[Secure-testing-commits] r2007 - data/CAN

Joey Hess joeyh at costa.debian.org
Thu Sep 15 21:14:20 UTC 2005 

Author: joeyh
Date: 2005-09-15 21:14:17 +0000 (Thu, 15 Sep 2005)
New Revision: 2007

Modified:
   data/CAN/list
Log:
automatic CAN database update

Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-09-15 16:04:59 UTC (rev 2006)
+++ data/CAN/list	2005-09-15 21:14:17 UTC (rev 2007)
@@ -783,6 +783,7 @@
 CAN-2003-1229 (X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and ...)
 	NOTE: not-for-us (Sun JSSE and JRE)
 CAN-2005-2617 (The syscall32_setup_pages function in syscall32.c for Linux kernel ...)
+	{DTSA-16-1}
 	NOTE: http://lists.debian.org/debian-kernel/2005/08/msg00991.html 
 	NOTE: amd64 specific DOS
 	- linux-2.6 2.6.12-6
@@ -920,6 +921,7 @@
 	{DSA-778-1}
 	- mantis 0.19.2-4 (medium)
 CAN-2005-2555 (Linux kernel 2.6.x does not properly restrict socket policy access to ...)
+	{DTSA-16-1}
 	- linux-2.6.12 2.6.12-6 (medium)
 	- kernel-source-2.6.8 2.6.8-16sarge2
 	- kernel-source-2.4.27 2.4.27-10sarge2
@@ -1267,6 +1269,7 @@
 	NOTE: reserved
 	- linux-2.6 (unfixed; bug #327416; medium)
 CAN-2004-2302 (Race condition in the sysfs_read_file and sysfs_write_file functions ...)
+	{DTSA-16-1}
 	- kernel-source-2.6.8 (unfixed; bug #322339; medium)
 	- linux-2.6 2.6.12-1 (bug #322339; medium)
 	NOTE: 2.4.27 not affected
@@ -1285,6 +1288,7 @@
 	NOTE: previous ssh delay bugs
 	- ssh (unfixed; bug #314645; low)
 CAN-2005-2548 (vlan_dev.c in Linux kernel 2.6.8 allows remote attackers to cause a ...)
+	{DTSA-16-1}
 	NOTE: Will appear in next kernel DSA, fixed in 2.6 since 2.6.9
 	- kernel-image-2.6.8-i386 (unfixed; bug #309308; low)
 	NOTE: 2.6.12-1 contained a partially broken fix
@@ -1342,10 +1346,12 @@
 CAN-2005-2469
 	NOTE: reserved
 CAN-2005-2459 (The huft_build function in inflate.c in the zlib routines in the Linux ...)
+	{DTSA-16-1}
 	NOTE: 2.6.8 will be handled in DSA, 2.6.8 will soon be removed from sid
 	- linux-2.6 2.6.12-3 (bug #323173)
 	- kernel-source-2.4.27 2.4.27-11 (medium)
 CAN-2005-2458 (inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 ...)
+	{DTSA-16-1}
 	NOTE: 2.6.8 will be handled in DSA, 2.6.8 will soon be removed from sid
 	- linux-2.6 2.6.12-3 (bug #323173; medium)
 	- kernel-source-2.4.27 2.4.27-11 (medium)
@@ -1492,9 +1498,11 @@
 CAN-2005-XXXX [Crypto weakness in Tor's handshaking process]
 	- tor 0.1.0.14-1 (medium)
 CAN-2005-2457 (The driver for compressed ISO file systems (zisofs) in the Linux ...)
+	{DTSA-16-1}
 	- linux-2.6 2.6.12-3 (medium)
 	- kernel-source-2.4.27 2.4.27-11 (medium)
 CAN-2005-2456 (Array index overflow in the xfrm_sk_policy_insert function in ...)
+	{DTSA-16-1}
 	- linux-2.6 2.6.12-2 (bug #321401; medium)
 	- kernel-source-2.4.27 2.4.27-11 (medium)
 CAN-2005-2455 (Greasemonkey before 0.3.5 allows remote web servers to (1) read ...)
@@ -1514,7 +1522,7 @@
 CAN-2005-2449 (Race condition in sandbox before 1.2.11 allows local users to create ...)
 	NOTE: not-for-us (sandbox)
 CAN-2005-2448 (Multiple "endianness errors" in libgadu in ekg before 1.6rc2 allow ...)
-	{DTSA-2-1 DTSA-4-1}
+	{DSA-813-1 DTSA-2-1 DTSA-4-1}
 	- ekg 1:1.5+20050718+1.6rc3-1 (low)
 	- centericq 4.20.0-8etch1 (bug #323185; medium)
 CAN-2005-2447
@@ -1718,11 +1726,11 @@
 CAN-2005-2371 (Unknown vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows ...)
 	NOTE: not-for-us (Oracle Reports)
 CAN-2005-2370 (Multiple "memory alignment errors" in libgadu, as used in ekg before ...)
-	{DSA-769-1 DTSA-2-1 DTSA-5-1}
+	{DSA-813-1 DSA-769-1 DTSA-2-1 DTSA-5-1}
 	- gaim 1:1.4.0-5 (low)
 	- centericq 4.20.0-8etch1 (bug #323185; low)
 CAN-2005-2369 (Multiple integer signedness errors in libgadu, as used in ekg before ...)
-	{DTSA-2-1}
+	{DSA-813-1 DTSA-2-1}
 	TODO: check gaim and others that embed libgadu in source tree
 	- centericq 4.20.0-8etch1 (bug #323185; medium)
 CAN-2005-2368 (vim 6.3 before 6.3.082, with modelines enabled, allows external ...)
@@ -2963,9 +2971,11 @@
 CAN-2005-2100
 	NOTE: reserved
 CAN-2005-2099 (The Linux kernel before 2.6.12.5 does not properly destroy a keyring ...)
+	{DTSA-16-1}
 	NOTE: 2.6.8 and 2.4.27 not affected
 	- linux-2.6 2.6.12-3 (unfixed; bug #323039; medium)
 CAN-2005-2098 (The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before ...)
+	{DTSA-16-1}
 	NOTE: 2.6.8 and 2.4.27 not affected
 	- linux-2.6 2.6.12-3 (unfixed; bug #323039; medium)
 CAN-2005-2097 (xpdf and kpdf do not properly validate the "loca" table in PDF files, ...)
@@ -4154,6 +4164,7 @@
 	- centericq 4.20.0-7 (medium)
 CAN-2005-1913 [DoS: in Linux kernel: Clean up subthread exec]
 	NOTE: reserved
+	{DTSA-16-1}
 	- linux-2.6 2.6.12-1 (medium)
 	- kernel-source-2.6.11 2.6.11-6 (medium)
 CAN-2005-1912
@@ -4482,6 +4493,7 @@
 CAN-2005-1766 (Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 ...)
 	NOTE: not-for-us (RealPlayer)
 CAN-2005-1765 (syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, ...)
+	{DTSA-16-1}
 	- kernel-source-2.6.8 2.6.8-17
 	- kernel-source-2.6.8 2.6.8-16sarge1
 	- linux-2.6 2.6.12-1 (medium)
@@ -4495,11 +4507,13 @@
 	- kernel-source-2.6.8 2.6.8-16sarge1
 	TODO: check if it's fixed in linux-2.6
 CAN-2005-1762 (The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 ...)
+	{DTSA-16-1}
 	- linux-2.6 2.6.12-1 (medium)
 	- kernel-source-2.6.8 2.6.8-17
 	- kernel-source-2.6.8 2.6.8-16sarge1
 	- kernel-source-2.4.27 2.4.27-11
 CAN-2005-1761 (Unknown vulnerability in the Linux kernel allows local users to cause ...)
+	{DTSA-16-1 DTSA-16-1}
 	- linux-2.6 2.6.12-1 (medium)
 	- kernel-source-2.6.11 2.6.11-6 (medium)
 	- kernel-source-2.6.8 2.6.8-17

More information about the Secure-testing-commits mailing list