[Secure-testing-commits] r2047 - in data: CAN DSA

Florian Weimer fw at costa.debian.org
Mon Sep 19 15:30:56 UTC 2005 

Author: fw
Date: 2005-09-19 15:30:52 +0000 (Mon, 19 Sep 2005)
New Revision: 2047

Modified:
   data/CAN/list
   data/DSA/list
Log:
Add urgency flags to non-kernel bugs which are still open in unstable.



Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-09-19 15:13:32 UTC (rev 2046)
+++ data/CAN/list	2005-09-19 15:30:52 UTC (rev 2047)
@@ -10,7 +10,7 @@
 	- zope2.7 (unfixed; bug #313644; low)
 	NOTE: first patch was incorrect
 CAN-2005-XXXX [wine-safe does not prompt the user/is registered in mailcap]
-	- wine (bug #327261; bug #327262; unfixed)
+	- wine (bug #327261; bug #327262; unfixed; high)
 	TODO: It is not clear what the real bug is.
 	TODO: Does wine-safe prompt properly?  Or should the functionality
 	TODO: be disabled completely, like Microsoft did some time ago?
@@ -562,7 +562,7 @@
 CAN-2005-2643 (Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and ...)
 	- tor 0.1.0.14-1 (medium)
 CAN-2005-2642 (Buffer overflow in the mutt_decode_xbit function in Handler.c for Mutt ...)
-	- mutt (unfixed; bug #323956)
+	- mutt (unfixed; bug #323956; high)
 	NOTE: Status is not clear; upstream is unresponsive.
 CAN-2005-2641 (Unknown vulnerability in pam_ldap before 180 does not properly handle ...)
 	{DSA-785-1}
@@ -957,9 +957,9 @@
 CAN-2005-2555 (Linux kernel 2.6.x does not properly restrict socket policy access to ...)
 	{DTSA-16-1}
 	- linux-2.6.12 2.6.12-6 (medium)
-	- kernel-source-2.6.8 2.6.8-16sarge2
-	- kernel-source-2.4.27 2.4.27-10sarge2
-	- kernel-source-2.4.27 2.4.27-12
+	- kernel-source-2.6.8 2.6.8-16sarge2 (medium)
+	- kernel-source-2.4.27 2.4.27-10sarge2 (medium)
+	- kernel-source-2.4.27 2.4.27-12 (medium)
 CAN-2004-2388 (rexecd for AIX 4.3.3 does not properly use a local copy of the pwd ...)
 	NOTE: not-for-us (rexecd)
 CAN-2004-2387 (Buffer overflow in the HandleCPCCommand function of sercd before 2.3.1 ...)
@@ -6190,9 +6190,9 @@
 	- fai 2.8.2
 CAN-2005-2354 [nvu uses old copy of mozilla xpcom]
 	NOTE: reserved
-	NOTE: have not checked to see which security holes re in it exatly
+	NOTE: have not checked to see which security holes are in it exactly
 	NOTE: Has been removed from Sarge
-	- nvu (unfixed; bug #306822)
+	- nvu (unfixed; bug #306822; medium)
 CAN-2005-XXXX [eskuel: arbitrary file retreiving]
 	- eskuel 1.0.5-3.1 (low)
 CAN-2005-2356 [eskuel: No authentication at all]
@@ -7067,7 +7067,7 @@
 	NOTE: not-for-us (Free BSD)
 CAN-2005-1125 (Race condition in libsafe 2.0.16 and earlier, when running in ...)
 	NOTE: Has been removed from Sarge
-	- libsafe (unfixed; bug #305070)
+	- libsafe (unfixed; bug #305070; medium)
 CAN-2005-1124 (Unknown vulnerability in the libgss Generic Security Services Library ...)
 	NOTE: not-for-us (Solaris)
 CAN-2005-1123 (Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause ...)
@@ -7077,7 +7077,7 @@
 CAN-2005-1121 (Format string vulnerability in the my_xlog function in lib.c for Oops! ...)
 	{DSA-726-1}
 	NOTE: Not part of Sarge due to FTBFS on ia64 and alpha
-	- oops (unfixed; bug #307360)
+	- oops (unfixed; bug #307360; high)
 CAN-2005-1120 (Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail ...)
 	- ilohamail (unfixed; bug #304525; medium)
 CAN-2005-1119 (Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary ...)
@@ -7585,8 +7585,8 @@
 CAN-2005-0894 (OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow local ...)
 	- openmosixview 1.5-7
 CAN-2005-0893 (modes.c in smail 3.2.0.120 implements signal handlers with certain ...)
-	- smail (unfixed; bug #301428)
-	NOTE: no patch known at this time. See also: CAN-2005-0892
+	- smail (unfixed; bug #301428; medium)
+	NOTE: no patch known at this time.
 CAN-2005-0892 (Buffer overflow in smail 3.2.0.120 allows remote attackers or local ...)
 	{DSA-722-1}
 	- smail 3.2.0.115-7
@@ -10966,7 +10966,7 @@
 	NOTE: uml_net is only executable by users in group uml-net in Debian
 	NOTE: uml-utilities-20040406 does not seem to be vulnerable, tried exploit
 CAN-2004-1294 (The mget function in cmds.c for tnftp 20030825 allows remote FTP ...)
-	- tnftp (unfixed; bug #285902)
+	- tnftp (unfixed; bug #285902; medium)
 CAN-2004-1293 (Buffer overflow in the ReadFontTbl function in reader.c for ...)
 	NOTE: not-for-us (rtf2latex2e)
 CAN-2004-1292 (Buffer overflow in the parse_emelody function in parse_emelody.c for ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2005-09-19 15:13:32 UTC (rev 2046)
+++ data/DSA/list	2005-09-19 15:30:52 UTC (rev 2047)
@@ -381,7 +381,7 @@
 	NOTE: fixed in testing at time of DSA
 [20 May 2005] DSA-726-1 oops - format string vulnerability
 	{CAN-2005-1121}
-	- oops (unfixed; bug #307360)
+	- oops (unfixed; bug #307360; high)
 	NOTE: not in testing at time of DSA
 [19 May 2005] DSA-725-1 ppxp - missing privilege release
 	{CAN-2005-0392}

More information about the Secure-testing-commits mailing list