[Secure-testing-commits] r1780 - in data: CAN DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Fri Sep 2 11:43:07 UTC 2005


Author: jmm-guest
Date: 2005-09-02 11:43:03 +0000 (Fri, 02 Sep 2005)
New Revision: 1780

Modified:
   data/CAN/list
   data/DSA/list
Log:
five new dsas


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-09-02 08:33:14 UTC (rev 1779)
+++ data/CAN/list	2005-09-02 11:43:03 UTC (rev 1780)
@@ -20,9 +20,9 @@
 CAN-2005-XXXX [polygen doesn't honor umask when creating grm.o files]
 	NOTE: Fix in -8 had problems
 	- polygen 1.0.6-9 (low)
-CAN-2005-XXXX [Unspecified XSS in phpgroupware's phpgwapi]
+CAN-2005-2761 [Various XSS in phpgroupware's phpgwapi]
 	- phpgroupware 0.9.16.008-1 (unknown)
-CAN-2005-XXXX [Insecure usage of popen() in Affix]
+CAN-2005-2716 [Insecure usage of popen() in Affix]
 	- affix 2.1.2-3 (bug #325444; medium)
 CAN-2005-XXXX [Insecure tempfile usage in tleds]
 	- tleds 1.05beta10-9 (bug# 276789; low)
@@ -2672,10 +2672,6 @@
 	NOTE: not-for-us (YaBB)
 CAN-2004-2138 (Cross-site scripting (XSS) vulnerability in AWSguest.php in ...)
 	NOTE: not-for-us (MySQLGuest)
-CAN-2005-XXXX [proftpd: format string vulnerability in mod_sql's SQLShowInfo]
-	- proftpd 1.2.10-20 (medium)
-CAN-2005-XXXX [proftpd format string vulnerability in ftpshut]
-	- proftpd 1.2.10-19 (medium)
 CAN-2005-2078 (BisonFTP Server V4R1 allows remote authenticated users to cause a ...)
 	NOTE: not-for-us (BisonFTP Server)
 CAN-2005-2077 (Cross-site scripting (XSS) vulnerability in error.asp for Hosting ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2005-09-02 08:33:14 UTC (rev 1779)
+++ data/DSA/list	2005-09-02 11:43:03 UTC (rev 1780)
@@ -1,3 +1,23 @@
+[02 Sep 2005] DSA-798-1 phpgroupware - several
+	{CAN-2005-2498 CAN-2005-2600 CAN-2005-2761}
+	- phpgroupware 0.9.16.008-1 (high)
+	NOTE: not fixed in testing at time of DSA (too young)
+[01 Sep 2005] DSA-797-1 zsync - buffer overflow
+	{CAN-2005-1849 CAN-2005-2096}
+	- zsync 0.4.0-2 (medium) 
+	NOTE: fixed in testing at time of DSA
+[01 Sep 2005] DSA-796-1 affix - unsafe use of popen
+	{CAN-2005-2716}
+	- affix 2.1.2-3 (medium) 
+	NOTE: not fixed in testing at time of DSA (glibc transition, builds)
+[01 Sep 2005] DSA-795-1 proftpd - format string error
+	{CAN-2005-2390}
+	- proftpd 1.2.10-20 (medium)
+	NOTE: fixed in testing at time of DSA
+[01 Sep 2005] DSA-794-1 polygen - programming error
+	{CAN-2005-2656}
+	- polygen 1.0.6-9 (low)
+	NOTE: not fixed in testing at time of DSA (too young)
 [21 Aug 2005] DSA-779-2 mozilla-firefox - several
 	NOTE: Essentially 1.0.6 with rolled-back version number, backported version had regressions
 	{CAN-2005-2260 CAN-2005-2261 CAN-2005-2262 CAN-2005-2263 CAN-2005-2264 CAN-2005-2265 CAN-2005-2266 CAN-2005-2267 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270}




More information about the Secure-testing-commits mailing list