[Secure-testing-commits] r99 - in sarge-checks: CAN DSA
Joey Hess
joeyh@haydn.debian.org
Mon, 08 Nov 2004 11:44:19 -0700
Author: joeyh
Date: 2004-11-08 11:44:16 -0700 (Mon, 08 Nov 2004)
New Revision: 99
Modified:
sarge-checks/CAN/list
sarge-checks/DSA/list
Log:
update from mailing lists
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2004-11-08 12:56:32 UTC (rev 98)
+++ sarge-checks/CAN/list 2004-11-08 18:44:16 UTC (rev 99)
@@ -56,8 +56,8 @@
- mailutils 1:0.5-4
CAN-2004-0983
NOTE: reserved
- NOTE: do not know if other ruby versions have this problem
- ruby1.8 1.8.1+1.8.2pre2-4
+ - ruby1.6 1.6.8-12
CAN-2004-0982
NOTE: reserved
- mpg123 0.59r-17
@@ -99,6 +99,7 @@
NOTE: reserved
CAN-2004-0964
NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
+ NOTE: DSA says zinf not vulnerable in sarge
- zinf 2.2.5
CAN-2004-0963
NOTE: not-for-us (windows)
@@ -172,6 +173,8 @@
NOTE: reserved
CAN-2004-0930
NOTE: reserved
+ NOTE: according to bugtraq post, this is a DOS in samba 3.0.x <= 3.0.7
+ NOTE: newer version in testing
CAN-2004-0929
NOTE: reserved
CAN-2004-0928
Modified: sarge-checks/DSA/list
===================================================================
--- sarge-checks/DSA/list 2004-11-08 12:56:32 UTC (rev 98)
+++ sarge-checks/DSA/list 2004-11-08 18:44:16 UTC (rev 99)
@@ -1,3 +1,13 @@
+[08 Nov 2004] DSA-588-1 gzip - insecure temporary files
+ {CAN-2004-0970}
+ NOTE: dsa says sid not affected
+[08 Nov 2004] DSA-587-1 freeamp - buffer overflow
+ {CAN-2004-0964}
+ NOTE: DSA says zinf not vulnerable in sarge
+[08 Nov 2004] DSA-586-1 ruby - infinite loop
+ {CAN-2004-0983}
+ - ruby1.6 1.6.8-12
+ - ruby1.8 1.8.1+1.8.2pre2-4
[05 Nov 2004] DSA-585-1 shadow - programming error
{CAN-2004-1001}
- shadow 1:4.0.3-30.3