[Secure-testing-commits] r326 - sarge-checks/CAN
Joey Hess
joeyh@costa.debian.org
Sat, 29 Jan 2005 07:06:30 +0100
Author: joeyh
Date: 2005-01-29 07:06:27 +0100 (Sat, 29 Jan 2005)
New Revision: 326
Modified:
sarge-checks/CAN/list
Log:
update
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-01-28 20:14:15 UTC (rev 325)
+++ sarge-checks/CAN/list 2005-01-29 06:06:27 UTC (rev 326)
@@ -25,7 +25,8 @@
CAN-2005-0163
NOTE: reserved
CAN-2005-0162
- TODO: check
+ - openswan 2.2.0-6
+ NOTE: does not seem to affect freeswan
CAN-2005-0161
NOTE: reserved
CAN-2005-0160
@@ -49,27 +50,35 @@
CAN-2005-0151
NOTE: reserved
CAN-2005-0150
- TODO: check
+ - mozilla-firefox 1.0
CAN-2005-0149
- TODO: check
+ - mozilla-thunderbird 0.7
+ - mozilla-browser 2:1.7.4
CAN-2005-0148
- TODO: check
+ NOTE: not-for-us (thunderbird on windows)
CAN-2005-0147
- TODO: check
+ - mozilla-firefox 1.0
+ - mozilla-browser 2:1.7.5
CAN-2005-0146
- TODO: check
+ - mozilla-firefox 1.0
+ - mozilla-browser 2:1.7.5
CAN-2005-0145
- TODO: check
+ - mozilla-firefox 1.0
CAN-2005-0144
- TODO: check
+ - mozilla-firefox 1.0
+ - mozilla-browser 2:1.7.5
CAN-2005-0143
- TODO: check
+ - mozilla-firefox 1.0
+ - mozilla-browser 2:1.7.5
CAN-2005-0142
- TODO: check
+ - mozilla-firefox 1.0
+ - mozilla-thunderbirs 0.7
+ - mozilla-browser 2:1.7.5
CAN-2005-0141
- TODO: check
+ - mozilla-firefox 1.0
+ - mozilla-browser 2:1.7.5
CAN-2005-0140
- TODO: check
+ NOTE: not-for-us (PeID)
CAN-2005-0139
NOTE: reserved
CAN-2005-0138
@@ -83,11 +92,11 @@
CAN-2005-0134
NOTE: reserved
CAN-2004-1381
- TODO: check
+ - mozilla-firefox 1.0
+ - mozilla-browser 2:1.7.5
CAN-2004-1380
- TODO: check
-CAN-1999-1572
- TODO: check
+ - mozilla-firefox 1.0
+ - mozilla-browser 2:1.7.5
CAN-2005-0133
NOTE: reserved
- clamav 0.80-0.81rc1-1
@@ -102,11 +111,11 @@
CAN-2005-0128
NOTE: reserved
CAN-2005-0127 (Mail in Mac OS X 10.3.7, when generating a Message-ID header, ...)
- TODO: check
+ NOTE: not-for-us (MacOS)
CAN-2005-0126 (ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to execute ...)
- TODO: check
+ NOTE: not-for-us (MacOS)
CAN-2005-0125 (The "at" commands on Mac OS X 10.3.7 and earlier do not properly drop ...)
- TODO: check
+ NOTE: not-for-us (MacOS)
CAN-2005-0124 (The coda_pioctl function in the coda functionality (pioctl.c) for ...)
- kernel-source-2.4.27 2.4.27-8
NOTE: 2.6.8 apparently ok
@@ -127,7 +136,7 @@
CAN-2005-0116 (AWStats 6.1, and other versions before 6.3, allows remote attackers to ...)
- awstats 6.2-1.1
CAN-2005-0115 (Stack-based buffer overflow in DataRescue Interactive Disassembler ...)
- TODO: check
+ NOTE: not-for-us (DataRescue Interactive Disassembler)
CAN-2005-0114
NOTE: reserved
CAN-2005-0113 (inpview in SGI IRIX allows local users to execute arbitrary commands ...)
@@ -190,7 +199,7 @@
CAN-2005-0087
NOTE: reserved
CAN-2005-0086 (Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 ...)
- TODO: check
+ - less (unfixed; bug filed)
CAN-2005-0085
NOTE: reserved
CAN-2005-0084 (Buffer overflow in the X11 dissector in Ethereal 0.8.10 through 0.10.8 ...)
@@ -314,9 +323,10 @@
CAN-2005-0035
NOTE: reserved
CAN-2005-0034 (An "incorrect assumption" in the authvalidated validator function in ...)
- TODO: check
+ NOTE: only affects bind9 9.3.0, we have an earlier version
+ NOTE: fixed in 9.3.1
CAN-2005-0033 (Buffer overflow in the code for recursion and glue fetching in BIND ...)
- TODO: check
+ - bind 1:8.4.6-1
CAN-2004-1376 (Directory traversal vulnerability in Microsoft Internet Explorer 5.01, ...)
NOTE: not-for-us (MSIE)
CAN-2004-1375 (Unknown vulnerability in System Administration Manager (SAM) in HP-UX ...)
@@ -877,7 +887,7 @@
NOTE: fixed in kernel team svn (?)
TODO: track fix
CAN-2004-1150 (Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 ...)
- TODO: check
+ NOTE: not-for-us (Winamp)
CAN-2004-1149 (Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including ...)
NOTE: not-for-us (Computer Associates eTrust EZ Antivirus)
CAN-2004-1148 (phpMyAdmin before 2.6.1, when configured with UploadDir functionality, ...)
@@ -935,7 +945,7 @@
- gpdf 2.8.2-1
- koffice 1:1.3.5-1
CAN-2004-1124 (Unknown vulnerability in chroot on SCO UnixWare 7.1.1 through 7.1.4 ...)
- TODO: check
+ NOTE: not-for-us (UnixWare)
CAN-2004-1123 (Darwin Streaming Server 5.0.1, and possibly earlier versions, allows ...)
NOTE: not-for-us (Darwin Streaming Server)
CAN-2004-1122 (Safari 1.x to 1.2.4, and possibly other versions, allows inactive ...)
@@ -1080,7 +1090,7 @@
CAN-2004-1058 (Race condition in Linux kernel 2.6 allows local users to read the ...)
TODO: check with kernel team
CAN-2004-1057 (Multiple drivers in Linux kernel 2.4.19 and earlier do not properly ...)
- TODO: check
+ NOTE: fixed after kernel 2.4.19
CAN-2004-1056 (Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not ...)
- kernel-source-2.4.27 2.4.27-8
- kernel-image-2.4.27-i386 2.4.27-8
@@ -2386,7 +2396,7 @@
CAN-2004-0468 (Memory leak in Juniper JUNOS Packet Forwarding Engine (PFE) allows ...)
NOTE: not-for-us (Juniper JUNOS)
CAN-2004-0467 (Unknown vulnerability in Juniper JUNOS 5.x through JUNOS 7.x allows ...)
- TODO: check
+ NOTE: not-for-us (Juniper JUNOS)
CAN-2004-0466
NOTE: reserved
CAN-2004-0465
@@ -8230,6 +8240,7 @@
CAN-2000-0016 (Buffer overflow in Internet Anywhere POP3 Mail Server allows remote ...)
CAN-2000-0008 (FTPPro allows local users to read sensitive information, which is ...)
CAN-2000-0005 (HP-UX aserver program allows local users to gain privileges via a ...)
+CAN-1999-1572
CAN-1999-1571 (Buffer overflow in sar for SCO OpenServer 5.0.0 through 5.0.5 may ...)
CAN-1999-1570 (Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain ...)
CAN-1999-1569 (Quake 1 and NetQuake servers allow remote attackers to cause a denial ...)