Author: jmm-guest Date: 2005-03-17 18:16:48 +0100 (Thu, 17 Mar 2005) New Revision: 574 Modified: sarge-checks/CAN/list Log: xli seems fixed, but one the fixes requires further evaluation. Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-03-17 17:13:29 UTC (rev 573) +++ sarge-checks/CAN/list 2005-03-17 17:16:48 UTC (rev 574) @@ -362,12 +362,16 @@ CAN-2005-0640 (Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not ...) NOTE: not-for-us (Computer Associates UAM) CAN-2005-0639 (Multiple vulnerabilities in xli before 1.17 may allow remote attackers ...) - - xli (unfixed; bug #298039) + - xli 1.17.0-17 NOTE: I think xloadimage might be also vulnerable, I have mailed NOTE: Tavis Ormandy about this. -- Djoume + NOTE: Bug maintainer to mention CAN-id in changelog - jmm CAN-2005-0638 (xloadimage before 4.1-r2, and xli before 1.17, allows attackers to ...) - xli (unfixed; bug #298039) - xloadimage 4.1-14.1 + NOTE: The bug closer for 289039 claims that fixed, but I can''t find an obvious + NOTE: fix in the interdiff between -16 and -17, needs further evaluation - jmm + NOTE: Bug maintainer to mention CAN-id in changelog - jmm CAN-2005-0637 (The copy functions in locore.s in OpenBSD 3.5 and 3.6 may allow ...) NOTE: not-for-us (OpenBSD) CAN-2005-0636 (Format string vulnerability in Foxmail Server 2.0 allows remote ...) @@ -9761,6 +9765,7 @@ CAN-2001-0777 (Omnicron OmniHTTPd 2.0.8 allows remote attackers to cause a denial of ...) CAN-2001-0776 (Buffer overflow in DynFX MailServer version 2.10 allows remote ...) CAN-2001-0775 (Buffer overflow in xloadimage 4.1 (aka xli 1.16 and 1.17) in Linux ...) + - xli 1.17.0-17 CAN-2001-0772 (Buffer overflows and other vulnerabilities in multiple Common Desktop ...) CAN-2001-0771 (Spytech SpyAnywhere 1.50 allows remote attackers to gain administrator ...) CAN-2001-0768 (GuildFTPd 0.9.7 stores user names and passwords in plaintext in the ...)