Author: joeyh
Date: 2005-09-04 20:53:50 +0000 (Sun, 04 Sep 2005)
New Revision: 1814
Modified:
data/CAN/list
Log:
removed all open tracked bugs, found many that were fixed and did some NMUs
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-09-04 19:49:40 UTC (rev 1813)
+++ data/CAN/list 2005-09-04 20:53:50 UTC (rev 1814)
@@ -62,7 +62,7 @@
NOTE: not-for-us (phpGraphy)
CAN-2005-2734 (Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2
and ...)
- gallery 1.5-2 (bug #325285; medium)
- - gallery2 (unfixed; bug #325285; medium)
+ TODO: check gallery2
CAN-2005-2733 (upload_img_cgi.php in Simple PHP Blog (SPHPBlog) does not
properly ...)
NOTE: not-for-us (Simple PHP Blog)
CAN-2005-2732 (AWStats 6.4, and possibly earlier versions, allows remote
attackers to ...)
@@ -150,7 +150,7 @@
NOTE: not-for-us (SunOS)
CAN-2005-XXXX [osh buffer overflow in handlers.c]
NOTE: This is not the same as -13
- - osh 1.7-14 (unfixed; bug #323424; medium)
+ - osh 1.7-14 (bug #323424; medium)
CAN-2005-XXXX [Insecure delegation of GSSAPI credentials in ssh]
- openssh (unfixed; bug #326065; medium)
CAN-2005-XXXX [Incorrect port forwarding for dynamic ports in ssh]
@@ -295,7 +295,7 @@
NOTE: not-for-us (doesn''t affect Debian)
CAN-2005-2641 (Unknown vulnerability in pam_ldap before 180 does not properly
handle ...)
{DSA-785-1}
- - libpam-ldap (unfixed; bug #324899; unknown)
+ - libpam-ldap 178-1sarge1 (bug #324899; unknown)
CAN-2004-2483 (Kerio WinRoute Firewall before 6.0.9 uses information from PTR
queries ...)
NOTE: not-for-us (Kerio WinRoute Firewall)
CAN-2004-2482 (Microsoft Outlook 2000 and 2003, when configured to use
Microsoft Word ...)
@@ -991,10 +991,10 @@
CAN-2005-2498 (Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier
(PEAR ...)
{DSA-798-1 DSA-789-1}
- drupal 4.5.5-1 (bug #323347; high)
- - phpgroupware 0.9.16.008-1 (unfixed; bug #323349; high)
+ - phpgroupware 0.9.16.008-1 (bug #323349; high)
- egroupware 1.0.0.009.dfsg-1 (bug #323350; high)
TODO: phpwiki has disabled the XMLRPC in the last upload, it orphaned as well,
should be fixed anyway
- - php4 (unfixed; bug #323366; high)
+ - php4 4:4.3.10-16 (bug #323366; high)
TODO: check php5
CAN-2005-2497
NOTE: reserved
@@ -2736,10 +2736,10 @@
NOTE: to search for static zlib signatures in binaries in Debian
NOTE: Not all of the listed packages have been checked for actual
NOTE: exploitability using this hole.
- - dpkg (unfixed; bug #317967; medium)
+ - dpkg 1.13.11 (bug #317967; medium)
- zsync 0.4.0-2 (medium)
- dump (unfixed; bug #317966; medium)
- - aide (unfixed; bug #317523; medium)
+ - aide 0.10-6.1.1 (bug #317523; medium)
- amd64-libs (unfixed; bug #317970; medium)
- ia32-libs (unfixed; bug #317971; medium)
NOTE: dar-static claimed not used on untrusted input by maintainer in #317989
@@ -2747,7 +2747,7 @@
- sash 3.7-6 (medium)
- libphysfs-1.0-0 1.0.0-5 (medium)
- oops (unfixed; bug #318097; medium)
- - lsb-rpm (unfixed; bug #318099; medium)
+ - lsb-rpm 4.0.4-31.1 (bug #318099; medium)
- rageircd 2.0.0-3sid1 (medium)
- systemimager-ssh (unfixed; bug #318101; medium)
- texmacs 1:1.0.5-3 (bug #318100; medium)
@@ -4951,7 +4951,7 @@
CAN-2005-1528
NOTE: reserved
CAN-2005-1527 (Eval injection vulnerability in awstats.pl in AWStats 6.4 and
earlier, ...)
- - awstats 6.4-1 (unfixed; bug #322591; medium)
+ - awstats 6.4-1.1 (bug #322591; medium)
CAN-2005-1526 (PHP file inclusion vulnerability in config_settings.php in Cacti
...)
{DSA-764-1}
- cacti 0.8.6e-1 (high)
@@ -7706,7 +7706,7 @@
CAN-2005-0758 (zgrep in gzip before 1.3.5 does not properly sanitize arguments,
which ...)
NOTE: see http://bugs.gentoo.org/show_bug.cgi?id=90626
- gzip 1.3.5-10
- - bzip2 (unfixed; bug #321286; medium)
+ - bzip2 1.0.2-8.1 (bug #321286; medium)
CAN-2005-0757 (The xattr file system code, as backported in Red Hat Enterprise
Linux ...)
- kernel-source-2.4.27 2.4.27-11
- kernel-source-2.6.8 2.6.8-17