[Secure-testing-commits] r1580 - data/CAN

Moritz Muehlenhoff jmm-guest at costa.debian.org
Sun Aug 14 11:55:30 UTC 2005


Author: jmm-guest
Date: 2005-08-14 11:55:27 +0000 (Sun, 14 Aug 2005)
New Revision: 1580

Modified:
   data/CAN/list
Log:
housekeeping on older TODO items.


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-08-14 11:24:05 UTC (rev 1579)
+++ data/CAN/list	2005-08-14 11:55:27 UTC (rev 1580)
@@ -272,7 +272,6 @@
 	NOTE: not-for-us (SGI IRIX)
 CAN-2002-2092 (Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and ...)
 	NOTE: not-for-us (OpenBSD/NetBSD/FreeBSD
-	TODO: check kfreebsd-source-5.3
 CAN-2002-2091 (Format string vulnerability in Deception Finger Daemon, decfingerd, ...)
 	NOTE: not-for-us (decfingerd)
 CAN-2002-2090 (Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers ...)
@@ -341,9 +340,7 @@
 CAN-2005-2457
 	NOTE: reserved
 CAN-2005-2456 (Array index overflow in the xfrm_sk_policy_insert function in ...)
-	NOTE: Does affect 2.4 per Horms, fix will be in 2.4.27 DSA
-	TODO: Check if this made it into further 2.4 sid uploads as well (there doesn't
-	TODO: seem to be a more recent 2.4 package right now)
+	NOTE: Will also be fixed in DSAs for 2.4.27 and 2.6.8
 	- linux-2.6 2.6.12-2 (bug #321401; medium)
 CAN-2005-2455 (Greasemonkey before 0.3.5 allows remote web servers to (1) read ...)
 	NOTE: not-for-us (Greasemonkey)
@@ -393,9 +390,9 @@
 CAN-2005-2432 (SQL injection vulnerability in PhpList allows remote attackers to ...)
 	NOTE: not-for-us (PhpList)
 CAN-2005-2431 (The (1) lost password and (2) account pending features in GForge 4.5 ...)
-	TODO: check, whether these apply to 3.1 as well
+	NOTE: Pinged maintainer, whether these are present in Debian's much older version
 CAN-2005-2430 (Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 ...)
-	TODO: check, whether these apply to 3.1 as well
+	NOTE: Pinged maintainer, whether these are present in Debian's much older version
 CAN-2005-2429 (Firefox, when opening Microsoft Word documents, does not properly set ...)
 	NOTE: not-for-us (Firefox on Windows)
 CAN-2005-2428 (Lotus Domino R5 and R6 WebMail stores data in hidden form fields in ...)
@@ -1788,10 +1785,10 @@
 	NOTE: reserved
 CAN-2005-2099 [kernel 2.6 keyring related DoS]
 	NOTE: reserved
-	- linux-2.6 (unfixed; bug filed; medium)
+	- linux-2.6 (unfixed; bug #323039; medium)
 CAN-2005-2098 [kernel 2.6 keyring related DoS]
 	NOTE: reserved
-	- linux-2.6 (unfixed; bug filed; medium)
+	- linux-2.6 (unfixed; bug #323039; medium)
 CAN-2005-2097 [DoS against xpdf by specially crafted loca tables in PDF documents]
 	NOTE: reserved
 	NOTE: kpdf will be fixed with next 3.4.2 upload
@@ -3297,7 +3294,7 @@
 CAN-2005-1768 (Race condition in the ia32 compatibility code for the execve system ...)
 	- kernel-source-2.4.27 2.4.27-11 (medium)
 CAN-2005-1767 (Unknown vulnerability in the Linux kernel 2.6.x and 2.4.x allows local ...)
-	TODO: check
+	NOTE: Lacks info, pinged debian-kernel, which is roughly equivalent to a bug report
 CAN-2005-1766 (Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 ...)
 	NOTE: not-for-us (RealPlayer)
 CAN-2005-1765 (syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, ...)




More information about the Secure-testing-commits mailing list