Secure testing commits - Nov 2004 - r128 - sarge-checks/CAN

Author: joeyh
Date: 2004-11-17 16:25:46 -0700 (Wed, 17 Nov 2004)
New Revision: 128

Modified:
   sarge-checks/CAN/list
Log:
more CANs


Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list	2004-11-17 19:13:26 UTC (rev 127)
+++ sarge-checks/CAN/list	2004-11-17 23:25:46 UTC (rev 128)
@@ -4105,19 +4105,19 @@
 CAN-2003-0061
 	NOTE: reserved
 CAN-2003-0060
-	TODO: check
+	- krb5 1.2.4
 CAN-2003-0057
 	NOTE: covered by DSA-248
 CAN-2003-0056
 	NOTE: covered by DSA-252
 CAN-2003-0049
-	TODO: check
+	NOTE: not-for-us (MacOS)
 CAN-2003-0048
-	TODO: check
+	NOTE: apparently fixed upstream 2002-11-12 changelog
 CAN-2003-0047
-	TODO: check
+	NOTE: not-for-us (commercial ssh clients)
 CAN-2003-0046
-	TODO: check
+	NOTE: not-for-us (commercial ssh clients)
 CAN-2003-0044
 	NOTE: covered by DSA-246
 CAN-2003-0043
@@ -4125,7 +4125,8 @@
 CAN-2003-0042
 	NOTE: covered by DSA-246
 CAN-2003-0041
-	TODO: check
+	NOTE: verified sarge version of krb5-clients not vulnerable
+	NOTE: nothing in changelogs
 CAN-2003-0040
 	NOTE: covered by DSA-247
 CAN-2003-0039
@@ -4135,11 +4136,13 @@
 CAN-2003-0037
 	NOTE: covered by DSA-244
 CAN-2003-0036
-	TODO: check
+	NOTE: not-for-us (ml85p, as included in the printer-drivers package for
Mandrake Linux)
 CAN-2003-0035
-	TODO: check
-CAN-2003-0034
-	TODO: check
+	NOTE: not-for-us (ml85p, as included in the printer-drivers package for
Mandrake Linux)
+CAN-2003-0034a
+	NOTE: HOME overflow was fixed in mainSrc/rcfile.c, but not in
+	NOTE: chooser/mtinkc.c''s version, which goes into mtinkc
+	NOTE: it''s not installed setuid or setgid, so this is not exploitable
 CAN-2003-0033
 	NOTE: covered by DSA-297
 CAN-2003-0032
@@ -4147,7 +4150,7 @@
 CAN-2003-0031
 	NOTE: covered by DSA-228
 CAN-2003-0030
-	TODO: check
+	NOTE: not-for-us (Protegrity Secure.Data Extension Feature)
 CAN-2003-0029
 	NOTE: reserved
 CAN-2003-0028
@@ -4175,9 +4178,9 @@
 CAN-2003-0012
 	NOTE: covered by DSA-230
 CAN-2003-0011
-	TODO: check
+	NOTE: not-for-us (Microsoft)
 CAN-2003-0010
-	TODO: check
+	NOTE: not-for-us (Windows Script Engine for JScript)
 CAN-2003-0008
 	NOTE: reserved
 CAN-2003-0006