[Secure-testing-commits] r2372 - data/CAN

Florian Weimer fw at costa.debian.org
Sun Oct 9 15:12:08 UTC 2005 

Author: fw
Date: 2005-10-09 15:12:03 +0000 (Sun, 09 Oct 2005)
New Revision: 2372

Modified:
   data/CAN/list
Log:
Resolve a few TODOs, add some fixed versions, based on processing old
DSAs.


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-10-09 14:55:03 UTC (rev 2371)
+++ data/CAN/list	2005-10-09 15:12:03 UTC (rev 2372)
@@ -8800,7 +8800,8 @@
 	- rxvt-unicode 5.3-1
 CAN-2005-0763 (Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier may ...)
 	{DSA-698-1}
-	TODO: check
+	NOTE: Seems to be a "fix the fix", correcting a previous DSA.
+	NOTE: Mainline mc is apparently not affected.
 CAN-2005-0762 (Heap-based buffer overflow in the SGI parser in ImageMagick before 6.0 ...)
 	{DSA-702-1}
 	- imagemagick 5:6.0.0-1
@@ -10086,6 +10087,7 @@
 	- krb4 1.2.2-11.2 (bug #306141)
 	- krb5 1.3.6-2
 	- netkit-telnet-ssl 0.17.24+0.1-7.1 (bug #302036)
+	- netkit-telnet 0.17-28
 	- heimdal 0.6.3-10
 CAN-2005-0468 (Heap-based buffer overflow in the env_opt_add function in telnet.c for ...)
 	{DSA-731-1 DSA-703-1}
@@ -10397,10 +10399,10 @@
 	- remstats 1.0.13a-5
 CAN-2005-0386 (Cross-site scripting (XSS) vulnerability in network.cgi in mailreader ...)
 	{DSA-700-1}
-	TODO: check
+	- mailreader 2.3.29-11
 CAN-2005-0385 (Buffer overflow in luxman before 0.41, if used with certain insecure ...)
 	{DSA-693-1}
-	TODO: check
+	- luxman 0.41-20 (bug #299857)
 CAN-2005-0384 (Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 ...)
 	- kernel-source-2.6.8 2.6.8-15
 	- kernel-source-2.4.27 2.4.27-9
@@ -11075,7 +11077,7 @@
 	NOTE: gpdf ok, all implementations seem ok
 CAN-2005-0205 (KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain ...)
 	{DSA-692-1}
-	- kppp 4:3.1.6
+	- kdenetwork 4:3.1.6
 CAN-2005-0204 (Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T ...)
 	NOTE: According to a question on linux-kernel 2.6 is not vulnerable
 	- kernel-source-2.4.27 2.4.27-12 (bug #296700)

More information about the Secure-testing-commits mailing list