[Secure-testing-commits] r2425 - data/CAN

Joey Hess joeyh at costa.debian.org
Mon Oct 17 21:54:11 UTC 2005 

Author: joeyh
Date: 2005-10-17 21:54:08 +0000 (Mon, 17 Oct 2005)
New Revision: 2425

Modified:
   data/CAN/list
Log:
- fix some bad bug numbers
- scanned for fixed bugs
- few other updates based on bug logs


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-10-17 21:45:20 UTC (rev 2424)
+++ data/CAN/list	2005-10-17 21:54:08 UTC (rev 2425)
@@ -214,7 +214,7 @@
 CAN-2005-3152 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 ...)
 	NOT-FOR-US: CubeCart
 CAN-2005-3151 (Buffer overflow in blenderplay in Blender Player 2.37a allows ...)
-	- blender <unfixed> (bug #332313; low)
+	- blender <unfixed> (bug #332413; low)
 CAN-2005-3150 (Format string vulnerability in the Log_Flush function in Weex 2.6.1.5, ...)
 	{DSA-855-1}
 	- weex 2.6.1-6sarge1 (bug #332424; medium)
@@ -325,9 +325,9 @@
 	- kernel-source-2.6.8 2.6.8-16sarge1
 	- kernel-source-2.4.27 <unfixed> (bug #332569; medium)
 CAN-2005-XXXX [horde3 maintainer scripts don't set sufficiently strict permissions on config files]
-	- horde3 <unfixed> (bug #332289)
+	- horde3 3.0.5-2 (bug #332289)
 CAN-2005-XXXX [horde3 permits arbitrary command execution before being finally configured]
-	- horde3 <unfixed> (bug #332290)
+	- horde3 3.0.5-2 (bug #332290)
 CAN-2005-XXXX [Minor local DoS as libldap]
 	- openldap <unfixed> (bug #253838; low)
 	TODO: Check, whether openldap2.2 is affected as well
@@ -343,7 +343,8 @@
 CAN-2005-XXXX [Unspecified vulnerability in htdig's htsearch and qtest]
 	- htdig <unfixed> (bug #305996; unknown)
 CAN-2005-XXXX [clamav's VERSION command does not return the currently loaded version]
-	- clamav <unfixed> (bug #323803; low)
+	NOTE: no exploit vector, just bad info
+	- clamav <unfixed> (bug #323803; unimportant)
 CAN-2005-XXXX [smbmount doesn't honor gid/uid with kernel 2.4]
 	- kernel-source-2.4.27 <unfixed> (bug #310982)
 CAN-2004-XXXX [Minor dialog box origin spoofing vulnerability in Konqueror]
@@ -530,7 +531,7 @@
 	- mysql-dfsg-4.1 4.1.11a-1 (bug #330164; medium)
 	- mysql-dfsg-5.0 <not-affected> (Was fixed before MySQL 5.0 was uploaded into the archive)
 CAN-2005-XXXX [Possibly incorrect virtualiasation in php4]
-	- php4 <unfixed> (bug #317577; bug #330419; unknown)
+	- libapache-mod-php4 <unfixed> (bug #317577; bug #330419; unknown)
 	NOTE: Maintainer can't reproduce
 CAN-1999-XXXX [Insecure access control on GNU Mach's IO ports]
 	- gnumach <unfixed> (bug #46709)
@@ -547,7 +548,7 @@
 	RESERVED
 	- twiki 20040902-2 (bug #330733; high)
 CAN-2005-3055 (Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial ...)
-	- linux-2.6 <unfixed> (bug #330343; bug #330287; bug #332587; medium)
+	- linux-2.6 <unfixed> (bug #330287; bug #332587; medium)
 	- kernel-source-2.6.8 <unfixed> (bug #332596)
 CAN-2005-3054 (fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not ...)
 	- php4 4:4.4.0-3 (bug #353585; medium)
@@ -579,7 +580,7 @@
 CAN-2005-XXXX [SQL injection vulnerability in egroupware in account deletion]
 	- egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low)
 CAN-2005-XXXX [Insecure pidfile handling in mailleds]
-	- mailleds <unfixed> (bug #329365; low)
+	- mailleds 0.93-11.1 (bug #329365; low)
 CAN-2005-XXXX [kdebase uses urandom as an entropy source]
 	- kdebase <unfixed> (bug #325369; unimportant)
 	NOTE: Only affects the unofficial BSD/Hurd ports or 2.2 kernels
@@ -741,7 +742,7 @@
 	RESERVED
 CAN-2005-2972 [Further RTF buffer overflows in abiword]
 	RESERVED
-	- abiword <unfixed> (bug #333740; medium)
+	- abiword 2.4.1-1 (bug #333740; medium)
 CAN-2005-2971 [Heap overflow in kword's RTF import]
 	RESERVED
 	- koffice 1:1.3.5-5 (bug #333497; medium)
@@ -977,7 +978,8 @@
 	{DSA-837-1}
 	- mozilla-firefox 1.0.6-5 (bug #327452; bug #327802; medium)
 	- mozilla 2:1.7.12-1 (bug #327455; medium)
-	- epiphany-browser <unfixed> (bug #327366; medium)
+	NOTE: epiphany-browser is apparently fixed fix the mozilla-browser
+	NOTE: upload; see bug #327366
 CAN-2005-XXXX [several buffer overflows in MS CHM library before version 0.36]
 	- chmlib 0.36-1 (bug #327431)
 CAN-2005-2802
@@ -1266,7 +1268,7 @@
 	NOT-FOR-US: Simple PHP Blog
 CAN-2005-2732 (AWStats 6.4, and possibly earlier versions, allows remote attackers to ...)
 	NOTE: path disclosure, so not very important on debian systems
-	- awstats <unfixed> (bug #327729; low)
+	NOTE: unreproducible according to bug #327729
 CAN-2005-2731 (Directory traversal vulnerability in Astaro Security Linux 6.0, when ...)
 	NOT-FOR-US: Astato specific
 CAN-2005-2730 (The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to ...)
@@ -1898,7 +1900,7 @@
 	{DSA-831-1 DSA-829-1}
 	- mysql-dfsg-4.1 4.1.13 (medium)
 	- mysql-dfsg-5.0 5.0.7beta-1 (medium)
-	- mysql-dfsg <unfixed> (bug #322133; medium)
+	- mysql-dfsg 4.0.24-10sarge1 (bug #322133; medium)
 CAN-2005-2557 (Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis ...)
 	{DSA-778-1}
 	- mantis 0.19.2-4 (low)
@@ -3988,7 +3990,7 @@
 	- zsync 0.4.0-2 (bug #317968; medium)
 	- dump 0.4b40-1 (bug #317966; medium)
 	- aide 0.10-6.1.1 (bug #317523; medium)
-	- amd64-libs <unfixed> (bug #317970; medium)
+	- amd64-libs 1.3 (bug #317970; medium)
 	- ia32-libs <unfixed> (bug #317971; medium)
 	NOTE: dar-static claimed not used on untrusted input by maintainer in #317989
 	- bacula 1.36.3-2 (bug #318014; medium)

More information about the Secure-testing-commits mailing list