[Secure-testing-commits] r443 - sarge-checks/CAN

Joey Hess joeyh@costa.debian.org
Fri, 18 Feb 2005 18:18:36 +0100 

Author: joeyh
Date: 2005-02-18 18:18:33 +0100 (Fri, 18 Feb 2005)
New Revision: 443

Modified:
   sarge-checks/CAN/list
Log:
filled in some gaps


Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-02-18 12:28:21 UTC (rev 442)
+++ sarge-checks/CAN/list	2005-02-18 17:18:33 UTC (rev 443)
@@ -879,13 +879,13 @@
 	- kernel-source-2.6.10 2.6.10-4
 CAN-2005-0178 (Race condition in the setsid function in Linux before 2.6.8.1 has ...)
 	NOTE: see USN-82-1
-	TODO: check
+	TODO: check with kernel team
 CAN-2005-0177 (nls_ascii.c in Linux before 2.6.8.1 uses an incorrect table size, ...)
 	NOTE: see USN-82-1
-	TODO: check
+	TODO: check with kernel team
 CAN-2005-0176 (The shmctl function in Linux before 2.6.8.1 allows local users to ...)
-	TODO: check
 	NOTE: see USN-82-1
+	TODO: check with kernel team
 CAN-2004-1392 (PHP 4.0 with cURL functions allows remote attackers to bypass the ...)
 	- php4 4:4.3.10-3
 CAN-2004-1391 (Untrusted execution path vulnerability in the PPPoE daemon (PPPoEd) in ...)
@@ -1113,7 +1113,7 @@
 CAN-2005-0088 (The publisher handler for mod_python 2.7.8 and earlier allows remote ...)
 	- libapache2-mod-python (unfixed; bug #294835)
 CAN-2005-0087 (The alsa-lib package in Red Hat Linux 4 disables stack protection for ...)
-	TODO: check
+	NOTE: debian does not have stack protection
 CAN-2005-0086 (Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 ...)
 	NOTE: not-for-us (redhat specific less bug)
 CAN-2005-0085 (Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before ...)
@@ -1418,7 +1418,7 @@
 	NOTE: Fixed in upstream 2.6.10
 	- kernel-source-2.6.8 2.6.8-11
 	- kernel-source-2.6.9 2.6.9-4
-	TODO: what about 2.4?
+	TODO: what about 2.4? check with kernel team
 CAN-2004-1332 (Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with ...)
 	NOTE: not-for-us (hpux)
 CAN-2004-1331 (The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows ...)
@@ -2377,7 +2377,7 @@
 CAN-2004-0920 (Symantec Norton AntiVirus 2004, and earlier versions, allows a virus ...)
 	NOTE: not-for-us (norton)
 CAN-2004-0919 (The syscons CONS_SCRSHOT ioctl in FreeBSD 5.x allows local users to ...)
-	TODO: check
+	NOTE: not-for-us (FreeBSD)
 CAN-2004-0918 (The asn_parse_header function (asn1.c) in the SNMP module for Squid ...)
 	{DSA-576-1}
 	- squid 2.5.7
@@ -2499,20 +2499,22 @@
 CAN-2004-0873 (Apple iChat AV 2.1, AV 2.0, and 1.0.1 allows remote attackers to ...)
 	NOTE: not-for-us (apple)
 CAN-2004-0872 (Opera does not prevent cookies that are sent over an insecure ...)
-	TODO: check
+	NOTE: not-for-us (Opera)
 CAN-2004-0871 (Mozilla does not prevent cookies that are sent over an insecure ...)
-	TODO: check
+	NOTE: upstream knows about the problem, no fix expected
+	TODO: followup
 CAN-2004-0870 (KDE Konqueror does not prevent cookies that are sent over an insecure ...)
-	TODO: check
+	NOTE: upstream knows about the problem, no fix expected
+	TODO: followup
 CAN-2004-0869 (Internet Explorer does not prevent cookies that are sent over an ...)
-	TODO: check
+	NOTE: not-for-us (MSIE)
 CAN-2004-0868
 	NOTE: rejected
 	NOTE: not-for-us (microsoft)
 CAN-2004-0867 (Mozilla Firefox 0.9.2 allows web sites to set cookies for ...)
 	- mozilla-firefox 0.9.3
 CAN-2004-0866 (Internet Explorer 6.0 allows web sites to set cookies for ...)
-	TODO: check
+	NOTE: not-for-us (MSIE)
 CAN-2004-0865
 	NOTE: reserved
 CAN-2004-0864