Author: jmm-guest
Date: 2005-08-15 11:27:57 +0000 (Mon, 15 Aug 2005)
New Revision: 1588
Modified:
data/CAN/list
data/embedded-code-copies
Log:
lots of new cases of embedded code, which had security problems
in the past.
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-08-15 11:12:19 UTC (rev 1587)
+++ data/CAN/list 2005-08-15 11:27:57 UTC (rev 1588)
@@ -1,6 +1,6 @@
CAN-2005-XXXX [centericq embeds libgadu, which had multiple vulns]
NOTE: Will be split once the maintainer has investigated this
- - centericq (unfixed; bug filed; medium)
+ - centericq (unfixed; bug #323185; medium)
CAN-2005-XXXX [Arbitrary command execution in wordpress through through cookie
handling]
- wordpress (unfixed; bug #323040; medium)
CAN-2005-XXXX [phpldapadmin doesn't fully prevent anonymous access when
configured so]
Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies 2005-08-15 11:12:19 UTC (rev 1587)
+++ data/embedded-code-copies 2005-08-15 11:27:57 UTC (rev 1588)
@@ -19,6 +19,45 @@
libgadu/ekg:
centericq
+gaim (?)
+kopete (ships the code, but links dynamically in the Debian package)
+xmlrpc: (which package is the "origin" of this code?)
+drupal
+phpgroupware
+egroupware
+phpwiki
+php4 (php-pear, IIRC this was reorganized some weeks ago?)
+
+shtool: (affects build-time only)
+mysql-ocaml
+php4
+
+
+mozilla:
+mozilla-firefox
+mozilla-thunderbird
+nvu
+
+
+xli:
+xloadimage
+
+
+lesstif: (beware: two different lesstif APIs supported in one package, 1.2
discarded upstream)
+openmotif
+xfree86/xorg (in libxpm, still the case with x.org?
+
+
+kerberized apps with BSD origin:
+krb4
+krb5
+heimdal
+
+
+grip: (which pkg is the origin?)
+libcdaudio
+grip
+gnome-vfs (vfs2 as well?)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
