Author: joeyh
Date: 2005-10-17 21:54:08 +0000 (Mon, 17 Oct 2005)
New Revision: 2425
Modified:
data/CAN/list
Log:
- fix some bad bug numbers
- scanned for fixed bugs
- few other updates based on bug logs
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-10-17 21:45:20 UTC (rev 2424)
+++ data/CAN/list 2005-10-17 21:54:08 UTC (rev 2425)
@@ -214,7 +214,7 @@
CAN-2005-3152 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart
3.0.3 ...)
NOT-FOR-US: CubeCart
CAN-2005-3151 (Buffer overflow in blenderplay in Blender Player 2.37a allows
...)
- - blender <unfixed> (bug #332313; low)
+ - blender <unfixed> (bug #332413; low)
CAN-2005-3150 (Format string vulnerability in the Log_Flush function in Weex
2.6.1.5, ...)
{DSA-855-1}
- weex 2.6.1-6sarge1 (bug #332424; medium)
@@ -325,9 +325,9 @@
- kernel-source-2.6.8 2.6.8-16sarge1
- kernel-source-2.4.27 <unfixed> (bug #332569; medium)
CAN-2005-XXXX [horde3 maintainer scripts don''t set sufficiently strict
permissions on config files]
- - horde3 <unfixed> (bug #332289)
+ - horde3 3.0.5-2 (bug #332289)
CAN-2005-XXXX [horde3 permits arbitrary command execution before being finally
configured]
- - horde3 <unfixed> (bug #332290)
+ - horde3 3.0.5-2 (bug #332290)
CAN-2005-XXXX [Minor local DoS as libldap]
- openldap <unfixed> (bug #253838; low)
TODO: Check, whether openldap2.2 is affected as well
@@ -343,7 +343,8 @@
CAN-2005-XXXX [Unspecified vulnerability in htdig''s htsearch and
qtest]
- htdig <unfixed> (bug #305996; unknown)
CAN-2005-XXXX [clamav''s VERSION command does not return the currently
loaded version]
- - clamav <unfixed> (bug #323803; low)
+ NOTE: no exploit vector, just bad info
+ - clamav <unfixed> (bug #323803; unimportant)
CAN-2005-XXXX [smbmount doesn''t honor gid/uid with kernel 2.4]
- kernel-source-2.4.27 <unfixed> (bug #310982)
CAN-2004-XXXX [Minor dialog box origin spoofing vulnerability in Konqueror]
@@ -530,7 +531,7 @@
- mysql-dfsg-4.1 4.1.11a-1 (bug #330164; medium)
- mysql-dfsg-5.0 <not-affected> (Was fixed before MySQL 5.0 was uploaded
into the archive)
CAN-2005-XXXX [Possibly incorrect virtualiasation in php4]
- - php4 <unfixed> (bug #317577; bug #330419; unknown)
+ - libapache-mod-php4 <unfixed> (bug #317577; bug #330419; unknown)
NOTE: Maintainer can''t reproduce
CAN-1999-XXXX [Insecure access control on GNU Mach''s IO ports]
- gnumach <unfixed> (bug #46709)
@@ -547,7 +548,7 @@
RESERVED
- twiki 20040902-2 (bug #330733; high)
CAN-2005-3055 (Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a
denial ...)
- - linux-2.6 <unfixed> (bug #330343; bug #330287; bug #332587; medium)
+ - linux-2.6 <unfixed> (bug #330287; bug #332587; medium)
- kernel-source-2.6.8 <unfixed> (bug #332596)
CAN-2005-3054 (fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does
not ...)
- php4 4:4.4.0-3 (bug #353585; medium)
@@ -579,7 +580,7 @@
CAN-2005-XXXX [SQL injection vulnerability in egroupware in account deletion]
- egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low)
CAN-2005-XXXX [Insecure pidfile handling in mailleds]
- - mailleds <unfixed> (bug #329365; low)
+ - mailleds 0.93-11.1 (bug #329365; low)
CAN-2005-XXXX [kdebase uses urandom as an entropy source]
- kdebase <unfixed> (bug #325369; unimportant)
NOTE: Only affects the unofficial BSD/Hurd ports or 2.2 kernels
@@ -741,7 +742,7 @@
RESERVED
CAN-2005-2972 [Further RTF buffer overflows in abiword]
RESERVED
- - abiword <unfixed> (bug #333740; medium)
+ - abiword 2.4.1-1 (bug #333740; medium)
CAN-2005-2971 [Heap overflow in kword''s RTF import]
RESERVED
- koffice 1:1.3.5-5 (bug #333497; medium)
@@ -977,7 +978,8 @@
{DSA-837-1}
- mozilla-firefox 1.0.6-5 (bug #327452; bug #327802; medium)
- mozilla 2:1.7.12-1 (bug #327455; medium)
- - epiphany-browser <unfixed> (bug #327366; medium)
+ NOTE: epiphany-browser is apparently fixed fix the mozilla-browser
+ NOTE: upload; see bug #327366
CAN-2005-XXXX [several buffer overflows in MS CHM library before version 0.36]
- chmlib 0.36-1 (bug #327431)
CAN-2005-2802
@@ -1266,7 +1268,7 @@
NOT-FOR-US: Simple PHP Blog
CAN-2005-2732 (AWStats 6.4, and possibly earlier versions, allows remote
attackers to ...)
NOTE: path disclosure, so not very important on debian systems
- - awstats <unfixed> (bug #327729; low)
+ NOTE: unreproducible according to bug #327729
CAN-2005-2731 (Directory traversal vulnerability in Astaro Security Linux 6.0,
when ...)
NOT-FOR-US: Astato specific
CAN-2005-2730 (The HTTP proxy in Astaro Security Linux 6.0 allows remote
attackers to ...)
@@ -1898,7 +1900,7 @@
{DSA-831-1 DSA-829-1}
- mysql-dfsg-4.1 4.1.13 (medium)
- mysql-dfsg-5.0 5.0.7beta-1 (medium)
- - mysql-dfsg <unfixed> (bug #322133; medium)
+ - mysql-dfsg 4.0.24-10sarge1 (bug #322133; medium)
CAN-2005-2557 (Cross-site scripting (XSS) vulnerability in view_all_set.php in
Mantis ...)
{DSA-778-1}
- mantis 0.19.2-4 (low)
@@ -3988,7 +3990,7 @@
- zsync 0.4.0-2 (bug #317968; medium)
- dump 0.4b40-1 (bug #317966; medium)
- aide 0.10-6.1.1 (bug #317523; medium)
- - amd64-libs <unfixed> (bug #317970; medium)
+ - amd64-libs 1.3 (bug #317970; medium)
- ia32-libs <unfixed> (bug #317971; medium)
NOTE: dar-static claimed not used on untrusted input by maintainer in #317989
- bacula 1.36.3-2 (bug #318014; medium)