[Secure-testing-commits] r1315 - in data: CAN DSA

Joey Hess joeyh@costa.debian.org
Fri, 01 Jul 2005 02:58:14 +0000 

Author: joeyh
Date: 2005-07-01 02:58:11 +0000 (Fri, 01 Jul 2005)
New Revision: 1315

Modified:
   data/CAN/list
   data/DSA/list
Log:
dsas

Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-06-30 21:14:14 UTC (rev 1314)
+++ data/CAN/list	2005-07-01 02:58:11 UTC (rev 1315)
@@ -3398,7 +3398,7 @@
 CAN-2005-1267 (The bgp_update_print function in tcpdump 3.x does not properly handle ...)
 	- tcpdump 3.9.0.cvs.20050614-1 (medium)
 CAN-2005-1266 (Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to ...)
-	- spamassassin (unfixed; bug #314447; medium)
+	- spamassassin 3.0.4-1 (bug #314447; medium)
 CAN-2005-1265 (The mmap function in the Linux Kernel 2.6.10 can be used to create ...)
 	- kernel-source-2.6.8 (unfixed; medium)
 CAN-2005-1264 (Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2005-06-30 21:14:14 UTC (rev 1314)
+++ data/DSA/list	2005-07-01 02:58:11 UTC (rev 1315)
@@ -1,78 +1,86 @@
+[01 Jul 2005] DSA-736-1 spamassassin - mail header parsing error
+	{CAN-2005-1266}
+	- spamassassin 3.0.4-1 (medium)
+	NOTE: fixed in testing at time of DSA
+[01 Jul 2005] DSA-735-1 sudo - pathname validation race
+	{CAN-2005-1993}
+	- sudo 1.6.8p9-1 (medium)
+	NOTE: not fixed in testing at time of DSA
 [30 Jun 2005] DSA-733-1 crip - insecure temporary files
 	{CAN-2005-0393}
 	- crip 3.5-1sarge2 (low)
-	NOTE: not fixed in testing in time of DSA (reserved)
+	NOTE: not fixed in testing at time of DSA (reserved)
 [03 Jun 2005] DSA-732-1 mailutils - several
         {CAN-2005-1520 CAN-2005-1521 CAN-2005-1522 CAN-2005-1523}
         - mailutils 0.6.1-4
-	NOTE: fixed in testing in time of DSA
+	NOTE: fixed in testing at time of DSA
 [02 Jun 2005] DSA-731-1 krb4 - buffer overflows
 	{CAN-2005-0468 CAN-2005-0468}
 	- krb4 1.2.2-11.2
-	NOTE: fixed in testing in time of DSA
+	NOTE: fixed in testing at time of DSA
 [27 May 2005] DSA-730-1 bzip2 - race condition
 	{CAN-2005-0953}
 	- bzip2 1.0.2-6
-	NOTE: fixed in testing in time of DSA
+	NOTE: fixed in testing at time of DSA
 [26 May 2005] DSA-729-1 php4 - missing input sanitising
 	{CAN-2005-0525}
 	- php4 4.3.10-10
-	NOTE: fixed in testing in time of DSA
+	NOTE: fixed in testing at time of DSA
 [25 May 2005] DSA-728-1 qpopper - missing privilege release
 	{CAN-2005-1151 CAN-2005-1152}
 	- qpopper 4.0.5-4sarge1
-	NOTE: fixed in testing in time of DSA by security team
+	NOTE: fixed in testing at time of DSA by security team
 [20 May 2005] DSA-727-1 libconvert-uulib-perl - buffer overflow
 	{CAN-2005-1349}
 	- libconvert-uulib-perl 1.0.5.1-1
-	NOTE: fixed in testing in time of DSA
+	NOTE: fixed in testing at time of DSA
 [20 May 2005] DSA-726-1 oops - format string vulnerability
 	{CAN-2005-1121}
 	- oops (unfixed; bug #307360)
-	NOTE: not in testing in time of DSA
+	NOTE: not in testing at time of DSA
 [19 May 2005] DSA-725-1 ppxp - missing privilege release
 	{CAN-2005-0392}
 	- ppxp 0.2001080415-11
-	NOTE: not fixed in testing in time of DSA
+	NOTE: not fixed in testing at time of DSA
 [18 May 2005] DSA-724-1 phpsysinfo - design flaw
 	{CAN-2005-0870}
 	- phpsysinfo 2.3-3
-	NOTE: fixed in testing in time of DSA
+	NOTE: fixed in testing at time of DSA
 [09 May 2005] DSA-723-1 xfree86 - buffer overflow
 	{CAN-2005-0605}
 	- xfree86 4.3.0.dfsg.1-13
-	NOTE: not fixed in testing in time of DSA
+	NOTE: not fixed in testing at time of DSA
 [09 May 2005] DSA-722-1 smail - buffer overflow
 	{CAN-2005-0892}
 	NOTE: Package not in testing at time of DSA
 [06 May 2005] DSA-721-1 squid - design flaw
 	{CAN-2005-1345}
 	- squid 2.5.9-7
-	NOTE: not fixed in testing in time of DSA
+	NOTE: not fixed in testing at time of DSA
 [03 May 2005] DSA-720-1 smartlist - wrong input processing
 	{CAN-2005-0157}
 	- smartlist 3.15-18
-	NOTE: fixed in testing in time of DSA
+	NOTE: fixed in testing at time of DSA
 [28 Apr 2005] DSA-719-1 prozilla - format string problems
 	{CAN-2005-0523}
 	- prozilla 1:1.3.7.4-1
-	NOTE: fixed in testing in time of DSA
+	NOTE: fixed in testing at time of DSA
 [28 Apr 2005] DSA-718-1 ethereal - buffer overflow
 	{CAN-2005-0739}
 	- ethereal 0.10.10-1
-	NOTE: fixed in testing in time of DSA
+	NOTE: fixed in testing at time of DSA
 [27 Apr 2005] DSA-717-1 lsh-utils - buffer overflow, typo
 	{CAN-2003-0826 CAN-2005-0814}
 	- lsh-utils 2.0.1-2
-	NOTE: fixed in testing in time of DSA
+	NOTE: fixed in testing at time of DSA
 [27 Apr 2005] DSA-716-1 gaim - denial of service
 	{CAN-2005-0472}
 	- gaim 1.1.3-1
-	NOTE: fixed in testing in time of DSA
+	NOTE: fixed in testing at time of DSA
 [27 Apr 2005] DSA-715-1 cvs - several
 	{CAN-2004-1342 CAN-2004-1343}
 	- cvs 1.12.9-12
-	NOTE: not fixed in testing in time of DSA
+	NOTE: not fixed in testing at time of DSA
 [26 Apr 2005] DSA-714-1 kdelibs - several
 	{CAN-2005-1046}
 	- kdelibs 4:3.3.2-5
@@ -89,7 +97,7 @@
 [19 Apr 2005] DSA-711-1 info2www - missing input sanitising
 	{CAN-2004-1341}
 	- info2www 1.2.2.9-23
-	NOTE: fixed in testing in time of DSA
+	NOTE: fixed in testing at time of DSA
 [18 Apr 2005] DSA-710-1 gtkhtml - null pointer dereference
 	{CAN-2003-0541}
 	- gtkhtml 1.0.4-6.2
@@ -108,7 +116,7 @@
 [13 Apr 2005] DSA-706-1 axel - buffer overflow
 	{CAN-2005-0390}
 	- axel 1.0b-1
-	NOTE: fixed in testing in time of DSA
+	NOTE: fixed in testing at time of DSA
 [04 Apr 2005] DSA-705-1 wu-ftpd - missing input sanitising
 	{CAN-2005-0256 CAN-2003-0854}
 	- wu-ftpd 2.6.2-19