[Secure-testing-commits] r102 - sarge-checks/CAN
Stefan Fritsch
stef-guest@haydn.debian.org
Tue, 09 Nov 2004 14:59:45 -0700
Author: stef-guest
Date: 2004-11-09 14:59:42 -0700 (Tue, 09 Nov 2004)
New Revision: 102
Modified:
sarge-checks/CAN/list
Log:
update some CANs and claim some more
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2004-11-09 00:32:34 UTC (rev 101)
+++ sarge-checks/CAN/list 2004-11-09 21:59:42 UTC (rev 102)
@@ -3227,6 +3227,7 @@
NOTE: not-for-us (Progress 4GL Compiler)
CAN-2003-0484
TODO: check phpbb2
+ NOTE: mail sent to maintainer (2004-11-09)
CAN-2003-0483
NOTE: not-for-us (XMB Forum)
CAN-2003-0482
@@ -3264,9 +3265,12 @@
NOTE: fixed in linux 2.4.21
CAN-2003-0466
NOTE: covered by DSA-357
-CAN-2003-0465
- NOTE: fixed in 2.6.x but not in 2.4.x ?
- TODO: check
+CAN-2003-0465 strncpy in kernel does not pad with zeroes
+ TODO: (unfixed; bug #280492)
+ NOTE: generic .c version fixed in 2.6.x but not in 2.4.x
+ NOTE: arch specific asm versions:
+ NOTE: x86 is not affected
+ NOTE: ppc32 fixed in 2.4.22-rc4
CAN-2003-0464
NOTE: fixed in linux 2.4.22-pre8
CAN-2003-0463
@@ -3329,7 +3333,9 @@
CAN-2003-0435
NOTE: covered by DSA-322
CAN-2003-0434
- TODO: various pdf viewers. which others than xpdf?
+ NOTE: various pdf viewers
+ NOTE: kpdf does not seem to support hyperlinks; so not vulnerable
+ NOTE: gpdf 2.8.0 does not seem to be vulnerable
- xpdf 2.02pl1-1
CAN-2003-0433
NOTE: covered by DSA-315
@@ -3693,6 +3699,9 @@
NOTE: covered by DSA-302
CAN-2003-0260
NOTE: not-for-us (Cisco)
+
+begin claimed by stef-guest
+
CAN-2003-0259
TODO: check
CAN-2003-0258
@@ -3813,6 +3822,9 @@
NOTE: covered by DSA-280
CAN-2003-0200
NOTE: reserved
+
+end claimed by stef-guest
+
CAN-2003-0199
NOTE: reserved
CAN-2003-0198