Author: stef-guest Date: 2004-11-09 14:59:42 -0700 (Tue, 09 Nov 2004) New Revision: 102 Modified: sarge-checks/CAN/list Log: update some CANs and claim some more Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2004-11-09 00:32:34 UTC (rev 101) +++ sarge-checks/CAN/list 2004-11-09 21:59:42 UTC (rev 102) @@ -3227,6 +3227,7 @@ NOTE: not-for-us (Progress 4GL Compiler) CAN-2003-0484 TODO: check phpbb2 + NOTE: mail sent to maintainer (2004-11-09) CAN-2003-0483 NOTE: not-for-us (XMB Forum) CAN-2003-0482 @@ -3264,9 +3265,12 @@ NOTE: fixed in linux 2.4.21 CAN-2003-0466 NOTE: covered by DSA-357 -CAN-2003-0465 - NOTE: fixed in 2.6.x but not in 2.4.x ? - TODO: check +CAN-2003-0465 strncpy in kernel does not pad with zeroes + TODO: (unfixed; bug #280492) + NOTE: generic .c version fixed in 2.6.x but not in 2.4.x + NOTE: arch specific asm versions: + NOTE: x86 is not affected + NOTE: ppc32 fixed in 2.4.22-rc4 CAN-2003-0464 NOTE: fixed in linux 2.4.22-pre8 CAN-2003-0463 @@ -3329,7 +3333,9 @@ CAN-2003-0435 NOTE: covered by DSA-322 CAN-2003-0434 - TODO: various pdf viewers. which others than xpdf? + NOTE: various pdf viewers + NOTE: kpdf does not seem to support hyperlinks; so not vulnerable + NOTE: gpdf 2.8.0 does not seem to be vulnerable - xpdf 2.02pl1-1 CAN-2003-0433 NOTE: covered by DSA-315 @@ -3693,6 +3699,9 @@ NOTE: covered by DSA-302 CAN-2003-0260 NOTE: not-for-us (Cisco) + +begin claimed by stef-guest + CAN-2003-0259 TODO: check CAN-2003-0258 @@ -3813,6 +3822,9 @@ NOTE: covered by DSA-280 CAN-2003-0200 NOTE: reserved + +end claimed by stef-guest + CAN-2003-0199 NOTE: reserved CAN-2003-0198