[Secure-testing-commits] r1205 - sarge-checks/CAN
Moritz Muehlenhoff
jmm-guest@costa.debian.org
Mon, 06 Jun 2005 07:52:26 +0000
Author: jmm-guest
Date: 2005-06-06 07:52:24 +0000 (Mon, 06 Jun 2005)
New Revision: 1205
Modified:
sarge-checks/CAN/list
Log:
Two new issues already in the BTS.
gforge is not affected by the viewFile.php vulnerability, as the
code is question had already been removed some time before the
advisory was posted.
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-06-06 06:57:54 UTC (rev 1204)
+++ sarge-checks/CAN/list 2005-06-06 07:52:24 UTC (rev 1205)
@@ -1,3 +1,7 @@
+CAN-2005-XXXX [Directory traversal in zoo]
+ - zoo (unfixed; bug #306164)
+CAN-2005-XXXX [Cross Site Scripting in websieve]
+ - websieve (unfixed; bug #311838)
CAN-2005-XXXX [Information leak in fuse]
NOTE: Fixed packages have already been prepared, pending upload and/or security team upload
- fuse (unfixed; bug #311634)
@@ -280,10 +284,9 @@
CAN-2005-XXXX [Minor DoS condition in mutt due to preditable tempfiles]
- mutt (unfixed; bug #311296)
CAN-2005-XXXX [gforge arbitrary code execution through viewFile.php]
- NOTE: According to advisory posted to Bugtraq fixed in 3.1-30, however it's
- NOTE: not mentioned in the changelog, so it's either a hidden fix or unfixed
- TODO: Check back with maintainer
- - gforge 3.1-30
+ NOTE: viewFile.php has been removed along with other files in -26, so Debian is
+ NOTE: no longer affected.
+ - gforge 3.1-26
CAN-2005-XXXX [osh buffer overflow]
- osh 1.7-13
CAN-2005-XXXX [xile buffer overrun in terminal code]