[Secure-testing-commits] r2273 - data/CAN

Moritz Muehlenhoff jmm-guest at costa.debian.org
Sun Oct 2 21:06:35 UTC 2005 

Author: jmm-guest
Date: 2005-10-02 21:06:31 +0000 (Sun, 02 Oct 2005)
New Revision: 2273

Modified:
   data/CAN/list
Log:
three older issues and bugnums


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-10-02 18:52:08 UTC (rev 2272)
+++ data/CAN/list	2005-10-02 21:06:31 UTC (rev 2273)
@@ -1,3 +1,9 @@
+CAN-2004-XXXX [asciijump: /var/games/asciijump world writable]
+	- asciijump 0.0.6-1.2 (bug #269186)
+CAN-2004-XXXX [Barrendero spool world-readable]
+	- barrendero 1.1-1 (bug #279163)
+CAN-2005-XXXX [Potential xlockmore bypass]
+	- xlockmore 1:5.13-2.1 (bug #309760)
 CAN-2005-XXXX [hdup inproperly preserves permissions on directories]
 	- hdup <unfixed> (bug #302790)
 CAN-2001-XXXX [crypt++ passes passwords through the command line]
@@ -6868,7 +6874,7 @@
 	NOTE: In Debian this is only part of the examples in share/doc, any admin will
 	NOTE: have to modify it for his purposes anyway, so there's no security problem
 CAN-2005-1391 (Buffer overflow in the add_port function in APSIS Pound 1.8.2 and ...)
-	- pound 1.8.2-1.1 (bug #307852; medium)
+	- pound 1.8.2-1.1 (bug #307852; bug #311548; medium)
 CAN-2005-1390
 	REJECTED
 CAN-2005-1389
@@ -9063,7 +9069,7 @@
 CAN-2005-0605 (scan.c for LibXPM may allow attackers to execute arbitrary code via a ...)
 	{DSA-723-1}
 	NOTE: lesstif2
-	- lesstif1-1 1:0.93.94-11.1
+	- lesstif1-1 1:0.93.94-11.1 (bug #298183, bug #299236)
 	NOTE: lesstif1
 	- lesstif1-1 1:0.93.94-11.3 (bug #300421)
 	NOTE: libxmp4 is the real culprit, but there are different
@@ -9816,6 +9822,7 @@
 	{DSA-765-1 DSA-731-1 DSA-703-1 DSA-699-1 DSA-697-1}
 	- krb4 1.2.2-11.2 (bug #306141)
 	- krb5 1.3.6-2
+	- netkit-telnet-ssl 0.17.24+0.1-7.1 (bug #302036)
 	- heimdal 0.6.3-10
 CAN-2005-0468 (Heap-based buffer overflow in the env_opt_add function in telnet.c for ...)
 	{DSA-731-1 DSA-703-1}
@@ -11154,7 +11161,7 @@
 CAN-2003-1054 (mod_access_referer 1.0.2 allows remote attackers to cause a denial of ...)
 	NOT-FOR-US: mod_access_referer
 CAN-2003-1053 (Multiple buffer overflows in XShisen allow attackers to execute ...)
-	- xshisen 1.51-1-1
+	- xshisen 1.51-1-1 (bug #213957)
 CAN-2005-0080 (The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 ...)
 	- mailman 2.1.5-5
 CAN-2005-0079 (Buffer overflow in xtrlock 2.0 allows local users to cause a denial of ...)
@@ -11555,7 +11562,7 @@
 	NOT-FOR-US: o3read
 CAN-2004-1287 (Buffer overflow in the error function in preproc.c for NASM 0.98.38 ...)
 	{DSA-623-1}
-	- nasm 0.98.38-1.1
+	- nasm 0.98.38-1.1 (bug #285889)
 CAN-2004-1286 (Buffer overflow in the auto_filter_extern function in auto.c for ...)
 	NOT-FOR-US: NapShare
 CAN-2004-1285 (Buffer overflow in the get_header function in asf_mmst_streaming.c for ...)
@@ -12447,7 +12454,7 @@
 	NOTE: Previous -9 fix had some issues of its own
 	- xfree86 4.3.0.dfsg.1-14 (bug #309143)
 	NOTE: lesstif1 and 2 have to be fixed separately
-	- lesstif1 1:0.93.94-11.3
+	- lesstif1 1:0.93.94-11.3 (bug #294099)
 	NOTE: but lesstif2 did get fixed for this hole..
 	- lesstif2 1:0.93.94-11.2
 	NOTE: openmotif is non-free

More information about the Secure-testing-commits mailing list