Author: jmm-guest Date: 2005-04-04 22:12:14 +0000 (Mon, 04 Apr 2005) New Revision: 750 Modified: sarge-checks/CAN/list Log: GTK2 BMP double free() through palette-less BMPs, despite the description Sarge is affected, I verified this with the demonstration "exploit". Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-04-04 21:54:07 UTC (rev 749) +++ sarge-checks/CAN/list 2005-04-04 22:12:14 UTC (rev 750) @@ -59,7 +59,7 @@ CAN-2005-0938 (Ublog Reload 1.0 through 1.0.4 stores ublogreload.mdb under the web ...) NOTE: not-for-us (UBlog) CAN-2005-0937 (Some futex functions in futex.c for Linux kernel 2.6.x perform ...) - TODO: check + - kernel-source-2.6.8 (unfixed; pending) CAN-2005-XXXX [Insecure tempfile usage in sharutils] - sharutils 4.2.1-13 CAN-2005-XXXX [Several DoS possibilities of clients against the server in Freeciv] @@ -162,7 +162,8 @@ CAN-2005-0892 (Buffer overflow in smail 3.2.0.120 allows remote attackers or local ...) - smail 3.2.0.115-7 CAN-2005-0891 (Double-free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote ...) - TODO: check + NOTE: The description is wrong; 2.6 is affected as well + - gtk+2.0 (unfixed; pending) CAN-2004-1773 (Multiple buffer overflows in sharutils 4.2.1 and earlier may allow ...) NOTE: "long output from wc to shar" - sharutils 1:4.2.1-12