Author: fw
Date: 2005-10-09 15:12:03 +0000 (Sun, 09 Oct 2005)
New Revision: 2372
Modified:
data/CAN/list
Log:
Resolve a few TODOs, add some fixed versions, based on processing old
DSAs.
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-10-09 14:55:03 UTC (rev 2371)
+++ data/CAN/list 2005-10-09 15:12:03 UTC (rev 2372)
@@ -8800,7 +8800,8 @@
- rxvt-unicode 5.3-1
CAN-2005-0763 (Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier
may ...)
{DSA-698-1}
- TODO: check
+ NOTE: Seems to be a "fix the fix", correcting a previous DSA.
+ NOTE: Mainline mc is apparently not affected.
CAN-2005-0762 (Heap-based buffer overflow in the SGI parser in ImageMagick
before 6.0 ...)
{DSA-702-1}
- imagemagick 5:6.0.0-1
@@ -10086,6 +10087,7 @@
- krb4 1.2.2-11.2 (bug #306141)
- krb5 1.3.6-2
- netkit-telnet-ssl 0.17.24+0.1-7.1 (bug #302036)
+ - netkit-telnet 0.17-28
- heimdal 0.6.3-10
CAN-2005-0468 (Heap-based buffer overflow in the env_opt_add function in
telnet.c for ...)
{DSA-731-1 DSA-703-1}
@@ -10397,10 +10399,10 @@
- remstats 1.0.13a-5
CAN-2005-0386 (Cross-site scripting (XSS) vulnerability in network.cgi in
mailreader ...)
{DSA-700-1}
- TODO: check
+ - mailreader 2.3.29-11
CAN-2005-0385 (Buffer overflow in luxman before 0.41, if used with certain
insecure ...)
{DSA-693-1}
- TODO: check
+ - luxman 0.41-20 (bug #299857)
CAN-2005-0384 (Unknown vulnerability in the PPP driver for the Linux kernel
2.6.8.1 ...)
- kernel-source-2.6.8 2.6.8-15
- kernel-source-2.4.27 2.4.27-9
@@ -11075,7 +11077,7 @@
NOTE: gpdf ok, all implementations seem ok
CAN-2005-0205 (KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without
certain ...)
{DSA-692-1}
- - kppp 4:3.1.6
+ - kdenetwork 4:3.1.6
CAN-2005-0204 (Linux kernel before 2.6.9, when running on the AMD64 and Intel
EM64T ...)
NOTE: According to a question on linux-kernel 2.6 is not vulnerable
- kernel-source-2.4.27 2.4.27-12 (bug #296700)