Author: fw Date: 2005-09-27 07:10:35 +0000 (Tue, 27 Sep 2005) New Revision: 2189 Modified: data/CAN/list Log: Some items from bugs-dist. Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-09-26 14:16:45 UTC (rev 2188) +++ data/CAN/list 2005-09-27 07:10:35 UTC (rev 2189) @@ -1,3 +1,7 @@ +CAN-2005-XXXX [egroupware unsafe use of /tmp for storing a log file] + - egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low) +CAN-2005-XXXX [SQL injection vulnerability in egroupware in account deletion] + - egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low) CAN-2005-XXXX [Insecure pidfile handling in mailleds] - mailleds <unfixed> (bug #329365; low) CAN-2005-XXXX [kdebase uses urandom as an entropy source] @@ -4866,7 +4870,7 @@ NOTE: linux-2.6 not affected (already fixed) - kernel-source-2.4.27 2.4.27-11 (unknown) CAN-2005-1766 (Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 ...) - - helix-player <unfixed> (bug #316276; high) + - helix-player 1.0.5-1 (bug #316276; high) NOTE: Helix Player is affected according to: NOTE: <http://service.real.com/help/faq/security/050623_player/EN/> CAN-2005-1765 (syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, ...) @@ -12867,6 +12871,7 @@ NOTE: apparently only affects mysql-dfsg >= 4.1.x, debian has older version CAN-2004-0627 (The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, ...) NOTE: apparently only affects mysql-dfsg >= 4.1.x, debian has older version + - mysql-dfsg-4.1 <not-affected> (fixed before first Debian upload) CAN-2004-0626 (The tcp_find_option function of the netfilter subsystem in Linux ...) NOTE: fixed after 2.6.6 kernel CAN-2004-0625 (SQL injection vulnerability in Infinity WEB 1.0 allows remote ...)