[Secure-testing-commits] r574 - sarge-checks/CAN
Moritz Muehlenhoff
jmm-guest@costa.debian.org
Thu, 17 Mar 2005 18:16:51 +0100
Author: jmm-guest
Date: 2005-03-17 18:16:48 +0100 (Thu, 17 Mar 2005)
New Revision: 574
Modified:
sarge-checks/CAN/list
Log:
xli seems fixed, but one the fixes requires further evaluation.
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-03-17 17:13:29 UTC (rev 573)
+++ sarge-checks/CAN/list 2005-03-17 17:16:48 UTC (rev 574)
@@ -362,12 +362,16 @@
CAN-2005-0640 (Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not ...)
NOTE: not-for-us (Computer Associates UAM)
CAN-2005-0639 (Multiple vulnerabilities in xli before 1.17 may allow remote attackers ...)
- - xli (unfixed; bug #298039)
+ - xli 1.17.0-17
NOTE: I think xloadimage might be also vulnerable, I have mailed
NOTE: Tavis Ormandy about this. -- Djoume
+ NOTE: Bug maintainer to mention CAN-id in changelog - jmm
CAN-2005-0638 (xloadimage before 4.1-r2, and xli before 1.17, allows attackers to ...)
- xli (unfixed; bug #298039)
- xloadimage 4.1-14.1
+ NOTE: The bug closer for 289039 claims that fixed, but I can't find an obvious
+ NOTE: fix in the interdiff between -16 and -17, needs further evaluation - jmm
+ NOTE: Bug maintainer to mention CAN-id in changelog - jmm
CAN-2005-0637 (The copy functions in locore.s in OpenBSD 3.5 and 3.6 may allow ...)
NOTE: not-for-us (OpenBSD)
CAN-2005-0636 (Format string vulnerability in Foxmail Server 2.0 allows remote ...)
@@ -9761,6 +9765,7 @@
CAN-2001-0777 (Omnicron OmniHTTPd 2.0.8 allows remote attackers to cause a denial of ...)
CAN-2001-0776 (Buffer overflow in DynFX MailServer version 2.10 allows remote ...)
CAN-2001-0775 (Buffer overflow in xloadimage 4.1 (aka xli 1.16 and 1.17) in Linux ...)
+ - xli 1.17.0-17
CAN-2001-0772 (Buffer overflows and other vulnerabilities in multiple Common Desktop ...)
CAN-2001-0771 (Spytech SpyAnywhere 1.50 allows remote attackers to gain administrator ...)
CAN-2001-0768 (GuildFTPd 0.9.7 stores user names and passwords in plaintext in the ...)