[Secure-testing-commits] r677 - sarge-checks/CAN
Moritz Muehlenhoff
jmm-guest@costa.debian.org
Tue, 29 Mar 2005 12:47:53 +0000
Author: jmm-guest
Date: 2005-03-29 12:47:50 +0000 (Tue, 29 Mar 2005)
New Revision: 677
Modified:
sarge-checks/CAN/list
Log:
mathopd has been fixed.
Two vulns affecting 2.4 as well, as they have been fixed in 2.4.30rc2.
Could someone with decent net access wade through debian-kernel SVN and
file bugs if they are not yet fixed?
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-03-29 06:04:49 UTC (rev 676)
+++ sarge-checks/CAN/list 2005-03-29 12:47:50 UTC (rev 677)
@@ -208,7 +208,7 @@
CAN-2005-0825 (Buffer overflow in LTris before 1.0.10 allows local users to execute ...)
- ltris 1.0.6-1.1
CAN-2005-0824 (The internal_dump function in Mathopd before 1.5p5, and 1.6x before ...)
- - mathopd (unfixed; bug #301366)
+ - mathopd 1.5p5-1
CAN-2001-1433 (Cherokee web server before 0.2.7 does not properly drop root ...)
NOTE: not-for-us (Cherokee not in Debian)
CAN-2001-1432 (Directory traversal vulnerability in Cherokee Web Server allows remote ...)
@@ -374,12 +374,13 @@
NOTE: reserved
CAN-2005-0751
NOTE: reserved
-CAN-2005-0750
+CAN-2005-0750 [Linux kernel af_bluetooth range check flaw; possibly local root]
+ - kernel-source-2.4.27 (unfixed)
+ - kernel-source-2.6.8 2.6.8-16
NOTE: reserved
NOTE: according to changelog, "Fix signedness problem at socket
NOTE: creation in bluetooth which can lead to local root exploit."
- - kernel-source-2.6.8 2.6.8-16
- TODO: does it also affect 2.4?
+ NOTE: Fixed in 2.4.30rc2, so 2.4 is affected as well
CAN-2005-0749
NOTE: reserved
CAN-2003-1131 (PHP remote code injection vulnerability in index.php in ...)
@@ -1842,11 +1843,11 @@
- mozilla-firefox 1.0.2-1
CAN-2005-0401 [Drag and drop loading of privileged XUL in Firefox]
- mozilla-firefox 1.0.2-1
-CAN-2005-0400
+CAN-2005-0400 [ext2 mkdir() directory entry random kernel memory leak]
+ - kernel-source-2.4.27 (unfixed)
+ - kernel-source-2.6.8 2.6.8-16
NOTE: reserved
NOTE: according to changelog, "Fix information leak in ext2."
- - kernel-source-2.6.8 2.6.8-16
- TODO: check 2.4
CAN-2005-0399 [GIF heap overflow parsing Netscape extension 2 in Firefox]
- mozilla-firefox 1.0.2-1
CAN-2005-0398 (The KAME racoon daemon in ipsec-tools before 0.5 allows remote ...)