[Secure-testing-commits] r316 - in sarge-checks: CAN DSA
Joey Hess
joeyh@costa.debian.org
Tue, 25 Jan 2005 20:40:50 +0100
Author: joeyh
Date: 2005-01-25 20:40:42 +0100 (Tue, 25 Jan 2005)
New Revision: 316
Modified:
sarge-checks/CAN/list
sarge-checks/DSA/list
Log:
updates
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-01-24 14:17:10 UTC (rev 315)
+++ sarge-checks/CAN/list 2005-01-25 19:40:42 UTC (rev 316)
@@ -62,6 +62,7 @@
- squirrelmail 2:1.4.4-1
CAN-2005-0102
NOTE: reserved
+ - evolution 2.0.3-1.2
CAN-2005-0101
NOTE: reserved
CAN-2005-0100
@@ -109,14 +110,14 @@
CAN-2005-0081 (MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote ...)
- maxdb-7.5.00 7.5.00.21-1
CAN-2004-1379 (Heap-based buffer overflow in the DVD subpicture decoder in xine ...)
- - xine-lib 1-rc7-1
+ - xine-lib 1-rc6a-1
CAN-2004-1378 (The expat XML parser code, as used in the open source Jabber (jabberd) ...)
- jabber 1.4.3-3
NOTE: not-for-us (jadc2s)
CAN-2004-1377 (The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) ...)
- a2ps 1:4.13b-4.3
CAN-2003-1054 (mod_access_referer 1.0.2 allows remote attackers to cause a denial of ...)
- TODO: check
+ NOTE: not-for-us (mod_access_referer)
CAN-2003-1053 (Multiple buffer overflows in XShisen allow attackers to execute ...)
- xshisen 1.51-1-1
CAN-2005-0080 (The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 ...)
@@ -987,7 +988,7 @@
CAN-2004-1062 (Multiple cross-site scripting (XSS) vulnerabilities in ViewCVS 0.9.2 ...)
- viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.3
CAN-2004-1061 (Cross-site scripting (XSS) vulnerability in unknown versions of ...)
- TODO: check
+ - bugzilla 2.16.7-2
CAN-2004-1060
NOTE: reserved
CAN-2004-1059 (Multiple cross-site scripting (XSS) vulnerabilities in mnoGoSearch ...)
@@ -1307,7 +1308,7 @@
CAN-2004-0932 (McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th ...)
NOTE: not-for-us (McAfee Anti-Virus Engine DATS drivers)
CAN-2004-0931 (MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a denial ...)
- TODO: check
+ - maxdb-7.5.00 7.5.00.18
CAN-2004-0930 (The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other ...)
- samba 3.0.8-1
CAN-2004-0929 (Heap-based buffer overflow in the OJPEGVSetField function in ...)
Modified: sarge-checks/DSA/list
===================================================================
--- sarge-checks/DSA/list 2005-01-24 14:17:10 UTC (rev 315)
+++ sarge-checks/DSA/list 2005-01-25 19:40:42 UTC (rev 316)
@@ -1,3 +1,19 @@
+[25 Jan 2005] DSA-658-1 libdbi-perl - insecure temporary file
+ {CAN-2005-0077}
+ - libdbi-perl 1.46-6
+ NOTE: not fixed in testing at time of DSA
+[25 Jan 2005] DSA-657-1 xine-lib - buffer overflow
+ {CAN-2004-1379}
+ - xine-lib 1-rc6a-1
+ NOTE: fixed in testing at time of DSA
+[25 Jan 2005] DSA-656-1 vdr - insecure file access
+ {CAN-2005-0071}
+ - vdr 1.2.6-6
+ NOTE: not fixed in testing at time of DSA
+[25 Jan 2005] DSA-655-1 zhcon - missing privilege release
+ {CAN-2005-0072}
+ - zhcon (unfixed; bug filed)
+ NOTE: not fixed in testing at time of DSA
[21 Jan 2005] DSA-654-1 enscript - several
{CAN-2004-1184 CAN-2004-1185 CAN-2004-1186}
- enscript 1.6.4-6