[Secure-testing-commits] r553 - sarge-checks/CAN
Micah Anderson
micah@costa.debian.org
Mon, 14 Mar 2005 21:34:45 +0100
Author: micah
Date: 2005-03-14 21:34:42 +0100 (Mon, 14 Mar 2005)
New Revision: 553
Modified:
sarge-checks/CAN/list
Log:
Some more updates on kernel CANs
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-03-14 10:03:23 UTC (rev 552)
+++ sarge-checks/CAN/list 2005-03-14 20:34:42 UTC (rev 553)
@@ -2107,10 +2107,10 @@
CAN-2005-0208 (The HTML parsing functions in Gaim before 1.1.4 allow remote attackers ...)
- gaim 1:1.1.4
CAN-2005-0207 (Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows ...)
- NOTE: I *think* that this is http://www.acm.cs.rpi.edu/~dilinger/patches/2.6.10/as2/linux-2.6.10-as2/026-nfs_o_direct_error.patch
- NOTE: but the advisory doesn't specify, I've emailed Conectiva to find out, if it is
- NOTE: then it is fixed in 2.6.10 and will be fixed in 2.6.8-14
- TODO: micah waiting on response from conectiva
+ NOTE: this is http://www.acm.cs.rpi.edu/~dilinger/patches/2.6.10/as2/linux-2.6.10-as2/026-nfs_o_direct_error.patch
+ NOTE: fixed in 2.6.10
+ TODO: fix for 2.6.9 needed?
+ - kernel-source-2.6.8 2.6.8-14
CAN-2005-0206 (The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 ...)
TODO: check
CAN-2005-0205 (KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain ...)