Author: jmm-guest Date: 2005-04-13 15:09:55 +0000 (Wed, 13 Apr 2005) New Revision: 798 Modified: sarge-checks/CAN/list Log: New vulnerabilities: openoffice, mod_security, imms, php4, wordpress, kdelibs bug# for postfix-gld Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-04-13 14:52:27 UTC (rev 797) +++ sarge-checks/CAN/list 2005-04-13 15:09:55 UTC (rev 798) @@ -1,5 +1,24 @@ +CAN-2005-XXXX [OpenOffice.org heap possible overflow in DOC parsing] + - openoffice.org (unfixed; bug pending) +CAN-2005-XXXX [Some security issues in mod_security] + NOTE: I don''t understand mod_security fully, so I''m not entirely sure which of + NOTE: the changelog entries matches the security criteria, but the changelog + NOTE: claims so. + - libapache-mod-security 1.8.7-1 +CAN-2005-XXXX [imms: Arbitrary command execution through inproper filename escaping] + NOTE: Already fixed in 2.0.1-3.1, but 2.0.3 claims to have a better fix + - imms 2.0.3-1 +CAN-2005-XXXX [Multiple non-descript problems in PHP4] + NOTE: Reported by NGSS and fixed in 4.3.11, but they decided not to reveal the + NOTE: details before July 12th. The security fixes are accompanied by dozens of + NOTE: non-security bugfixes, so it''s not obvious from the diff either. + - php4 (unfixed) +CAN-2005-XXXX [Wordpress XSS and HTML injection vulnerabilities + - wordpress (unfixed; bug #304468) +CAN-2005-XXXX [KDE kdelibs PCX image properties handling] + - kdelibs (unfixed; bug #304465) CAN-2005-XXXX [Multiple security issues in postfix-gld leading to possible remote root access] - - postfix-gld (unfixed; bug pending) + - postfix-gld (unfixed; bug #304390) CAN-2005-XXXX [Several races in file permission handling in coreutils] - coreutils CAN-2005-XXXX [Incorrect symlink permission handling in rsnapshot]