[Secure-testing-commits] r798 - sarge-checks/CAN

[Moritz Muehlenhoff]

Author: jmm-guest
Date: 2005-04-13 15:09:55 +0000 (Wed, 13 Apr 2005)
New Revision: 798

Modified:
   sarge-checks/CAN/list
Log:
New vulnerabilities: openoffice, mod_security, imms, php4, wordpress, kdelibs
bug# for postfix-gld


Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-04-13 14:52:27 UTC (rev 797)
+++ sarge-checks/CAN/list	2005-04-13 15:09:55 UTC (rev 798)
@@ -1,5 +1,24 @@
+CAN-2005-XXXX [OpenOffice.org heap possible overflow in DOC parsing]
+	- openoffice.org (unfixed; bug pending)
+CAN-2005-XXXX [Some security issues in mod_security]
+	NOTE: I don't understand mod_security fully, so I'm not entirely sure which of
+	NOTE: the changelog entries matches the security criteria, but the changelog
+	NOTE: claims so.
+	- libapache-mod-security 1.8.7-1
+CAN-2005-XXXX [imms: Arbitrary command execution through inproper filename escaping]
+	NOTE: Already fixed in 2.0.1-3.1, but 2.0.3 claims to have a better fix
+	- imms 2.0.3-1
+CAN-2005-XXXX [Multiple non-descript problems in PHP4]
+	NOTE: Reported by NGSS and fixed in 4.3.11, but they decided not to reveal the
+	NOTE: details before July 12th. The security fixes are accompanied by dozens of
+	NOTE: non-security bugfixes, so it's not obvious from the diff either.
+	- php4 (unfixed)
+CAN-2005-XXXX [Wordpress XSS and HTML injection vulnerabilities
+	- wordpress (unfixed; bug #304468)
+CAN-2005-XXXX [KDE kdelibs PCX image properties handling]
+	- kdelibs (unfixed; bug #304465)
 CAN-2005-XXXX [Multiple security issues in postfix-gld leading to possible remote root access]
-	- postfix-gld (unfixed; bug pending)
+	- postfix-gld (unfixed; bug #304390)
 CAN-2005-XXXX [Several races in file permission handling in coreutils]
 	- coreutils
 CAN-2005-XXXX [Incorrect symlink permission handling in rsnapshot]