Author: jmm-guest Date: 2005-04-12 07:41:17 +0000 (Tue, 12 Apr 2005) New Revision: 790 Modified: sarge-checks/CAN/list Log: smarty 2.6.9 was a security upload, although the changelog doesn''t mention it. Kernel vuln should affect Debian as well, it has been fixed in Ubuntu. Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-04-12 07:20:34 UTC (rev 789) +++ sarge-checks/CAN/list 2005-04-12 07:41:17 UTC (rev 790) @@ -1,3 +1,5 @@ +CAN-2005-XXXX [Variable function calls in Smarty allow bypassing security settings] + - smarty 2.6.9-1 CAN-2005-XXXX [Possible problem with insecure usage of sscanf in obexftp client] - obexftp 0.10.7-3 CAN-2005-1017 (SQL injection vulnerability in the Update_Events function in ...) @@ -389,7 +391,7 @@ CAN-2005-0867 (Integer overflow in Linux kernel 2.6 allows local users to overwrite ...) NOTE: According to the advisory, only SuSE kernels are affected by this NOTE: http://www.novell.com/linux/security/advisories/2005_18_kernel.html - TODO: check with kernel team + - kernel-source-2.6.8 (unfixed) CAN-2005-0866 (cdrecord before 4:2.0, when DEBUG is enabled, allows local users to ...) - cdrecord (unfixed; bug #291376) CAN-2004-1771 (Scalable OGo (SOGo) 1.0 allows remote authenticated users to bypass ...)