Author: jmm-guest Date: 2005-04-02 12:57:42 +0000 (Sat, 02 Apr 2005) New Revision: 725 Modified: sarge-checks/CAN/list Log: bug#s for php image DoS. Filed report for bluetooth local root. Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-04-02 12:38:55 UTC (rev 724) +++ sarge-checks/CAN/list 2005-04-02 12:57:42 UTC (rev 725) @@ -531,11 +531,8 @@ NOTE: reserved CAN-2005-0750 [Linux kernel af_bluetooth range check flaw; possibly local root] NOTE: reserved - - kernel-source-2.4.27 (unfixed) + - kernel-source-2.4.27 (unfixed; bug# pending) - kernel-source-2.6.8 2.6.8-16 - NOTE: according to changelog, "Fix signedness problem at socket - NOTE: creation in bluetooth which can lead to local root exploit." - NOTE: Fixed in 2.4.30rc2, so 2.4 is affected as well CAN-2005-0749 NOTE: reserved NOTE: according to ubuntu, this is a DOS: @@ -1305,9 +1302,9 @@ CAN-2005-0526 (Multiple cross-site scripting (XSS) vulnerabilities in PBLang 4.65 ...) NOTE: not-for-us (PBLang) CAN-2005-0525 [PHP DoS vulnerability in JPEG header parsing] - - php4 (unfixed; pending) + - php4 (unfixed; bug# 302701) CAN-2005-0524 [PHP DoS vulnerability in IFF header parsing] - - php4 (unfixed; pending) + - php4 (unfixed; bug# 302702) CAN-2005-0523 (Format string vulnerability in ProZilla 1.3.7.3 and earlier allows ...) - prozilla 1:1.3.7.4-1 CAN-2005-0522 (Chat Anywhere 2.72a stores sensitive information such as passwords in ...)