Author: fw
Date: 2005-09-19 18:35:13 +0000 (Mon, 19 Sep 2005)
New Revision: 2048
Modified:
data/CAN/list
Log:
ncompress bug is only in the source package.
CAN-2005-1766: Also affects Helix Player.
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-09-19 15:30:52 UTC (rev 2047)
+++ data/CAN/list 2005-09-19 18:35:13 UTC (rev 2048)
@@ -1,7 +1,7 @@
CAN-2005-XXXX [insecure temporary file handling in arc]
- arc (unfixed; bug #329053; low)
CAN-2005-XXXX [insecure temporary file handling in ncompress]
- - ncompress (unfixed; bug #329052; low)
+ - ncompress (unfixed; bug #329052; unimportant)
CAN-2005-2917 [DoS vulnerability in squid''s NMTL auth code]
- squid 2.5.10-6 (unknown)
CAN-2005-XXXX [user password file created by gajim is world-redable]
@@ -4532,7 +4532,9 @@
NOTE: linux-2.6 not affected (already fixed)
- kernel-source-2.4.27 2.4.27-11 (unknown)
CAN-2005-1766 (Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5
...)
- NOTE: not-for-us (RealPlayer)
+ - helix-player 1.0.5 (unfixed; bug #316276; high)
+ NOTE: Helix Player is affected according to:
+ NOTE: <http://service.real.com/help/faq/security/050623_player/EN/>
CAN-2005-1765 (syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64
platform, ...)
{DTSA-16-1}
- kernel-source-2.6.8 2.6.8-17