thr3ads.net - Secure testing commits - [Secure-testing-commits] r1359

If this information is useful, please help other people find it:
Share via:

Moritz Muehlenhoff

2005-Jul-10 18:01 UTC

[Secure-testing-commits] r1359 - data/CAN

Author: jmm-guest
Date: 2005-07-10 18:01:15 +0000 (Sun, 10 Jul 2005)
New Revision: 1359

Modified:
   data/CAN/list
Log:
vulnerable zlib embedded in various apps


Modified: data/CAN/list
==================================================================---
data/CAN/list	2005-07-10 07:31:06 UTC (rev 1358)
+++ data/CAN/list	2005-07-10 18:01:15 UTC (rev 1359)
@@ -164,6 +164,17 @@
 	NOTE: reserved
 CAN-2005-2096 (Buffer overflow in zlib 1.2 and later versions allows remote
attackers ...)
 	{DSA-740-1}
+	NOTE: Several packages ship embedded copies of zlib, there are a lot probably
more
+	NOTE: We have to check whether zlib 1.1 is really not affected, sometimes the
CVE
+	NOTE: descriptions are flaky wrt affected versions, kernel, mozilla, rsync and
oo
+	NOTE: supposedly use 1.1
+	TODO: - kernel-source-2.6.11 (unfixed) (medium)
+	TODO: - kernel-source-2.4.27 (unfixed) (medium)
+	TODO: - mozilla (unfixed) (medium)
+	TODO: - openoffice.org (unfixed) (medium)
+	TODO: - rsync (unfixed) (medium)
+	- dpkg (unfixed) (medium)
+	- zsync (unfixed) (medium)
 CAN-2005-2095
 	NOTE: reserved
 	- squirrelmail (unfixed; #317094; medium)

Secure testing commits - Jul 2005 - r1359 - data/CAN

[Secure-testing-commits] r1359 - data/CAN