[Secure-testing-commits] r1028 - sarge-checks/CAN
Joey Hess
joeyh@costa.debian.org
Tue, 10 May 2005 04:38:02 +0000
Author: joeyh
Date: 2005-05-10 04:37:59 +0000 (Tue, 10 May 2005)
New Revision: 1028
Modified:
sarge-checks/CAN/list
Log:
add more notes about sarge propigation
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-05-10 03:58:37 UTC (rev 1027)
+++ sarge-checks/CAN/list 2005-05-10 04:37:59 UTC (rev 1028)
@@ -5,6 +5,10 @@
- mailutils (unfixed; bug #308031)
CAN-2005-XXXX [maradns: More frequent rekeying to mitigate possible AES attacks]
- maradns 1.0.27-1
+ NOTE: new upstream not suitable for testing.
+ NOTE: patch at http://www.maradns.org/download/patches/maradns-1.0.26-rekey_rng.patch
+ NOTE: applies to verson in testing, pinged maintainer about a backport
+ - maradns (unfixed in testing; bug #307662)
CAN-2005-XXXX [Temp file races in gs-gpl addons scripts]
- gs-gpl (unfixed; bug #291373)
CAN-2005-XXXX [Possible SQL injection in freeradius]
@@ -59,6 +63,7 @@
NOTE: reserved
CAN-2005-1453 (fetchnews in leafnode 1.9.48 to 1.11.1 allows remote NNTP servers to ...)
- leafnode 1.11.2.rel-1
+ NOTE: not yet fixed in sarge, may need backport.
CAN-2004-2069 (sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, ...)
TODO: check
CAN-2004-2068 (fetchnews in leafnode 1.9.47 and earlier allows remote attackers to ...)