[Secure-testing-commits] r1031 - sarge-checks/CAN

Joey Hess joeyh@costa.debian.org
Tue, 10 May 2005 18:16:04 +0000 

Author: joeyh
Date: 2005-05-10 18:16:01 +0000 (Tue, 10 May 2005)
New Revision: 1031

Modified:
   sarge-checks/CAN/list
Log:
updates from Moritz, who cannot commit ATM


Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-05-10 09:14:18 UTC (rev 1030)
+++ sarge-checks/CAN/list	2005-05-10 18:16:01 UTC (rev 1031)
@@ -1,3 +1,7 @@
+CAN-2005-XXXX [kfreebsd5-source: FreeBSD Security Advisory FreeBSD-SA-05:04.ifconf]
+	- kfreebsd5-source 5.3-10
+CAN-2005-XXXX [phpbb2: Security issue in url/bbcode]
+	- phpbb2 (unfixed; bug #308282)
 CAN-2005-1477 (The install function in Firefox 1.0.3 allows remote web sites on the ...)
 	TODO: check
 CAN-2005-1476 (Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript ...)
@@ -30,7 +34,7 @@
 CAN-2005-XXXX [base-config: World readable config file might reveal password data]
 	- base-config (unfixed; bug #305142)
 CAN-2005-XXXX [Logging bypassing through SIGHUP in syslog-ng]
-	- syslog-ng (unfixed; bug #304894)
+	- syslog-ng 1.6.5-2.1
 CAN-2005-XXXX [tracksballs: Missing checks for symlinks when writing to predictable file names]
 	- trackballs (unfixed; bug #302454)
 CAN-2005-XXXX [Less secure default setting in pwgen or the lack documentation about it]
@@ -38,6 +42,7 @@
 CAN-2005-XXXX [Insecure handling of gpg passphrases in gabber]
 	- gabber (unfixed; bug #177776)
 CAN-2005-1470 (Multiple unknown vulnerabilities in the (1) TZSP, (2) MGCP, (3) ISUP, ...)
+	NOTE: backport in progress for this and other ethereal holes
 	- ethereal 0.10.11-1
 CAN-2005-1469 (Unknown vulnerability in the GSM dissector in Ethereal before 0.10.11 ...)
 	- ethereal 0.10.11-1
@@ -1878,7 +1883,7 @@
 CAN-2005-0755 (Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player ...)
 	- helix-player 1.0.4-1
 CAN-2005-0754 [Untrusted code execution in Kommander]
-	- kdewebdev 3.3.2-6 
+	- kdewebdev 3.3.2-6
 CAN-2005-0753 [Buffer overflow and several memory access problems in CVS]
 	- cvs 1.12.9-13
 CAN-2005-0752 [PLUGINSPAGE privileged javascript execution in Firefox] 
@@ -2377,6 +2382,7 @@
 CAN-2005-0605 (scan.c for LibXPM may allow attackers to execute arbitrary code via a ...)
 	{DSA-723-1}
 	- lesstif1 1:0.93.94-11.1
+	NOTE: xfree86 upload being prepared
 	- libxpm4 (unfixed; bug #299272)
 CAN-2005-0604 (lnss.exe in GFI Languard Network Security Scanner 5.0 stores the ...)
 	NOTE: not-for-us (GFI Languard Network Security Scanner)
@@ -3399,7 +3405,8 @@
 	{DSA-702-1}
 	- imagemagick 6:6.0.6.2-2.2
 CAN-2005-0396 (Desktop Communication Protocol (DCOP) daemon, aka dcopserver, in KDE ...)
-	- kdelibs 3.3.2-4
+	NOTE: fix in -4 was broken
+	- kdelibs 3.3.2-6
 CAN-2005-0395
 	NOTE: reserved
 CAN-2005-0394