[Secure-testing-commits] r2032 - in data: CAN DSA

Florian Weimer fw at costa.debian.org
Sat Sep 17 15:33:23 UTC 2005 

Author: fw
Date: 2005-09-17 15:33:15 +0000 (Sat, 17 Sep 2005)
New Revision: 2032

Modified:
   data/CAN/list
   data/DSA/list
Log:
Add data found on bugs-dist, mainly known-fixed versions and bug
xrefs.

CAN-2005-2918: New CAN for gtkdiskfree.
CAN-2005-2876: loop-aes-utils is also affected.
CAN-2005-2558: mysql-dfsg is also vulnerable.


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-09-17 13:19:32 UTC (rev 2031)
+++ data/CAN/list	2005-09-17 15:33:15 UTC (rev 2032)
@@ -2,6 +2,8 @@
 	- clamav (unfixed; bug #328660; medium)
 CAN-2005-2919 [clamav: libclamav/fsg.c: fix possible infinite loop.]
 	- clamav (unfixed; bug #328660; medium)
+CAN-2005-2918 [/tmp race condition in gtkdiskfree 1.9.3 and earlier]
+	- gtkdiskfree (bug #328566; low)
 CAN-2005-XXXX [Two local kernel DoS through incorrect ioctl refcounter handling]
 	TODO: Pinged Horms for 2.4
 	- linux-2.6 (unfixed; medium)
@@ -11,6 +13,7 @@
 	- twiki 20040902-2
 CAN-2005-2876 (umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2 allows ...)
 	- util-linux (unfixed; bug #328141; medium)
+	- loop-aes-utils 2.12p-9 (bug #328626; medium)
 CAN-2005-2875 (Py2Play allows remote attackers to execute arbitrary Python code via ...)
 	- py2play (unfixed; bug #326976; medium)
 CAN-2005-2874 (The is_path_absolute function in scheduler/client.c for the daemon in ...)
@@ -31,7 +34,7 @@
 CAN-2005-2870 (Unknown vulnerability in the net-svc script on Solaris 10 allows ...)
 	NOTE: not-for-us (Solaris)
 CAN-2005-2869 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
-	- phpmyadmin (unfixed; bug #327345; medium)
+	- phpmyadmin 4:2.6.4-pl1-1 (bug #327345; medium)
 CAN-2005-2868 (ZipTorrent 1.3.7.3 stores sensitive information in plaintext in the ...)
 	NOTE: not-for-us (ZipTorrent)
 CAN-2005-2867 (SQL injection vulnerability in BlueWhaleCRM allows remote attackers to ...)
@@ -919,7 +922,8 @@
 	NOTE: not-for-us (e107 portal)
 CAN-2005-2558 (Stack-based buffer overflow in the init_syms function in MySQL 4.0 ...)
 	- mysql-dfsg-4.1 4.1.13 (medium)
-	- mysql-dfsg-5.0 5.0.7beta (medium)
+	- mysql-dfsg-5.0 5.0.7beta-1 (medium)
+	- mysql-dfsg (unfixed; bug #322133; medium)
 CAN-2005-2557
 	NOTE: reserved
 	{DSA-778-1}
@@ -1258,7 +1262,7 @@
 	NOTE: reserved
 	- xorg-x11 6.8.2.dfsg.1-7 (medium)
 CAN-2005-2494 (kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain root ...)
-	- kdebase (unfixed; bug #327039; medium)
+	- kdebase 4:3.4.2-3 (bug #327039; medium)
 CAN-2005-2493
 	NOTE: reserved
 CAN-2005-2492 [Linux kernel sendmsg() DoS/information disclosure]
@@ -1304,10 +1308,6 @@
 	NOTE: Fixed in SVN for kernel-source-2.4.27 and 2.6.8, will probably result
 	NOTE: in a kernel DSA with other issues
 	TODO: Check, whether this is fixed in linux-2.6 SVN as well
-CAN-2005-XXXX [Buffer overflow in mysql's user defined functions]
-	- mysql-dfsg (unfixed; bug #322133; medium)
-	- mysql-dfsg-4.1 4.1.13-1 (medium)
-	- mysql-dfsg-5.0 5.0.7beta-1 (medium)
 CAN-2005-XXXX [Unspecified buffer overflow in metar]
 	- metar 20050807.1-1 (unknown)
 CAN-2005-2489 (Web Content Management News System allows remote attackers to create ...)
@@ -4977,7 +4977,7 @@
 	NOTE: not-for-us (NPDS)
 CAN-2005-1636 (mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 ...)
 	{DSA-783-1}
-	- mysql-dfsg 4.0.12-2
+	- mysql-dfsg 4.0.12-2 (bug #319526; low)
 CAN-2005-1635 (JGS-XA JGS-Portal 3.0.2 and earlier allows remote attackers to obtain ...)
 	NOTE: not-for-us (JGS-Portal)
 CAN-2005-1634 (Multiple cross-site scripting (XSS) vulnerabilities in JGS-XA ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2005-09-17 13:19:32 UTC (rev 2031)
+++ data/DSA/list	2005-09-17 15:33:15 UTC (rev 2032)
@@ -138,7 +138,7 @@
 	NOTE: not fixed in testing at time of DSA (glibc transition)
 [24 Aug 2005] DSA-783-1 mysql-dfsg-4.1 - insecure temporary file
 	{CAN-2005-1636}
-	- mysql-dfsg-4.1 4.1.12 (medium)
+	- mysql-dfsg-4.1 4.1.12 (medium; bug #319526)
 	NOTE: not fixed in testing at time of DSA (glibc transition)
 	- mysql-dfsg-5.0 5.0.11beta-3 (medium)
 	NOTE: not fixed in testing at time of DSA (glibc transition)

More information about the Secure-testing-commits mailing list