[Secure-testing-commits] r907 - sarge-checks/CAN
Moritz Muehlenhoff
jmm-guest@costa.debian.org
Mon, 25 Apr 2005 10:40:54 +0000
Author: jmm-guest
Date: 2005-04-25 10:40:51 +0000 (Mon, 25 Apr 2005)
New Revision: 907
Modified:
sarge-checks/CAN/list
Log:
Latest Realplayer vulns affect Helix Player, which is vulnerable
to other security issues as well. Since the initial upload there
have been no updates...
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-04-25 10:01:57 UTC (rev 906)
+++ sarge-checks/CAN/list 2005-04-25 10:40:51 UTC (rev 907)
@@ -728,7 +728,7 @@
CAN-2005-0976 (AppleWebKit (WebCore and WebKit), as used in multiple products such as ...)
NOTE: not-for-us (Apple)
CAN-2005-0975 (Integer signedness error in the parse_machfile function in the mach-o ...)
- TODO: check
+ NOTE: not-for-us (Apple)
CAN-2005-0974
NOTE: reserved
CAN-2005-0973
@@ -738,7 +738,7 @@
CAN-2005-0971
NOTE: reserved
CAN-2005-0970 (Mac OS X 10.3.9 and earlier allows users to install, create, and ...)
- TODO: check
+ NOTE: not-for-us (Apple)
CAN-2005-0969
NOTE: reserved
CAN-2005-0968 (Computer Associates (CA) eTrust Intrusion Detection 3.0 allows remote ...)
@@ -1336,7 +1336,9 @@
CAN-2005-0756
NOTE: reserved
CAN-2005-0755 (Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player ...)
- TODO: check
+ NOTE: This covers some other security issues as well, since the initial upload
+ NOTE: at 29 Sep 2004 there have been no updates, should be removed from Sarge IMHO
+ - helix-player (unfixed; bug #305504)
CAN-2005-0754 [Untrusted code execution in Kommander]
- kdewebdev (unfixed; bug #305833)
CAN-2005-0753 [Buffer overflow and several memory access problems in CVS]