[Secure-testing-commits] r299 - in sarge-checks: CAN DSA

Joey Hess joeyh@costa.debian.org
Thu, 20 Jan 2005 19:43:13 +0100


Author: joeyh
Date: 2005-01-20 19:43:10 +0100 (Thu, 20 Jan 2005)
New Revision: 299

Modified:
   sarge-checks/CAN/list
   sarge-checks/DSA/list
Log:
updates


Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-01-20 08:14:16 UTC (rev 298)
+++ sarge-checks/CAN/list	2005-01-20 18:43:10 UTC (rev 299)
@@ -1,9 +1,10 @@
 CAN-2005-0124
-	TODO: check
+	TODO: check with kernel team re 2.4
+	NOTE: 2.6.8 apparenlty ok
 CAN-2005-0123
 	NOTE: reserved
 CAN-2005-0122
-	TODO: check
+	NOTE: not-for-us (MacOS X)
 CAN-2005-0121 (Multiple buffer overflows in golddig 2.0 and earlier allow local users ...)
 	NOTE: not-for-us (golddig)
 CAN-2005-0120 (helvis 1.8h2_1 and earlier allows local users to delete arbitrary ...)
@@ -83,9 +84,9 @@
 CAN-2005-0083
 	NOTE: reserved
 CAN-2005-0082 (The sapdbwa_GetUserData function in MySQL MaxDB 7.5.0.0, and other ...)
-	TODO: check
+	- maxdb-7.5.00 7.5.00.21-1
 CAN-2005-0081 (MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote ...)
-	TODO: check
+	- maxdb-7.5.00 7.5.00.21-1
 CAN-2004-1379 (Heap-based buffer overflow in the DVD subpicture decoder in xine ...)
 	- xine-lib 1-rc7-1
 CAN-2004-1378 (The expat XML parser code, as used in the open source Jabber (jabberd) ...)
@@ -340,7 +341,8 @@
 	- mysql-dfsg-4.1 4.1.8a-6
 	- mysql-dfsg 4.0.23-3
 CAN-2005-0003 (The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit ...)
-	TODO: check
+	TODO: check with kernel team
+	NOTE: 2.4 unaffected; 64 bit arches only
 CAN-2005-0002 (poppassd_pam 1.0 and earlier, when changing a user password, does not ...)
 	NOTE: not-for-us (poppassd_pam)
 CAN-2005-0001 (Race condition in the page fault handler (fault.c) for Linux kernel ...)
@@ -565,7 +567,7 @@
 CAN-2004-1238
 	NOTE: reserved
 CAN-2004-1237 (Unknown vulnerability in the system call filtering code in the audit ...)
-	TODO: check
+	NOTE: apparently redhat specific
 CAN-2004-1236 (Buffer overflow in the LDAP component for Netscape Directory Server ...)
 	NOTE: not-for-us (Netscape Directory Server on HP-UX)
 CAN-2004-1235 (Race condition in the (1) load_elf_library and (2) binfmt_aout ...)
@@ -1551,7 +1553,7 @@
 	NOTE: ide-cd SG_IO vulnerability
 	NOTE: fixed in recent 2.6 and 2.4 kernels
 CAN-2004-0812 (Unknown vulnerability in the Linux kernel before 2.4.23, on the AMD ...)
-	TODO: check
+	NOTE: only affects kernels before 2.4.23 on amd64
 CAN-2004-0811 (Unknown vulnerability in Apache 2.0.51 prevents "the merging of the ...)
 	- apache2 2.0.52
 CAN-2004-0810 (Buffer overflow in Netopia Timbuktu 7.0.3 allows remote attackers to ...)

Modified: sarge-checks/DSA/list
===================================================================
--- sarge-checks/DSA/list	2005-01-20 08:14:16 UTC (rev 298)
+++ sarge-checks/DSA/list	2005-01-20 18:43:10 UTC (rev 299)
@@ -1,3 +1,15 @@
+[20 Jan 2005] DSA-651-1 squid - buffer overflow, integer overflow
+	{CAN-2005-0094 CAN-2005-0095}
+	- squid 2.5.7-4
+	NOTE: not fixed in testing at time of DSA
+[20 Jan 2005] DSA-650-1 sword - missing input sanitising
+	{CAN-2005-0015}
+	- sword (unfixed; bug filed)
+	NOTE: not fixed in testing at time of DSA
+[20 Jan 2005] DSA-649-1 xtrlock - buffer overflow
+	{CAN-2005-0079}
+	- xtrlock 2.0-9
+	NOTE: fixed in testing at time of DSA
 [19 Jan 2005] DSA-648-1 xpdf - buffer overflow
 	{CAN-2005-0064}
 	- xpdf 3.00-12