[Secure-testing-commits] r1236 - data/CAN
Moritz Muehlenhoff
jmm-guest@costa.debian.org
Fri, 17 Jun 2005 12:40:54 +0000
Author: jmm-guest
Date: 2005-06-17 12:40:51 +0000 (Fri, 17 Jun 2005)
New Revision: 1236
Modified:
data/CAN/list
Log:
checked telnet environment variable disclosure
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-06-17 11:25:57 UTC (rev 1235)
+++ data/CAN/list 2005-06-17 12:40:51 UTC (rev 1236)
@@ -4868,7 +4868,10 @@
CAN-2003-1085 (The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem ...)
NOTE: not-for-us (Thomson cable modem)
CAN-2005-0488 (Certain BSD-based Telnet clients, including those used on Solaris and ...)
- TODO: check
+ NOTE: netkit-telnet not affected
+ TODO: check heimdal
+ - krb4 (unfixed)
+ - krb5 (unfixed)
CAN-2004-1639 (Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows ...)
NOTE: This is not a real security issue; it just describes the fact that the Gecko
NOTE: engine of the Mozillae may be lead into a crash if you feed it with large chunks