[Secure-testing-commits] r2212 - data/CAN

Moritz Muehlenhoff jmm-guest at costa.debian.org
Wed Sep 28 21:16:06 UTC 2005 

Author: jmm-guest
Date: 2005-09-28 21:16:02 +0000 (Wed, 28 Sep 2005)
New Revision: 2212

Modified:
   data/CAN/list
Log:
some older issues from the BTS; bugnums; claim


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-09-28 21:14:17 UTC (rev 2211)
+++ data/CAN/list	2005-09-28 21:16:02 UTC (rev 2212)
@@ -1,3 +1,11 @@
+CAN-2005-XXXX [microcode.ctl downloads microcode w/o user confirmation]
+	- microcode.ctl <unfixed> (bug #282583; low)
+	NOTE: The validity of the microcode is ensure inside the CPU
+CAN-2005-XXXX [Unsafe user of snprintf() in icebreaker's highscore list]
+	- icebreaker <unfixed> (bug #297644; low)
+CAN-2001-XXXX [gnupg: inproper flagging of signatures as being local)
+	- gnupg 1.0.7-1 (bug #107374)
+begin claimed by jmm
 CAN-2005-3087 (The SecureW2 3.0 TLS implementation uses weak random number generators ...)
 	TODO: check
 CAN-2005-3086 (Directory traversal vulnerability in admin/about.php in contentServ ...)
@@ -52,6 +60,7 @@
 	TODO: check
 CAN-2005-3061 (Multiple stack-based buffer overflows in PowerArchiver 8.10 through ...)
 	TODO: check
+end claimed by jmm
 CAN-2003-XXXX [libsafe: does not prevent some exploit types]
 	TODO: We should push for removal, maintainer already voiced consent during Sarge prep phase	
 	- libsafe <unfixed> (bug #173227; medium)
@@ -66,7 +75,7 @@
 	- mysql-dfsg-4.1 4.1.11a -1 (bug #330164; medium)
 	- mysql-dfsg-5.0 <not-affected> (Was fixed before MySQL 5.0 was uploaded into the archive)
 CAN-2005-XXXX [Possibly incorrect virtualiasation in php4]
-	- php4 <unfixed> (bug #317577; unknown)
+	- php4 <unfixed> (bug #317577; bug #330419; unknown)
 	NOTE: Maintainer can't reproduce
 CAN-1999-XXXX [Insecure access control on GNU Mach's IO ports]
 	- gnumach <unfixed> (bug #46709)
@@ -9887,7 +9896,7 @@
 	NOTE: fix between 2.6.11 and 2.6.12, see
 	NOTE: http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1e01441051dda3bb01c455b6e20bce6d00563d82"
 	- kernel-source-2.6.8 <unfixed> (bug #295949; high)
-	- linux-2.6 <not-affected> 
+	- linux-2.6 <not-affected> (Vulnerable code was removed betwen 2.6.11 and 2.6.12)
 CAN-2005-0448 (Race condition in the rmtree function in File::Path.pm in Perl before ...)
 	{DSA-696-1}
 	- perl 5.8.4-7

More information about the Secure-testing-commits mailing list