[Secure-testing-commits] r128 - sarge-checks/CAN
Joey Hess
joeyh@haydn.debian.org
Wed, 17 Nov 2004 16:26:30 -0700
Author: joeyh
Date: 2004-11-17 16:25:46 -0700 (Wed, 17 Nov 2004)
New Revision: 128
Modified:
sarge-checks/CAN/list
Log:
more CANs
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2004-11-17 19:13:26 UTC (rev 127)
+++ sarge-checks/CAN/list 2004-11-17 23:25:46 UTC (rev 128)
@@ -4105,19 +4105,19 @@
CAN-2003-0061
NOTE: reserved
CAN-2003-0060
- TODO: check
+ - krb5 1.2.4
CAN-2003-0057
NOTE: covered by DSA-248
CAN-2003-0056
NOTE: covered by DSA-252
CAN-2003-0049
- TODO: check
+ NOTE: not-for-us (MacOS)
CAN-2003-0048
- TODO: check
+ NOTE: apparently fixed upstream 2002-11-12 changelog
CAN-2003-0047
- TODO: check
+ NOTE: not-for-us (commercial ssh clients)
CAN-2003-0046
- TODO: check
+ NOTE: not-for-us (commercial ssh clients)
CAN-2003-0044
NOTE: covered by DSA-246
CAN-2003-0043
@@ -4125,7 +4125,8 @@
CAN-2003-0042
NOTE: covered by DSA-246
CAN-2003-0041
- TODO: check
+ NOTE: verified sarge version of krb5-clients not vulnerable
+ NOTE: nothing in changelogs
CAN-2003-0040
NOTE: covered by DSA-247
CAN-2003-0039
@@ -4135,11 +4136,13 @@
CAN-2003-0037
NOTE: covered by DSA-244
CAN-2003-0036
- TODO: check
+ NOTE: not-for-us (ml85p, as included in the printer-drivers package for Mandrake Linux)
CAN-2003-0035
- TODO: check
-CAN-2003-0034
- TODO: check
+ NOTE: not-for-us (ml85p, as included in the printer-drivers package for Mandrake Linux)
+CAN-2003-0034a
+ NOTE: HOME overflow was fixed in mainSrc/rcfile.c, but not in
+ NOTE: chooser/mtinkc.c's version, which goes into mtinkc
+ NOTE: it's not installed setuid or setgid, so this is not exploitable
CAN-2003-0033
NOTE: covered by DSA-297
CAN-2003-0032
@@ -4147,7 +4150,7 @@
CAN-2003-0031
NOTE: covered by DSA-228
CAN-2003-0030
- TODO: check
+ NOTE: not-for-us (Protegrity Secure.Data Extension Feature)
CAN-2003-0029
NOTE: reserved
CAN-2003-0028
@@ -4175,9 +4178,9 @@
CAN-2003-0012
NOTE: covered by DSA-230
CAN-2003-0011
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2003-0010
- TODO: check
+ NOTE: not-for-us (Windows Script Engine for JScript)
CAN-2003-0008
NOTE: reserved
CAN-2003-0006