[Secure-testing-commits] r1483 - data/CAN

Micah Anderson micah at costa.debian.org
Fri Jul 29 04:38:04 UTC 2005 

Author: micah
Date: 2005-07-29 04:38:01 +0000 (Fri, 29 Jul 2005)
New Revision: 1483

Modified:
   data/CAN/list
Log:
More fixes in kernels


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-07-29 03:32:40 UTC (rev 1482)
+++ data/CAN/list	2005-07-29 04:38:01 UTC (rev 1483)
@@ -98,6 +98,7 @@
 	NOTE: not-for-us (FTGate)
 CAN-2002-2079 (mosix-protocol-stack in Multicomputer Operating System for UnIX ...)
 	- kernel-patch-openmosix (unfixed; bug #319621; low)
+	NOTE: filed bug with ftp.debian.org for removal (#319817)
 CAN-2002-2078 (Heap-based buffer overflow in Floositek (1) FTGate Pro 1.05 and (2) ...)
 	NOTE: not-for-us (FTGate)
 CAN-2002-2077 (The DCOM client in Windows 2000 before SP3 does not properly clear ...)
@@ -2417,7 +2418,8 @@
 CAN-2005-1766 (Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 ...)
 	NOTE: not-for-us (RealPlayer)
 CAN-2005-1765 (syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, ...)
-	- kernel-source-2.6.8 (unfixed; unknown)
+	- kernel-source-2.6.8 2.6.8-17
+	- kernel-source-2.6.8 2.6.8-16sarge1
 	- linux-2.6 2.6.12-1 (medium)
 	NOTE: Fixed in the 2.6.11 stable series and merged into 2.6.12
 CAN-2005-1764 [Unspecified DoS vulnerability on amd64]
@@ -2428,11 +2430,16 @@
 CAN-2005-1762 (The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 ...)
 	- linux-2.6 2.6.12-1 (medium)
 	NOTE: Fixed in the 2.6.11 stable series and merged into 2.6.12
-	- kernel-source-2.6.8 (unfixed; unknown)
+	- kernel-source-2.6.8 2.6.8-17
+	- kernel-source-2.6.8 2.6.8-16sarge1
+	- kernel-source-2.4.27 2.4.27-11
 CAN-2005-1761 [Kernel changelog for 2.6.12.1: ia64 ptrace + sigrestore_context]
 	NOTE: reserved
 	- linux-2.6 2.6.12-1 (medium)
 	- kernel-source-2.6.11 2.6.11-6 (normal)
+	- kernel-source-2.6.8 2.6.8-17
+	- kernel-source-2.6.8 2.6.8-16sarge1
+	- kernel-source-2.4.27 2.4.27-11
 CAN-2005-1760 (sysreport 1.3.15 and earlier includes contents of the up2date file in ...)
 	NOTE: not-for-us (sysreport)
 CAN-2005-1759 (Race condition in shtool 2.0.1 and earlier allows local users to ...)
@@ -5867,6 +5874,7 @@
 	- kernel-source-2.4.27 2.4.27-11
 	- kernel-source-2.6.8 2.6.8-17
 CAN-2005-0756 (ptrace 2.6.8.1 does not properly verify addresses on the amd64 ...)
+	- kernel-source.2.4.27 2.4.27-11 (medium)
 	- kernel-source-2.6.8 2.6.8-17 (medium)
 	- kernel-source-2.6.11 2.6.11-7 (medium)
 CAN-2005-0755 (Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player ...)
@@ -9625,7 +9633,7 @@
 	NOTE: not-for-us (NetOp Host)
 CAN-2004-0949 (The smb_recv_trans2 function call in the samba filesystem (smbfs) in ...)
 	NOTE: fixed in 2.4.28, 2.6.9
-	NOTE: check with kernel people
+	TODO: check with kernel people
 CAN-2004-0948
 	NOTE: rejected
 CAN-2004-0947 (Buffer overflow in unarj before 2.63a-r2 allows remote attackers to ...)
@@ -10805,6 +10813,7 @@
 	- cvs 1:1.12.9-1
 CAN-2004-0415 (Linux kernel does not properly convert 64-bit file offset pointers to ...)
 	NOTE: fixed in 2.4.27-rc6
+	TODO: does this mean we are ok?
 CAN-2004-0414 (CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not ...)
 	- cvs 1:1.12.9-1
 CAN-2004-0413 (libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) ...)

More information about the Secure-testing-commits mailing list