[Secure-testing-commits] r2374 - data/CAN

Florian Weimer fw at costa.debian.org
Sun Oct 9 17:10:47 UTC 2005 

Author: fw
Date: 2005-10-09 17:10:44 +0000 (Sun, 09 Oct 2005)
New Revision: 2374

Modified:
   data/CAN/list
Log:
Resolve a few more TODOs for CANs in old DSAs.


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-10-09 16:53:38 UTC (rev 2373)
+++ data/CAN/list	2005-10-09 17:10:44 UTC (rev 2374)
@@ -11237,7 +11237,7 @@
 	RESERVED
 CAN-2005-0152 (PHP remote code injection vulnerability in Squirrelmail 1.2.6 allows ...)
 	{DSA-662-1}
-	TODO: check
+	NOTE: This bug exists only in version 1.2.6.
 CAN-2005-0151 (Unknown vulnerability in the installation of Adobe License Management ...)
 	NOT-FOR-US: Adobe License Management Software
 CAN-2005-0150 (Firefox before 1.0 allows the user to store a (1) javascript: or (2) ...)
@@ -11358,6 +11358,7 @@
 CAN-2005-0104 (Cross-site scripting (XSS) vulnerability in webmail.php in ...)
 	{DSA-662-1}
 	TODO: check
+	- squirrelmail 2:1.4.4
 CAN-2005-0103 (PHP remote code injection vulnerability in webmail.php in SquirrelMail ...)
 	- squirrelmail 2:1.4.4-1
 CAN-2005-0102 (Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier ...)
@@ -11395,7 +11396,9 @@
 	NOTE: apparently specific to redhat hugemem kernel
 CAN-2005-0089 (The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, ...)
 	{DSA-666-1}
-	TODO: check
+	- python2.2 2.2.3-14
+	- python2.3 2.3.4+2.3.5c1-2
+	- python2.4 2.4-5
 CAN-2005-0088 (The publisher handler for mod_python 2.7.8 and earlier allows remote ...)
 	{DSA-689-1}
 	- libapache2-mod-python 3.1.3-3
@@ -19331,6 +19334,7 @@
 CAN-2000-0005 (HP-UX aserver program allows local users to gain privileges via a ...)
 CAN-1999-1572 (cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other ...)
 	{DSA-664-1}
+	- cpio 2.5-1.2 (bug #293379)
 CAN-1999-1571 (Buffer overflow in sar for SCO OpenServer 5.0.0 through 5.0.5 may ...)
 CAN-1999-1570 (Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain ...)
 CAN-1999-1569 (Quake 1 and NetQuake servers allow remote attackers to cause a denial ...)

More information about the Secure-testing-commits mailing list