[Secure-testing-commits] r764 - sarge-checks/CAN
Joey Hess
joeyh@costa.debian.org
Tue, 05 Apr 2005 22:42:49 +0000
Author: joeyh
Date: 2005-04-05 22:42:45 +0000 (Tue, 05 Apr 2005)
New Revision: 764
Modified:
sarge-checks/CAN/list
Log:
bts updates
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-04-05 21:46:22 UTC (rev 763)
+++ sarge-checks/CAN/list 2005-04-05 22:42:45 UTC (rev 764)
@@ -29,7 +29,7 @@
CAN-2005-0954 (Windows Explorer and Internet Explorer in Windows 2000 SP1 allows ...)
NOTE: not-for-us (Windows)
CAN-2005-0953 (Race condition in bzip2 1.0.2 and earlier allows local users to modify ...)
- TODO: check
+ - bzip2 (unfixed; bug #303300)
NOTE: This "vulnerability" is only exploitable under rarest circumstances: A (local)
NOTE: attacker would have to exploit the minimal time span between uncompressing
NOTE: the file and chmodding it to delete the file and place a hardlink to another
@@ -276,7 +276,7 @@
CAN-2005-0871 (calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when ...)
NOTE: not-for-us (Topic Calendar phpbb2 plugin)
CAN-2005-0870 (Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, ...)
- - phpsysinfo (unfixed; bug #301118)
+ - phpsysinfo 2.3-3
CAN-2005-0869 (phpSysInfo 2.3 allows remote attackers to obtain sensitive information ...)
- phpsysinfo (unfixed; bug #301118)
CAN-2005-0868 (AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) ...)