[Secure-testing-commits] r803 - sarge-checks/CAN

Moritz Muehlenhoff jmm-guest@costa.debian.org
Wed, 13 Apr 2005 21:49:14 +0000 

Author: jmm-guest
Date: 2005-04-13 21:49:11 +0000 (Wed, 13 Apr 2005)
New Revision: 803

Modified:
   sarge-checks/CAN/list
Log:
CANify php4, kdelibs and rsnapshot vulnerabilities.
bug# for egroupware
Some not-for-us.


Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-04-13 21:14:18 UTC (rev 802)
+++ sarge-checks/CAN/list	2005-04-13 21:49:11 UTC (rev 803)
@@ -67,7 +67,7 @@
 CAN-2005-1065 (tetex in Novell Linux Desktop 9 allows local users to determine the ...)
 	TODO: check
 CAN-2005-1064 (The copy_symlink function in rsnapshot 1.2.0 and 1.1.x before 1.1.7 ...)
-	TODO: check
+	- rsnapshot (pending; bug #304366)
 CAN-2005-1063
 	NOTE: reserved
 CAN-2005-1062
@@ -95,24 +95,24 @@
 CAN-2005-1051 (SQL injection vulnerability in profile.php in PunBB 1.2.4 allows ...)
 	TODO: check
 CAN-2005-1050 (The modload op in the Reviews module for PostNuke 0.760-RC3 allows ...)
-	TODO: check
+	NOTE: not-for-us (PostNuke)
 CAN-2005-1049 (Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 ...)
-	TODO: check
+	NOTE: not-for-us (PostNuke)
 CAN-2005-1048 (SQL injection vulnerability in modules.php in PostNuke 0.760 RC3 ...)
-	TODO: check
+	NOTE: not-for-us (PostNuke)
 CAN-2005-1047 (Meilad File upload script (up.php) mod for phpBB 2.0.x does not ...)
 	TODO: check
 CAN-2005-1046 (Buffer overflow in the kimgio library for KDE 3.4.0 allows remote ...)
-	TODO: check
+	- kdelibs (unfixed; bug #304465)
 CAN-2005-1045 (OpenText FirstClass 8.0 client does not properly sanitize strings ...)
 	TODO: check
 CAN-2005-1044
 	NOTE: rejected
 	TODO: check
 CAN-2005-1043 (exif.c in PHP before 4.3.11 allows remote attackers to cause a denial ...)
-	TODO: check
+	- php4 (unfixed)
 CAN-2005-1042 (Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP ...)
-	TODO: check
+	- php4 (unfixed)
 CAN-2005-1041 (The fib_seq_start function in fib_hash.c in Linux kernel allows local ...)
 	TODO: check
 CAN-2005-1040 (Multiple unknown vulnerabilities in netapplet in Novell Linux Desktop ...)
@@ -162,7 +162,7 @@
 CAN-2005-1018 (Buffer overflow in the UniversalAgent for Computer Associates (CA) ...)
 	TODO: check
 CAN-2005-XXXX [eGroupware: Inproper handling of canceled emails may disclose personal information]
-	- egroupware (unfixed; bug pending)
+	- egroupware (unfixed; bug #304496)
 CAN-2005-XXXX [Some security issues in mod_security]
 	NOTE: I don't understand mod_security fully, so I'm not entirely sure which of
 	NOTE: the changelog entries matches the security criteria, but the changelog
@@ -175,17 +175,13 @@
 	NOTE: Reported by NGSS and fixed in 4.3.11, but they decided not to reveal the
 	NOTE: details before July 12th. The security fixes are accompanied by dozens of
 	NOTE: non-security bugfixes, so it's not obvious from the diff either.
-	- php4 (unfixed)
 CAN-2005-XXXX [Wordpress XSS and HTML injection vulnerabilities
 	- wordpress (unfixed; bug #304468)
 CAN-2005-XXXX [KDE kdelibs PCX image properties handling]
-	- kdelibs (unfixed; bug #304465)
 CAN-2005-XXXX [Multiple security issues in postfix-gld leading to possible remote root access]
 	- postfix-gld (unfixed; bug #304390)
 CAN-2005-XXXX [Several races in file permission handling in coreutils]
 	- coreutils
-CAN-2005-XXXX [Incorrect symlink permission handling in rsnapshot]
-	- rsnapshot (pending; bug #304366)
 CAN-2005-XXXX [Variable function calls in Smarty allow bypassing security settings]
 	- smarty 2.6.9-1
 CAN-2005-XXXX [Possible problem with insecure usage of sscanf in obexftp client]