[Secure-testing-commits] r973 - sarge-checks/CAN
Moritz Muehlenhoff
jmm-guest@costa.debian.org
Tue, 03 May 2005 22:13:25 +0000
Author: jmm-guest
Date: 2005-05-03 22:13:18 +0000 (Tue, 03 May 2005)
New Revision: 973
Modified:
sarge-checks/CAN/list
Log:
bugnums for kernel DoS issues.
I don't think the Postgres salt issue is a real problem, if anyone
disgrees please file a bug.
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-05-03 21:44:38 UTC (rev 972)
+++ sarge-checks/CAN/list 2005-05-03 22:13:18 UTC (rev 973)
@@ -58,9 +58,9 @@
CAN-2005-1370 (Unknown vulnerability in Radia Management Agent (RMA) in HP OpenView ...)
NOTE: not-for-us (HO OpenView)
CAN-2005-1369 (The (1) it87 and (2) via686a drivers in I2C for Linux 2.6.x before ...)
- - kernel-source-2.6.8 (unfixed; bug filed)
+ - kernel-source-2.6.8 (unfixed; bug #307552)
CAN-2005-1368 (The key_user_lookup function in security/keys/key.c in Linux kernel ...)
- - kernel-source-2.6.8 (unfixed; bug filed)
+ - kernel-source-2.6.8 (unfixed; bug #307553)
CAN-2005-1367
NOTE: reserved
CAN-2005-1366
@@ -401,7 +401,9 @@
CAN-2005-1205
NOTE: reserved
CAN-2002-1657 (PostgreSQL uses the username for a salt when generating passwords, ...)
- TODO: check
+ NOTE: This is not a real world problem; it's only applicable in rare circurstances
+ NOTE: like someone analysing stolen user database information and even then the gain
+ NOTE: is slim. In that case SHA256 hashes would be more appropriate anyway.
CAN-2005-XXXX [libpam-ssh: Inproper caching of pwd data with potential security implications]
- libpam-ssh 1.91.0-9
CAN-2005-1204 (Desktop Rover 3.0, and possibly earlier versions, allows remote ...)