[Secure-testing-commits] r1547 - data/CAN
Joey Hess
joeyh at costa.debian.org
Tue Aug 9 15:27:22 UTC 2005
Author: joeyh
Date: 2005-08-09 15:27:18 +0000 (Tue, 09 Aug 2005)
New Revision: 1547
Modified:
data/CAN/list
Log:
Various holes added from a review of security tagged bugs affecting testing
in the BTS.
Note that I also used notfound to fix display of bugs that were fixed and
stopped at the beginning of the serious severity holes at
http://bugs.debian.org/cgi-bin/pkgreport.cgi?which=tag&data=security&archive=no&version=&dist=testing
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-08-09 14:23:54 UTC (rev 1546)
+++ data/CAN/list 2005-08-09 15:27:18 UTC (rev 1547)
@@ -1,3 +1,23 @@
+CAN-2005-XXXX [Buffer overflow in Description parsing]
+ - bidwatcher (unfixed; bug #319489; high)
+CAN-2005-XXXX [Does not do escaping in mysql version - both a worrying flaw and stops adduser working]
+ - dbmail (unfixed; bug #303991; medium)
+CAN-2005-XXXX [downloads.ini writable by group users, world-readable]
+ - mldonkey-server (unfixed; bug #300560; low)
+CAN-2005-XXXX [Should include "UNRESTRICTED access to your computer" warning somewhere]
+ - gcjwebplugin (unfixed; bug #267040; high)
+CAN-2005-XXXX [Inconsistent escaping of user supplied data in dbauthpgsql.c]
+ - dbmail-pgsql (unfixed; bug #290833; medium)
+CAN-2005-XXXX [buffer-overrun in apache2-ssl]
+ - apache2-ssl (unfixed; bug #320048; low)
+CAN-2005-XXXX [A client accepted by MAC address filtering to bypass any other rule]
+ - shorewall 2.4.1-2 (bug #318946)
+CAN-2005-XXXX [time delay of password check proves account existence to attackers]
+ NOTE: unknown if really a bug; if it is it's different than the
+ NOTE: previous ssh delay bugs
+ - ssh (unfixed; bug #314645; low)
+CAN-2005-XXXX [null pointer oops on udp packets]
+ - kernel-image-2.6.8-2-686-smp (unfixed; bug #309308; low)
CAN-2005-XXXX [DoS by removal of default ACLs in ext2/ext3]
NOTE: Fixed in SVN for kernel-source-2.4.27 and 2.6.8, will probably result
NOTE: in a kernel DSA with other issues
More information about the Secure-testing-commits
mailing list