[Secure-testing-commits] r1070 - sarge-checks/CAN
Moritz Muehlenhoff
jmm-guest@costa.debian.org
Sun, 15 May 2005 19:17:48 +0000
Author: jmm-guest
Date: 2005-05-15 19:17:45 +0000 (Sun, 15 May 2005)
New Revision: 1070
Modified:
sarge-checks/CAN/list
Log:
shadow vipw fixed for sid
gnutls dos already tracked as CAN-2005-1431
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-05-15 18:55:01 UTC (rev 1069)
+++ sarge-checks/CAN/list 2005-05-15 19:17:45 UTC (rev 1070)
@@ -1,5 +1,3 @@
-CAN-2005-XXXX [DoS security problem in gnutls]
- - gnutls (unfixed; bug #309111)
CAN-2005-XXXX [DNS response spoofing in Squid]
- squid 2.5.9-9
CAN-2005-XXXX [Several buffer overflows in termpkg]
@@ -1122,7 +1120,8 @@
CAN-2005-XXXX [Insecure mailbox generation in passwd's useradd
- shadow (unfixed; bug #307259)
CAN-2005-XXXX [Insecure tempfile generation in shadow's vipw]
- - shadow (unfixed; bug #242407)
+ NOTE: Fixed in 4.0.3-33 for sid, Sarge would need an update through t-p-u
+ - shadow 4.0.3-33
CAN-2005-1364 (Multiple SQL injection vulnerabilities in MetaBid Auctions allow ...)
NOTE: not-for-us (MetaBid Auctions)
CAN-2005-1363 (Multiple SQL injection vulnerabilities in MetaCart 2.0 for PayFlow ...)