[Secure-testing-commits] r780 - sarge-checks/CAN

Moritz Muehlenhoff jmm-guest@costa.debian.org
Sat, 09 Apr 2005 10:09:16 +0000 

Author: jmm-guest
Date: 2005-04-09 10:09:12 +0000 (Sat, 09 Apr 2005)
New Revision: 780

Modified:
   sarge-checks/CAN/list
Log:
CANify sharutils temprace.
gaim is already fixed.
gzip is "vulnerable".


Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-04-09 09:59:15 UTC (rev 779)
+++ sarge-checks/CAN/list	2005-04-09 10:09:12 UTC (rev 780)
@@ -53,11 +53,12 @@
 CAN-2005-0991 (RC.BOOT in IBM AIX 5.1, 5.2, and 5.3 does not "use a secure location ...)
 	NOTE: not-for-us (AIX)
 CAN-2005-0990 (unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite ...)
-	TODO: check
+	- sharutils 4.2.1-13
 CAN-2005-0989 (The Javascript engine in Mozilla Suite 1.7.6 and Firefox 1.0.1 and ...)
 	TODO: check
 CAN-2005-0988 (Race condition in gzip 1.2.4, 1.3.3, and earlier when decompressing a ...)
 	TODO: check
+	NOTE: Essentially the same as CAN-2005-0953
 CAN-2005-0987 (Unknown vulnerability in IRC Services NickServ LISTLINKS before 5.0.50 ...)
 	NOTE: not-for-us (IRC Services NickServ)
 CAN-2005-0986 (NLSCCSTR.DLL in the web service in IBM Lotus Domino Server 6.5.1, ...)
@@ -99,7 +100,7 @@
 CAN-2005-0968 (Computer Associates (CA) eTrust Intrusion Detection 3.0 allows remote ...)
 	NOTE: not-for-us (CA eTrust IDS)
 CAN-2005-0967 (Gaim 1.2.0 allows remote attackers to cause a denial of service ...)
-	TODO: check
+	- gaim 1.2.1-1
 CAN-2005-XXXX [Insecure tempfile handling in openwebmail CGI scripts]
 	NOTE: Not in testing, only sid
 	- openwebmail (unfixed; bug #291478)
@@ -167,8 +168,6 @@
 	NOTE: not-for-us (UBlog)
 CAN-2005-0937 (Some futex functions in futex.c for Linux kernel 2.6.x perform ...)
 	- kernel-source-2.6.8 2.6.8-16
-CAN-2005-XXXX [Insecure tempfile usage in sharutils]
-	- sharutils 4.2.1-13
 CAN-2005-XXXX [Several DoS possibilities of clients against the server in Freeciv]
 	NOTE: The major cases don't affect 1.14, maintainers hope to get 2.0 into Sarge
 	- freeciv (unfixed; bug #302702)