[Secure-testing-commits] r2242 - data/CAN

Moritz Muehlenhoff jmm-guest at costa.debian.org
Thu Sep 29 21:18:53 UTC 2005 

Author: jmm-guest
Date: 2005-09-29 21:18:49 +0000 (Thu, 29 Sep 2005)
New Revision: 2242

Modified:
   data/CAN/list
Log:
bugnums and three older issues from the BTS


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-09-29 21:14:17 UTC (rev 2241)
+++ data/CAN/list	2005-09-29 21:18:49 UTC (rev 2242)
@@ -1,3 +1,12 @@
+CAN-2005-XXXX [Insecure temp files in linux-wlan-ng]
+	- linux-wlan-ng 0.2.0+0.2.1pre21-1.1 (bug #290047; low)
+CAN-2004-XXXX [kmail may send out sensitive information when used on NFS homes]
+	- kmail <unfixed> (bug #280287; low)
+CAN-2002-XXXX [sanitizer bypassal through quoted file names]
+	- sanitizer <unfixed> (bug #149799; medium)
+	TODO: We should followup, this is probably fixed since the last three years
+CAN-2005-XXXX [hdup does not preserve directory permissions]
+	- hdup <unfixed> (bug #302790)
 CAN-2005-XXXX [Heap overflow in libosip URI parsing]
 	- libosip 2.0.9-1 (bug #308737)
 CAN-2005-XXXX [rkhunter: Insecure temporary file]
@@ -4220,7 +4229,7 @@
 	NOT-FOR-US: Finjan SurfinGate
 CAN-2005-1993 (Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL ...)
 	{DSA-735-2 DSA-735-1}
-	- sudo 1.6.8p9-1 (medium)
+	- sudo 1.6.8p9-1 (bug #315718; bug #315115; medium)
 CAN-2005-1992 (The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets ...)
 	{DSA-748-1}
 	- ruby1.8 1.8.2-8 (medium)
@@ -7888,7 +7897,7 @@
 CAN-2005-0978 (Directory traversal vulnerability in the Object Push service in IVT ...)
 	NOT-FOR-US: IVT BlueSoleil
 CAN-2005-0977 (The shmem_nopage function in shmem.c for the tmpfs driver in Linux ...)
-	- kernel-source-2.6.8 2.6.8-16
+	- kernel-source-2.6.8 2.6.8-16 (bug #303177)
 CAN-2005-0976 (AppleWebKit (WebCore and WebKit), as used in multiple products such as ...)
 	NOT-FOR-US: Apple
 CAN-2005-0975 (Integer signedness error in the parse_machfile function in the mach-o ...)
@@ -9577,7 +9586,7 @@
 	NOTE: This is fixed in lynx-cur, maybe a fix can be extracted from there
 	- lynx <unfixed> (bug #296340; low)
 CAN-2004-1616 (Links allows remote attackers to cause a denial of service (memory ...)
-	- links 0.99+1.00pre12-1
+	- links 0.99+1.00pre12-1 (bug #296341; low) 
 CAN-2004-1615 (Opera allows remote attackers to cause a denial of service (invalid ...)
 	NOT-FOR-US: Opera
 CAN-2004-1614 (Mozilla allows remote attackers to cause a denial of service ...)
@@ -10038,8 +10047,8 @@
 	- mozilla-firefox 1.0.2-1
 	- mozilla-thunderbird 1.0.2-1
 CAN-2005-0400 (The ext2_make_empty function call in the Linux kernel before 2.6.11.6 ...)
-	- kernel-source-2.4.27 2.4.27-10
-	- kernel-source-2.6.8 2.6.8-16
+	- kernel-source-2.4.27 2.4.27-10 (bug #303294)
+	- kernel-source-2.6.8 2.6.8-16 (bug #303294)
 CAN-2005-0399 (Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, ...)
 	- mozilla-firefox 1.0.2-1
 	- mozilla-thunderbird 1.0.2-1
@@ -10938,7 +10947,7 @@
 	NOT-FOR-US: Irix
 CAN-2005-0137 (Linux kernel 2.6 on Itanium (ia64) architectures allows local users to ...)
 	NOTE: Does not affect 2.6 based kernels in Debian
-	- kernel-source-2.4.27 2.4.27-10
+	- kernel-source-2.4.27 2.4.27-10 (bug #308584)
 CAN-2005-0136
 	RESERVED
 	- kernel-source-2.6.8 2.6.8-14

More information about the Secure-testing-commits mailing list