[Secure-testing-commits] r1588 - in data: . CAN

[Moritz Muehlenhoff]

Author: jmm-guest
Date: 2005-08-15 11:27:57 +0000 (Mon, 15 Aug 2005)
New Revision: 1588

Modified:
   data/CAN/list
   data/embedded-code-copies
Log:
lots of new cases of embedded code, which had security problems
in the past.


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-08-15 11:12:19 UTC (rev 1587)
+++ data/CAN/list	2005-08-15 11:27:57 UTC (rev 1588)
@@ -1,6 +1,6 @@
 CAN-2005-XXXX [centericq embeds libgadu, which had multiple vulns]
 	NOTE: Will be split once the maintainer has investigated this
-	- centericq (unfixed; bug filed; medium)
+	- centericq (unfixed; bug #323185; medium)
 CAN-2005-XXXX [Arbitrary command execution in wordpress through through cookie handling]
 	- wordpress (unfixed; bug #323040; medium)
 CAN-2005-XXXX [phpldapadmin doesn't fully prevent anonymous access when configured so]

Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies	2005-08-15 11:12:19 UTC (rev 1587)
+++ data/embedded-code-copies	2005-08-15 11:27:57 UTC (rev 1588)
@@ -19,6 +19,45 @@
 
 libgadu/ekg:
 centericq
+gaim (?)
+kopete (ships the code, but links dynamically in the Debian package)
 
 
+xmlrpc: (which package is the "origin" of this code?)
+drupal
+phpgroupware
+egroupware
+phpwiki
+php4 (php-pear, IIRC this was reorganized some weeks ago?)
 
+
+shtool: (affects build-time only)
+mysql-ocaml
+php4 
+
+
+mozilla:
+mozilla-firefox
+mozilla-thunderbird
+nvu
+
+
+xli:
+xloadimage
+
+
+lesstif: (beware: two different lesstif APIs supported in one package, 1.2 discarded upstream)
+openmotif
+xfree86/xorg (in libxpm, still the case with x.org?
+
+
+kerberized apps with BSD origin:
+krb4
+krb5
+heimdal
+
+
+grip: (which pkg is the origin?)
+libcdaudio
+grip
+gnome-vfs (vfs2 as well?)