Author: joeyh Date: 2004-11-06 15:37:42 -0700 (Sat, 06 Nov 2004) New Revision: 92 Modified: sarge-checks/CAN/list Log: some random followups Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2004-11-06 15:42:19 UTC (rev 91) +++ sarge-checks/CAN/list 2004-11-06 22:37:42 UTC (rev 92) @@ -36,7 +36,9 @@ CAN-2004-0991 NOTE: reserved CAN-2004-0990 - TODO: probably vulnerable, check libgd1 and libgd2 and file bugs + NOTE: not sure if libgd1 is vulnerable + - libgd1 (unfixed; bug #278625) + - libgd2 2.0.30-1 CAN-2004-0989 NOTE: covered by DSA-582-1 CAN-2004-0988 @@ -587,6 +589,7 @@ CAN-2004-0745 TODO: unsure if fixed, probably not. Mailed lha maintainer. NOTE: GOTO says first he heard of it, is checking. + NOTE: mailed GOTO again 6 Nov CAN-2004-0744 NOTE: not-for-us (MacOS) CAN-2004-0743 @@ -845,7 +848,8 @@ CAN-2004-0620 NOTE: not-for-us (vBulletin) CAN-2004-0619 - TODO: unchecked + NOTE: not-for-us (Linux Broadcom 5820 cryptonet driver) + NOTE: does not seem to be part of linux kernel or other package CAN-2004-0618 NOTE: not-for-us (freebsd) CAN-2004-0617 @@ -936,8 +940,7 @@ CAN-2004-0577 NOTE: not-for-us (Wingate) CAN-2004-0576 - HELP: which one is GNU radius? - TODO: unchecked + NOTE: not-for-us (GNU radius not in Debian) CAN-2004-0575 NOTE: not-for-us (Windows) CAN-2004-0574 @@ -2387,11 +2390,12 @@ NOTE: not-for-us (Apple) CAN-2003-0876 NOTE: not-for-us (Apple) -CAN-2003-0875 +CAN-2003-0875 [source package only] NOTE: openslp: slpd.all_init symlink vuln NOTE: this file is not used in Debian, so it''s not a problem for us. NOTE: source package still distributes the file, however. TODO: submitted to BTS. waiting for response. + - openslp (unfixed; bug #279973 CAN-2003-0874 NOTE: not-for-us (Deskpro) CAN-2003-0873 @@ -4904,6 +4908,9 @@ NOTE: covered by DSA-136 CAN-2002-0655 NOTE: covered by DSA-136 + +NOTE: this is approximatly the release of woody, so we can stop here + CAN-2002-0654 - apache2 2.0.40 CAN-2002-0652