Moritz Muehlenhoff
2005-May-22 10:17 UTC
[Secure-testing-commits] r1129 - sarge-checks/CAN
Author: jmm-guest Date: 2005-05-22 10:17:19 +0000 (Sun, 22 May 2005) New Revision: 1129 Modified: sarge-checks/CAN/list Log: Some updates. Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-05-22 00:07:30 UTC (rev 1128) +++ sarge-checks/CAN/list 2005-05-22 10:17:19 UTC (rev 1129) @@ -1201,14 +1201,11 @@ CAN-2005-XXXX [Missing input validation in xtradius] - xtradius (unfixed; bug #307796) CAN-2005-XXXX [fai tempfile vulnerability] - NOTE: vorlon reviewed fai 2.8.2 and its changes are ok, but 2.8.1 - NOTE: had many changes that are not appropriate for the freeze. - NOTE: 2.8 needs to be patched with the security fixes in 2.8.2 - NOTE: and uploaded to t-p-u. - fai 2.8.2 CAN-2005-XXXX [nvu uses old version of mozilla] NOTE: contains old copy of xpcom library NOTE: have not checked to see which security holes re in it exatly + NOTE: Has been removed from Sarge - nvu (unfixed; bug #306822) CAN-2005-XXXX [eskuel: arbitrary file retreiving] - eskuel 1.0.5-3.1 @@ -1393,10 +1390,10 @@ CAN-2005-1369 (The (1) it87 and (2) via686a drivers in I2C for Linux 2.6.x before ...) NOTE: does not affect 2.4.27 per horms - kernel-source-2.6.8 2.6.8-16 - - kernel-source-2.6.11 (unfixed; fix in svn; bug #307552) + - kernel-source-2.6.11 2.6.11-4 CAN-2005-1368 (The key_user_lookup function in security/keys/key.c in Linux kernel ...) NOTE: does not affect 2.6.8, 2.4.27 per horms - - kernel-source-2.6.11 (unfixed; fix in svn; bug #307553) + - kernel-source-2.6.11 2.6.11-4 CAN-2005-1367 (Pico Server (pServ) 3.2 and earlier allows local users to read ...) NOTE: not-for-us (pServ) CAN-2005-1366 (Pico Server (pServ) 3.2 and earlier allows remote attackers to obtain ...)