Author: joeyh Date: 2005-04-09 19:10:13 +0000 (Sat, 09 Apr 2005) New Revision: 785 Modified: sarge-checks/CAN/list Log: bts updates Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-04-09 18:46:15 UTC (rev 784) +++ sarge-checks/CAN/list 2005-04-09 19:10:13 UTC (rev 785) @@ -58,7 +58,7 @@ - mozilla (unfixed; bug #302778) - mozilla-firefox 1.0.2-3 CAN-2005-0988 (Race condition in gzip 1.2.4, 1.3.3, and earlier when decompressing a ...) - - gzip (unfixed; bug filed) + - gzip (unfixed; bug #303927) NOTE: Essentially the same as CAN-2005-0953 CAN-2005-0987 (Unknown vulnerability in IRC Services NickServ LISTLINKS before 5.0.50 ...) NOTE: not-for-us (IRC Services NickServ) @@ -272,7 +272,7 @@ CAN-2005-0891 (Double-free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote ...) NOTE: The description is wrong; 2.6 is affected as well - gtk+2.0 2.6.4-1 - - gdk-pixbuf (unfixed; bug filed) + - gdk-pixbuf (unfixed; bug #303441) CAN-2004-1773 (Multiple buffer overflows in sharutils 4.2.1 and earlier may allow ...) - sharutils 1:4.2.1-12 CAN-2004-1772 (Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows ...) @@ -379,7 +379,8 @@ CAN-2005-0870 (Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, ...) - phpsysinfo 2.3-3 CAN-2005-0869 (phpSysInfo 2.3 allows remote attackers to obtain sensitive information ...) - - phpsysinfo (unfixed; bug #301118) + NOTE: phpsysinfo maintainer does not consider path disclosure to + NOTE: be a bug. See bug #301118. CAN-2005-0868 (AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) ...) NOTE: checked tn5250, apparently the only AS/400 emulator in debian NOTE: cannot find STRPCO or STRPCCMD in tn5250.