[Secure-testing-commits] r481 - sarge-checks/CAN

Micah Anderson micah@costa.debian.org
Thu, 24 Feb 2005 07:41:06 +0100 

Author: micah
Date: 2005-02-24 07:41:04 +0100 (Thu, 24 Feb 2005)
New Revision: 481

Modified:
   sarge-checks/CAN/list
Log:
Done checking these new TODOs


Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-02-24 05:25:26 UTC (rev 480)
+++ sarge-checks/CAN/list	2005-02-24 06:41:04 UTC (rev 481)
@@ -13,8 +13,10 @@
 CAN-2005-0505 (Unknown vulnerability in Information Resource Manager (IRM) before ...)
 	- irm (unfixed; bug #296662)
 CAN-2005-0504 (Buffer overflow in the MoxaDriverIoctl function for the moxa serial ...)
-	NOTE: micah checking with kernel team
-	TODO: check
+	- kernel-source-2.6.8 2.6.8-12
+	- kernel-source-2.6.9 2.6.9-5
+	- kernel-source-2.6.10 2.6.10-2
+	- kernel-source-2.4.27 2.4.27-8
 CAN-2005-0503 (uim before 0.4.5.1 trusts certain environment variables when libUIM is ...)
 	- uim (unfixed; bug #296632)
 CAN-2005-0502 (Directory traversal vulnerability in Xinkaa 1.0.3 and earlier allows ...)
@@ -1350,8 +1352,13 @@
 CAN-2005-0205
 	NOTE: reserved
 CAN-2005-0204 (Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T ...)
-	NOTE: micah checking with kernel team
-	TODO: check with kernel team
+	NOTE: according to the CAN it is fixed in 2.6.10, but
+	NOTE: looking at the source it is not so clear, noting this
+	NOTE: in the bug report
+	- kernel-source-2.4.27 (unfixed; bug #296700)
+	- kernel-source-2.6.8 (unfixed; bug #296700)
+	- kernel-source-2.6.9 (unfixed; bug #296700)
+	- kernel-source-2.6.10 (unfixed; bug #296700)
 CAN-2005-0203
 	NOTE: reserved
 CAN-2005-0202 (Directory traversal vulnerability in the true_path function in ...)
@@ -3008,6 +3015,7 @@
 	NOTE: waldi provided this info
 	- linux-kernel-image-2.6.8-s390 2.6.8-3
 	- kernel-source-2.6.8 2.6.8-10
+	- kernel-source-2.6.9 2.6.9-3
 CAN-2004-0886 (Multiple integer overflows in libtiff 3.6.1 and earlier allow remote ...)
 	{DSA-567-1}
 CAN-2004-0885 (The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the ...)