[Secure-testing-commits] r1580 - data/CAN
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Sun Aug 14 11:55:30 UTC 2005
Author: jmm-guest
Date: 2005-08-14 11:55:27 +0000 (Sun, 14 Aug 2005)
New Revision: 1580
Modified:
data/CAN/list
Log:
housekeeping on older TODO items.
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-08-14 11:24:05 UTC (rev 1579)
+++ data/CAN/list 2005-08-14 11:55:27 UTC (rev 1580)
@@ -272,7 +272,6 @@
NOTE: not-for-us (SGI IRIX)
CAN-2002-2092 (Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and ...)
NOTE: not-for-us (OpenBSD/NetBSD/FreeBSD
- TODO: check kfreebsd-source-5.3
CAN-2002-2091 (Format string vulnerability in Deception Finger Daemon, decfingerd, ...)
NOTE: not-for-us (decfingerd)
CAN-2002-2090 (Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers ...)
@@ -341,9 +340,7 @@
CAN-2005-2457
NOTE: reserved
CAN-2005-2456 (Array index overflow in the xfrm_sk_policy_insert function in ...)
- NOTE: Does affect 2.4 per Horms, fix will be in 2.4.27 DSA
- TODO: Check if this made it into further 2.4 sid uploads as well (there doesn't
- TODO: seem to be a more recent 2.4 package right now)
+ NOTE: Will also be fixed in DSAs for 2.4.27 and 2.6.8
- linux-2.6 2.6.12-2 (bug #321401; medium)
CAN-2005-2455 (Greasemonkey before 0.3.5 allows remote web servers to (1) read ...)
NOTE: not-for-us (Greasemonkey)
@@ -393,9 +390,9 @@
CAN-2005-2432 (SQL injection vulnerability in PhpList allows remote attackers to ...)
NOTE: not-for-us (PhpList)
CAN-2005-2431 (The (1) lost password and (2) account pending features in GForge 4.5 ...)
- TODO: check, whether these apply to 3.1 as well
+ NOTE: Pinged maintainer, whether these are present in Debian's much older version
CAN-2005-2430 (Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 ...)
- TODO: check, whether these apply to 3.1 as well
+ NOTE: Pinged maintainer, whether these are present in Debian's much older version
CAN-2005-2429 (Firefox, when opening Microsoft Word documents, does not properly set ...)
NOTE: not-for-us (Firefox on Windows)
CAN-2005-2428 (Lotus Domino R5 and R6 WebMail stores data in hidden form fields in ...)
@@ -1788,10 +1785,10 @@
NOTE: reserved
CAN-2005-2099 [kernel 2.6 keyring related DoS]
NOTE: reserved
- - linux-2.6 (unfixed; bug filed; medium)
+ - linux-2.6 (unfixed; bug #323039; medium)
CAN-2005-2098 [kernel 2.6 keyring related DoS]
NOTE: reserved
- - linux-2.6 (unfixed; bug filed; medium)
+ - linux-2.6 (unfixed; bug #323039; medium)
CAN-2005-2097 [DoS against xpdf by specially crafted loca tables in PDF documents]
NOTE: reserved
NOTE: kpdf will be fixed with next 3.4.2 upload
@@ -3297,7 +3294,7 @@
CAN-2005-1768 (Race condition in the ia32 compatibility code for the execve system ...)
- kernel-source-2.4.27 2.4.27-11 (medium)
CAN-2005-1767 (Unknown vulnerability in the Linux kernel 2.6.x and 2.4.x allows local ...)
- TODO: check
+ NOTE: Lacks info, pinged debian-kernel, which is roughly equivalent to a bug report
CAN-2005-1766 (Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 ...)
NOTE: not-for-us (RealPlayer)
CAN-2005-1765 (syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, ...)
More information about the Secure-testing-commits
mailing list