-2003-0557
- TODO: check
+ NOTE: not-for-us (StoreFront)
CAN-2003-0556
- TODO: check
+ NOTE: not-for-us (Polycom MGC)
CAN-2003-0555
- TODO: check
+ NOTE: imagemagick %x exploit failed with 6.0.6.2-1.5
CAN-2003-0554
- TODO: check
+ NOTE: not-for-us (NeoModus Direct Connect)
CAN-2003-0553
- TODO: check
+ NOTE: not-for-us (Netscape)
CAN-2003-0552
NOTE: covered by DSA-358
NOTE: fixed in 2.4.22-pre3
@@ -2978,13 +2985,13 @@
NOTE: covered by DSA-358
NOTE: fixed in 2.4.22-pre3
CAN-2003-0549
- TODO: check
+ - gdm 2.4.1.5
CAN-2003-0548
- TODO: check
+ - gdm 2.4.1.5
CAN-2003-0547
- TODO: check
+ - gdm 2.4.1.5
CAN-2003-0546
- TODO: check
+ NOTE: not-for-us (up2date)
CAN-2003-0545
NOTE: covered by DSA-393
CAN-2003-0544
@@ -2993,8 +3000,10 @@
NOTE: covered by DSA-393
CAN-2003-0542
- apache2 2.0.48
+ - apache 1.3.29
CAN-2003-0541
- - squid 2.5.5-5
+ - gtkhtml (unfixed; bug filed)
+ TODO: check (probably vulnerable)
CAN-2003-0540
NOTE: covered by DSA-363
CAN-2003-0539
@@ -3010,77 +3019,75 @@
CAN-2003-0534
NOTE: reserved
CAN-2003-0533
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2003-0532
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2003-0531
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2003-0530
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2003-0529
NOTE: reserved
CAN-2003-0528
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2003-0527
NOTE: reserved
CAN-2003-0526
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2003-0525
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2003-0524
- TODO: check
+ NOTE: appears specific to the knoppix CD
CAN-2003-0523
- TODO: check
+ NOTE: not-for-us (ProductCart)
CAN-2003-0522
- TODO: check
+ NOTE: not-for-us (ProductCart)
CAN-2003-0521
- TODO: check
+ NOTE: not-for-us (cPanel is not our cpanel)
CAN-2003-0520
- TODO: check
+ NOTE: not-for-us (Trillian)
CAN-2003-0519
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2003-0518
- TODO: check
+ NOTE: not-for-us (MacOS)
CAN-2003-0517
- TODO: check
+ - mgetty 1.1.29
CAN-2003-0516
- TODO: check
+ - mgetty 1.1.29
CAN-2003-0515
NOTE: covered by DSA-347
CAN-2003-0514
- TODO: check
+ NOTE: not-for-us (Safari)
CAN-2003-0513
- TODO: check
+ NOTE: not-for-us (MSIE)
CAN-2003-0512
- TODO: check
+ NOTE: not-for-us (Cisco)
CAN-2003-0511
- TODO: check
+ NOTE not-for-us (Cisco Aironet AP1x00 Series Wireless devices)
CAN-2003-0510
- TODO: check
+ NOTE: not-for-us (ezbounce)
CAN-2003-0509
- TODO: check
+ NOTE: not-for-us (Cyberstrong eShop)
CAN-2003-0508
- TODO: check
+ NOTE: not-for-us (acroread)
CAN-2003-0507
- TODO: check
+ NOTE: not-for-us (Mocrosoft)
CAN-2003-0506
- TODO: check
+ NOTE: not-for-us (Mocrosoft)
CAN-2003-0505
- TODO: check
+ NOTE: not-for-us (Mocrosoft)
CAN-2003-0504
NOTE: covered by DSA-365
CAN-2003-0503
- TODO: check
+ NOTE: not-for-us (Mocrosoft)
CAN-2003-0502
- TODO: check
+ NOTE: not-for-us (Apple Quicktime)
CAN-2003-0501
NOTE: covered by DSA-358
NOTE: fixed in 2.4.22-pre10
CAN-2003-0500
NOTE: covered by DSA-338
-end claimed by joeyh
-
begin claimed by stef-guest
CAN-2003-0499
@@ -4661,13 +4668,16 @@
CAN-2002-0849
CAN-2002-0843
NOTE: covered by DSA-187
+ - apache 1.3.27-0.1
CAN-2002-0841
NOTE: rejected
CAN-2002-0840
NOTE: covered by DSA-187
- apache2 2.0.43-1
+ - apache 1.3.27-0.1
CAN-2002-0839
NOTE: covered by DSA-187
+ - apache 1.3.27-0.1
CAN-2002-0838
NOTE: covered by DSA-176
CAN-2002-0837