[Secure-testing-commits] r725 - sarge-checks/CAN
Moritz Muehlenhoff
jmm-guest@costa.debian.org
Sat, 02 Apr 2005 12:57:45 +0000
Author: jmm-guest
Date: 2005-04-02 12:57:42 +0000 (Sat, 02 Apr 2005)
New Revision: 725
Modified:
sarge-checks/CAN/list
Log:
bug#s for php image DoS.
Filed report for bluetooth local root.
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-04-02 12:38:55 UTC (rev 724)
+++ sarge-checks/CAN/list 2005-04-02 12:57:42 UTC (rev 725)
@@ -531,11 +531,8 @@
NOTE: reserved
CAN-2005-0750 [Linux kernel af_bluetooth range check flaw; possibly local root]
NOTE: reserved
- - kernel-source-2.4.27 (unfixed)
+ - kernel-source-2.4.27 (unfixed; bug# pending)
- kernel-source-2.6.8 2.6.8-16
- NOTE: according to changelog, "Fix signedness problem at socket
- NOTE: creation in bluetooth which can lead to local root exploit."
- NOTE: Fixed in 2.4.30rc2, so 2.4 is affected as well
CAN-2005-0749
NOTE: reserved
NOTE: according to ubuntu, this is a DOS:
@@ -1305,9 +1302,9 @@
CAN-2005-0526 (Multiple cross-site scripting (XSS) vulnerabilities in PBLang 4.65 ...)
NOTE: not-for-us (PBLang)
CAN-2005-0525 [PHP DoS vulnerability in JPEG header parsing]
- - php4 (unfixed; pending)
+ - php4 (unfixed; bug# 302701)
CAN-2005-0524 [PHP DoS vulnerability in IFF header parsing]
- - php4 (unfixed; pending)
+ - php4 (unfixed; bug# 302702)
CAN-2005-0523 (Format string vulnerability in ProZilla 1.3.7.3 and earlier allows ...)
- prozilla 1:1.3.7.4-1
CAN-2005-0522 (Chat Anywhere 2.72a stores sensitive information such as passwords in ...)