[Secure-testing-commits] r1523 - data/CAN
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Thu Aug 4 13:07:38 UTC 2005
Author: jmm-guest
Date: 2005-08-04 13:07:34 +0000 (Thu, 04 Aug 2005)
New Revision: 1523
Modified:
data/CAN/list
Log:
further zlib issues affecting at least rsync
obscure tiff issue only affects Woody
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-08-04 12:37:59 UTC (rev 1522)
+++ data/CAN/list 2005-08-04 13:07:34 UTC (rev 1523)
@@ -1,7 +1,14 @@
+CAN-2005-XXXX [DoS against rsync in embedded zlib copy]
+ NOTE: This is distinct from CAN-2005-2096, please see rsync's 2.6.6 announcement
+ NOTE: It refers to one the the two vaguely described fixes from zlib 1.2.3
+ NOTE: I haven't verified this with source so far, but it looks like a DoS
+ NOTE: This is fixed in zlib 1.2.3, we could check if other apps embedding
+ NOTE: zlib 1.2 are affected as well
+ - rsync 2.6.6-1 (low)
CAN-2005-XXXX [Unspecified XSS in hiki]
- hiki 0.8.2-1
CAN-2005-XXXX [DoS in libtiff through div/0 in ycbcr code]
- TODO: check whether tiff 3.7 is affected as well, reports against 3.6.
+ NOTE: Only affects Woody, tiff 3.7 not affected
CAN-2005-XXXX [pstotext allows malicious post script code]
- pstotext 1.9-2 (medium)
CAN-2005-2404 (SQL injection vulnerability in sendcard.php in Sendcard 3.2.3 allows ...)
More information about the Secure-testing-commits
mailing list