[Secure-testing-commits] r1172 - sarge-checks/CAN

Moritz Muehlenhoff jmm-guest@costa.debian.org
Sun, 29 May 2005 13:55:43 +0000 

Author: jmm-guest
Date: 2005-05-29 13:55:40 +0000 (Sun, 29 May 2005)
New Revision: 1172

Modified:
   sarge-checks/CAN/list
Log:
one new kernel issue and a bit of house keeping


Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-05-29 13:40:42 UTC (rev 1171)
+++ sarge-checks/CAN/list	2005-05-29 13:55:40 UTC (rev 1172)
@@ -3290,7 +3290,7 @@
 	NOTE: see http://bugs.gentoo.org/show_bug.cgi?id=90626
 	- gzip 1.3.5-10
 CAN-2005-0757 (The xattr file system code on Linux 2.4.x on 64-bit systems does not ...)
-	TODO: check
+        - kernel-source-2.4.27 (unfixed; bug filed)
 CAN-2005-0756
 	NOTE: reserved
 CAN-2005-0755 (Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player ...)
@@ -5723,7 +5723,7 @@
 CAN-2005-0135 (The unw_unwind_to_user function in unwind.c on Itanium (ia64) ...)
 	- kernel-source-2.6.8 2.6.8-14
 CAN-2005-0134 (The X server in SCO UnixWare 7.1.1, 7.1.3, and 7.1.4 does not properly ...)
-	TODO: check
+        NOTE: not-for-us (SCO UnixWare)
 CAN-2004-1381 (Firefox before 1.0 and Mozilla before 1.7.5 allow inactive ...)
 	- mozilla-firefox 1.0
 	- mozilla 2:1.7.5
@@ -5947,7 +5947,7 @@
 CAN-2005-0041
 	NOTE: reserved
 CAN-2005-0040 (Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke ...)
-	TODO: check
+	NOTE: not-for-us (DotNetNuke)
 CAN-2005-0039 (Certain configurations of IPsec, when using Encapsulating Security ...)
 	TODO: check
 CAN-2005-0038
@@ -8117,7 +8117,7 @@
 CAN-2004-0463
 	NOTE: reserved
 CAN-2004-0462 (The built-in web servers for multiple networking devices do not set ...)
-	TODO: check
+	NOTE: not-for-us (Multiple embedded hardware vendors)
 CAN-2004-0461 (The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when ...)
 	NOTE: debian probably not vulnerable
 	- dhcp3 3.0.1
@@ -10397,7 +10397,7 @@
 CAN-2003-0364 (The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows ...)
 	{DSA-442 DSA-336 DSA-332 DSA-311}
 CAN-2003-0363 (Format string vulnerability in LICQ 1.2.6, 1.0.3 and possibly other ...)
-	TODO: check
+        - licq 1.2-7-1
 CAN-2003-0362 (Buffer overflow in gPS before 0.10.2 may allow local users to cause a ...)
 	{DSA-307}
 CAN-2003-0361 (gPS before 1.1.0 does not properly follow the rgpsp connection source ...)