Author: joeyh Date: 2005-05-08 17:49:40 +0000 (Sun, 08 May 2005) New Revision: 1021 Modified: sarge-checks/CAN/list Log: some notes on getting fixes to testing Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-05-08 16:54:59 UTC (rev 1020) +++ sarge-checks/CAN/list 2005-05-08 17:49:40 UTC (rev 1021) @@ -65,6 +65,10 @@ CAN-2005-XXXX [Missing input validation in xtradius] - xtradius (unfixed; bug #307796) CAN-2005-XXXX [fai tempfile vulnerability] + NOTE: vorlon reviewed fai 2.8.2 and its changes are ok, but 2.8.1 + NOTE: had many changes that are not appropriate for the freeze. + NOTE: 2.8 needs to be patched with the security fixes in 2.8.2 + NOTE: and uploaded to t-p-u. - fai 2.8.2 CAN-2005-XXXX [nvu uses old version of mozilla] NOTE: contains old copy of xpcom library @@ -446,6 +450,7 @@ CAN-2005-1276 NOTE: reserved CAN-2005-1275 (Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ...) + NOTE: fix accepted to testing, should reach it today (8 may) - imagemagick 6:6.0.6.2-2.3 CAN-2005-1274 (Stack-based buffer overflow in the getIfHeader function in the WebDAV ...) - maxdb-7.5.00 7.5.00.26-1 @@ -1749,6 +1754,8 @@ CAN-2005-0807 (Multiple buffer overflows in Cain & Abel before 2.67 allow remote ...) NOTE: not-for-us (Cain & Abel) CAN-2005-0806 (Evolution 2.0.3 allows remote attackers to cause a denial of service ...) + NOTE: joeyh reviewed t-p-u version for testing, found non-security + NOTE: changes and has asked maintainer for explanation - evolution 2.0.4-2 - evolution-data-server1.2 1.2.2-1 CAN-2005-0805 (SQL injection vulnerability in index.php in Subdreamer Light, when ...)