[Secure-testing-commits] r1436 - data/CAN

Moritz Muehlenhoff jmm-guest at costa.debian.org
Tue Jul 19 08:29:09 UTC 2005


Author: jmm-guest
Date: 2005-07-19 08:29:06 +0000 (Tue, 19 Jul 2005)
New Revision: 1436

Modified:
   data/CAN/list
Log:
mysql-ocaml and zsync fixed


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-07-19 08:13:31 UTC (rev 1435)
+++ data/CAN/list	2005-07-19 08:29:06 UTC (rev 1436)
@@ -874,15 +874,12 @@
 CAN-2005-2096 (Buffer overflow in zlib 1.2 and later versions allows remote attackers ...)
 	{DSA-740-1}
 	NOTE: Several packages ship embedded copies of zlib, there are a lot probably more
-	NOTE: We have to check whether zlib 1.1 is really not affected, sometimes the CVE
-	NOTE: descriptions are flaky wrt affected versions, kernel, mozilla, rsync and oo
-	NOTE: supposedly use 1.1
 	NOTE: Florian Weimer is doing a comprehensive audit using clamav
 	NOTE: to search for static zlib signatures in binaries in Debian
 	NOTE: Not all of the listed packages have been checked for actual
 	NOTE: exploitability using this hole.
 	- dpkg (unfixed; bug #317967; medium)
-	- zsync (unfixed; bug #317968; medium)
+	- zsync 0.4.0-2 (medium)
 	- dump (unfixed; bug #317966; medium)
 	- aide (unfixed; bug #317523; medium)
 	- amd64-libs (unfixed; bug #317970; medium)
@@ -2388,7 +2385,8 @@
 CAN-2005-1756 (Cross-site scripting (XSS) vulnerability in the ModWeb agent for ...)
 	NOTE: not-for-us (Novell)
 CAN-2005-1751 (Race condition in shtool 2.0.1 and earlier allows local users to ...)
-	- shtool 2.0.1-2
+	- shtool 2.0.1-2 (low)
+	- mysql-ocaml 1.0.3-6 (low)
 	- php4 (unfixed; low)
 	NOTE: This might be -1759, it's not obvious from the PHP release notes
 CAN-2004-2136 (dm-crypt on Linux kernel 2.6.x, when used on certain file systems ...)




More information about the Secure-testing-commits mailing list