thr3ads.net - Secure testing commits - [Secure-testing-commits] r151

If this information is useful, please help other people find it:
Share via:

Joey Hess

2004-Nov-25 18:22 UTC

[Secure-testing-commits] r151 - in sarge-checks: CAN CVE DSA

Author: joeyh
Date: 2004-11-25 11:21:58 -0700 (Thu, 25 Nov 2004)
New Revision: 151

Modified:
   sarge-checks/CAN/list
   sarge-checks/CVE/list
   sarge-checks/DSA/list
Log:
new DSAs and some other fixes


Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list	2004-11-24 10:47:27 UTC (rev 150)
+++ sarge-checks/CAN/list	2004-11-25 18:21:58 UTC (rev 151)
@@ -79,8 +79,14 @@
 	NOTE: reserved
 CAN-2004-1013
 	NOTE: reserved
+	NOTE: covered by DSA-597-1
+	NOTE: see http://security.e-matters.de/advisories/152004.html
+	- cyrus-imapd 2.1.17-1
 CAN-2004-1012
 	NOTE: reserved
+	NOTE: covered by DSA-597-1
+	NOTE: see http://security.e-matters.de/advisories/152004.html
+	- cyrus-imapd 2.1.17-1
 CAN-2004-1011
 	NOTE: reserved
 CAN-2004-1010
@@ -135,6 +141,8 @@
 	NOTE: not-for-us (Apple)
 CAN-2004-0987
 	NOTE: reserved
+	NOTE: covered by DSA-598-1
+	- yardradius 1.0.20-15
 CAN-2004-0986
 	NOTE: reserved
 	- iptables 1.2.11-4
@@ -377,6 +385,7 @@
 CAN-2004-0888
 	NOTE: reserved
 	NOTE: covered by DSA-573-1
+	NOTE: covered by DSA-599-1
 	- koffice 1:1.3.4-1
 CAN-2004-0887
 	NOTE: reserved
@@ -538,11 +547,12 @@
 CAN-2004-0814
 	NOTE: reserved
 	- kernel-source-2.6.8 2.6.8-8
+	- kernel-source-2.4.27 2.4.27-6
 	NOTE: "fix race conditions in linux terminal subsystem"
 	NOTE: and all kernels build from it:
 	- kernel-image-2.6.8-1-386 2.6.8-5
+	TODO: 2.4 kernel images
 	TODO: other arches?
-	TODO: 2.4 vulnerable?
 CAN-2004-0813
 	NOTE: ide-cd SG_IO vulnerability
 	NOTE: should be fixed in recent 2.6 and 2.4 kernels

Modified: sarge-checks/CVE/list
==================================================================---
sarge-checks/CVE/list	2004-11-24 10:47:27 UTC (rev 150)
+++ sarge-checks/CVE/list	2004-11-25 18:21:58 UTC (rev 151)
@@ -629,7 +629,7 @@
 CVE-2002-1319
 	NOTE: fixed after 2.4.20 kernel (2.6 not vulnerable)
 CVE-2002-1318
-	- samba samba 2.99.cvs.20020713-1
+	- samba 2.99.cvs.20020713-1
 	NOTE: covered by DSA-200
 CVE-2002-1317
 	NOTE: not-for-us (solaris)
@@ -640,7 +640,7 @@
 	- courier 0.40.0-1
 	NOTE: covered by DSA-197
 CVE-2002-1308
-	- mozilla mozilla 2:1.2-1
+	- mozilla 2:1.2-1
 	NOTE: woody is vulnerable see #237422
 CVE-2002-1307
 	- mhonarc 2.5.13-1

Modified: sarge-checks/DSA/list
==================================================================---
sarge-checks/DSA/list	2004-11-24 10:47:27 UTC (rev 150)
+++ sarge-checks/DSA/list	2004-11-25 18:21:58 UTC (rev 151)
@@ -1,3 +1,21 @@
+[25 Nov 2004] DSA-599-1 tetex-bin - integer overflows
+	{CAN-2004-0888}
+	- tetex-bin 2.0.2-23
+[25 Nov 2004] DSA-598-1 yardradius - buffer overflow
+	{CAN-2004-0987}
+	- yardradius 1.0.20-15
+[25 Nov 2004] DSA-597-1 cyrus-imapd - buffer overflow
+	{CAN-2004-1012 CAN-2004-1013}
+	- cyrus-imapd 2.1.17-1
+[24 Nov 2004] DSA-596-2 sudo - missing input sanitising
+	{CAN-2004-1051}
+	- sudo 1.6.8p3-1
+[24 Nov 2004] DSA-596-1 sudo - missing input sanitising
+	{CAN-2004-1051}
+	- sudo 1.6.8p3-1
+[24 Nov 2004] DSA-595-1 bnc - buffer overflow
+	{CAN-2004-1052}
+	NOTE: package not in sarge or sid
 [17 Nov 2004] DSA-594-1 apache - buffer overflows
 	{CAN-2004-0940}
 	- apache 1.3.33-2

Secure testing commits - Nov 2004 - r151 - in sarge-checks: CAN CVE DSA

[Secure-testing-commits] r151 - in sarge-checks: CAN CVE DSA