Author: joeyh
Date: 2005-01-12 19:17:37 +0100 (Wed, 12 Jan 2005)
New Revision: 267
Modified:
sarge-checks/CAN/list
sarge-checks/DSA/list
Log:
updates
Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list 2005-01-12 18:07:37 UTC (rev 266)
+++ sarge-checks/CAN/list 2005-01-12 18:17:37 UTC (rev 267)
@@ -21,9 +21,6 @@
CAN-2005-0022 (Buffer overflow in the spa_base64_to_bits function in Exim
before ...)
- exim4 4.34-10
CAN-2005-0021 (Buffer overflow in the host_aton function in Exim before 4.43
may ...)
- - exim4 4.34-10
- - exim 3.36-12
- - exim-tls (unfixed; bug #290036)
CAN-2005-0020
NOTE: reserved
CAN-2005-0019
@@ -65,6 +62,8 @@
NOTE: reserved
CAN-2005-0001
NOTE: reserved
+ NOTE: bug in i386 SMP page fault handler, local root (bugtraq)
+ TODO: check with kernel team
CAN-2004-1339 (SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1
and ...)
NOTE: not-for-us (oracle)
CAN-2004-1338 (The triggers in Oracle 9i and 10g allow local users to gain
privileges ...)
@@ -413,6 +412,8 @@
NOTE: reserved
CAN-2004-1177
NOTE: reserved
+ - mailman (unfixed; bug #287555)
+ NOTE: there''s also bug #285839, no CAN.
CAN-2004-1176
NOTE: reserved
CAN-2004-1175
Modified: sarge-checks/DSA/list
==================================================================---
sarge-checks/DSA/list 2005-01-12 18:07:37 UTC (rev 266)
+++ sarge-checks/DSA/list 2005-01-12 18:17:37 UTC (rev 267)
@@ -1,3 +1,15 @@
+[12 Jan 2005] DSA-636-1 glibc - insecure temporary files
+ {CAN-2004-0968}
+ - glibc 2.3.2.ds1-20
+ NOTE: fixed in testing at time of DSA
+[12 Jan 2005] DSA-635-1 exim - buffer overflow
+ {CAN-2005-0021}
+ - exim4 4.34-10
+ NOTE: fixed in testing at time of DSA
+ - exim 3.36-13
+ NOTE: not fixed in testing at time of DSA
+ - exim-tls (unfixed; bug #290036)
+ NOTE: not fixed in testing at time of DSA
[11 Jan 2005] DSA-634-1 hylafax - weak hostname and username validation
{CAN-2004-1182}
- hylafax 4.2.1-1