Author: jmm-guest
Date: 2005-07-10 18:01:15 +0000 (Sun, 10 Jul 2005)
New Revision: 1359
Modified:
data/CAN/list
Log:
vulnerable zlib embedded in various apps
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-07-10 07:31:06 UTC (rev 1358)
+++ data/CAN/list 2005-07-10 18:01:15 UTC (rev 1359)
@@ -164,6 +164,17 @@
NOTE: reserved
CAN-2005-2096 (Buffer overflow in zlib 1.2 and later versions allows remote
attackers ...)
{DSA-740-1}
+ NOTE: Several packages ship embedded copies of zlib, there are a lot
probably more
+ NOTE: We have to check whether zlib 1.1 is really not affected,
sometimes the CVE
+ NOTE: descriptions are flaky wrt affected versions, kernel, mozilla,
rsync and oo
+ NOTE: supposedly use 1.1
+ TODO: - kernel-source-2.6.11 (unfixed) (medium)
+ TODO: - kernel-source-2.4.27 (unfixed) (medium)
+ TODO: - mozilla (unfixed) (medium)
+ TODO: - openoffice.org (unfixed) (medium)
+ TODO: - rsync (unfixed) (medium)
+ - dpkg (unfixed) (medium)
+ - zsync (unfixed) (medium)
CAN-2005-2095
NOTE: reserved
- squirrelmail (unfixed; #317094; medium)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
