[Secure-testing-commits] r2212 - data/CAN
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Wed Sep 28 21:16:06 UTC 2005
Author: jmm-guest
Date: 2005-09-28 21:16:02 +0000 (Wed, 28 Sep 2005)
New Revision: 2212
Modified:
data/CAN/list
Log:
some older issues from the BTS; bugnums; claim
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-09-28 21:14:17 UTC (rev 2211)
+++ data/CAN/list 2005-09-28 21:16:02 UTC (rev 2212)
@@ -1,3 +1,11 @@
+CAN-2005-XXXX [microcode.ctl downloads microcode w/o user confirmation]
+ - microcode.ctl <unfixed> (bug #282583; low)
+ NOTE: The validity of the microcode is ensure inside the CPU
+CAN-2005-XXXX [Unsafe user of snprintf() in icebreaker's highscore list]
+ - icebreaker <unfixed> (bug #297644; low)
+CAN-2001-XXXX [gnupg: inproper flagging of signatures as being local)
+ - gnupg 1.0.7-1 (bug #107374)
+begin claimed by jmm
CAN-2005-3087 (The SecureW2 3.0 TLS implementation uses weak random number generators ...)
TODO: check
CAN-2005-3086 (Directory traversal vulnerability in admin/about.php in contentServ ...)
@@ -52,6 +60,7 @@
TODO: check
CAN-2005-3061 (Multiple stack-based buffer overflows in PowerArchiver 8.10 through ...)
TODO: check
+end claimed by jmm
CAN-2003-XXXX [libsafe: does not prevent some exploit types]
TODO: We should push for removal, maintainer already voiced consent during Sarge prep phase
- libsafe <unfixed> (bug #173227; medium)
@@ -66,7 +75,7 @@
- mysql-dfsg-4.1 4.1.11a -1 (bug #330164; medium)
- mysql-dfsg-5.0 <not-affected> (Was fixed before MySQL 5.0 was uploaded into the archive)
CAN-2005-XXXX [Possibly incorrect virtualiasation in php4]
- - php4 <unfixed> (bug #317577; unknown)
+ - php4 <unfixed> (bug #317577; bug #330419; unknown)
NOTE: Maintainer can't reproduce
CAN-1999-XXXX [Insecure access control on GNU Mach's IO ports]
- gnumach <unfixed> (bug #46709)
@@ -9887,7 +9896,7 @@
NOTE: fix between 2.6.11 and 2.6.12, see
NOTE: http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1e01441051dda3bb01c455b6e20bce6d00563d82"
- kernel-source-2.6.8 <unfixed> (bug #295949; high)
- - linux-2.6 <not-affected>
+ - linux-2.6 <not-affected> (Vulnerable code was removed betwen 2.6.11 and 2.6.12)
CAN-2005-0448 (Race condition in the rmtree function in File::Path.pm in Perl before ...)
{DSA-696-1}
- perl 5.8.4-7
More information about the Secure-testing-commits
mailing list