Author: jmm-guest
Date: 2005-08-14 11:55:27 +0000 (Sun, 14 Aug 2005)
New Revision: 1580
Modified:
data/CAN/list
Log:
housekeeping on older TODO items.
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-08-14 11:24:05 UTC (rev 1579)
+++ data/CAN/list 2005-08-14 11:55:27 UTC (rev 1580)
@@ -272,7 +272,6 @@
NOTE: not-for-us (SGI IRIX)
CAN-2002-2092 (Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2
and ...)
NOTE: not-for-us (OpenBSD/NetBSD/FreeBSD
- TODO: check kfreebsd-source-5.3
CAN-2002-2091 (Format string vulnerability in Deception Finger Daemon,
decfingerd, ...)
NOTE: not-for-us (decfingerd)
CAN-2002-2090 (Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote
attackers ...)
@@ -341,9 +340,7 @@
CAN-2005-2457
NOTE: reserved
CAN-2005-2456 (Array index overflow in the xfrm_sk_policy_insert function in
...)
- NOTE: Does affect 2.4 per Horms, fix will be in 2.4.27 DSA
- TODO: Check if this made it into further 2.4 sid uploads as well (there
doesn't
- TODO: seem to be a more recent 2.4 package right now)
+ NOTE: Will also be fixed in DSAs for 2.4.27 and 2.6.8
- linux-2.6 2.6.12-2 (bug #321401; medium)
CAN-2005-2455 (Greasemonkey before 0.3.5 allows remote web servers to (1) read
...)
NOTE: not-for-us (Greasemonkey)
@@ -393,9 +390,9 @@
CAN-2005-2432 (SQL injection vulnerability in PhpList allows remote attackers
to ...)
NOTE: not-for-us (PhpList)
CAN-2005-2431 (The (1) lost password and (2) account pending features in
GForge 4.5 ...)
- TODO: check, whether these apply to 3.1 as well
+ NOTE: Pinged maintainer, whether these are present in Debian's much
older version
CAN-2005-2430 (Multiple cross-site scripting (XSS) vulnerabilities in GForge
4.5 ...)
- TODO: check, whether these apply to 3.1 as well
+ NOTE: Pinged maintainer, whether these are present in Debian's much
older version
CAN-2005-2429 (Firefox, when opening Microsoft Word documents, does not
properly set ...)
NOTE: not-for-us (Firefox on Windows)
CAN-2005-2428 (Lotus Domino R5 and R6 WebMail stores data in hidden form
fields in ...)
@@ -1788,10 +1785,10 @@
NOTE: reserved
CAN-2005-2099 [kernel 2.6 keyring related DoS]
NOTE: reserved
- - linux-2.6 (unfixed; bug filed; medium)
+ - linux-2.6 (unfixed; bug #323039; medium)
CAN-2005-2098 [kernel 2.6 keyring related DoS]
NOTE: reserved
- - linux-2.6 (unfixed; bug filed; medium)
+ - linux-2.6 (unfixed; bug #323039; medium)
CAN-2005-2097 [DoS against xpdf by specially crafted loca tables in PDF
documents]
NOTE: reserved
NOTE: kpdf will be fixed with next 3.4.2 upload
@@ -3297,7 +3294,7 @@
CAN-2005-1768 (Race condition in the ia32 compatibility code for the execve
system ...)
- kernel-source-2.4.27 2.4.27-11 (medium)
CAN-2005-1767 (Unknown vulnerability in the Linux kernel 2.6.x and 2.4.x
allows local ...)
- TODO: check
+ NOTE: Lacks info, pinged debian-kernel, which is roughly equivalent to
a bug report
CAN-2005-1766 (Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5
...)
NOTE: not-for-us (RealPlayer)
CAN-2005-1765 (syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64
platform, ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
