[Secure-testing-commits] r1129 - sarge-checks/CAN

Moritz Muehlenhoff jmm-guest@costa.debian.org
Sun, 22 May 2005 10:17:22 +0000


Author: jmm-guest
Date: 2005-05-22 10:17:19 +0000 (Sun, 22 May 2005)
New Revision: 1129

Modified:
   sarge-checks/CAN/list
Log:
Some updates.


Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-05-22 00:07:30 UTC (rev 1128)
+++ sarge-checks/CAN/list	2005-05-22 10:17:19 UTC (rev 1129)
@@ -1201,14 +1201,11 @@
 CAN-2005-XXXX [Missing input validation in xtradius]
 	- xtradius (unfixed; bug #307796)
 CAN-2005-XXXX [fai tempfile vulnerability]
-	NOTE: vorlon reviewed fai 2.8.2 and its changes are ok, but 2.8.1
-	NOTE: had many changes that are not appropriate for the freeze.
-	NOTE: 2.8 needs to be patched with the security fixes in 2.8.2
-	NOTE: and uploaded to t-p-u.
 	- fai 2.8.2
 CAN-2005-XXXX [nvu uses old version of mozilla]
 	NOTE: contains old copy of xpcom library
 	NOTE: have not checked to see which security holes re in it exatly
+	NOTE: Has been removed from Sarge
 	- nvu (unfixed; bug #306822)
 CAN-2005-XXXX [eskuel: arbitrary file retreiving]
 	- eskuel 1.0.5-3.1
@@ -1393,10 +1390,10 @@
 CAN-2005-1369 (The (1) it87 and (2) via686a drivers in I2C for Linux 2.6.x before ...)
 	NOTE: does not affect 2.4.27 per horms
 	- kernel-source-2.6.8 2.6.8-16
-	- kernel-source-2.6.11 (unfixed; fix in svn; bug #307552)
+	- kernel-source-2.6.11 2.6.11-4
 CAN-2005-1368 (The key_user_lookup function in security/keys/key.c in Linux kernel ...)
 	NOTE: does not affect 2.6.8, 2.4.27 per horms
-	- kernel-source-2.6.11 (unfixed; fix in svn; bug #307553)
+	- kernel-source-2.6.11 2.6.11-4
 CAN-2005-1367 (Pico Server (pServ) 3.2 and earlier allows local users to read ...)
 	NOTE: not-for-us (pServ)
 CAN-2005-1366 (Pico Server (pServ) 3.2 and earlier allows remote attackers to obtain ...)