[Secure-testing-commits] r785 - sarge-checks/CAN
Joey Hess
joeyh@costa.debian.org
Sat, 09 Apr 2005 19:10:20 +0000
Author: joeyh
Date: 2005-04-09 19:10:13 +0000 (Sat, 09 Apr 2005)
New Revision: 785
Modified:
sarge-checks/CAN/list
Log:
bts updates
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-04-09 18:46:15 UTC (rev 784)
+++ sarge-checks/CAN/list 2005-04-09 19:10:13 UTC (rev 785)
@@ -58,7 +58,7 @@
- mozilla (unfixed; bug #302778)
- mozilla-firefox 1.0.2-3
CAN-2005-0988 (Race condition in gzip 1.2.4, 1.3.3, and earlier when decompressing a ...)
- - gzip (unfixed; bug filed)
+ - gzip (unfixed; bug #303927)
NOTE: Essentially the same as CAN-2005-0953
CAN-2005-0987 (Unknown vulnerability in IRC Services NickServ LISTLINKS before 5.0.50 ...)
NOTE: not-for-us (IRC Services NickServ)
@@ -272,7 +272,7 @@
CAN-2005-0891 (Double-free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote ...)
NOTE: The description is wrong; 2.6 is affected as well
- gtk+2.0 2.6.4-1
- - gdk-pixbuf (unfixed; bug filed)
+ - gdk-pixbuf (unfixed; bug #303441)
CAN-2004-1773 (Multiple buffer overflows in sharutils 4.2.1 and earlier may allow ...)
- sharutils 1:4.2.1-12
CAN-2004-1772 (Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows ...)
@@ -379,7 +379,8 @@
CAN-2005-0870 (Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, ...)
- phpsysinfo 2.3-3
CAN-2005-0869 (phpSysInfo 2.3 allows remote attackers to obtain sensitive information ...)
- - phpsysinfo (unfixed; bug #301118)
+ NOTE: phpsysinfo maintainer does not consider path disclosure to
+ NOTE: be a bug. See bug #301118.
CAN-2005-0868 (AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) ...)
NOTE: checked tn5250, apparently the only AS/400 emulator in debian
NOTE: cannot find STRPCO or STRPCCMD in tn5250.