Author: joeyh Date: 2005-05-16 18:01:25 +0000 (Mon, 16 May 2005) New Revision: 1072 Modified: sarge-checks/CAN/list Log: new holes, some NMUs, other updates Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-05-15 19:30:43 UTC (rev 1071) +++ sarge-checks/CAN/list 2005-05-16 18:01:25 UTC (rev 1072) @@ -1,3 +1,8 @@ +CAN-2005-XXXX [vpnc: config file path security hole] + NOTE: no bug ever filed for this + - vpnc 0.3.2+SVN20050326-2 +CAN-2005-XXXX [DoS security problem in gnutls] + - gnutls (unfixed; bug #309111) CAN-2005-XXXX [DNS response spoofing in Squid] - squid 2.5.9-9 CAN-2005-XXXX [Several buffer overflows in termpkg] @@ -826,8 +831,6 @@ TODO: check CAN-2001-1477 (The Domain gateway in BEA Tuxedo 7.1 does not perform authorization ...) TODO: check -CAN-2005-XXXX [kfreebsd5-source: FreeBSD Security Advisory FreeBSD-SA-05:04.ifconf] - - kfreebsd5-source 5.3-10 CAN-2005-XXXX [phpbb2: Security issue in url/bbcode] - phpbb2 2.0.13+1-6 CAN-2005-1477 (The install function in Firefox 1.0.3 allows remote web sites on the ...) @@ -930,6 +933,7 @@ - eskuel (unfixed; bug #163653) CAN-2005-XXXX [48 new vulnerabilities in Ethereal] TODO: um, why is this under an ethereal pseudo-CAN? + NOTE: t-p-u fix approved but lacking a few builds - elog 2.5.7+r1558-2 CAN-2005-XXXX [Unspeficied security issue in ipsec-tool''s single DES support] - ipsec-tools 0.5.2-1 @@ -1026,7 +1030,7 @@ CAN-2005-1407 (Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the ...) NOTE: not-for-us (Skype) CAN-2005-1406 (The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly ...) - NOTE: not-for-us (FreeBSD) + - kfreebsd5-source 5.3-10 CAN-2005-1405 (HTTP response splitting vulnerability in the @SetHTTPHeader function ...) NOTE: not-for-us (Lotus Domino) CAN-2005-1404 (MyPHP Forum 1.0 allows remote attackers to spoof the username by ...) @@ -1038,9 +1042,9 @@ CAN-2005-1401 (Format string vulnerability in the client for Mtp-Target 1.2.2 and ...) NOTE: not-for-us (Mtp-Target) CAN-2005-1400 (The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 ...) - NOTE: not-for-us (FreeBSD) + - kfreebsd5-source 5.3-10 CAN-2005-1399 (FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions ...) - NOTE: not-for-us (FreeBSD) + - kfreebsd5-source 5.3-10 CAN-2004-1778 (Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other versions, ...) NOTE: not-for-us (Skype) CAN-2004-1777 (A "range check error" in Skype for Windows before 0.98.0.28 allows ...) @@ -1209,11 +1213,11 @@ CAN-2005-1323 (Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows remote ...) NOTE: not-for-us (NetTerm) CAN-2005-1322 (Cross-site scripting (XSS) vulnerability in Horde Nag Task List ...) - - nag (unfixed; bug #307173) + - nag 1.1-3.1 CAN-2005-1321 (Cross-site scripting (XSS) vulnerability in Horde Vacation module ...) - sork-vacation 2.2.2-1 CAN-2005-1320 (Cross-site scripting (XSS) vulnerability in Horde Mnemo Note Manager ...) - - mnemo (unfixed; bug #307180) + - mnemo 1.1-2.1 TODO: check whether nmeno2 is affected as well, mnemo2 is not in Sarge CAN-2005-1319 (Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client ...) NOTE: imp4 is not affected @@ -1342,14 +1346,12 @@ - kernel-source-2.4.27 2.4.27-10 CAN-2005-1262 NOTE: reserved - - gaim 1:1.3.0-1 NOTE: see http://gaim.sourceforge.net/security/ - NOTE: backport needed for testing + - gaim CAN-2005-1261 NOTE: reserved - - gaim 1:1.3.0-1 NOTE: see http://gaim.sourceforge.net/security/ - NOTE: backport needed for testing + - gaim CAN-2005-1260 NOTE: reserved CAN-2005-1259 @@ -4324,7 +4326,8 @@ CAN-2005-0367 (Multiple directory traversal vulnerabilities in ArGoSoft Mail Server ...) NOTE: not-for-us (ArGoSoft Mail Server) CAN-2005-0366 (The integrity check feature in OpenPGP, when handling a message that ...) - - gnupg (unfixed; bug #300859) + - gnupg 1.4.1-1 + NOTE: vorlon approved new upstream release to testing CAN-2005-0364 (Unknown vulnerability in BIND 9.2.0 in HP-UX B.11.00, B.11.11, and ...) NOTE: not-for-us (bind on hp-ux) CAN-2005-0361