[Secure-testing-commits] r1522 - data/CAN

Moritz Muehlenhoff jmm-guest at costa.debian.org
Thu Aug 4 12:38:02 UTC 2005


Author: jmm-guest
Date: 2005-08-04 12:37:59 +0000 (Thu, 04 Aug 2005)
New Revision: 1522

Modified:
   data/CAN/list
Log:
texmacs/zlib fixes in experimental
obscure mod-ssl issue w/o more information


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-08-03 23:00:17 UTC (rev 1521)
+++ data/CAN/list	2005-08-04 12:37:59 UTC (rev 1522)
@@ -1338,8 +1338,8 @@
 	- lsb-rpm (unfixed; bug #318099; medium)
 	- rageircd 2.0.0-3sid1 (medium)
 	- systemimager-ssh (unfixed; bug #318101; medium)
-	- texmacs 1.0.5-3 (bug #318100; medium)
-	NOTE: texmacs does only link statically on alpha
+	- texmacs (unfixed; bug #318100; medium)
+	NOTE: fixed in experimental in 1:1.0.5.6-1, not yet in sid
 CAN-2005-2095 (SquirrelMail 1.4.4 and earlier does not properly handle the $_POST ...)
 	{DSA-756-1}
 	- squirrelmail (unfixed; #317094; medium)
@@ -4876,8 +4876,11 @@
 CAN-2005-1269 (Gaim before 1.3.1 allows remote attackers to cause a denial of service ...)
 	{DSA-734-1}
 	- gaim 1:1.3.1-1 (low)
-CAN-2005-1268
+CAN-2005-1268 [Off-by-one overflow in mod_ssl's CRL verification call back]
 	NOTE: reserved
+	NOTE: This is from latest Trustix advisory, exploitation would require to trick
+	NOTE: someone into using a maliciously crafted certificate revocation list
+	- libapache-mod-ssl (unfixed; low)
 CAN-2005-1267 (The bgp_update_print function in tcpdump 3.x does not properly handle ...)
 	- tcpdump 3.9.0.cvs.20050614-1 (medium)
 CAN-2005-1266 (Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to ...)




More information about the Secure-testing-commits mailing list