[Secure-testing-commits] r1376 - data/CAN
Moritz Muehlenhoff
jmm-guest@costa.debian.org
Wed, 13 Jul 2005 09:12:06 +0000
Author: jmm-guest
Date: 2005-07-13 09:11:55 +0000 (Wed, 13 Jul 2005)
New Revision: 1376
Modified:
data/CAN/list
Log:
new krb5 issues
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-07-13 06:39:52 UTC (rev 1375)
+++ data/CAN/list 2005-07-13 09:11:55 UTC (rev 1376)
@@ -1892,8 +1892,9 @@
NOTE: reserved
CAN-2005-1690
NOTE: rejected
-CAN-2005-1689
+CAN-2005-1689 [krb5 KDC double free()]
NOTE: reserved
+ - krb5 1.3.6-4 (medium)
CAN-2005-1688 (Wordpress 1.5 and earlier allows remote attackers to obtain sensitive ...)
NOTE: Removed from Sarge due to intransparent handling of security issues by upstream
- wordpress 1.5.1-1
@@ -3998,10 +3999,14 @@
NOTE: and not the version in Sarge
CAN-2005-1176 (Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file while ...)
NOTE: not-for-us (AIX)
-CAN-2005-1175
+CAN-2005-1175 [MIT krb5 KDC heap overflow]
NOTE: reserved
-CAN-2005-1174
+ TODO: check krb4
+ - krb5 1.3.6-4 (medium)
+CAN-2005-1174 [MIT krb5 KDC free() DoS]
NOTE: reserved
+ TODO: check krb4
+ - krb5 1.3.6-4 (medium)
CAN-2004-1774 (Buffer overflow in the SDO_CODE_SIZE peocedure of the MD2 package ...)
NOTE: not-for-us (Oracle)
CAN-2005-1173 (Buffer overflow in PMSoftware Simple Web Server 1.0 allows remote ...)