[Secure-testing-commits] r1464 - data/CAN
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Mon Jul 25 08:04:09 UTC 2005
Author: jmm-guest
Date: 2005-07-25 08:04:06 +0000 (Mon, 25 Jul 2005)
New Revision: 1464
Modified:
data/CAN/list
Log:
mysql 4.1 is affected by the zlib security issue.
kopete update
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-07-24 14:26:03 UTC (rev 1463)
+++ data/CAN/list 2005-07-25 08:04:06 UTC (rev 1464)
@@ -910,6 +910,7 @@
NOTE: to search for static zlib signatures in binaries in Debian
NOTE: Not all of the listed packages have been checked for actual
NOTE: exploitability using this hole.
+ - mysql-dfsg-4.1 (unfixed; bug filed; medium)
- dpkg (unfixed; bug #317967; medium)
- zsync 0.4.0-2 (medium)
- dump (unfixed; bug #317966; medium)
@@ -2206,11 +2207,10 @@
NOTE: reserved
CAN-2005-1852 [Integer overflow in ekg]
NOTE: reserved
- NOTE: It seems as if Kopete is not directly affected if a local copy of the lib
- NOTE: is installed, but this could this be an issue in systems were libgadu has
- NOTE: been removed with --force-depends
+ NOTE: Kopete embeds the vulnerable code, but it's only used as a fallback when
+ NOTE: no shared lib version is found. As the Debian package has a dependency on
+ NOTE: it the maintainer does not intent to fix it, see # 319443
- ekg 1:1.5+20050712+1.6rc3-1 (medium)
- - kopete (unfixed; bug filed; low)
CAN-2005-1851 [Potential shell command injection in ekg contrib script]
NOTE: reserved
- ekg 1:1.5+20050712+1.6rc2-1 (low)
More information about the Secure-testing-commits
mailing list