[Secure-testing-commits] r1436 - data/CAN
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Tue Jul 19 08:29:09 UTC 2005
Author: jmm-guest
Date: 2005-07-19 08:29:06 +0000 (Tue, 19 Jul 2005)
New Revision: 1436
Modified:
data/CAN/list
Log:
mysql-ocaml and zsync fixed
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-07-19 08:13:31 UTC (rev 1435)
+++ data/CAN/list 2005-07-19 08:29:06 UTC (rev 1436)
@@ -874,15 +874,12 @@
CAN-2005-2096 (Buffer overflow in zlib 1.2 and later versions allows remote attackers ...)
{DSA-740-1}
NOTE: Several packages ship embedded copies of zlib, there are a lot probably more
- NOTE: We have to check whether zlib 1.1 is really not affected, sometimes the CVE
- NOTE: descriptions are flaky wrt affected versions, kernel, mozilla, rsync and oo
- NOTE: supposedly use 1.1
NOTE: Florian Weimer is doing a comprehensive audit using clamav
NOTE: to search for static zlib signatures in binaries in Debian
NOTE: Not all of the listed packages have been checked for actual
NOTE: exploitability using this hole.
- dpkg (unfixed; bug #317967; medium)
- - zsync (unfixed; bug #317968; medium)
+ - zsync 0.4.0-2 (medium)
- dump (unfixed; bug #317966; medium)
- aide (unfixed; bug #317523; medium)
- amd64-libs (unfixed; bug #317970; medium)
@@ -2388,7 +2385,8 @@
CAN-2005-1756 (Cross-site scripting (XSS) vulnerability in the ModWeb agent for ...)
NOTE: not-for-us (Novell)
CAN-2005-1751 (Race condition in shtool 2.0.1 and earlier allows local users to ...)
- - shtool 2.0.1-2
+ - shtool 2.0.1-2 (low)
+ - mysql-ocaml 1.0.3-6 (low)
- php4 (unfixed; low)
NOTE: This might be -1759, it's not obvious from the PHP release notes
CAN-2004-2136 (dm-crypt on Linux kernel 2.6.x, when used on certain file systems ...)
More information about the Secure-testing-commits
mailing list