[Secure-testing-commits] r1599 - in data: . CAN DSA

[Moritz Muehlenhoff]

Author: jmm-guest
Date: 2005-08-16 16:36:39 +0000 (Tue, 16 Aug 2005)
New Revision: 1599

Modified:
   data/CAN/list
   data/DSA/list
   data/embedded-code-copies
Log:
new clamav dsa
track more local code copies


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-08-16 10:52:02 UTC (rev 1598)
+++ data/CAN/list	2005-08-16 16:36:39 UTC (rev 1599)
@@ -1,3 +1,5 @@
+CAN-2005-XXXX [DoS against clamav through infinite loop in cli_rmdirs]
+	- clamav 0.86.2-1 (low)
 CAN-2005-2554 (The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 ...)
 	NOTE: not-for-us (Network Associated ePolicy Orchestrator Agent)
 CAN-2005-2553 (The find_target function in ptrace32.c in the Linux kernel 2.4.x ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2005-08-16 10:52:02 UTC (rev 1598)
+++ data/DSA/list	2005-08-16 16:36:39 UTC (rev 1599)
@@ -1,3 +1,7 @@
+[16 Aug 2005] DSA-776-1 clamav - integer overflows, infinite loop
+	{CAN-2005-2450}
+	- clamav 0.86.2-1
+	NOTE: not fixed in testing at time of DSA (waiting on dependencies)
 [12 Aug 2005] DSA-775-1 mozilla-firefox - frame injection spoofing
 	{CAN-2004-0718 CAN-2005-1937}
 	- mozilla-firefox 1.0.4-3

Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies	2005-08-16 10:52:02 UTC (rev 1598)
+++ data/embedded-code-copies	2005-08-16 16:36:39 UTC (rev 1599)
@@ -21,6 +21,8 @@
 centericq
 gaim
 kopete (ships the code, but links dynamically in the Debian package)
+kadu (not packaged in Debian)
+GNU gadu (not packaged in Debian)
 
 
 xmlrpc: (which package is the "origin" of this code?)
@@ -29,6 +31,7 @@
 egroupware
 phpwiki
 php4 (php-pear, IIRC this was reorganized some weeks ago?)
+tikiwiki (not packaged in Debian)
 
 
 shtool: (affects build-time only)