Author: pdwerryh-guest Date: 2004-11-18 06:07:11 -0700 (Thu, 18 Nov 2004) New Revision: 130 Modified: sarge-checks/CAN/list Log: completed my latest block, couple of TODOs remaining Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2004-11-17 23:37:27 UTC (rev 129) +++ sarge-checks/CAN/list 2004-11-18 13:07:11 UTC (rev 130) @@ -4195,8 +4195,8 @@ CAN-2002-1583 NOTE: not-for-us (IBM DB2) CAN-2002-1582 - NOTE: mailreader. not clear if this was fixed. - TODO: check + NOTE: mailreader. Affects 2.3.30 and 2.3.31. + NOTE: Sarge uses 2.3.29. CAN-2002-1581 NOTE: covered by DSA-534 - mailreader 2.3.29-9 @@ -4333,167 +4333,280 @@ NOTE: phpGB not in Debian CAN-2002-1478 NOTE: covered by DSA-164 + - cacti 0.6.8a-2 CAN-2002-1477 NOTE: covered by DSA-164 + - cacti 0.6.8a-2 CAN-2002-1475 + NOTE: not-for-us (HPUX) CAN-2002-1474 + NOTE: not-for-us (HPUX) CAN-2002-1473 + NOTE: not-for-us (HPUX) CAN-2002-1470 + NOTE: not-for-us (Shoutcase) CAN-2002-1467 + - flashplugin-nonfree 6.0.61.0-1 CAN-2002-1466 + NOTE: not-for-us (Cafelog) CAN-2002-1465 + NOTE: not-for-us (Cafelog) CAN-2002-1464 + NOTE: not-for-us (Cafelog) CAN-2002-1462 + NOTE: not-for-us (Organic PHP) CAN-2002-1461 + NOTE: not-for-us (Webshop Manager) CAN-2002-1460 + NOTE: L-Forum not in Debian CAN-2002-1459 + NOTE: L-Forum not in Debian CAN-2002-1458 + NOTE: L-Forum not in Debian CAN-2002-1457 + NOTE: L-Forum not in Debian CAN-2002-1456 + NOTE: not-for-us (mIRC) CAN-2002-1455 + NOTE: not-for-us (OmniHTTPD) CAN-2002-1454 + NOTE: not-for-us (MyWebServer) CAN-2002-1453 + NOTE: not-for-us (MyWebServer) CAN-2002-1452 + NOTE: not-for-us (MyWebServer) CAN-2002-1451 + NOTE: Blazix not in Debian CAN-2002-1450 + NOTE: not-for-us (IBM UniVerse) CAN-2002-1449 + NOTE: eUpload not in Debian CAN-2002-1445 + NOTE: CERN HTTPD not in Debian CAN-2002-1444 + NOTE: not-for-us (Google Toolbar) CAN-2002-1442 + NOTE: not-for-us (Google Toolbar) CAN-2002-1441 + NOTE: not-for-us (Tomahawk) CAN-2002-1440 + NOTE: not-for-us (Gateway) CAN-2002-1439 + NOTE: not-for-us (HPUX) CAN-2002-1434 + NOTE: not-for-us (Kerio) CAN-2002-1433 + NOTE: not-for-us (Kerio) CAN-2002-1432 + NOTE: not-for-us (MidiCart) CAN-2002-1431 + NOTE: not-for-us (Belkin) CAN-2002-1429 + NOTE: not-for-us (ShoutBox) CAN-2002-1428 + NOTE: dotproject not in Debian CAN-2002-1427 + NOTE: Easy Homepage Creator not in Debian CAN-2002-1426 + NOTE: not-for-us (HP) CAN-2002-1425 NOTE: covered by DSA-141 + - mpack 1.5-9 CAN-2002-1423 + NOTE: hole in fudforum before 2.2.0 + TODO: check if this is the same as in package phpgroupware-fudforum + TODO: have contacted phpgroupware developer to clarify CAN-2002-1422 + NOTE: hole in fudforum before 2.2.0 + TODO: check if this is the same as in package phpgroupware-fudforum + TODO: have contacted phpgroupware developer to clarify CAN-2002-1421 + NOTE: hole in fudforum before 2.2.0 + TODO: check if this is the same as in package phpgroupware-fudforum + TODO: have contacted phpgroupware developer to clarify CAN-2002-1416 + NOTE: not-for-us (Webeasymail) CAN-2002-1415 + NOTE: not-for-us (Webeasymail) CAN-2002-1412 NOTE: covered by DSA-138 + - gallery 1.3-1 CAN-2002-1411 + NOTE: not-for-us (Duma) CAN-2002-1410 + NOTE: not-for-us (East Guestbook) CAN-2002-1409 + NOTE: not-for-us (HPUX) CAN-2002-1408 + NOTE: not-for-us (HP Openview) CAN-2002-1406 + NOTE: not-for-us (HPUX) CAN-2002-1405 NOTE: covered by DSA-210 + - lynx 2.8.4.1b-3.2 + - lynx-ssl 1:2.8.4.1b-3.1 CAN-2002-1404 NOTE: rejected CAN-2002-1403 NOTE: covered by DSA-219 + NOTE: Debian sarge uses dhcp > 2.0 CAN-2002-1402 + NOTE: covered by DSA-165 + - postgresql 7.2.2-2 CAN-2002-1401 NOTE: covered by DSA-165 + - postgresql 7.2.2-2 CAN-2002-1400 NOTE: covered by DSA-165 + - postgresql 7.2.2-2 CAN-2002-1399 + - postgresql 7.2.2-2 CAN-2002-1398 NOTE: covered by DSA-165 + - postgresql 7.2.2-2 CAN-2002-1397 + - postgresql 7.2.2-2 CAN-2002-1395 NOTE: covered by DSA-202 + - im 141-20 CAN-2002-1394 NOTE: covered by DSA-225 + NOTE: no problem in sarge packages CAN-2002-1393 NOTE: covered by DSA-234 + NOTE: KDE2 not in sarge CAN-2002-1390 NOTE: covered by DSA-223 + - geneweb 4.09-1 CAN-2002-1389 NOTE: covered by DSA-217 + - typespeed 0.4.2-2 CAN-2002-1388 NOTE: covered by DSA-221 + - mhonarc 2.5.14-1 CAN-2002-1387 NOTE: covered by DSA-254 + - traceroute-nanog 6.3.0-1 CAN-2002-1386 NOTE: covered by DSA-254 + - traceroute-nanog 6.3.0-1 CAN-2002-1384 NOTE: covered by DSA-222 + - xpdf 3.00-9 CAN-2002-1383 NOTE: covered by DSA-232 + - cupsys 1.1.18-1 CAN-2002-1380 NOTE: covered by DSA-336 + - kernel-source-2.2.25 2.2.25-2 CAN-2002-1379 NOTE: covered by DSA-227 + - openldap2 2.0.27-3 CAN-2002-1378 NOTE: covered by DSA-227 + - openldap2 2.0.27-3 CAN-2002-1376 NOTE: covered by DSA-212 + NOTE: bug in mysql 3, sarge uses mysql 4 CAN-2002-1375 NOTE: covered by DSA-212 + NOTE: bug in mysql 3, sarge uses mysql 4 CAN-2002-1374 NOTE: covered by DSA-212 + NOTE: bug in mysql 3, sarge uses mysql 4 CAN-2002-1373 NOTE: covered by DSA-212 + NOTE: bug in mysql 3, sarge uses mysql 4 CAN-2002-1372 NOTE: covered by DSA-232 + - cupsys 1.1.18-1 CAN-2002-1371 NOTE: covered by DSA-232 + - cupsys 1.1.18-1 CAN-2002-1370 NOTE: reserved CAN-2002-1369 NOTE: covered by DSA-232 + - cupsys 1.1.18-1 CAN-2002-1368 NOTE: covered by DSA-232 + - cupsys 1.1.18-1 CAN-2002-1367 NOTE: covered by DSA-232 + - cupsys 1.1.18-1 CAN-2002-1366 NOTE: covered by DSA-232 + - cupsys 1.1.18-1 CAN-2002-1365 NOTE: covered by DSA-216 + - fetchmail 6.2.0-1 CAN-2002-1364 NOTE: covered by DSA-254 + - traceroute-nanog 6.3.0-1 CAN-2002-1363 NOTE: covered by DSA-213 + - libpng3 1.2.5-8 CAN-2002-1362 NOTE: covered by DSA-211 + NOTE: micq not in sarge CAN-2002-1360 + NOTE: Debian uses openssh, not vulnerable CAN-2002-1359 + NOTE: Debian uses openssh, not vulnerable CAN-2002-1358 + NOTE: Debian uses openssh, not vulnerable CAN-2002-1357 + NOTE: Debian uses openssh, not vulnerable CAN-2002-1356 + - ethereal 0.9.8-1 CAN-2002-1355 + - ethereal 0.9.8-1 CAN-2002-1354 NOTE: reserved CAN-2002-1353 NOTE: reserved CAN-2002-1352 + NOTE: not-for-us (CartMan) CAN-2002-1351 NOTE: reserved CAN-2002-1350 NOTE: covered by DSA-206 + - tcpdump 3.6.2-2.2 CAN-2002-1348 NOTE: covered by DSA-249 + - w3mmee 0.3.p24.17-3 CAN-2002-1347 + - libsasl2 2.1.10-1 CAN-2002-1346 NOTE: reserved CAN-2002-1345 + NOTE: multiple ftp client issues + TODO: check wget, ftp, ncftp, etc. CAN-2002-1344 NOTE: covered by DSA-209 + - wget 1.8.1-6.1 CAN-2002-1343 NOTE: reserved CAN-2002-1342 NOTE: covered by DSA-203 + - smb2www 980804-17 CAN-2002-1341 NOTE: covered by DSA-220 - squirrelmail 1:1.3.2-2 CAN-2002-1340 + NOTE: not-for-us (Office Web Components) CAN-2002-1339 + NOTE: not-for-us (Office Web Components) CAN-2002-1338 + NOTE: not-for-us (Office Web Components) CAN-2002-1337 NOTE: covered by DSA-257 + NOTE: problem in sendmail 8.12, sarge uses 8.13 CAN-2002-1335 NOTE: covered by DSA-249 + - w3mmee 0.3.p24.17-3 CAN-2002-1334 + NOTE: not-for-us (BizDesign) CAN-2002-1333 NOTE: reserved CAN-2002-1332 @@ -4512,26 +4625,38 @@ NOTE: reserved CAN-2002-1323 NOTE: covered by DSA-208 + - perl 5.8.0-14 CAN-2002-1322 + NOTE: not-for-us (ClearCase) CAN-2002-1321 + NOTE: Realplayer not in Sarge CAN-2002-1318 NOTE: covered by DSA-200 + NOTE: Problem in Samba 2, sarge uses Samba 3. CAN-2002-1316 + NOTE: not-for-us (iPlanet) CAN-2002-1315 + NOTE: not-for-us (iPlanet) CAN-2002-1314 NOTE: reserved CAN-2002-1313 NOTE: covered by DSA-198 + - nullmailer 1.00RC5-17 CAN-2002-1312 NOTE: reserved CAN-2002-1311 NOTE: covered by DSA-197 + - courier 0.40.0-1 CAN-2002-1310 + NOTE: not-for-us (Macromedia) CAN-2002-1309 + NOTE: not-for-us (Macromedia) CAN-2002-1307 NOTE: covered by DSA-199 + - mhonarc 2.5.13-1 CAN-2002-1306 NOTE: covered by DSA-214 + - kdenetwork 2.2.2-14.20 CAN-2002-1305 NOTE: reserved CAN-2002-1304