[Secure-testing-commits] r2212 - data/CAN

Wed, 28 Sep 2005 14:16:31 -0700 

Author: jmm-guest
Date: 2005-09-28 21:16:02 +0000 (Wed, 28 Sep 2005)
New Revision: 2212

Modified:
   data/CAN/list
Log:
some older issues from the BTS; bugnums; claim


Modified: data/CAN/list
===================================================================
--- data/CAN/list       2005-09-28 21:14:17 UTC (rev 2211)
+++ data/CAN/list       2005-09-28 21:16:02 UTC (rev 2212)
@@ -1,3 +1,11 @@
+CAN-2005-XXXX [microcode.ctl downloads microcode w/o user confirmation]
+       - microcode.ctl <unfixed> (bug #282583; low)
+       NOTE: The validity of the microcode is ensure inside the CPU
+CAN-2005-XXXX [Unsafe user of snprintf() in icebreaker's highscore list]
+       - icebreaker <unfixed> (bug #297644; low)
+CAN-2001-XXXX [gnupg: inproper flagging of signatures as being local)
+       - gnupg 1.0.7-1 (bug #107374)
+begin claimed by jmm
 CAN-2005-3087 (The SecureW2 3.0 TLS implementation uses weak random number 
generators ...)
        TODO: check
 CAN-2005-3086 (Directory traversal vulnerability in admin/about.php in 
contentServ ...)
@@ -52,6 +60,7 @@
        TODO: check
 CAN-2005-3061 (Multiple stack-based buffer overflows in PowerArchiver 8.10 
through ...)
        TODO: check
+end claimed by jmm
 CAN-2003-XXXX [libsafe: does not prevent some exploit types]
        TODO: We should push for removal, maintainer already voiced consent 
during Sarge prep phase     
        - libsafe <unfixed> (bug #173227; medium)
@@ -66,7 +75,7 @@
        - mysql-dfsg-4.1 4.1.11a -1 (bug #330164; medium)
        - mysql-dfsg-5.0 <not-affected> (Was fixed before MySQL 5.0 was 
uploaded into the archive)
 CAN-2005-XXXX [Possibly incorrect virtualiasation in php4]
-       - php4 <unfixed> (bug #317577; unknown)
+       - php4 <unfixed> (bug #317577; bug #330419; unknown)
        NOTE: Maintainer can't reproduce
 CAN-1999-XXXX [Insecure access control on GNU Mach's IO ports]
        - gnumach <unfixed> (bug #46709)
@@ -9887,7 +9896,7 @@
        NOTE: fix between 2.6.11 and 2.6.12, see
        NOTE: 
http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1e01441051dda3bb01c455b6e20bce6d00563d82";
        - kernel-source-2.6.8 <unfixed> (bug #295949; high)
-       - linux-2.6 <not-affected> 
+       - linux-2.6 <not-affected> (Vulnerable code was removed betwen 2.6.11 
and 2.6.12)
 CAN-2005-0448 (Race condition in the rmtree function in File::Path.pm in Perl 
before ...)
        {DSA-696-1}
        - perl 5.8.4-7


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to