[Secure-testing-commits] r316 - in sarge-checks: CAN DSA

Joey Hess joeyh@costa.debian.org
Tue, 25 Jan 2005 20:40:50 +0100 

Author: joeyh
Date: 2005-01-25 20:40:42 +0100 (Tue, 25 Jan 2005)
New Revision: 316

Modified:
   sarge-checks/CAN/list
   sarge-checks/DSA/list
Log:
updates


Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-01-24 14:17:10 UTC (rev 315)
+++ sarge-checks/CAN/list	2005-01-25 19:40:42 UTC (rev 316)
@@ -62,6 +62,7 @@
 	- squirrelmail 2:1.4.4-1
 CAN-2005-0102
 	NOTE: reserved
+	- evolution 2.0.3-1.2
 CAN-2005-0101
 	NOTE: reserved
 CAN-2005-0100
@@ -109,14 +110,14 @@
 CAN-2005-0081 (MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote ...)
 	- maxdb-7.5.00 7.5.00.21-1
 CAN-2004-1379 (Heap-based buffer overflow in the DVD subpicture decoder in xine ...)
-	- xine-lib 1-rc7-1
+	- xine-lib 1-rc6a-1
 CAN-2004-1378 (The expat XML parser code, as used in the open source Jabber (jabberd) ...)
 	- jabber 1.4.3-3
 	NOTE: not-for-us (jadc2s)
 CAN-2004-1377 (The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) ...)
 	- a2ps 1:4.13b-4.3
 CAN-2003-1054 (mod_access_referer 1.0.2 allows remote attackers to cause a denial of ...)
-	TODO: check
+	NOTE: not-for-us (mod_access_referer)
 CAN-2003-1053 (Multiple buffer overflows in XShisen allow attackers to execute ...)
 	- xshisen 1.51-1-1
 CAN-2005-0080 (The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 ...)
@@ -987,7 +988,7 @@
 CAN-2004-1062 (Multiple cross-site scripting (XSS) vulnerabilities in ViewCVS 0.9.2 ...)
 	- viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.3
 CAN-2004-1061 (Cross-site scripting (XSS) vulnerability in unknown versions of ...)
-	TODO: check
+	- bugzilla 2.16.7-2
 CAN-2004-1060
 	NOTE: reserved
 CAN-2004-1059 (Multiple cross-site scripting (XSS) vulnerabilities in mnoGoSearch ...)
@@ -1307,7 +1308,7 @@
 CAN-2004-0932 (McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th ...)
 	NOTE: not-for-us (McAfee Anti-Virus Engine DATS drivers)
 CAN-2004-0931 (MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a denial ...)
-	TODO: check
+	- maxdb-7.5.00 7.5.00.18
 CAN-2004-0930 (The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other ...)
 	- samba 3.0.8-1
 CAN-2004-0929 (Heap-based buffer overflow in the OJPEGVSetField function in ...)

Modified: sarge-checks/DSA/list
===================================================================
--- sarge-checks/DSA/list	2005-01-24 14:17:10 UTC (rev 315)
+++ sarge-checks/DSA/list	2005-01-25 19:40:42 UTC (rev 316)
@@ -1,3 +1,19 @@
+[25 Jan 2005] DSA-658-1 libdbi-perl - insecure temporary file
+	{CAN-2005-0077}
+	- libdbi-perl 1.46-6
+	NOTE: not fixed in testing at time of DSA
+[25 Jan 2005] DSA-657-1 xine-lib - buffer overflow
+	{CAN-2004-1379}
+	- xine-lib 1-rc6a-1
+	NOTE: fixed in testing at time of DSA
+[25 Jan 2005] DSA-656-1 vdr - insecure file access
+	{CAN-2005-0071}
+	- vdr 1.2.6-6
+	NOTE: not fixed in testing at time of DSA
+[25 Jan 2005] DSA-655-1 zhcon - missing privilege release
+	{CAN-2005-0072}
+	- zhcon (unfixed; bug filed)
+	NOTE: not fixed in testing at time of DSA
 [21 Jan 2005] DSA-654-1 enscript - several
 	{CAN-2004-1184 CAN-2004-1185 CAN-2004-1186}
 	- enscript 1.6.4-6