[Secure-testing-commits] r2272 - data/CAN

Moritz Muehlenhoff jmm-guest at costa.debian.org
Sun Oct 2 18:52:12 UTC 2005 

Author: jmm-guest
Date: 2005-10-02 18:52:08 +0000 (Sun, 02 Oct 2005)
New Revision: 2272

Modified:
   data/CAN/list
Log:
lots of bugnums, four older issues, two remain unfixed


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-10-02 17:51:04 UTC (rev 2271)
+++ data/CAN/list	2005-10-02 18:52:08 UTC (rev 2272)
@@ -1,3 +1,11 @@
+CAN-2005-XXXX [hdup inproperly preserves permissions on directories]
+	- hdup <unfixed> (bug #302790)
+CAN-2001-XXXX [crypt++ passes passwords through the command line]
+	- crypt++el <unfixed> (bug #105562; low)
+CAN-2004-XXXX [Two vulnerabilities in sredird]
+	- sredird 2.2.1-1.1 (bug #267098)
+CAN-2003-XXXX [fuzz: Insecure temp file usage]
+	- fuzz 0.6-7.1 (bug #183047)
 CAN-2004-XXXX [Local root exploit in calife]
 	TODO: Can someone read French? Then please rewrite the the title with
 	TODO: according to the information in the bug
@@ -3430,10 +3438,10 @@
 	NOT-FOR-US: Microsoft
 CAN-2005-2149 (config.php in Cacti 0.8.6e and earlier allows remote attackers to set ...)
 	{DSA-764-1}
-	- cacti 0.8.6f-1 (bug #315590; high)
+	- cacti 0.8.6f-1 (bug #316590; high)
 CAN-2005-2148 (Cacti 0.8.6e and earlier does not perform proper input validation to ...)
 	{DSA-764-1}
-	- cacti 0.8.6f-1 (bug #315590; high)
+	- cacti 0.8.6f-1 (bug #316590; high)
 CAN-2005-2147 (Trac before 0.8.4 allows remote attackers to read or upload arbitrary ...)
 	TODO: Check, whether this was covered by DSA-739 as well
 	- trac 0.8.4-1
@@ -5105,7 +5113,7 @@
 	NOT-FOR-US: Novell
 CAN-2005-1751 (Race condition in shtool 2.0.1 and earlier allows local users to ...)
 	{DSA-789-1 DTSA-15-1}
-	- shtool 2.0.1-2 (low)
+	- shtool 2.0.1-2 (bug #311206; low)
 	- mysql-ocaml 1.0.3-6 (bug #314464; low)
 	- php4 4:4.3.10-16etch1 (low)
 	NOTE: the patch applied to NMU #311206 fixes both CAN-2005-1759 and CAN-2005-1751
@@ -6775,8 +6783,7 @@
 CAN-2005-1432
 	RESERVED
 CAN-2005-1431 (The &quot;record packet parsing&quot; in GnuTLS 1.2 before 1.2.3 and 1.0 before ...)
-	NOTE: Sarge will get a different fix with only the security fix
-	- gnutls11 1.0.16-13.1
+	- gnutls11 1.0.16-13.1 (bug #309111; bug 307641)
 CAN-2005-1430 (Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo ...)
 	NOT-FOR-US: Mac OS X
 CAN-2005-1429 (SQL injection vulnerability in login.asp in WWWguestbook 1.1 allows ...)
@@ -11044,7 +11051,7 @@
 CAN-2005-0118 (helvis 1.8h2_1 and earlier stores recovery files in world readable ...)
 	NOT-FOR-US: helvis
 CAN-2005-0117 (Buffer overflow in XShisen before 1.36 allows local users to execute ...)
-	- xshisen 1.51-1-1.1
+	- xshisen 1.51-1-1.1 (bug #289784)
 CAN-2005-0116 (AWStats 6.1, and other versions before 6.3, allows remote attackers to ...)
 	- awstats 6.2-1.1
 CAN-2005-0115 (Stack-based buffer overflow in DataRescue Interactive Disassembler ...)
@@ -11909,7 +11916,7 @@
 CAN-2004-1128 (Buffer overflow in CMailCOM.dll in CMailServer 5.2 allows remote ...)
 	NOT-FOR-US: CMailServer
 CAN-2004-1127 (Buffer overflow in Open Dc Hub 0.7.14 allows remote attackers, with ...)
-	- opendchub 0.7.14-1.1 (bug #284350)
+	- opendchub 0.7.14-1.1 (bug #284350; bug #283061)
 CAN-2004-1126
 	RESERVED
 CAN-2004-1125 (Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, ...)
@@ -12150,7 +12157,7 @@
 	NOTE: sarge's unarj is from a different code base, probably not vulnerable
 CAN-2004-1026 (Multiple integer overflows in the image handler for imlib 1.9.14 and ...)
 	{DSA-628-1 DSA-618-1}
-	- imlib 1.9.14-17.1
+	- imlib 1.9.14-17.1 (bug #284925)
 	- imlib+png2 1.9.14-16.1
 	- imlib2 1.1.2-2.1
 CAN-2004-1025 (Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, ...)
@@ -13657,14 +13664,14 @@
 CAN-2004-0368 (Double-free vulnerability in dtlogin in CDE on Solaris, HP-UX, and ...)
 	NOT-FOR-US: CDE
 CAN-2004-0367 (Ethereal 0.10.1 to 0.10.2 allows remote attackers to cause a denial of ...)
-	- ethereal 0.10.3
+	- ethereal 0.10.3 (bug #239576)
 CAN-2004-0366 (SQL injection vulnerability in the libpam-pgsql library before 0.5.2 ...)
 	{DSA-469}
 	NOTE: Changes probably too intrusive during freeze, maintainer did not yet ask
 	NOTE: for approval on d-release
 	- pam-pgsql 0.5.2-9
 CAN-2004-0365 (The dissect_attribute_value_pairs function in packet-radius.c for ...)
-	- ethereal 0.10.3
+	- ethereal 0.10.3 (bug #239576)
 CAN-2004-0364 (The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet ...)
 	NOT-FOR-US: WrapNISUM ActiveX
 CAN-2004-0363 (Stack-based buffer overflow in the SymSpamHelper ActiveX component ...)
@@ -14004,7 +14011,7 @@
 	NOTE: fixed in 2.4.26-pre4
 CAN-2004-0176 (Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote ...)
 	{DSA-511}
-	- ethereal 0.10.3-1
+	- ethereal 0.10.3-1 (bug #239576)
 CAN-2004-0175 (Directory traversal vulnerability in scp for OpenSSH before 3.4p1 ...)
 	NOTE: openssh bug #270770
 	NOTE: this bug is old and known; see the bug discussion for further information.
@@ -14731,7 +14738,7 @@
 	RESERVED
 CAN-2003-0828 (Buffer overflow in freesweep in Debian GNU/Linux 3.0 allows local ...)
 	{DSA-391}
-	- freesweep 0.88-4.1
+	- freesweep 0.88-4.1 (bug #242616)
 CAN-2003-0827 (The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote ...)
 	NOT-FOR-US: IBM DB2
 CAN-2003-0826 (lsh daemon (lshd) does not properly return from certain functions in ...)

More information about the Secure-testing-commits mailing list