[Secure-testing-commits] r1492 - data/CAN

Joey Hess joeyh at costa.debian.org
Sat Jul 30 03:29:49 UTC 2005 

Author: joeyh
Date: 2005-07-30 03:29:46 +0000 (Sat, 30 Jul 2005)
New Revision: 1492

Modified:
   data/CAN/list
Log:
handle a few XXXX that got numbers and some new CANs covered by existing
DSAs


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-07-30 03:18:06 UTC (rev 1491)
+++ data/CAN/list	2005-07-30 03:29:46 UTC (rev 1492)
@@ -71,8 +71,11 @@
 	NOTE: not-for-us (Oracle Reports)
 CAN-2005-2370 (Multiple "memory alignment errors" in libgadu, as used in ekg before ...)
 	{DSA-769-1}
+	- gaim (unfixed)
+	NOTE: DSA only covers gaim
+	TODO: check ekg and others that embed libgadu in source tree
 CAN-2005-2369 (Multiple integer signedness errors in libgadu, as used in ekg before ...)
-	TODO: check
+	TODO: check gaim and others that embed libgadu in source tree
 CAN-2005-2368 (vim 6.3 before 6.3.082, with modelines enabled, allows attackers to ...)
 	- vim 1:6.3-085+1 (bug #320017; medium)
 CAN-2005-2367
@@ -157,7 +160,7 @@
 CAN-2005-2318 (Cross-site scripting (XSS) vulnerability in showerr.asp in DVBBS 7.1 ...)
 	TODO: check
 CAN-2005-2317 (Shorewall 2.4.x before 2.4.1, 2.2.x before 2.2.5, and 2.0.x before ...)
-	TODO: check
+	- shorewall 2.4.1-2 (medium)
 CAN-2005-2316
 	NOTE: reserved
 CAN-2005-2315
@@ -238,7 +241,7 @@
 	TODO: check
 CAN-2005-2277 (Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows ...)
 	{DSA-762-1}
-	TODO: check
+	- affix 2.1.2-2 (medium)
 CAN-2005-2276 (Cross-site scripting (XSS) vulnerability in Novell Groupwise WebAccess ...)
 	TODO: check
 CAN-2004-2284 (The read_list_from_file function in vacation.pl for OpenWebmail before ...)
@@ -417,8 +420,6 @@
 	NOTE: This doesn't look like a real security issue as cron.daily should only be
 	NOTE: writable by root, but lets include it as the maintainer considers it an issue
 	- faif 1.19.2-14 (low)
-CAN-2005-XXXX [Shorewall lets users which have been accepted by MAC based access control bypass the other access checks]
-	- shorewall 2.4.1-2 (medium)
 CAN-2005-XXXX [pdns: Two DoS vulnerabilities in the LDAP backend]
 	- pdns (unfixed; bug #318798; medium)
 	NOTE: CVE id requested from mitre
@@ -833,8 +834,6 @@
 CAN-2005-XXXX [netpanzer: DoS through endless loop trigged through a crafted packet]
 	- netpanzer (unfixed; bug #318329; medium)
 	NOTE: CVE id requested from mitre
-CAN-2005-XXXX [Missing input sanitising in affix's btsrv/btobex services]
-	- affix 2.1.2-2 (medium)
 CAN-2005-2259 (The dispallclosed2 function in dispallclosed.pl for multiple USANet ...)
 	NOTE: not-for-us (USANet)
 CAN-2005-2258 (PHP remote file inclusion vulnerability in photolist.inc.php in Squito ...)

More information about the Secure-testing-commits mailing list