[Secure-testing-commits] r1099 - sarge-checks/CAN

[Moritz Muehlenhoff]

Author: jmm-guest
Date: 2005-05-19 09:54:22 +0000 (Thu, 19 May 2005)
New Revision: 1099

Modified:
   sarge-checks/CAN/list
Log:
Updates on viewglob and kernel.


Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-05-19 09:14:19 UTC (rev 1098)
+++ sarge-checks/CAN/list	2005-05-19 09:54:22 UTC (rev 1099)
@@ -52,9 +52,7 @@
 CAN-2005-1628 (WebAPP apage.cgi allows remote attackers to execute arbitrary commands ...)
 	NOTE: not-for-us (WebAPP)
 CAN-2005-1627 (Unknown vulnerability in Viewglob before 2.0.1, related to "a ...)
-	NOTE: The reporter of the supposed vulnerability is the Debian maintainer; I've
-	NOTE: send him mail wrt his plans for this fix
-	TODO: Recheck with maintainer
+	NOTE: The 1.x version in Sarge and sid is not vulnerable
 CAN-2005-1626 (Multiple buffer overflows in handlers.c for Pico Server (pServ) before ...)
 	NOTE: not-for-us (Pico Server)
 CAN-2005-1625
@@ -140,7 +138,7 @@
 CAN-2005-XXXX [libxpm4: new s_popen() function is insecure garbage]
 	- libxpm4 (unfixed; bug #308783)
 CAN-2005-1589 [Local privilege escalation in the Linux kernel's pktcdvd ioctl]
-	- kernel-source-2.6.8 (unfixed; bug #309429)
+	NOTE: According to Horms from kernel team 2.6.8 not affected
 	- kernel-source-2.6.11 2.6.11-5
 CAN-2005-1588 (SQL injection vulnerability in index.php for Quick.cart 0.3.0 allows ...)
 	NOTE: not-for-us (Quick.cart)
@@ -1618,7 +1616,7 @@
 CAN-2005-1265
 	NOTE: reserved
 CAN-2005-1264 [Local privilege escalation in the Linux kernel's raw ioctl]
-	- kernel-source-2.6.8 (unfixed; bug #309429)
+	- kernel-source-2.6.8 2.6.8-15sarge1
 	- kernel-source-2.6.11 2.6.11-5
 CAN-2005-1263 [Linux kernel ELF core dump privilege escalation]
 	- kernel-source-2.6.11 2.6.11 2.6.11-4