[Secure-testing-commits] r2321 - data/CAN

Moritz Muehlenhoff jmm-guest at costa.debian.org
Thu Oct 6 08:58:08 UTC 2005 

Author: jmm-guest
Date: 2005-10-06 08:58:04 +0000 (Thu, 06 Oct 2005)
New Revision: 2321

Modified:
   data/CAN/list
Log:
wine fixed
fixed the included "etch" entries from DTSAs to the respective versions in
  sid, CAN/list tracks sid, if you prepare a DTSA add a cross-reference in
  {}, which includes the fix prepared for etch
removed a stray claimed entry


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-10-06 08:40:08 UTC (rev 2320)
+++ data/CAN/list	2005-10-06 08:58:04 UTC (rev 2321)
@@ -620,16 +620,16 @@
 	- zope2.7 <unfixed> (bug #313644; low)
 	NOTE: first patch was incorrect
 CAN-2005-XXXX [wine-safe does not prompt the user/is registered in mailcap]
-	- wine <unfixed> (bug #327261; bug #327262; high)
+	- wine 0.0.20050830-1 (bug #327261; bug #327262; high)
 	TODO: It is not clear what the real bug is.
 	TODO: Does wine-safe prompt properly?  Or should the functionality
 	TODO: be disabled completely, like Microsoft did some time ago?
 CAN-2005-2920 (Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before ...)
 	{DSA-824-1 DTSA-19-1}
-	- clamav 0.86.2-4etch2 (bug #328660; medium)
+	- clamav 0.87-1 (bug #328660; medium)
 CAN-2005-2919 (libclamav/fsg.c in Clam AntiVirus (ClamAV) before 0.87 allows remote ...)
 	{DSA-824-1 DTSA-19-1}
-	- clamav 0.86.2-4etch2 (bug #328660; medium)
+	- clamav 0.87-1 (bug #328660; medium)
 CAN-2005-2918 (The open_cmd_tube function in mount.c for gtkdiskfree 1.9.3 and ...)
 	{DSA-822-1}
 	- gtkdiskfree 1.9.3-4sarge1 (bug #328566; low)
@@ -1238,10 +1238,10 @@
 	RESERVED
 CAN-2005-2627 (Multiple integer underflows in Kismet before 2005-08-R1 allow remote ...)
 	{DSA-788-1 DTSA-1-1}
-	- kismet 2005.08.R1-0.1etch1 (bug #323386; high)
+	- kismet 2005.08.R1-1 (bug #323386; high)
 CAN-2005-2626 (Unspecified vulnerability in Kismet before 2005-08-R1 allows remote ...)
 	{DSA-788-1 DTSA-1-1}
-	- kismet 2005.08.R1-0.1etch1 (bug #323386; high)
+	- kismet 2005.08.R1-1 (bug #323386; high)
 CAN-2004-2476 (Microsoft Internet Explorer 6.0 allows remote attackers to cause a ...)
 	NOT-FOR-US: MS IE
 CAN-2004-2475 (Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 ...)
@@ -1789,7 +1789,7 @@
 	NOT-FOR-US: Novell eDirectory
 CAN-2005-2547 (security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote ...)
 	{DSA-782-1 DTSA-9-1}
-	- bluez-utils 2.19-0.1etch1 (bug #323365; medium)
+	- bluez-utils 2.19-1 (bug #323365; medium)
 CAN-2005-2546 (Arab Portal 2.0 allows remote attackers to obtain sensitive ...)
 	NOT-FOR-US: Arab Portal
 CAN-2005-2545 (Multiple cross-site scripting (XSS) vulnerabilities in PHPOpenChat ...)
@@ -1896,7 +1896,7 @@
 	- egroupware 1.0.0.009.dfsg-1 (bug #323350; high)
 	- phpwiki <unfixed> (unimportant)
 	NOTE: phpwiki has disabled the XMLRPC in the last upload, it orphaned as well, should be fixed anyway
-	- php4 4:4.3.10-16etch1 (bug #323366; high)
+	- php4 4:4.3.10-16 (bug #323366; high)
 	TODO: check php5
 CAN-2005-2497
 	RESERVED
@@ -1916,7 +1916,7 @@
 	- linux-2.6 2.6.12-7 (bug #327416; medium)
 CAN-2005-2491 (Integer overflow in pcre_compile.c in Perl Compatible Regular ...)
 	{DSA-821-1 DSA-819-1 DSA-817-1 DSA-800-1 DTSA-10-1}
-	- pcre3 6.3-0.1etch1 (bug #324531; medium)
+	- pcre3 6.3-1 (bug #324531; medium)
 	- gnumeric <unfixed> (bug #326628; bug #326898; unimportant)
 	- goffice <unfixed> (bug #326898; unimportant)
 	NOTE: gnumeric/goffice includes one as well; not exploitable as affected code not used
@@ -2123,22 +2123,22 @@
 	- fftw3 3.0.1-12 (low; bug #321566)
 CAN-2005-XXXX [clamav-getfile: Insecure use of temporary files]
 	- clamav-getfiles 0.5-1 (bug #321446; medium)
-begin claimed by neilm
 CAN-2005-XXXX [cgiwrap: Minimum UID does not include all system users]
-	- cgiwrap 3.9-3.0etch1 (bug #316881; low)
+	{DTSA-6-1}
+	- cgiwrap 3.9-3.1 (bug #316881; low)
 CAN-2005-XXXX [cgiwrap: CGIs can be used to disclose system information]
-	- cgiwrap 3.9-3.0etch1 (bug #316901; low)
+	{DTSA-6-1}
+	- cgiwrap 3.9-3.1 (bug #316901; low)
 CAN-2004-2162 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow ...)
 	- tutos 1.1.20031017-2.1 (bug #318633; medium)
 CAN-2004-2161 (SQL injection vulnerability in file_overview.php in TUTOS 1.1 allows ...)
 	- tutos 1.1.20031017-2.1 (bug #318633; medium)
 CAN-2005-2550 (Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows ...)
 	{DTSA-13-1}
-	- evolution 2.2.3-2etch1 (high; bug #322535)
+	- evolution 2.2.3-3 (high; bug #322535)
 CAN-2005-2549 (Multiple format string vulnerabilities in Evolution 1.5 through ...)
 	{DTSA-13-1}
-	- evolution 2.2.3-2etch1 (high; bug #322535)
-end claimed by neilm
+	- evolution 2.2.3-3 (high; bug #322535)
 CAN-2005-XXXX [libnet-ssleay-perl: /tmp/entropy insecure]
 	- libnet-ssleay-perl 1.25-1.1 (bug #296112; low)
 CAN-2005-XXXX [nvi: init.d recover file security bugs]
@@ -2174,7 +2174,7 @@
 CAN-2005-2448 (Multiple &quot;endianness errors&quot; in libgadu in ekg before 1.6rc2 allow ...)
 	{DSA-813-1 DTSA-2-1 DTSA-4-1}
 	- ekg 1:1.5+20050718+1.6rc3-1 (low)
-	- centericq 4.20.0-8etch1 (bug #323185; medium)
+	- centericq 4.20.0-9 (bug #323185; medium)
 CAN-2005-2447
 	REJECTED
 CAN-2005-2446
@@ -2376,14 +2376,14 @@
 CAN-2005-2370 (Multiple &quot;memory alignment errors&quot; in libgadu, as used in ekg before ...)
 	{DSA-813-1 DSA-769-1 DTSA-2-1 DTSA-5-1}
 	- gaim 1:1.4.0-5 (low)
-	- centericq 4.20.0-8etch1 (bug #323185; low)
+	- centericq 4.20.0-9 (bug #323185; low)
 CAN-2005-2369 (Multiple integer signedness errors in libgadu, as used in ekg before ...)
 	{DSA-813-1 DTSA-2-1}
 	TODO: check gaim and others that embed libgadu in source tree
-	- centericq 4.20.0-8etch1 (bug #323185; medium)
+	- centericq 4.20.0-9 (bug #323185; medium)
 CAN-2005-2368 (vim 6.3 before 6.3.082, with modelines enabled, allows external ...)
 	{DTSA-12-1}
-	- vim 1:6.3-085+0.0etch1 (bug #320017; medium)
+	- vim 1:6.3-085+1 (bug #320017; medium)
 CAN-2005-2367 (Format string vulnerability in the proto_item_set_text function in ...)
 	- ethereal 0.10.12-1 (bug #320183; medium)
 CAN-2005-2366 (Unknown vulnerability in the BER dissector in Ethereal 0.10.11 allows ...)
@@ -4786,7 +4786,7 @@
 	- phpgroupware 0.9.16.006-1 (high)
 	- egroupware 1.0.0.007-3.dfsg-1 (bug #317263; high)
 	- phpwiki 1.3.7-4 (bug #316714; high)
-	- php4 4:4.3.10-16etch1 (high; bug #316447)
+	- php4 4:4.3.10-16 (high; bug #316447)
 	NOTE: horde3 is not affected by this issue, they ship different XMLRPC code
 CAN-2005-1920 (The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through ...)
 	{DSA-804-1}
@@ -5184,7 +5184,7 @@
 	{DSA-789-1 DTSA-15-1}
 	- shtool 2.0.1-2 (bug #311206; low)
 	- mysql-ocaml 1.0.3-6 (bug #314464; low)
-	- php4 4:4.3.10-16etch1 (low)
+	- php4 4:4.3.10-16 (low)
 	NOTE: the patch applied to NMU #311206 fixes both CAN-2005-1759 and CAN-2005-1751
 CAN-2004-2136 (dm-crypt on Linux kernel 2.6.x, when used on certain file systems ...)
 	NOTE: This looks like a minor issue, the paper is from Feb 2004, check whether this still applies

More information about the Secure-testing-commits mailing list