[Secure-testing-commits] r574 - sarge-checks/CAN

Moritz Muehlenhoff jmm-guest@costa.debian.org
Thu, 17 Mar 2005 18:16:51 +0100


Author: jmm-guest
Date: 2005-03-17 18:16:48 +0100 (Thu, 17 Mar 2005)
New Revision: 574

Modified:
   sarge-checks/CAN/list
Log:
xli seems fixed, but one the fixes requires further evaluation.


Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-03-17 17:13:29 UTC (rev 573)
+++ sarge-checks/CAN/list	2005-03-17 17:16:48 UTC (rev 574)
@@ -362,12 +362,16 @@
 CAN-2005-0640 (Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not ...)
 	NOTE: not-for-us (Computer Associates UAM)
 CAN-2005-0639 (Multiple vulnerabilities in xli before 1.17 may allow remote attackers ...)
-	- xli (unfixed; bug #298039)
+	- xli 1.17.0-17
 	NOTE: I think xloadimage might be also vulnerable, I have mailed 
 	NOTE: Tavis Ormandy  about this. -- Djoume
+	NOTE: Bug maintainer to mention CAN-id in changelog - jmm
 CAN-2005-0638 (xloadimage before 4.1-r2, and xli before 1.17, allows attackers to ...)
 	- xli (unfixed; bug #298039)
 	- xloadimage 4.1-14.1
+	NOTE: The bug closer for 289039 claims that fixed, but I can't find an obvious
+	NOTE: fix in the interdiff between -16 and -17, needs further evaluation - jmm
+	NOTE: Bug maintainer to mention CAN-id in changelog - jmm
 CAN-2005-0637 (The copy functions in locore.s in OpenBSD 3.5 and 3.6 may allow ...)
 	NOTE: not-for-us (OpenBSD)
 CAN-2005-0636 (Format string vulnerability in Foxmail Server 2.0 allows remote ...)
@@ -9761,6 +9765,7 @@
 CAN-2001-0777 (Omnicron OmniHTTPd 2.0.8 allows remote attackers to cause a denial of ...)
 CAN-2001-0776 (Buffer overflow in DynFX MailServer version 2.10 allows remote ...)
 CAN-2001-0775 (Buffer overflow in xloadimage 4.1 (aka xli 1.16 and 1.17) in Linux ...)
+	- xli 1.17.0-17
 CAN-2001-0772 (Buffer overflows and other vulnerabilities in multiple Common Desktop ...)
 CAN-2001-0771 (Spytech SpyAnywhere 1.50 allows remote attackers to gain administrator ...)
 CAN-2001-0768 (GuildFTPd 0.9.7 stores user names and passwords in plaintext in the ...)