Author: jmm-guest Date: 2005-10-06 08:12:25 +0000 (Thu, 06 Oct 2005) New Revision: 2316 Modified: data/CAN/list Log: two new horde3 issues, bugnums for ipt_recent jiffies wraparound Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-10-06 07:27:19 UTC (rev 2315) +++ data/CAN/list 2005-10-06 08:12:25 UTC (rev 2316) @@ -1,3 +1,7 @@ +CAN-2005-XXXX [horde3 maintainer scripts don''t set sufficiently strict permissions on config files] + - horde3 <unfixed> (bug #332289) +CAN-2005-XXXX [horde3 permits arbitrary command execution before being finally configured] + - horde3 <unfixed> (bug #332290) CAN-2005-XXXX [Minor local DoS as libldap] - openldap <unfixed> (bug #253838; low) TODO: Check, whether openldap2.2 is affected as well @@ -1049,9 +1053,9 @@ TODO: check what version of linux-2.6 fixed this. (See bug #328395) NOTE: http://lists.debian.org/debian-kernel/2005/08/msg00238.html CAN-2005-2873 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and ...) - - kernel-source-2.4.27 <unfixed> (low) - - kernel-source-2.6.8 <unfixed> (low) - - linux-2.6 <unfixed> (low) + - kernel-source-2.4.27 <332228; unfixed> (low) + - kernel-source-2.6.8 <332231; unfixed> (low) + - linux-2.6 <unfixed> (bug 332381; low) NOTE: Dave Miller didn''t like the proposed fix and considers a complete rewrite NOTE: of ipt_recent the best solution, which seems to occur soon CAN-2005-2872 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel before ...)