[Secure-testing-commits] r790 - sarge-checks/CAN
Moritz Muehlenhoff
jmm-guest@costa.debian.org
Tue, 12 Apr 2005 07:41:20 +0000
Author: jmm-guest
Date: 2005-04-12 07:41:17 +0000 (Tue, 12 Apr 2005)
New Revision: 790
Modified:
sarge-checks/CAN/list
Log:
smarty 2.6.9 was a security upload, although the changelog
doesn't mention it.
Kernel vuln should affect Debian as well, it has been fixed
in Ubuntu.
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-04-12 07:20:34 UTC (rev 789)
+++ sarge-checks/CAN/list 2005-04-12 07:41:17 UTC (rev 790)
@@ -1,3 +1,5 @@
+CAN-2005-XXXX [Variable function calls in Smarty allow bypassing security settings]
+ - smarty 2.6.9-1
CAN-2005-XXXX [Possible problem with insecure usage of sscanf in obexftp client]
- obexftp 0.10.7-3
CAN-2005-1017 (SQL injection vulnerability in the Update_Events function in ...)
@@ -389,7 +391,7 @@
CAN-2005-0867 (Integer overflow in Linux kernel 2.6 allows local users to overwrite ...)
NOTE: According to the advisory, only SuSE kernels are affected by this
NOTE: http://www.novell.com/linux/security/advisories/2005_18_kernel.html
- TODO: check with kernel team
+ - kernel-source-2.6.8 (unfixed)
CAN-2005-0866 (cdrecord before 4:2.0, when DEBUG is enabled, allows local users to ...)
- cdrecord (unfixed; bug #291376)
CAN-2004-1771 (Scalable OGo (SOGo) 1.0 allows remote authenticated users to bypass ...)