[Secure-testing-commits] r849 - sarge-checks/CAN
Moritz Muehlenhoff
jmm-guest@costa.debian.org
Mon, 18 Apr 2005 19:31:04 +0000
Author: jmm-guest
Date: 2005-04-18 19:31:01 +0000 (Mon, 18 Apr 2005)
New Revision: 849
Modified:
sarge-checks/CAN/list
Log:
oops not included in Sarge.
ilohamail bug#
latest mozilla vulns have been fixed.
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-04-18 18:39:10 UTC (rev 848)
+++ sarge-checks/CAN/list 2005-04-18 19:31:01 UTC (rev 849)
@@ -57,10 +57,11 @@
CAN-2005-1122 (Format string vulnerability in cgi.c for Monkey daemon (monkeyd) ...)
NOTE: not-for-us (monkeyd)
CAN-2005-1121 (Format string vulnerability in Oops! Proxy Server 1.5.53 and earlier ...)
+ NOTE: Not part of Sarge due to FTBFS on ia64 and alpha, couldn't find any more
+ NOTE: information than the description of the CVE entry
- oops (unfixed)
CAN-2005-1120 (Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail ...)
- TODO: file bug
- - ilohamail (unfixed)
+ - ilohamail (unfixed; bug #304525)
CAN-2005-1119 (Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary ...)
TODO: Somehow related bug 283161, but file a proper one, unfortunately information
TODO: is very sparse
@@ -94,7 +95,7 @@
CAN-2005-XXXX [Multiple further vulnerabilities in Mozilla/Firefox beside CAN-2005-0989]
NOTE: Mozilla suite is not affected by all of these issues
- mozilla-firefox 1.0.3-1
- - mozilla (unfixed)
+ - mozilla 1.7.7-1
CAN-2005-XXXX [libsafe security check bypass in multi threaded environments]
CAN-2005-XXXX [Remote DoS vulnerabilities in postgrey]
- postgrey 1.21-1