Secure testing commits - Oct 2005 - r2330 - data/CAN

Author: jmm-guest
Date: 2005-10-06 13:18:28 +0000 (Thu, 06 Oct 2005)
New Revision: 2330

Modified:
   data/CAN/list
Log:
processed my block, six new kernel vulnerabilities


Modified: data/CAN/list
==================================================================---
data/CAN/list	2005-10-06 12:53:37 UTC (rev 2329)
+++ data/CAN/list	2005-10-06 13:18:28 UTC (rev 2330)
@@ -103,7 +103,6 @@
 	NOT-FOR-US: Address Add Plugin for Squirrelmail
 CAN-2005-3127 (Cross-site scripting (XSS) vulnerability in index.php in
lucidCMS ...)
 	NOT-FOR-US: lucidCMS
-begin claimed by jmm
 CAN-2005-3126
 	NOTE: reserved
 CAN-2005-3125
@@ -123,32 +122,38 @@
 CAN-2005-3118
 	NOTE: reserved
 	{DSA-845}
-	TODO: check
+	- mason 1.0.0-3
 CAN-2005-3117
 	NOTE: reserved
 CAN-2005-3116
 	NOTE: reserved
 CAN-2005-3115 (mpeg-tools before 1.5b-r2 creates multiple temporary files
insecurely, ...)
-	TODO: check
+	TODO: check, whether ucbmpeg-play from non-free is somehow related/affected
 CAN-2005-3114 (Buffer overflow in the ActiveX control for NateOn Messenger ...)
-	TODO: check
+	NOT-FOR-US: NateOn Messenger
 CAN-2005-3113 (The ActiveX control for NateOn Messenger
(NateonDownloadManager.ocx) ...)
-	TODO: check
+	NOT-FOR-US: NateOn Messenger
 CAN-2005-3112 (The "reset password" feature in Macromedia
Breeze 5.0 stores passwords ...)
-	TODO: check
+	NOT-FOR-US: Macromedia Breeze
 CAN-2005-3110 (Race condition in ebtables netfilter module (ebtables.c) in
Linux 2.6, ...)
-	TODO: check
+	- linux-2.6 <unfixed>
+	- kernel-source-2.4.27 <unfixed>
+	NOTE: Reported directly to Horms
 CAN-2005-3109 (The HFS and HFS+ (hfsplus) modules in Linux 2.6 allows attackers
to ...)
-	TODO: check
+	- linux-2.6 <unfixed>
+	NOTE: Reported directly to Horms
 CAN-2005-3108 (mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local
users to ...)
-	TODO: check
+	- linux-2.6 <unfixed>
+	NOTE: Reported directly to Horms
 CAN-2005-3107 (fs/exec.c in Linux 2.6, when one thread is tracing another
thread that ...)
-	TODO: check
+	- linux-2.6 <unfixed>
+	NOTE: Reported directly to Horms
 CAN-2005-3106 (Race condition in Linux 2.6, when threads are sharing memory
mapping ...)
-	TODO: check
+	- linux-2.6 <unfixed>
+	NOTE: Reported directly to Horms
 CAN-2005-3105 (The mrpotect code (mprotect.c) in Linux 2.6 on Itanium IA64
Montecito ...)
-	TODO: check
-end claimed by jmm
+	- linux-2.6 <unfixed>
+	NOTE: Reported directly to Horms
 CAN-2005-XXXX [horde3 maintainer scripts don''t set sufficiently strict
permissions on config files]
 	- horde3 <unfixed> (bug #332289)
 CAN-2005-XXXX [horde3 permits arbitrary command execution before being finally
configured]