Author: joeyh Date: 2005-01-19 20:00:20 +0100 (Wed, 19 Jan 2005) New Revision: 289 Modified: sarge-checks/CAN/list Log: updates Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-01-19 08:14:24 UTC (rev 288) +++ sarge-checks/CAN/list 2005-01-19 19:00:20 UTC (rev 289) @@ -1,31 +1,31 @@ CAN-2005-0121 - TODO: check + NOTE: not-for-us (golddig) CAN-2005-0120 - TODO: check + NOTE: not-for-us (helvis) CAN-2005-0119 - TODO: check + NOTE: not-for-us (helvis) CAN-2005-0118 - TODO: check + NOTE: not-for-us (helvis) CAN-2005-0117 - TODO: check + - xshisen (unfixed; bug #289784) CAN-2005-0116 - TODO: check + - awstats (unfixed; bug #291064) CAN-2005-0115 NOTE: reserved CAN-2005-0114 NOTE: reserved CAN-2005-0113 - TODO: check + NOTE: not-for-us (IRIX) CAN-2005-0112 NOTE: reserved CAN-2005-0111 - TODO: check + - maxdb-7.5.00 7.5.00.18 CAN-2005-0110 - TODO: check + NOTE: not-for-us (MSIE) CAN-2005-0109 NOTE: reserved CAN-2005-0108 - TODO: check + - libapache-mod-auth-radius 1.5.7-6 CAN-2005-0107 NOTE: reserved CAN-2005-0106 @@ -47,13 +47,13 @@ CAN-2005-0098 NOTE: reserved CAN-2005-0097 - TODO: check + - squid 2.5.7-4 CAN-2005-0096 - TODO: check + - squid 2.5.7-4 CAN-2005-0095 - TODO: check + - squid 2.5.7-4 CAN-2005-0094 - TODO: check + - squid 2.5.7-4 CAN-2005-0093 NOTE: reserved CAN-2005-0092 @@ -81,15 +81,18 @@ CAN-2005-0081 NOTE: reserved CAN-2004-1379 - TODO: check + - xine-lib 1-rc7-1 CAN-2004-1378 - TODO: check + - jabber (unfixed; bug #291183) + NOTE: not-for-us (jadc2s) CAN-2004-1377 - TODO: check + - a2ps (unfixed; bug #286387) + - a2ps (unfixed; bug #286385) + NOTE: wrote for clarification of how it''s exploitable CAN-2003-1054 TODO: check CAN-2003-1053 - TODO: check + - xshisen 1.51-1-1 CAN-2005-0080 (The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 ...) - mailman 2.1.5-5 CAN-2005-0079 @@ -114,7 +117,7 @@ NOTE: reserved CAN-2005-0069 NOTE: reserved - - vim (unfixed; bug #291125) + - vim 1:6.3-058+1 CAN-2005-0068 (The original design of ICMP does not require authentication for ...) NOTE: general icmp design error CAN-2005-0067 (The original design of TCP does not require that port numbers be ...) @@ -124,7 +127,11 @@ CAN-2005-0065 (The original design of TCP does not check that the TCP sequence number ...) NOTE: general tcp design error CAN-2005-0064 (Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc ...) - TODO: check + - xpdf (unfixed; bug filed) + - gpdf (unfixed; bug filed) + - koffice (unfixed; bug filed) + - kpdf (unfixed; bug filed) + - pdftohtml (unfixed; bug filed) CAN-2005-0063 NOTE: reserved CAN-2005-0062 @@ -318,10 +325,11 @@ CAN-2005-0006 NOTE: reserved CAN-2005-0005 (Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and ...) - - imagemagick (unfixed; bug #291118) + - imagemagick 6:6.0.6.2-2.1 CAN-2005-0004 NOTE: reserved - - mysql-dfsg 4.1.8a-6 + - mysql-dfsg-4.1 4.1.8a-6 + - mysql-dfsg 4.0.23-3 CAN-2005-0003 NOTE: reserved CAN-2005-0002 (poppassd_pam 1.0 and earlier, when changing a user password, does not ...) @@ -797,7 +805,7 @@ - xpdf 3.00-11 - cupsys 1.1.22-2 - tetex-bin 2.0.2-25 - - gpdf (unfixed; bug #290731) + - gpdf 2.8.2-1 - koffice 1:1.3.5-1 CAN-2004-1124 NOTE: reserved