thr3ads.net - Secure testing commits - [Secure-testing-commits] r76

If this information is useful, please help other people find it:
Share via:
Joey Hess
2004-Nov-04 22:01 UTC
[Secure-testing-commits] r76 - sarge-checks/CAN

Author: joeyh
Date: 2004-11-04 15:01:43 -0700 (Thu, 04 Nov 2004)
New Revision: 76

Modified:
   sarge-checks/CAN/list
Log:
finished my block


Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list	2004-11-04 20:20:53 UTC (rev 75)
+++ sarge-checks/CAN/list	2004-11-04 22:01:43 UTC (rev 76)
@@ -53,8 +53,10 @@
 	NOTE: reserved
 CAN-2004-0982
 	NOTE: reserved
+	- mpg123 0.59r-17
 CAN-2004-0981
 	NOTE: reserved
+	- imagemagick 6:6.0.6.2-1.5
 CAN-2004-0980
 	NOTE: reserved
 CAN-2004-0979
@@ -394,6 +396,7 @@
 	NOTE: not-fos-us (AIX)
 CAN-2004-0827
 	NOTE: covered by DSA-547-1
+	- imagemagick 5:6.0.7.1-1
 CAN-2004-0826
 	NOTE: not-for-us (netscape NSS)
 CAN-2004-0825
@@ -442,6 +445,7 @@
 	- cdrtools 4:2.0+a34-2
 CAN-2004-0805
 	NOTE: covered by DSA-564-1
+	- mpg123 0.59r-16
 CAN-2004-0804
 	NOTE: covered by DSA-567-1
 CAN-2004-0803
@@ -1097,6 +1101,7 @@
 	- apache2 2.0.50-1
 CAN-2004-0492
 	NOTE: covered by DSA-525
+	- apache 1.3.31-2
 CAN-2004-0491
 	NOTE: reserved
 CAN-2004-0490
@@ -2871,65 +2876,63 @@
 	NOTE: not-for-us (Apple)
 CAN-2003-0600
 	NOTE: reserved
-
-begin claimed by joeyh
-
 CAN-2003-0599
 	NOTE: covered by DSA-365
 CAN-2003-0598
 	NOTE: rejected
 CAN-2003-0597
-	TODO: check
+	NOTE: not-for-us (Unixware)
 CAN-2003-0596
-	NOTE: covered by DSA-352
+	- fdclone 2.02a
 CAN-2003-0595
-	TODO: check
+	NOTE: not-for-us (WiTango Application Server and Tango 2000)
 CAN-2003-0594
+	NOTE: cannot find reference to it being fixed.
 	TODO: check
 CAN-2003-0593
-	TODO: check
+	NOTE: not-for-us (opera)
 CAN-2003-0592
 	NOTE: covered by DSA-459
 CAN-2003-0591
 	NOTE: rejected
 CAN-2003-0590
-	TODO: check
+	NOTE: not-for-us (Splatt Forum)
 CAN-2003-0589
-	TODO: check
+	NOTE: not-for-us (Digi-ads)
 CAN-2003-0588
-	TODO: check
+	NOTE: not-for-us (Digi-news)
 CAN-2003-0587
-	TODO: check
+	NOTE: not-for-us (Infopop Ultimate Bulletin Board (UBB))
 CAN-2003-0586
-	TODO: check
+	NOTE: not-for-us (Brooky eStore)
 CAN-2003-0585
-	TODO: check
+	NOTE: not-for-us (Brooky eStore)
 CAN-2003-0584
-	TODO: check
+	NOTE: not-for-us (BRU)
 CAN-2003-0583
-	- usermin 1.090-1
+	NOTE: not-for-us (BRU)
 CAN-2003-0582
 	NOTE: rejected
 CAN-2003-0581
 	NOTE: covered by DSA-360
 CAN-2003-0580
-	TODO: check
+	NOTE: not-for-us (IBM U2 UniVerse)
 CAN-2003-0579
-	TODO: check
+	NOTE: not-for-us (IBM U2 UniVerse)
 CAN-2003-0578
-	TODO: check
+	NOTE: not-for-us (IBM U2 UniVerse)
 CAN-2003-0577
-	TODO: check
+	- mpg123 (unfixed; bug filed)
 CAN-2003-0576
-	TODO: check
+	NOTE: not-for-us (IRIX)
 CAN-2003-0575
-	TODO: check
+	NOTE: not-for-us (IRIX)
 CAN-2003-0574
-	TODO: check
+	NOTE: not-for-us (IRIX)
 CAN-2003-0573
-	TODO: check
+	NOTE: not-for-us (IRIX)
 CAN-2003-0572
-	TODO: check
+	NOTE: not-for-us (IRIX)
 CAN-2003-0571
 	NOTE: reserved
 CAN-2003-0570
@@ -2939,35 +2942,39 @@
 CAN-2003-0568
 	NOTE: reserved
 CAN-2003-0567
-	TODO: check
+	NOTE: not-for-us (Cisco)
 CAN-2003-0566
 	NOTE: reserved
 CAN-2003-0565
-	TODO: check
+	NOTE: affects many implementations of the X.400 protocol
+	TODO: see if anything in debian uses X.400 and is vulnerable.
 CAN-2003-0564
-	TODO: check
+	NOTE: affects multiple S/MIME implementations
+	NOTE: checked current mozilla, which contains safe NSS 3.9.1
+	- mozilla 2:1.7.3
+	TODO: see if anything else in debian uses S/MIME and is vulnerable.
 CAN-2003-0563
 	NOTE: reserved
 CAN-2003-0562
-	TODO: check
+	NOTE: not-for-us (Novell Netware)
 CAN-2003-0561
-	TODO: check
+	NOTE: not-for-us (IglooFTP)
 CAN-2003-0560
-	TODO: check
+	NOTE: not-for-us (VP-ASP)
 CAN-2003-0559
-	TODO: check
+	NOTE: not-for-us (phpforum)
 CAN-2003-0558
-	TODO: check
+	NOTE: not-for-us (LeapFTP)
 CAN-2003-0557
-	TODO: check
+	NOTE: not-for-us (StoreFront)
 CAN-2003-0556
-	TODO: check
+	NOTE: not-for-us (Polycom MGC)
 CAN-2003-0555
-	TODO: check
+	NOTE: imagemagick %x exploit failed with 6.0.6.2-1.5
 CAN-2003-0554
-	TODO: check
+	NOTE: not-for-us (NeoModus Direct Connect)
 CAN-2003-0553
-	TODO: check
+	NOTE: not-for-us (Netscape)
 CAN-2003-0552
 	NOTE: covered by DSA-358
 	NOTE: fixed in 2.4.22-pre3
@@ -2978,13 +2985,13 @@
 	NOTE: covered by DSA-358
 	NOTE: fixed in 2.4.22-pre3
 CAN-2003-0549
-	TODO: check
+	- gdm 2.4.1.5
 CAN-2003-0548
-	TODO: check
+	- gdm 2.4.1.5
 CAN-2003-0547
-	TODO: check
+	- gdm 2.4.1.5
 CAN-2003-0546
-	TODO: check
+	NOTE: not-for-us (up2date)
 CAN-2003-0545
 	NOTE: covered by DSA-393
 CAN-2003-0544
@@ -2993,8 +3000,10 @@
 	NOTE: covered by DSA-393
 CAN-2003-0542
 	- apache2 2.0.48
+	- apache 1.3.29
 CAN-2003-0541
-	- squid 2.5.5-5
+	- gtkhtml (unfixed; bug filed)
+	TODO: check (probably vulnerable)
 CAN-2003-0540
 	NOTE: covered by DSA-363
 CAN-2003-0539
@@ -3010,77 +3019,75 @@
 CAN-2003-0534
 	NOTE: reserved
 CAN-2003-0533
-	TODO: check
+	NOTE: not-for-us (Microsoft)
 CAN-2003-0532
-	TODO: check
+	NOTE: not-for-us (Microsoft)
 CAN-2003-0531
-	TODO: check
+	NOTE: not-for-us (Microsoft)
 CAN-2003-0530
-	TODO: check
+	NOTE: not-for-us (Microsoft)
 CAN-2003-0529
 	NOTE: reserved
 CAN-2003-0528
-	TODO: check
+	NOTE: not-for-us (Microsoft)
 CAN-2003-0527
 	NOTE: reserved
 CAN-2003-0526
-	TODO: check
+	NOTE: not-for-us (Microsoft)
 CAN-2003-0525
-	TODO: check
+	NOTE: not-for-us (Microsoft)
 CAN-2003-0524
-	TODO: check
+	NOTE: appears specific to the knoppix CD
 CAN-2003-0523
-	TODO: check
+	NOTE: not-for-us (ProductCart)
 CAN-2003-0522
-	TODO: check
+	NOTE: not-for-us (ProductCart)
 CAN-2003-0521
-	TODO: check
+	NOTE: not-for-us (cPanel is not our cpanel)
 CAN-2003-0520
-	TODO: check
+	NOTE: not-for-us (Trillian)
 CAN-2003-0519
-	TODO: check
+	NOTE: not-for-us (Microsoft)
 CAN-2003-0518
-	TODO: check
+	NOTE: not-for-us (MacOS)
 CAN-2003-0517
-	TODO: check
+	- mgetty 1.1.29
 CAN-2003-0516
-	TODO: check
+	- mgetty 1.1.29
 CAN-2003-0515
 	NOTE: covered by DSA-347
 CAN-2003-0514
-	TODO: check
+	NOTE: not-for-us (Safari)
 CAN-2003-0513
-	TODO: check
+	NOTE: not-for-us (MSIE)
 CAN-2003-0512
-	TODO: check
+	NOTE: not-for-us (Cisco)
 CAN-2003-0511
-	TODO: check
+	NOTE not-for-us (Cisco Aironet AP1x00 Series Wireless devices)
 CAN-2003-0510
-	TODO: check
+	NOTE: not-for-us (ezbounce)
 CAN-2003-0509
-	TODO: check
+	NOTE: not-for-us (Cyberstrong eShop)
 CAN-2003-0508
-	TODO: check
+	NOTE: not-for-us (acroread)
 CAN-2003-0507
-	TODO: check
+	NOTE: not-for-us (Mocrosoft)
 CAN-2003-0506
-	TODO: check
+	NOTE: not-for-us (Mocrosoft)
 CAN-2003-0505
-	TODO: check
+	NOTE: not-for-us (Mocrosoft)
 CAN-2003-0504
 	NOTE: covered by DSA-365
 CAN-2003-0503
-	TODO: check
+	NOTE: not-for-us (Mocrosoft)
 CAN-2003-0502
-	TODO: check
+	NOTE: not-for-us (Apple Quicktime)
 CAN-2003-0501
 	NOTE: covered by DSA-358
 	NOTE: fixed in 2.4.22-pre10
 CAN-2003-0500
 	NOTE: covered by DSA-338
 
-end claimed by joeyh
-
 begin claimed by stef-guest
 
 CAN-2003-0499
@@ -4661,13 +4668,16 @@
 CAN-2002-0849
 CAN-2002-0843
 	NOTE: covered by DSA-187
+	- apache 1.3.27-0.1
 CAN-2002-0841
 	NOTE: rejected
 CAN-2002-0840
 	NOTE: covered by DSA-187
 	- apache2 2.0.43-1
+	- apache 1.3.27-0.1
 CAN-2002-0839
 	NOTE: covered by DSA-187
+	- apache 1.3.27-0.1
 CAN-2002-0838
 	NOTE: covered by DSA-176
 CAN-2002-0837
Secure testing commits - Nov 2004 - r76 - sarge-checks/CAN

[Secure-testing-commits] r76 - sarge-checks/CAN
