Moritz Muehlenhoff
2005-Jun-06 07:52 UTC
[Secure-testing-commits] r1205 - sarge-checks/CAN
Author: jmm-guest Date: 2005-06-06 07:52:24 +0000 (Mon, 06 Jun 2005) New Revision: 1205 Modified: sarge-checks/CAN/list Log: Two new issues already in the BTS. gforge is not affected by the viewFile.php vulnerability, as the code is question had already been removed some time before the advisory was posted. Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-06-06 06:57:54 UTC (rev 1204) +++ sarge-checks/CAN/list 2005-06-06 07:52:24 UTC (rev 1205) @@ -1,3 +1,7 @@ +CAN-2005-XXXX [Directory traversal in zoo] + - zoo (unfixed; bug #306164) +CAN-2005-XXXX [Cross Site Scripting in websieve] + - websieve (unfixed; bug #311838) CAN-2005-XXXX [Information leak in fuse] NOTE: Fixed packages have already been prepared, pending upload and/or security team upload - fuse (unfixed; bug #311634) @@ -280,10 +284,9 @@ CAN-2005-XXXX [Minor DoS condition in mutt due to preditable tempfiles] - mutt (unfixed; bug #311296) CAN-2005-XXXX [gforge arbitrary code execution through viewFile.php] - NOTE: According to advisory posted to Bugtraq fixed in 3.1-30, however it''s - NOTE: not mentioned in the changelog, so it''s either a hidden fix or unfixed - TODO: Check back with maintainer - - gforge 3.1-30 + NOTE: viewFile.php has been removed along with other files in -26, so Debian is + NOTE: no longer affected. + - gforge 3.1-26 CAN-2005-XXXX [osh buffer overflow] - osh 1.7-13 CAN-2005-XXXX [xile buffer overrun in terminal code]