Author: jmm-guest Date: 2005-07-25 08:04:06 +0000 (Mon, 25 Jul 2005) New Revision: 1464 Modified: data/CAN/list Log: mysql 4.1 is affected by the zlib security issue. kopete update Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-07-24 14:26:03 UTC (rev 1463) +++ data/CAN/list 2005-07-25 08:04:06 UTC (rev 1464) @@ -910,6 +910,7 @@ NOTE: to search for static zlib signatures in binaries in Debian NOTE: Not all of the listed packages have been checked for actual NOTE: exploitability using this hole. + - mysql-dfsg-4.1 (unfixed; bug filed; medium) - dpkg (unfixed; bug #317967; medium) - zsync 0.4.0-2 (medium) - dump (unfixed; bug #317966; medium) @@ -2206,11 +2207,10 @@ NOTE: reserved CAN-2005-1852 [Integer overflow in ekg] NOTE: reserved - NOTE: It seems as if Kopete is not directly affected if a local copy of the lib - NOTE: is installed, but this could this be an issue in systems were libgadu has - NOTE: been removed with --force-depends + NOTE: Kopete embeds the vulnerable code, but it''s only used as a fallback when + NOTE: no shared lib version is found. As the Debian package has a dependency on + NOTE: it the maintainer does not intent to fix it, see # 319443 - ekg 1:1.5+20050712+1.6rc3-1 (medium) - - kopete (unfixed; bug filed; low) CAN-2005-1851 [Potential shell command injection in ekg contrib script] NOTE: reserved - ekg 1:1.5+20050712+1.6rc2-1 (low)