[Secure-testing-commits] r2189 - data/CAN
Florian Weimer
fw at costa.debian.org
Tue Sep 27 07:10:40 UTC 2005
Author: fw
Date: 2005-09-27 07:10:35 +0000 (Tue, 27 Sep 2005)
New Revision: 2189
Modified:
data/CAN/list
Log:
Some items from bugs-dist.
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-09-26 14:16:45 UTC (rev 2188)
+++ data/CAN/list 2005-09-27 07:10:35 UTC (rev 2189)
@@ -1,3 +1,7 @@
+CAN-2005-XXXX [egroupware unsafe use of /tmp for storing a log file]
+ - egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low)
+CAN-2005-XXXX [SQL injection vulnerability in egroupware in account deletion]
+ - egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low)
CAN-2005-XXXX [Insecure pidfile handling in mailleds]
- mailleds <unfixed> (bug #329365; low)
CAN-2005-XXXX [kdebase uses urandom as an entropy source]
@@ -4866,7 +4870,7 @@
NOTE: linux-2.6 not affected (already fixed)
- kernel-source-2.4.27 2.4.27-11 (unknown)
CAN-2005-1766 (Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 ...)
- - helix-player <unfixed> (bug #316276; high)
+ - helix-player 1.0.5-1 (bug #316276; high)
NOTE: Helix Player is affected according to:
NOTE: <http://service.real.com/help/faq/security/050623_player/EN/>
CAN-2005-1765 (syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, ...)
@@ -12867,6 +12871,7 @@
NOTE: apparently only affects mysql-dfsg >= 4.1.x, debian has older version
CAN-2004-0627 (The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, ...)
NOTE: apparently only affects mysql-dfsg >= 4.1.x, debian has older version
+ - mysql-dfsg-4.1 <not-affected> (fixed before first Debian upload)
CAN-2004-0626 (The tcp_find_option function of the netfilter subsystem in Linux ...)
NOTE: fixed after 2.6.6 kernel
CAN-2004-0625 (SQL injection vulnerability in Infinity WEB 1.0 allows remote ...)
More information about the Secure-testing-commits
mailing list