[Secure-testing-commits] r608 - sarge-checks/CAN

Micah Anderson micah@costa.debian.org
Tue, 22 Mar 2005 08:45:23 +0100 

Author: micah
Date: 2005-03-22 08:45:20 +0100 (Tue, 22 Mar 2005)
New Revision: 608

Modified:
   sarge-checks/CAN/list
Log:
Bug and notes for 2005-0210, 0209 and some others


Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-03-22 07:30:00 UTC (rev 607)
+++ sarge-checks/CAN/list	2005-03-22 07:45:20 UTC (rev 608)
@@ -2290,9 +2290,12 @@
 	{DSA-667-1}
 CAN-2005-0210 (Netfilter in the Linux kernel 2.6.8.1 allows local users to cause a ...)
 	NOTE: fixed in ubuntu kernels
-	TODO: check with kernel team
+	NOTE: 2.6.11 is not affected, apparantly 2.6.10 is no longer relevant
+	- kernel-source-2.6.8 (unfixed; bug#300838)
+	- kernel-source-2.4.27 2.4.27-9
 CAN-2005-0209 (Netfilter in Linux kernel 2.6.8.1 allows remote attackers to cause a ...)
-	TODO: check
+	NOTE: <horms> all kernels seem to be clear with regards to 2005-0209
+	NOTE: <dilinger> http://oss.sgi.com/archives/netdev/2005-01/msg01072.html resolves this and it is in all our kernels
 CAN-2005-0208 (The HTML parsing functions in Gaim before 1.1.4 allow remote attackers ...)
 	- gaim 1:1.1.4
 CAN-2005-0207 (Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows ...)
@@ -2300,10 +2303,11 @@
 	NOTE: http://linux.bkbits.net:8080/linux-2.6/cset@41db2d65wbgJvuXTv4x9_quExW0vEA
 	NOTE: fixed in upstream 2.6.10, 2.6.9 is dead
 	- kernel-source-2.6.8 2.6.8-14
-	- kernel-source-2.6.8 2.6.8-14
 CAN-2005-0206 (The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 ...)
 	- tetex-bin (unfixed; bug #300182)
 	TODO: check other packages
+	NOTE: Also needs to be checked in pdftex (in tetex-bin) gpdf, kpdf/kdegraphics, cupsysnd and pdftohtml all have xpdf code 
+	NOTE: found this: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=135393
 CAN-2005-0205 (KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain ...)
 	{DSA-692-1}
 	- kppp 4:3.1.6
@@ -6748,7 +6752,7 @@
 	NOTE: affects multiple S/MIME implementations
 	NOTE: checked current mozilla, which contains safe NSS 3.9.1
 	- mozilla 2:1.7.3
-	TODO: see if anything else in debian uses S/MIME and is vulnerable.
+	TODO: see if anything else in debian uses S/MIME and is vulnerable, mutt has S/MIME unknown if its vulnerable
 CAN-2003-0563
 	NOTE: reserved
 CAN-2003-0562 (Buffer overflow in the CGI2PERL.NLM PERL handler in Novell Netware 5.1 ...)