[Secure-testing-commits] r2033 - data/CAN

Florian Weimer fw at costa.debian.org
Sat Sep 17 16:44:15 UTC 2005 

Author: fw
Date: 2005-09-17 16:44:12 +0000 (Sat, 17 Sep 2005)
New Revision: 2033

Modified:
   data/CAN/list
Log:
More updates picked up on bugs-dist.


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-09-17 15:33:15 UTC (rev 2032)
+++ data/CAN/list	2005-09-17 16:44:12 UTC (rev 2033)
@@ -1,3 +1,16 @@
+CAN-2005-XXXX [mkzopeinstance.py creates world-readable inituser file]
+	- zope2.7 (unfixed; bug #313644; low)
+	NOTE: first patch was incorrect
+CAN-2005-XXXX [wine-safe does not prompt the user/is registered in mailcap]
+	- wine (bug #327261; bug #327262; unfixed)
+	TODO: It is not clear what the real bug is.
+	TODO: Does wine-safe prompt properly?  Or should the functionality
+	TODO: be disabled completely, like Microsoft did some time ago?
+CAN-2005-XXXX [openssl: uses MD5 by default]
+	- openssl (bug #314465; unimportant)
+	NOTE: MD5 is still good enough for most applications.
+CAN-2005-XXXX [texinfo: /tmp race condition when processing large input files]
+	- texinfo (unfixed; bug #328365; low)
 CAN-2005-2920 [clamav: libclamav/upx.c: fix possible buffer overflow.]
 	- clamav (unfixed; bug #328660; medium)
 CAN-2005-2919 [clamav: libclamav/fsg.c: fix possible infinite loop.]
@@ -24,6 +37,7 @@
 	- mozilla-firefox 1.0.6-5 (medium)
 	- mozilla (unfixed; bug #327455; medium)
 	- mozilla-thunderbird (unfixed; medium)
+	- epiphany-browser (unfixed; bug #327366; medium)
 CAN-2005-XXXX [several buffer overflows in MS CHM library before version 0.36]
 	- chmlib 0.36-1 (bug #327431)
 CAN-2005-2802
@@ -413,7 +427,7 @@
 	- kernel-source-2.4.27 2.4.27-11 (bug #322237; medium)
 CAN-2005-XXXX [polygen doesn't honor umask when creating grm.o files]
 	NOTE: Fix in -8 had problems
-	- polygen 1.0.6-9 (low)
+	- polygen 1.0.6-9 (bug #325468; low)
 CAN-2005-2761 (Cross-site scripting (XSS) vulnerability in phpGroupWare 0.9.16.000 ...)
 	{DSA-798-1}
 	- phpgroupware 0.9.16.008-1 (unknown)
@@ -426,7 +440,7 @@
 	{DSA-806-1 DSA-802-1}
 	NOTE: cvs: not shipped in binary package
 	- cvs 1:1.12.9-15 (bug #325106; unimportant)
-	- gcvs 1.0final-8 (low)
+	- gcvs 1.0final-8 (bug #324969; low)
 CAN-2005-2692 (Multiple SQL injection vulnerabilities in RunCMS 1.2 and earlier allow ...)
 	NOTE: not-for-us (RunCMS)
 CAN-2005-2691 (includes/common.php in RunCMS 1.2 and earlier calls the extract ...)
@@ -506,7 +520,7 @@
 	{DSA-794-1}
 CAN-2005-2655 (lockmail in maildrop before 1.5.3 does not drop privileges before ...)
 	{DSA-791-1 DTSA-11-1}
-	- maildrop 1.5.3-1.1etch1 (medium)
+	- maildrop 1.5.3-1.1etch1 (bug #325135; medium)
 CAN-2005-2654 (phpldapadmin before 0.9.6c allows remote attackers to gain anonymous ...)
 	{DSA-790-1}
 	- phpldapadmin 0.9.6c-5 (medium)
@@ -1564,10 +1578,12 @@
 	NOTE: not-for-us (PhpList)
 CAN-2005-2431 (The (1) lost password and (2) account pending features in GForge 4.5 ...)
 	NOTE: maintainer lacks time for backport/investigation for GForge 3.1 in Debian
-	- gforge (unfixed; medium)
+	- gforge (bug #328224; unimportant)
+	NOTE: Direct flooding is possible as well in most circumstances.
+	NOTE: maintainer lacks time for backport/investigation for GForge 3.1 in Debian
 CAN-2005-2430 (Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 ...)
+	- gforge (bug #328224; medium)
 	NOTE: maintainer lacks time for backport/investigation for GForge 3.1 in Debian
-	- gforge (unfixed; medium)
 CAN-2005-2429 (Firefox, when opening Microsoft Word documents, does not properly set ...)
 	NOTE: not-for-us (Firefox on Windows)
 CAN-2005-2428 (Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" ...)
@@ -2084,6 +2100,7 @@
 CAN-2005-2320 (WebCalendar before 1.0.0 does not properly restrict access to ...)
 	{DSA-766-1}
 	- webcalender (unfixed; bug #315671; medium)
+	TODO: The bug report references CAN-2005-2717.  What does this mean?
 CAN-2005-2437 (Website Baker Project does not properly verify the file extensions of ...)
 	NOTE: not-for-us (Website Baker)
 CAN-2005-XXXX [fiaif: Package provided cron job updates conf files with access definitions]

More information about the Secure-testing-commits mailing list