[Secure-testing-commits] r2443 - data/CAN
Florian Weimer
fw at costa.debian.org
Tue Oct 18 20:57:02 UTC 2005
Author: fw
Date: 2005-10-18 20:56:59 +0000 (Tue, 18 Oct 2005)
New Revision: 2443
Modified:
data/CAN/list
Log:
Mention removed openssl packages for the SSL downgrade vulnerability.
Got CVE assignments for two cgiwrap issues.
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-10-18 17:25:34 UTC (rev 2442)
+++ data/CAN/list 2005-10-18 20:56:59 UTC (rev 2443)
@@ -768,6 +768,9 @@
RESERVED
- openssl 0.9.8-3 (bug #333500; low)
- openssl097 0.9.7g-5 (bug #333500; low)
+ - openssl094 <removed>
+ - openssl095 <removed>
+ - openssl096 <removed>
CAN-2005-2968 (Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary ...)
- mozilla-firefox <not-affected> (Debian ships a non-vulnerable wrapper script)
- mozilla <not-affected> (Debian ships a non-vulnerable wrapper script)
@@ -2475,9 +2478,9 @@
- fftw3 3.0.1-12 (low; bug #321566)
CAN-2005-XXXX [clamav-getfile: Insecure use of temporary files]
- clamav-getfiles 0.5-1 (bug #321446; medium)
-CAN-2005-XXXX [cgiwrap: Minimum UID does not include all system users]
+CAN-2005-3254 [cgiwrap: Minimum UID does not include all system users]
- cgiwrap 3.9-3.1 (bug #316881; low)
-CAN-2005-XXXX [cgiwrap: CGIs can be used to disclose system information]
+CAN-2005-3255 [cgiwrap: CGIs can be used to disclose system information]
- cgiwrap 3.9-3.1 (bug #316901; low)
CAN-2004-2162 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow ...)
- tutos 1.1.20031017-2.1 (bug #318633; medium)
More information about the Secure-testing-commits
mailing list