[Secure-testing-commits] r750 - sarge-checks/CAN
Moritz Muehlenhoff
jmm-guest@costa.debian.org
Mon, 04 Apr 2005 22:12:16 +0000
Author: jmm-guest
Date: 2005-04-04 22:12:14 +0000 (Mon, 04 Apr 2005)
New Revision: 750
Modified:
sarge-checks/CAN/list
Log:
GTK2 BMP double free() through palette-less BMPs, despite the description
Sarge is affected, I verified this with the demonstration "exploit".
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-04-04 21:54:07 UTC (rev 749)
+++ sarge-checks/CAN/list 2005-04-04 22:12:14 UTC (rev 750)
@@ -59,7 +59,7 @@
CAN-2005-0938 (Ublog Reload 1.0 through 1.0.4 stores ublogreload.mdb under the web ...)
NOTE: not-for-us (UBlog)
CAN-2005-0937 (Some futex functions in futex.c for Linux kernel 2.6.x perform ...)
- TODO: check
+ - kernel-source-2.6.8 (unfixed; pending)
CAN-2005-XXXX [Insecure tempfile usage in sharutils]
- sharutils 4.2.1-13
CAN-2005-XXXX [Several DoS possibilities of clients against the server in Freeciv]
@@ -162,7 +162,8 @@
CAN-2005-0892 (Buffer overflow in smail 3.2.0.120 allows remote attackers or local ...)
- smail 3.2.0.115-7
CAN-2005-0891 (Double-free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote ...)
- TODO: check
+ NOTE: The description is wrong; 2.6 is affected as well
+ - gtk+2.0 (unfixed; pending)
CAN-2004-1773 (Multiple buffer overflows in sharutils 4.2.1 and earlier may allow ...)
NOTE: "long output from wc to shar"
- sharutils 1:4.2.1-12