[Secure-testing-commits] r2209 - data/CAN

Moritz Muehlenhoff jmm-guest at costa.debian.org
Wed Sep 28 12:33:02 UTC 2005 

Author: jmm-guest
Date: 2005-09-28 12:32:58 +0000 (Wed, 28 Sep 2005)
New Revision: 2209

Modified:
   data/CAN/list
Log:
bugnums and another older issue from the BTS


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-09-28 11:37:40 UTC (rev 2208)
+++ data/CAN/list	2005-09-28 12:32:58 UTC (rev 2209)
@@ -1,3 +1,6 @@
+CAN-2005-XXXX [Multiple security issues when using distcc without ssh auth]
+	- distcc <unfixed> (bug #298929; low)
+	NOTE: Only affects distcc in a very non-standard setup
 CAN-2004-XXXX [phpwiki shares a cookie for all wikis on a host]
 	- phpwiki <unfixed> (bug #282565; medium)
 CAN-2005-XXXX [MySQL authentication bypass]
@@ -28,7 +31,7 @@
 	- php4 <unfixed> (bug #353585; medium)
 	- php5 <unfixed> (bug #353585; medium)
 CAN-2005-3053 (The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x ...)
-	- linux-2.6 <unfixed> (bug #330343; medium)
+	- linux-2.6 <unfixed> (bug #330343; bug# 330353; medium)
 CAN-2005-3052 (SQL injection vulnerability in module/down.inc.php in jportal 2.3.1 ...)
 	NOT-FOR-US: jportal
 CAN-2005-3051 (Stack-based buffer overflow in 7-Zip 3.13, 4.23, and 4.26 BETA allows ...)
@@ -2376,6 +2379,7 @@
 CAN-2004-2265 (UUDeview 0.5.20 and earlier handles temporary files insecurely during ...)
 	- uudeview <unfixed> (bug #320541; medium)
 	TODO: check libconvert-uulib-perl, Florian Weimer is looking at libconvert-uulib-perl
+	TODO: Check, to which extent #242999 applies (there might be more?)
 CAN-2004-2264 (** DISPUTED ** ...)
 	NOTE: less is not suid, explotability unlikely
 CAN-2004-2263 (SQL injection vulnerability in the valid function in fr_left.php in ...)
@@ -3112,7 +3116,7 @@
 	NOTE: How bizarre, they assign a CVE Id without knowing which product contains
 	NOTE: the affected probe.cgi
 CAN-2005-2177 (Unknown vulnerability in Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before ...)
-	- net-snmp 5.2.1.2-1 (medium)
+	- net-snmp 5.2.1.2-1 (bug #318420; medium)
 CAN-2005-2176 (Novell NetMail automatically processes HTML in an attachment without ...)
 	NOT-FOR-US: Novell NetMail
 CAN-2005-2175 (The web interface for Lotus Notes mail automatically processes HTML in ...)
@@ -7808,9 +7812,9 @@
 CAN-2005-XXXX [Insecure tempfile handling in openwebmail CGI scripts]
 	NOTE: Was once part of Debian, but has been removed
 CAN-2005-0966 (The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, ...)
-	- gaim 1:1.2.1-1
+	- gaim 1:1.2.1-1 (bug #303581)
 CAN-2005-0965 (The gaim_markup_strip_html function in Gaim 1.2.0, and possibly ...)
-	- gaim 1:1.2.1-1
+	- gaim 1:1.2.1-1 (bug #303581)
 CAN-2005-0964 (Unknown vulnerability in Kerio Personal Firewall 4.1.2 and earlier ...)
 	NOT-FOR-US: Kerio firewall
 CAN-2005-0963 (An error in the Toshiba ACPI BIOS 1.6 causes the BIOS to only examine ...)
@@ -13314,7 +13318,9 @@
 CAN-2004-0428 (Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS ...)
 	NOT-FOR-US: Mac OS X)
 CAN-2004-0427 (The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before ...)
-	NOTE: fixed after 2.6.6/2.4.26 kernel
+	- linux-2.6 <not-affected> (Fixed before upload of linux-2.6 package into the archive)
+	- kernel-source-2.4.27 <not-affected> (Fixed before upload of package into the archive)
+	NOTE: Fixed in 2.6.6/2.4.26 kernel
 CAN-2004-0426 (rsync before 2.6.1 does not properly sanitize paths when running a ...)
 	{DSA-499}
 CAN-2004-0425 (Heap-based buffer overflow in SiteMinder Affiliate Agent 4.x allows ...)

More information about the Secure-testing-commits mailing list