Author: jmm-guest Date: 2005-04-25 10:40:51 +0000 (Mon, 25 Apr 2005) New Revision: 907 Modified: sarge-checks/CAN/list Log: Latest Realplayer vulns affect Helix Player, which is vulnerable to other security issues as well. Since the initial upload there have been no updates... Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-04-25 10:01:57 UTC (rev 906) +++ sarge-checks/CAN/list 2005-04-25 10:40:51 UTC (rev 907) @@ -728,7 +728,7 @@ CAN-2005-0976 (AppleWebKit (WebCore and WebKit), as used in multiple products such as ...) NOTE: not-for-us (Apple) CAN-2005-0975 (Integer signedness error in the parse_machfile function in the mach-o ...) - TODO: check + NOTE: not-for-us (Apple) CAN-2005-0974 NOTE: reserved CAN-2005-0973 @@ -738,7 +738,7 @@ CAN-2005-0971 NOTE: reserved CAN-2005-0970 (Mac OS X 10.3.9 and earlier allows users to install, create, and ...) - TODO: check + NOTE: not-for-us (Apple) CAN-2005-0969 NOTE: reserved CAN-2005-0968 (Computer Associates (CA) eTrust Intrusion Detection 3.0 allows remote ...) @@ -1336,7 +1336,9 @@ CAN-2005-0756 NOTE: reserved CAN-2005-0755 (Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player ...) - TODO: check + NOTE: This covers some other security issues as well, since the initial upload + NOTE: at 29 Sep 2004 there have been no updates, should be removed from Sarge IMHO + - helix-player (unfixed; bug #305504) CAN-2005-0754 [Untrusted code execution in Kommander] - kdewebdev (unfixed; bug #305833) CAN-2005-0753 [Buffer overflow and several memory access problems in CVS]