[Secure-testing-commits] r566 - in sarge-checks: CAN CVE DSA

Joey Hess joeyh@costa.debian.org
Thu, 17 Mar 2005 00:46:00 +0100 

Author: joeyh
Date: 2005-03-17 00:45:56 +0100 (Thu, 17 Mar 2005)
New Revision: 566

Modified:
   sarge-checks/CAN/list
   sarge-checks/CVE/list
   sarge-checks/DSA/list
Log:
updates and corrections


Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-03-16 15:38:19 UTC (rev 565)
+++ sarge-checks/CAN/list	2005-03-16 23:45:56 UTC (rev 566)
@@ -169,7 +169,7 @@
 CAN-2002-1593 (mod_dav in Apache before 2.0.42 does not properly handle versioning ...)
 	- apache2 2.0.42
 CAN-2002-1592 (The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI ...)
-	- apache2 2.036
+	- apache2 2.0.36
 CAN-2002-1591 (AOL Instant Messenger (AIM) 4.7.2480 adds free.aol.com to the Trusted ...)
 	NOTE: not-for-us (AIM in MSIE)
 CAN-2005-0707 (Buffer overflow in the IMAP daemon (IMAP4d32.exe) for Ipswitch ...)
@@ -291,7 +291,7 @@
 CAN-2005-0674 (Cross-site scripting (XSS) vulnerability in the News module for paBox ...)
 	NOTE: not-for-us (Pabox for PHPNuke not in Debian)
 CAN-2005-0673 (Cross-site scripting (XSS) vulnerability in usercp_register.php for ...)
-	- phpbb2 (unfixed; bug #298690)
+	- phpbb2 2.0.13-2
 CAN-2005-0672 (Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows ...)
 	NOTE: not-for-us (Ca3DE)
 CAN-2005-0671 (Format string vulnerability in Carsten's 3D Engine (Ca3DE), March 2004 ...)
@@ -364,7 +364,7 @@
 	NOTE: Tavis Ormandy  about this. -- Djoume
 CAN-2005-0638 (xloadimage before 4.1-r2, and xli before 1.17, allows attackers to ...)
 	- xli (unfixed; bug #298039)
-	- xloadimage (unfixed; bug #298926)
+	- xloadimage 4.1-14.1
 CAN-2005-0637 (The copy functions in locore.s in OpenBSD 3.5 and 3.6 may allow ...)
 	NOTE: not-for-us (OpenBSD)
 CAN-2005-0636 (Format string vulnerability in Foxmail Server 2.0 allows remote ...)
@@ -1431,7 +1431,7 @@
 	NOTE: reserved
 CAN-2005-0398
 	NOTE: reserved
-	- racoon (unfixed; bug #299716)
+	- racoon 1:0.5-5
 CAN-2005-0397 (Format string vulnerability in ImageMagick before 6.0.2.5 allows ...)
 	- imagemagick 6:6.0.6.2-2.2
 CAN-2005-0396

Modified: sarge-checks/CVE/list
===================================================================
--- sarge-checks/CVE/list	2005-03-16 15:38:19 UTC (rev 565)
+++ sarge-checks/CVE/list	2005-03-16 23:45:56 UTC (rev 566)
@@ -543,7 +543,7 @@
 	- flashplugin-nonfree 6.0.69-1
 CVE-2002-1381
 	- exim4 4.11-0.0.1
-	- exim (unfixed; bug #171774)
+	- exim 3.36-14
 CVE-2002-1380
 	{DSA-336}
 	- kernel-source-2.2.25

Modified: sarge-checks/DSA/list
===================================================================
--- sarge-checks/DSA/list	2005-03-16 15:38:19 UTC (rev 565)
+++ sarge-checks/DSA/list	2005-03-16 23:45:56 UTC (rev 566)
@@ -1,6 +1,6 @@
 [14 Mar 2005] DSA-693-1 luxman - buffer overflow
 	{CAN-2005-0385}
-	- luxman 0.41-20
+	- luxman (unfixed; bug filed)
 	NOTE: not present in testing at time oF DSA
 	NOTE: not even in unstable yet, but DSA claimed it was
 [14 Mar 2005] DSA-662-2 squirrelmail - several