[Secure-testing-commits] r1021 - sarge-checks/CAN
Joey Hess
joeyh@costa.debian.org
Sun, 08 May 2005 17:49:43 +0000
Author: joeyh
Date: 2005-05-08 17:49:40 +0000 (Sun, 08 May 2005)
New Revision: 1021
Modified:
sarge-checks/CAN/list
Log:
some notes on getting fixes to testing
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-05-08 16:54:59 UTC (rev 1020)
+++ sarge-checks/CAN/list 2005-05-08 17:49:40 UTC (rev 1021)
@@ -65,6 +65,10 @@
CAN-2005-XXXX [Missing input validation in xtradius]
- xtradius (unfixed; bug #307796)
CAN-2005-XXXX [fai tempfile vulnerability]
+ NOTE: vorlon reviewed fai 2.8.2 and its changes are ok, but 2.8.1
+ NOTE: had many changes that are not appropriate for the freeze.
+ NOTE: 2.8 needs to be patched with the security fixes in 2.8.2
+ NOTE: and uploaded to t-p-u.
- fai 2.8.2
CAN-2005-XXXX [nvu uses old version of mozilla]
NOTE: contains old copy of xpcom library
@@ -446,6 +450,7 @@
CAN-2005-1276
NOTE: reserved
CAN-2005-1275 (Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ...)
+ NOTE: fix accepted to testing, should reach it today (8 may)
- imagemagick 6:6.0.6.2-2.3
CAN-2005-1274 (Stack-based buffer overflow in the getIfHeader function in the WebDAV ...)
- maxdb-7.5.00 7.5.00.26-1
@@ -1749,6 +1754,8 @@
CAN-2005-0807 (Multiple buffer overflows in Cain & Abel before 2.67 allow remote ...)
NOTE: not-for-us (Cain & Abel)
CAN-2005-0806 (Evolution 2.0.3 allows remote attackers to cause a denial of service ...)
+ NOTE: joeyh reviewed t-p-u version for testing, found non-security
+ NOTE: changes and has asked maintainer for explanation
- evolution 2.0.4-2
- evolution-data-server1.2 1.2.2-1
CAN-2005-0805 (SQL injection vulnerability in index.php in Subdreamer Light, when ...)