[Secure-testing-commits] r92 - sarge-checks/CAN

Joey Hess joeyh@haydn.debian.org
Sat, 06 Nov 2004 15:38:49 -0700 

Author: joeyh
Date: 2004-11-06 15:37:42 -0700 (Sat, 06 Nov 2004)
New Revision: 92

Modified:
   sarge-checks/CAN/list
Log:
some random followups


Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2004-11-06 15:42:19 UTC (rev 91)
+++ sarge-checks/CAN/list	2004-11-06 22:37:42 UTC (rev 92)
@@ -36,7 +36,9 @@
 CAN-2004-0991
 	NOTE: reserved
 CAN-2004-0990
-	TODO: probably vulnerable, check libgd1 and libgd2 and file bugs
+	NOTE: not sure if libgd1 is vulnerable
+	- libgd1 (unfixed; bug #278625)
+	- libgd2 2.0.30-1
 CAN-2004-0989
 	NOTE: covered by DSA-582-1
 CAN-2004-0988
@@ -587,6 +589,7 @@
 CAN-2004-0745
 	TODO: unsure if fixed, probably not. Mailed lha maintainer.
 	NOTE: GOTO says first he heard of it, is checking.
+	NOTE: mailed GOTO again 6 Nov
 CAN-2004-0744
 	NOTE: not-for-us (MacOS)
 CAN-2004-0743
@@ -845,7 +848,8 @@
 CAN-2004-0620
 	NOTE: not-for-us (vBulletin)
 CAN-2004-0619
-	TODO: unchecked
+	NOTE: not-for-us (Linux Broadcom 5820 cryptonet driver)
+	NOTE: does not seem to be part of linux kernel or other package
 CAN-2004-0618
 	NOTE: not-for-us (freebsd)
 CAN-2004-0617
@@ -936,8 +940,7 @@
 CAN-2004-0577
 	NOTE: not-for-us (Wingate)
 CAN-2004-0576
-	HELP: which one is GNU radius?
-	TODO: unchecked
+	NOTE: not-for-us (GNU radius not in Debian)
 CAN-2004-0575
 	NOTE: not-for-us (Windows)
 CAN-2004-0574
@@ -2387,11 +2390,12 @@
 	NOTE: not-for-us (Apple)
 CAN-2003-0876
 	NOTE: not-for-us (Apple)
-CAN-2003-0875
+CAN-2003-0875 [source package only]
 	NOTE: openslp: slpd.all_init symlink vuln
 	NOTE: this file is not used in Debian, so it's not a problem for us.
 	NOTE: source package still distributes the file, however.
 	TODO: submitted to BTS. waiting for response.
+	- openslp (unfixed; bug #279973
 CAN-2003-0874
 	NOTE: not-for-us (Deskpro)
 CAN-2003-0873
@@ -4904,6 +4908,9 @@
 	NOTE: covered by DSA-136
 CAN-2002-0655
 	NOTE: covered by DSA-136
+
+NOTE: this is approximatly the release of woody, so we can stop here
+	
 CAN-2002-0654
 	- apache2 2.0.40
 CAN-2002-0652