[Secure-testing-commits] r1780 - in data: CAN DSA
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Fri Sep 2 11:43:07 UTC 2005
Author: jmm-guest
Date: 2005-09-02 11:43:03 +0000 (Fri, 02 Sep 2005)
New Revision: 1780
Modified:
data/CAN/list
data/DSA/list
Log:
five new dsas
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-09-02 08:33:14 UTC (rev 1779)
+++ data/CAN/list 2005-09-02 11:43:03 UTC (rev 1780)
@@ -20,9 +20,9 @@
CAN-2005-XXXX [polygen doesn't honor umask when creating grm.o files]
NOTE: Fix in -8 had problems
- polygen 1.0.6-9 (low)
-CAN-2005-XXXX [Unspecified XSS in phpgroupware's phpgwapi]
+CAN-2005-2761 [Various XSS in phpgroupware's phpgwapi]
- phpgroupware 0.9.16.008-1 (unknown)
-CAN-2005-XXXX [Insecure usage of popen() in Affix]
+CAN-2005-2716 [Insecure usage of popen() in Affix]
- affix 2.1.2-3 (bug #325444; medium)
CAN-2005-XXXX [Insecure tempfile usage in tleds]
- tleds 1.05beta10-9 (bug# 276789; low)
@@ -2672,10 +2672,6 @@
NOTE: not-for-us (YaBB)
CAN-2004-2138 (Cross-site scripting (XSS) vulnerability in AWSguest.php in ...)
NOTE: not-for-us (MySQLGuest)
-CAN-2005-XXXX [proftpd: format string vulnerability in mod_sql's SQLShowInfo]
- - proftpd 1.2.10-20 (medium)
-CAN-2005-XXXX [proftpd format string vulnerability in ftpshut]
- - proftpd 1.2.10-19 (medium)
CAN-2005-2078 (BisonFTP Server V4R1 allows remote authenticated users to cause a ...)
NOTE: not-for-us (BisonFTP Server)
CAN-2005-2077 (Cross-site scripting (XSS) vulnerability in error.asp for Hosting ...)
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2005-09-02 08:33:14 UTC (rev 1779)
+++ data/DSA/list 2005-09-02 11:43:03 UTC (rev 1780)
@@ -1,3 +1,23 @@
+[02 Sep 2005] DSA-798-1 phpgroupware - several
+ {CAN-2005-2498 CAN-2005-2600 CAN-2005-2761}
+ - phpgroupware 0.9.16.008-1 (high)
+ NOTE: not fixed in testing at time of DSA (too young)
+[01 Sep 2005] DSA-797-1 zsync - buffer overflow
+ {CAN-2005-1849 CAN-2005-2096}
+ - zsync 0.4.0-2 (medium)
+ NOTE: fixed in testing at time of DSA
+[01 Sep 2005] DSA-796-1 affix - unsafe use of popen
+ {CAN-2005-2716}
+ - affix 2.1.2-3 (medium)
+ NOTE: not fixed in testing at time of DSA (glibc transition, builds)
+[01 Sep 2005] DSA-795-1 proftpd - format string error
+ {CAN-2005-2390}
+ - proftpd 1.2.10-20 (medium)
+ NOTE: fixed in testing at time of DSA
+[01 Sep 2005] DSA-794-1 polygen - programming error
+ {CAN-2005-2656}
+ - polygen 1.0.6-9 (low)
+ NOTE: not fixed in testing at time of DSA (too young)
[21 Aug 2005] DSA-779-2 mozilla-firefox - several
NOTE: Essentially 1.0.6 with rolled-back version number, backported version had regressions
{CAN-2005-2260 CAN-2005-2261 CAN-2005-2262 CAN-2005-2263 CAN-2005-2264 CAN-2005-2265 CAN-2005-2266 CAN-2005-2267 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270}
More information about the Secure-testing-commits
mailing list