Moritz Muehlenhoff
2005-May-19 09:54 UTC
[Secure-testing-commits] r1099 - sarge-checks/CAN
Author: jmm-guest Date: 2005-05-19 09:54:22 +0000 (Thu, 19 May 2005) New Revision: 1099 Modified: sarge-checks/CAN/list Log: Updates on viewglob and kernel. Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-05-19 09:14:19 UTC (rev 1098) +++ sarge-checks/CAN/list 2005-05-19 09:54:22 UTC (rev 1099) @@ -52,9 +52,7 @@ CAN-2005-1628 (WebAPP apage.cgi allows remote attackers to execute arbitrary commands ...) NOTE: not-for-us (WebAPP) CAN-2005-1627 (Unknown vulnerability in Viewglob before 2.0.1, related to "a ...) - NOTE: The reporter of the supposed vulnerability is the Debian maintainer; I''ve - NOTE: send him mail wrt his plans for this fix - TODO: Recheck with maintainer + NOTE: The 1.x version in Sarge and sid is not vulnerable CAN-2005-1626 (Multiple buffer overflows in handlers.c for Pico Server (pServ) before ...) NOTE: not-for-us (Pico Server) CAN-2005-1625 @@ -140,7 +138,7 @@ CAN-2005-XXXX [libxpm4: new s_popen() function is insecure garbage] - libxpm4 (unfixed; bug #308783) CAN-2005-1589 [Local privilege escalation in the Linux kernel''s pktcdvd ioctl] - - kernel-source-2.6.8 (unfixed; bug #309429) + NOTE: According to Horms from kernel team 2.6.8 not affected - kernel-source-2.6.11 2.6.11-5 CAN-2005-1588 (SQL injection vulnerability in index.php for Quick.cart 0.3.0 allows ...) NOTE: not-for-us (Quick.cart) @@ -1618,7 +1616,7 @@ CAN-2005-1265 NOTE: reserved CAN-2005-1264 [Local privilege escalation in the Linux kernel''s raw ioctl] - - kernel-source-2.6.8 (unfixed; bug #309429) + - kernel-source-2.6.8 2.6.8-15sarge1 - kernel-source-2.6.11 2.6.11-5 CAN-2005-1263 [Linux kernel ELF core dump privilege escalation] - kernel-source-2.6.11 2.6.11 2.6.11-4