[Secure-testing-commits] r2382 - in data: CAN DSA

[Moritz Muehlenhoff]

Author: jmm-guest
Date: 2005-10-10 19:48:18 +0000 (Mon, 10 Oct 2005)
New Revision: 2382

Modified:
   data/CAN/list
   data/DSA/list
Log:
two new dsas


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-10-10 12:16:27 UTC (rev 2381)
+++ data/CAN/list	2005-10-10 19:48:18 UTC (rev 2382)
@@ -13,9 +13,10 @@
 	NOTE: Reported w/o bug to Horms
 CAN-2005-XXXX [DoS vulnerability in msg id parsing of spampd]
 	- spampd <unfixed> (bug #332259; medium)
-CAN-2005-XXXX [Multiple buffer overflows in xloadimage]
+CAN-2005-3178 [Multiple buffer overflows in xloadimage]
 	- xloadimage 4.1-15 (bug #332524; medium)
-	NOTE: xli verified not exploitable
+	- xli <unfixed> (medium)
+	NOTE: xli couldn't load the provided test images when I checked?
 CAN-2005-XXXX [Arbitrary command execution in import script for bvh files in Blender]
 	- blender <unfixed> (bug #330895; medium)
 CAN-2005-3177 (CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2005-10-10 12:16:27 UTC (rev 2381)
+++ data/DSA/list	2005-10-10 19:48:18 UTC (rev 2382)
@@ -1,3 +1,11 @@
+[10 Oct 2005] DSA-859-1 xli - buffer overflows
+	{CAN-2005-3178}
+	- xli <unfixed> (medium)
+	NOTE: not fixed in testing at time of DSA (unfixed in sid)
+[10 Oct 2005] DSA-858-1 xloadimage - buffer overflows
+	{CAN-2005-3178}
+	- xloadimage 4.1-15 (bug #332524; medium)
+	NOTE: not fixed in testing at time of DSA (too young)
 [10 Oct 2005] DSA-857-1 graphviz - insecure temporary file
 	{CAN-2005-2965}
 	- graphviz 2.2.1-1sarge1 (low)