[Secure-testing-commits] r1072 - sarge-checks/CAN
Joey Hess
joeyh@costa.debian.org
Mon, 16 May 2005 18:01:28 +0000
Author: joeyh
Date: 2005-05-16 18:01:25 +0000 (Mon, 16 May 2005)
New Revision: 1072
Modified:
sarge-checks/CAN/list
Log:
new holes, some NMUs, other updates
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-05-15 19:30:43 UTC (rev 1071)
+++ sarge-checks/CAN/list 2005-05-16 18:01:25 UTC (rev 1072)
@@ -1,3 +1,8 @@
+CAN-2005-XXXX [vpnc: config file path security hole]
+ NOTE: no bug ever filed for this
+ - vpnc 0.3.2+SVN20050326-2
+CAN-2005-XXXX [DoS security problem in gnutls]
+ - gnutls (unfixed; bug #309111)
CAN-2005-XXXX [DNS response spoofing in Squid]
- squid 2.5.9-9
CAN-2005-XXXX [Several buffer overflows in termpkg]
@@ -826,8 +831,6 @@
TODO: check
CAN-2001-1477 (The Domain gateway in BEA Tuxedo 7.1 does not perform authorization ...)
TODO: check
-CAN-2005-XXXX [kfreebsd5-source: FreeBSD Security Advisory FreeBSD-SA-05:04.ifconf]
- - kfreebsd5-source 5.3-10
CAN-2005-XXXX [phpbb2: Security issue in url/bbcode]
- phpbb2 2.0.13+1-6
CAN-2005-1477 (The install function in Firefox 1.0.3 allows remote web sites on the ...)
@@ -930,6 +933,7 @@
- eskuel (unfixed; bug #163653)
CAN-2005-XXXX [48 new vulnerabilities in Ethereal]
TODO: um, why is this under an ethereal pseudo-CAN?
+ NOTE: t-p-u fix approved but lacking a few builds
- elog 2.5.7+r1558-2
CAN-2005-XXXX [Unspeficied security issue in ipsec-tool's single DES support]
- ipsec-tools 0.5.2-1
@@ -1026,7 +1030,7 @@
CAN-2005-1407 (Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the ...)
NOTE: not-for-us (Skype)
CAN-2005-1406 (The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly ...)
- NOTE: not-for-us (FreeBSD)
+ - kfreebsd5-source 5.3-10
CAN-2005-1405 (HTTP response splitting vulnerability in the @SetHTTPHeader function ...)
NOTE: not-for-us (Lotus Domino)
CAN-2005-1404 (MyPHP Forum 1.0 allows remote attackers to spoof the username by ...)
@@ -1038,9 +1042,9 @@
CAN-2005-1401 (Format string vulnerability in the client for Mtp-Target 1.2.2 and ...)
NOTE: not-for-us (Mtp-Target)
CAN-2005-1400 (The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 ...)
- NOTE: not-for-us (FreeBSD)
+ - kfreebsd5-source 5.3-10
CAN-2005-1399 (FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions ...)
- NOTE: not-for-us (FreeBSD)
+ - kfreebsd5-source 5.3-10
CAN-2004-1778 (Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other versions, ...)
NOTE: not-for-us (Skype)
CAN-2004-1777 (A "range check error" in Skype for Windows before 0.98.0.28 allows ...)
@@ -1209,11 +1213,11 @@
CAN-2005-1323 (Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows remote ...)
NOTE: not-for-us (NetTerm)
CAN-2005-1322 (Cross-site scripting (XSS) vulnerability in Horde Nag Task List ...)
- - nag (unfixed; bug #307173)
+ - nag 1.1-3.1
CAN-2005-1321 (Cross-site scripting (XSS) vulnerability in Horde Vacation module ...)
- sork-vacation 2.2.2-1
CAN-2005-1320 (Cross-site scripting (XSS) vulnerability in Horde Mnemo Note Manager ...)
- - mnemo (unfixed; bug #307180)
+ - mnemo 1.1-2.1
TODO: check whether nmeno2 is affected as well, mnemo2 is not in Sarge
CAN-2005-1319 (Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client ...)
NOTE: imp4 is not affected
@@ -1342,14 +1346,12 @@
- kernel-source-2.4.27 2.4.27-10
CAN-2005-1262
NOTE: reserved
- - gaim 1:1.3.0-1
NOTE: see http://gaim.sourceforge.net/security/
- NOTE: backport needed for testing
+ - gaim
CAN-2005-1261
NOTE: reserved
- - gaim 1:1.3.0-1
NOTE: see http://gaim.sourceforge.net/security/
- NOTE: backport needed for testing
+ - gaim
CAN-2005-1260
NOTE: reserved
CAN-2005-1259
@@ -4324,7 +4326,8 @@
CAN-2005-0367 (Multiple directory traversal vulnerabilities in ArGoSoft Mail Server ...)
NOTE: not-for-us (ArGoSoft Mail Server)
CAN-2005-0366 (The integrity check feature in OpenPGP, when handling a message that ...)
- - gnupg (unfixed; bug #300859)
+ - gnupg 1.4.1-1
+ NOTE: vorlon approved new upstream release to testing
CAN-2005-0364 (Unknown vulnerability in BIND 9.2.0 in HP-UX B.11.00, B.11.11, and ...)
NOTE: not-for-us (bind on hp-ux)
CAN-2005-0361