[Secure-testing-commits] r2373 - data/CAN

Florian Weimer fw at costa.debian.org
Sun Oct 9 16:53:44 UTC 2005 

Author: fw
Date: 2005-10-09 16:53:38 +0000 (Sun, 09 Oct 2005)
New Revision: 2373

Modified:
   data/CAN/list
Log:
Add a couple of fixed versions, based on old DSAs and bug logs.


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-10-09 15:12:03 UTC (rev 2372)
+++ data/CAN/list	2005-10-09 16:53:38 UTC (rev 2373)
@@ -10437,7 +10437,8 @@
 	NOTE: cyrus-sasl code seems too old for any of the problems to apply
 CAN-2005-0372 (Directory traversal vulnerability in gftp 2.0.18 and earlier for GTK+ ...)
 	{DSA-686-1}
-	TODO: check
+	- gftp 2.0.18-1
+	NOTE: CVE entry claims that 2.0.18 is vulnerable, but this is wrong.
 CAN-2005-0371 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and ...)
 	- armagetron <unfixed> (bug #296840; low)
 CAN-2005-0370 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and ...)
@@ -11021,7 +11022,7 @@
 	REJECTED
 CAN-2005-0227 (PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local users ...)
 	{DSA-668-1}
-	TODO: check
+	- postgresql 7.4.7-1
 CAN-2005-0226 (Format string vulnerability in the Log_Resolver function in log.c for ...)
 	NOT-FOR-US: ngIRCd
 CAN-2005-0225 (firehol.sh in FireHOL before 1.224 creates temporary files with ...)
@@ -11052,7 +11053,7 @@
 	NOT-FOR-US: The Amp II engine as used by Gore: Ultimate Soldier
 CAN-2005-0211 (Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows ...)
 	{DSA-667-1}
-	TODO: check
+	- squid 2.5.7-6
 CAN-2005-0210 (Netfilter in the Linux kernel 2.6.8.1 allows local users to cause a ...)
 	NOTE: fixed in ubuntu kernels
 	NOTE: 2.6.11 is not affected, apparantly 2.6.10 is no longer relevant
@@ -11100,7 +11101,7 @@
 	NOT-FOR-US: Cisco
 CAN-2005-0194 (Squid 2.5, when processing the configuration file, parses empty Access ...)
 	{DSA-667-1}
-	TODO: check
+	- squid 2.5.7-7
 CAN-2005-0193 (Buffer overflow in the (1) -v and (2) -a switches in mRouter in iSync ...)
 	NOT-FOR-US: mRouter in iSync in OS X
 CAN-2005-0192 (Directory traversal vulnerability in the parsing of Skin file names in ...)
@@ -11183,12 +11184,12 @@
 	- uw-imap 7:2002edebian1-6
 CAN-2005-0175 (Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the ...)
 	{DSA-667-1}
-	TODO: check
+	- squid 2.5.7-6
 CAN-2005-0174 (Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the ...)
 	- squid 2.5.7-6
 CAN-2005-0173 (squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated ...)
 	{DSA-667-1}
-	TODO: check
+	- squid 2.5.7-4
 CAN-2005-0172
 	RESERVED
 CAN-2005-0171
@@ -11218,10 +11219,10 @@
 	- unace 1.2b-3
 CAN-2005-0159 (The tpkg-* scripts in the toolchain-source 3.0.4 package on Debian ...)
 	{DSA-679-1}
-	TODO: check
+	- toolchain-source 3.4-5
 CAN-2005-0158 (Format string vulnerability in bidwatcher before 1.3.17 allows remote ...)
 	{DSA-687-1}
-	TODO: check
+	- bidwatcher 1.3.17-1
 CAN-2005-0157 (The confirm add-on in SmartList 3.15 and earlier allows attackers to ...)
 	{DSA-720-1}
 	- smartlist 3.15-18
@@ -11348,12 +11349,12 @@
 	- libpam-radius-auth 1.3.16-3
 CAN-2005-0107 (bsmtpd 2.3 and earlier does not properly sanitize e-mail addresses, ...)
 	{DSA-690-1}
-	TODO: check
+	- bsmtpd 2.3pl8b-16
 CAN-2005-0106 (SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file ...)
 	- libnet-ssleay-perl 1.25-1.1
 CAN-2005-0105 (Unknown vulnerability in typespeed 0.4.1 and earlier allows local ...)
 	{DSA-684-1}
-	TODO: check
+	- typespeed 0.4.4-8
 CAN-2005-0104 (Cross-site scripting (XSS) vulnerability in webmail.php in ...)
 	{DSA-662-1}
 	TODO: check
@@ -11370,10 +11371,10 @@
 	- xemacs21 21.4.16-2
 CAN-2005-0099 (The SDL port of abuse (abuse-SDL) before 2.00 does not properly drop ...)
 	{DSA-691-1}
-	TODO: check
+	NOTE: abuse is only in woody.
 CAN-2005-0098 (Multiple buffer overflows in the SDL port of abuse (abuse-SDL) before ...)
 	{DSA-691-1}
-	TODO: check
+	NOTE: abuse is only in woody.
 CAN-2005-0097 (The NTLM component in Squid 2.5.STABLE7 and earlier allows remote ...)
 	- squid 2.5.7-4
 CAN-2005-0096 (Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and ...)
@@ -11398,6 +11399,7 @@
 CAN-2005-0088 (The publisher handler for mod_python 2.7.8 and earlier allows remote ...)
 	{DSA-689-1}
 	- libapache2-mod-python 3.1.3-3
+	- libapache-mod-python 2:2.7.10-4
 CAN-2005-0087 (The alsa-lib package in Red Hat Linux 4 disables stack protection for ...)
 	NOTE: debian does not have stack protection, but it's fixed anyway since 1.0.9
 	- alsa-lib 1.0.9-1
@@ -11440,15 +11442,15 @@
 	TODO: check
 CAN-2005-0076 (Multiple buffer overflows in the XView library 3.2 may allow local ...)
 	{DSA-672-1}
-	TODO: check
+	- xview 3.2p1.4-19
 CAN-2005-0075 (prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, ...)
 	- squirrelmail 2:1.4.4-1
 CAN-2005-0074 (Buffer overflow in pcdsvgaview in xpcd 2.08 allows local users to ...)
 	{DSA-676-1}
-	TODO: check
+	- xpcd 2.08-11.1
 CAN-2005-0073 (Buffer overflow in queue.c in a support script for sympa 3.3.3, when ...)
 	{DSA-677-1}
-	TODO: check
+	- sympa 4.1.2-2.1
 CAN-2005-0072 (zhcon before 0.2 does not drop privileges before reading a user ...)
 	{DSA-655-1}
 	TODO: check
@@ -11651,7 +11653,7 @@
 	TODO: check
 CAN-2005-0019 (Unknown vulnerability in hztty 2.0 and earlier allows local users to ...)
 	{DSA-675-1}
-	TODO: check
+	- hztty 2.0-6.1
 CAN-2005-0018 (The f2 shell script in the f2c package 3.1 allows local users to read ...)
 	{DSA-661-2}
 	- f2c 20020621-3.4 (bug #292792)
@@ -12067,7 +12069,7 @@
 	NOTE: htmlheadline not in unstable
 CAN-2004-1180 (Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on ...)
 	{DSA-678-1}
-	TODO: check
+	- netkit-rwho 0.17-8
 CAN-2004-1179 (The debstd script in debmake 3.6.x before 3.6.10 and 3.7.x before ...)
 	{DSA-615-1}
 CAN-2004-1178
@@ -13444,8 +13446,11 @@
 	NOTE: Fixed in upstream ( <= 2.6.7)
 CAN-2004-0595 (The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to ...)
 	{DSA-669-1 DSA-531}
+	- php3 3:3.0.18-27
 CAN-2004-0594 (The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to ...)
 	{DSA-669-1 DSA-531}
+	NOTE: DSA claims PHP3 is vulnerable, but this is not mentioned
+	NOTE: in the changelog.
 CAN-2004-0593 (Sygate Enforcer 3.5MR1 and earlier passes broadcast traffic before ...)
 	NOT-FOR-US: Sygate Enforcer
 CAN-2004-0592

More information about the Secure-testing-commits mailing list