Author: jmm-guest
Date: 2005-09-28 12:32:58 +0000 (Wed, 28 Sep 2005)
New Revision: 2209
Modified:
data/CAN/list
Log:
bugnums and another older issue from the BTS
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-09-28 11:37:40 UTC (rev 2208)
+++ data/CAN/list 2005-09-28 12:32:58 UTC (rev 2209)
@@ -1,3 +1,6 @@
+CAN-2005-XXXX [Multiple security issues when using distcc without ssh auth]
+ - distcc <unfixed> (bug #298929; low)
+ NOTE: Only affects distcc in a very non-standard setup
CAN-2004-XXXX [phpwiki shares a cookie for all wikis on a host]
- phpwiki <unfixed> (bug #282565; medium)
CAN-2005-XXXX [MySQL authentication bypass]
@@ -28,7 +31,7 @@
- php4 <unfixed> (bug #353585; medium)
- php5 <unfixed> (bug #353585; medium)
CAN-2005-3053 (The sys_set_mempolicy function in mempolicy.c in Linux kernel
2.6.x ...)
- - linux-2.6 <unfixed> (bug #330343; medium)
+ - linux-2.6 <unfixed> (bug #330343; bug# 330353; medium)
CAN-2005-3052 (SQL injection vulnerability in module/down.inc.php in jportal
2.3.1 ...)
NOT-FOR-US: jportal
CAN-2005-3051 (Stack-based buffer overflow in 7-Zip 3.13, 4.23, and 4.26 BETA
allows ...)
@@ -2376,6 +2379,7 @@
CAN-2004-2265 (UUDeview 0.5.20 and earlier handles temporary files insecurely
during ...)
- uudeview <unfixed> (bug #320541; medium)
TODO: check libconvert-uulib-perl, Florian Weimer is looking at
libconvert-uulib-perl
+ TODO: Check, to which extent #242999 applies (there might be more?)
CAN-2004-2264 (** DISPUTED ** ...)
NOTE: less is not suid, explotability unlikely
CAN-2004-2263 (SQL injection vulnerability in the valid function in
fr_left.php in ...)
@@ -3112,7 +3116,7 @@
NOTE: How bizarre, they assign a CVE Id without knowing which product
contains
NOTE: the affected probe.cgi
CAN-2005-2177 (Unknown vulnerability in Net-SNMP 5.0.x before 5.0.10.2, 5.2.x
before ...)
- - net-snmp 5.2.1.2-1 (medium)
+ - net-snmp 5.2.1.2-1 (bug #318420; medium)
CAN-2005-2176 (Novell NetMail automatically processes HTML in an attachment
without ...)
NOT-FOR-US: Novell NetMail
CAN-2005-2175 (The web interface for Lotus Notes mail automatically processes
HTML in ...)
@@ -7808,9 +7812,9 @@
CAN-2005-XXXX [Insecure tempfile handling in openwebmail CGI scripts]
NOTE: Was once part of Debian, but has been removed
CAN-2005-0966 (The IRC protocol plugin in Gaim 1.2.0, and possibly earlier
versions, ...)
- - gaim 1:1.2.1-1
+ - gaim 1:1.2.1-1 (bug #303581)
CAN-2005-0965 (The gaim_markup_strip_html function in Gaim 1.2.0, and possibly
...)
- - gaim 1:1.2.1-1
+ - gaim 1:1.2.1-1 (bug #303581)
CAN-2005-0964 (Unknown vulnerability in Kerio Personal Firewall 4.1.2 and
earlier ...)
NOT-FOR-US: Kerio firewall
CAN-2005-0963 (An error in the Toshiba ACPI BIOS 1.6 causes the BIOS to only
examine ...)
@@ -13314,7 +13318,9 @@
CAN-2004-0428 (Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and
Mac OS ...)
NOT-FOR-US: Mac OS X)
CAN-2004-0427 (The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x
before ...)
- NOTE: fixed after 2.6.6/2.4.26 kernel
+ - linux-2.6 <not-affected> (Fixed before upload of linux-2.6 package
into the archive)
+ - kernel-source-2.4.27 <not-affected> (Fixed before upload of package
into the archive)
+ NOTE: Fixed in 2.6.6/2.4.26 kernel
CAN-2004-0426 (rsync before 2.6.1 does not properly sanitize paths when
running a ...)
{DSA-499}
CAN-2004-0425 (Heap-based buffer overflow in SiteMinder Affiliate Agent 4.x
allows ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
