[Secure-testing-commits] r2081 - in data: CAN DSA

Joey Hess joeyh at costa.debian.org
Thu Sep 22 10:13:10 UTC 2005 

Author: joeyh
Date: 2005-09-22 10:13:07 +0000 (Thu, 22 Sep 2005)
New Revision: 2081

Modified:
   data/CAN/list
   data/DSA/list
Log:
researched webcalendar. The changelog is 100% shite, confusing two
different holes and referring to the wrong CAN, but all the issues fixed in
the two DSAs are in fact fixed in the version in unstable/testing.


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-09-22 10:12:43 UTC (rev 2080)
+++ data/CAN/list	2005-09-22 10:13:07 UTC (rev 2081)
@@ -651,6 +651,7 @@
 	- courier 0.47-8 (medium; bug #325631)
 CAN-2005-2801 (xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 ...)
 	- kernel-source-2.4.27 2.4.27-11 (medium)
+	TODO: check what version of linux-2.6 fixed this. (See bug #328395)
 	NOTE: http://lists.debian.org/debian-kernel/2005/08/msg00238.html
 CAN-2005-2873 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and ...)
 	- kernel-source-2.4.27 (unfixed; low)
@@ -2334,8 +2335,7 @@
 	NOTE: woody is not affected according to the bug report.
 CAN-2005-2320 (WebCalendar before 1.0.0 does not properly restrict access to ...)
 	{DSA-766-1}
-	- webcalender (unfixed; bug #315671; medium)
-	TODO: The bug report references CAN-2005-2717.  What does this mean?
+	- webcalender 0.9.45-7 (bug #315671; medium)
 CAN-2005-2437 (Website Baker Project does not properly verify the file extensions of ...)
 	NOTE: not-for-us (Website Baker)
 CAN-2005-XXXX [fiaif: Package provided cron job updates conf files with access definitions]

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2005-09-22 10:12:43 UTC (rev 2080)
+++ data/DSA/list	2005-09-22 10:13:07 UTC (rev 2081)
@@ -73,7 +73,7 @@
 	NOTE: however, fixed in secure-testing archive
 [02 Sep 2005] DSA-799-1 webcalendar - input validation
 	{CAN-2005-2717}
-	- webcalendar (unfixed; bug #326223; high)
+	- webcalendar 0.9.45-7 (bug #326223; high)
 	NOTE: not fixed in testing at time of DSA (coordinated disclosure)
 [02 Sep 2005] DSA-798-1 phpgroupware - several
 	{CAN-2005-2498 CAN-2005-2600 CAN-2005-2761}

More information about the Secure-testing-commits mailing list