Author: joeyh
Date: 2005-06-20 04:39:18 +0000 (Mon, 20 Jun 2005)
New Revision: 1245
Modified:
data/CAN/list
Log:
Add urgencies for unfixed items. This was a first quick pass, decisions are
not final.
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-06-20 04:38:07 UTC (rev 1244)
+++ data/CAN/list 2005-06-20 04:39:18 UTC (rev 1245)
@@ -1,5 +1,5 @@
CAN-2005-XXXX [Tor: Information leak through insufficient length verification
of relay calls]
- - tor 0.0.9.10-1
+ - tor 0.0.9.10-1 (medium)
CAN-2005-1975 (Multiple cross-site scripting (XSS) vulnerabilities in Annuaire
1Two ...)
NOTE: not-for-us (Annuaire)
CAN-2005-1974 (Unknown vulnerability in Java 2 Platform, Standard Edition
(J2SE) 5.0 ...)
@@ -77,7 +77,7 @@
CAN-2005-1938
NOTE: reserved
CAN-2005-1937 (A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows
remote ...)
- - mozilla-firefox 1.0.4-3
+ - mozilla-firefox 1.0.4-3 (medium)
CAN-2004-2137 (Outlook Express 6.0, when sending multipart e-mail messages
using the ...)
NOTE: not-for-us (Microsoft)
CAN-2005-1936 (Unknown vulnerability in the web server for the ESS/ Network
...)
@@ -87,13 +87,13 @@
CAN-2005-1933 (Dashboard in Apple Mac OS X Tiger 10.4 allows attackers to
execute ...)
NOTE: not-for-us (Apple)
CAN-2005-1934 (Gaim before 1.3.1 allows remote attackers to cause a denial of
service ...)
- - gaim 1:1.3.1-1
+ - gaim 1:1.3.1-1 (low)
CAN-2005-XXXX [Multiple buffer and integer overflows in strace]
NOTE: For full details download the sources and see the changelog entry
NOTE: from 2005-05-31 Dmitry V. Levin <ldv@altlinux.org>
- - strace 4.5.12-1
+ - strace 4.5.12-1 (low)
CAN-2005-XXXX [Local privilege escalation through insufficient DRM range
checks]
- - kernel-source-2.6.8 (unfixed)
+ - kernel-source-2.6.8 (unfixed; high)
CAN-2005-1930
NOTE: reserved
CAN-2005-1929
@@ -133,7 +133,7 @@
CAN-2005-1912
NOTE: reserved
CAN-2005-1911 (The fetchnews NNTP client in leafnode 1.11.2 and earlier can
hang ...)
- - leafnode 1.11.3.rel-1
+ - leafnode 1.11.3.rel-1 (low)
CAN-2005-1910 (SQL injection vulnerability in login.asp for WWWeb Concepts
Events ...)
NOTE: not-for-us (WWWeb Concepts Events System)
CAN-2005-1909 (The web server control panel in 602LAN SUITE 2004 allows remote
...)
@@ -280,9 +280,9 @@
CAN-2005-1858 (FUSE 2.x before 2.3.0 does not properly clear previously used
memory ...)
- fuse 2.3.0-1
CAN-2005-XXXX [Directory traversal in zoo]
- - zoo (unfixed; bug #309594)
+ - zoo (unfixed; bug #309594; medium)
CAN-2005-XXXX [Cross Site Scripting in websieve]
- - websieve (unfixed; bug #311838)
+ - websieve (unfixed; bug #311838; low)
CAN-2005-1840 (Directory traversal vulnerability in class.layout_phpcms.php in
phpCMS ...)
NOTE: not-for-us (phpCMS)
CAN-2005-1839 (Multiple SQL injection vulnerabilities in Doug Luxem Liberum
Help Desk ...)
@@ -429,7 +429,7 @@
NOTE: not-for-us (Avast)
CAN-2005-1769 [Multiple Cross Site Scripting vulnerabilities in Squirrelmail]
NOTE: reserved
- - squirrelmail (unfixed; bug #314374)
+ - squirrelmail (unfixed; bug #314374; low)
CAN-2005-1768
NOTE: reserved
CAN-2005-1767
@@ -438,15 +438,15 @@
NOTE: reserved
CAN-2005-1765 [Unspecified DoS vulnerability on amd64]
NOTE: reserved
- - kernel-source-2.6.8 (unfixed)
+ - kernel-source-2.6.8 (unfixed; unknown)
CAN-2005-1764 [Unspecified DoS vulnerability on amd64]
NOTE: reserved
- - kernel-source-2.6.8 (unfixed)
+ - kernel-source-2.6.8 (unfixed; unknown)
CAN-2005-1763 (Buffer overflow in ptrace in the Linux Kernel for 64-bit
architectures ...)
- - kernel-source-2.6.8 (unfixed)
+ - kernel-source-2.6.8 (unfixed; unknown)
CAN-2005-1762 [Unspecified DoS vulnerability on amd64]
NOTE: reserved
- - kernel-source-2.6.8 (unfixed)
+ - kernel-source-2.6.8 (unfixed; unknown)
CAN-2005-1761
NOTE: reserved
CAN-2005-1760 (sysreport 1.3.15 and earlier includes contents of the up2date
file in ...)
@@ -562,7 +562,7 @@
CAN-2005-XXXX [Unspecified issue in moodle''s admin/delete.php]
- moodle 1.4.4.dfsg.1-3
CAN-2005-XXXX [Minor DoS condition in mutt due to preditable tempfiles]
- - mutt (unfixed; bug #311296)
+ - mutt (unfixed; bug #311296; medium)
CAN-2005-XXXX [gforge arbitrary code execution through viewFile.php]
NOTE: viewFile.php has been removed along with other files in -26, so Debian
is
NOTE: no longer affected.
@@ -661,7 +661,7 @@
CAN-2005-1707 (The fn_show_postinst function in Gentoo webapp-config before
1.10-r14 ...)
NOTE: not-for-us (Gentoo)
CAN-2005-1706 (Unknown vulnerability in MailScanner 4.41.3 and earlier, related
to ...)
- - mailscanner (unfixed; bug #310774)
+ - mailscanner (unfixed; bug #310774; unknown)
CAN-2005-1705 (gdb before 6.3 searches the current working directory to load
the ...)
- gdb 6.3-6
CAN-2005-1704 (Integer overflow in the Binary File Descriptor (BFD) library for
gdb ...)
@@ -705,7 +705,7 @@
- wordpress 1.5.1-1
CAN-2005-1686 (Format string vulnerability in gedit 2.10.2 may allow attackers
to ...)
NOTE: Only exploitable under rare circumstances
- - gedit 2.10.3-1
+ - gedit 2.10.3-1 (low)
CAN-2005-1685 (episodex guestbook allows remote attackers to bypass
authentication ...)
NOTE: not-for-us (episodex)
CAN-2005-1684 (Cross-site scripting (XSS) vulnerability in default.asp for
episodex ...)
@@ -1043,7 +1043,7 @@
CAN-2005-1566 (Acrowave AAP-3100AR wireless router allows remote attackers to
bypass ...)
NOTE: not-for-us (Acrowave AAP-3100AR wireless router)
CAN-2005-1565 (Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is
...)
- - bugzilla (unfixed; bug #308789)
+ - bugzilla (unfixed; bug #308789; medium)
NOTE: only affects sid
CAN-2005-1564 (post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2
allows ...)
- bugzilla 2.16.7-7sarge1
@@ -1988,23 +1988,23 @@
CAN-2005-XXXX [maradns: More frequent rekeying to mitigate possible AES
attacks]
- maradns 1.0.27-1
CAN-2005-XXXX [Temp file races in gs-gpl addons scripts]
- - gs-gpl (unfixed; bug #291373)
+ - gs-gpl (unfixed; bug #291373; low)
CAN-2005-XXXX [Possible SQL injection in freeradius]
- freeradius 1.0.2-4
CAN-2005-XXXX [Insecure temp file handling in Thunderbird]
- - mozilla-thunderbird (unfixed; bug #306893)
+ - mozilla-thunderbird (unfixed; bug #306893; low)
CAN-2005-XXXX [Directory traversal in unzoo]
- unzoo 4.4-4
CAN-2005-XXXX [base-config: World readable config file might reveal password
data]
- - base-config (unfixed; bug #305142)
+ - base-config (unfixed; bug #305142; low)
CAN-2005-XXXX [Logging bypassing through SIGHUP in syslog-ng]
- syslog-ng 1.6.5-2.1
CAN-2005-XXXX [tracksballs: Missing checks for symlinks when writing to
predictable file names]
- - trackballs (unfixed; bug #302454)
+ - trackballs (unfixed; bug #302454; medium)
CAN-2005-XXXX [Less secure default setting in pwgen or the lack documentation
about it]
- - pwgen (unfixed; bug #276976)
+ - pwgen (unfixed; bug #276976; low)
CAN-2005-XXXX [Insecure handling of gpg passphrases in gabber]
- - gabber (unfixed; bug #177776)
+ - gabber (unfixed; bug #177776; low)
CAN-2005-1470 (Multiple unknown vulnerabilities in the (1) TZSP, (2) MGCP, (3)
ISUP, ...)
- ethereal 0.10.10-2sarge2
CAN-2005-1469 (Unknown vulnerability in the GSM dissector in Ethereal before
0.10.11 ...)
@@ -2048,7 +2048,8 @@
CAN-2002-1661 (The leafnode server in leafnode 1.9.20 to 1.9.29 allows remote
...)
NOTE: not-for-us (Leafnode2 development branch)
CAN-2005-XXXX [Missing input validation in xtradius]
- - xtradius (unfixed; bug #307796; not shipped in binary package)
+ NOTE: not shipped in deb
+ - xtradius (unfixed; bug #307796; low)
CAN-2005-XXXX [fai tempfile vulnerability]
- fai 2.8.2
CAN-2005-XXXX [nvu uses old version of mozilla]
@@ -2057,7 +2058,7 @@
NOTE: Has been removed from Sarge
- nvu (unfixed; bug #306822)
CAN-2005-XXXX [eskuel: arbitrary file retreiving]
- - eskuel 1.0.5-3.1
+ - eskuel 1.0.5-3.1 (low)
CAN-2005-XXXX [eskuel: No authentication at all]
- eskuel (unfixed; bug #163653)
CAN-2005-XXXX [Buffer overflow in elog''s header buffer]
@@ -2193,7 +2194,7 @@
NOTE: In Debian this is only part of the examples in share/doc, any admin will
NOTE: have to modify it for his purposes anyway, so there''s no
security problem
CAN-2005-1391 (Buffer overflow in the add_port function in APSIS Pound 1.8.2
and ...)
- - pound (unfixed; bug #307852)
+ - pound (unfixed; bug #307852; medium)
CAN-2005-1390
NOTE: rejected
CAN-2005-1389
@@ -2409,7 +2410,7 @@
CAN-2005-1291 (Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow
...)
NOTE: not-for-us (CartWIZ ASP Cart)
CAN-2005-1290 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB
2.0.14 ...)
- - phpbb2 2.0.13+1-6
+ - phpbb2 2.0.13+1-6 (low)
CAN-2005-1289 (index.cgi in E-Cart 2004 1.1 and earlier allows remote attackers
to ...)
NOTE: not-for-us (E-Cart)
CAN-2005-1288 (inc_login_check.asp ACS Blog 0.8 through 1.1.3 allows remote
attackers ...)
@@ -2465,9 +2466,9 @@
- tcpdump 3.9.0.cvs.20050614-1
CAN-2005-1266
NOTE: reserved
- - spamassassin (unfixed; bug #314447)
+ - spamassassin (unfixed; bug #314447; low)
CAN-2005-1265 (The mmap function in the Linux Kernel 2.6.10 can be used to
create ...)
- - kernel-source-2.6.8 (unfixed)
+ - kernel-source-2.6.8 (unfixed; medium)
CAN-2005-1264 (Raw character devices (raw.c) in the Linux kernel 2.6.x call the
wrong ...)
- kernel-source-2.6.8 2.6.8-15sarge1
- kernel-source-2.6.8 2.6.8-16
@@ -2516,7 +2517,7 @@
CAN-2005-XXXX [Multiple security problems in Quake 2]
NOTE: this release added lots of warnings about the security problems
- quake2 1:0.3-1.1
- - quake2 (unfixed; bug #280573)
+ - quake2 (unfixed; bug #280573; low)
CAN-2005-1245 (Cross-site scripting (XSS) vulnerability in MediaWiki before
1.4.2, ...)
NOTE: not-for-us (MediaWiki not yet in Debian), see CAN-2005-1888
CAN-2005-1244 (Directory traversal vulnerability in the third party tool from
NetIQ, ...)
@@ -2550,7 +2551,7 @@
CAN-2005-1230 (Directory traversal vulnerability in Yawcam 0.2.5 allows remote
...)
NOTE: not-for-us (Yawcan)
CAN-2005-1229 (Directory traversal vulnerability in cpio 2.6 and earlier allows
...)
- - cpio (unfixed; bug #306693)
+ - cpio (unfixed; bug #306693; medium)
CAN-2005-1228 (Directory traversal vulnerability in gunzip -N in gzip 1.2.4
through ...)
- gzip 1.3.5-10
CAN-2005-1227 (Cross-site scripting (XSS) vulnerability in PHProjekt 4.2 and
earlier ...)
@@ -2629,7 +2630,7 @@
CAN-2005-1194 (Stack-based buffer overflow in the ieee_putascii function for
nasm ...)
- nasm 0.98.38-1.2
CAN-2005-1193 (The bbencode_second_pass and make_clickable functions in
bbcode.php ...)
- - phpbb2 2.0.13+1-6
+ - phpbb2 2.0.13+1-6 (medium)
CAN-2005-1192 (Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11,
B.11.22, and ...)
NOTE: not-for-us (HP-UX)
CAN-2004-1776 (Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read
and ...)
@@ -2926,9 +2927,9 @@
NOTE: Not part of Sarge due to FTBFS on ia64 and alpha
- oops (unfixed; bug #307360)
CAN-2005-1120 (Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail
...)
- - ilohamail (unfixed; bug #304525)
+ - ilohamail (unfixed; bug #304525; low)
CAN-2005-1119 (Sudo VISudo 1.6.8 and earlier allows local users to corrupt
arbitrary ...)
- - sudo (unfixed; bug #283161)
+ - sudo (unfixed; bug #283161; low)
CAN-2005-1118 (Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in
the ...)
NOTE: not-for-us (RSA authentication agent)
CAN-2005-1117 (PHP remote code injection vulnerability in index.php in ...)
@@ -2944,7 +2945,7 @@
CAN-2005-1112 (IBM WebSphere Application Server 6.0 and earlier, when sharing
the ...)
NOTE: not-for-us (IBM Websphere)
CAN-2005-1111 (Race condition in cpio 2.6 and earlier allows local users to
modify ...)
- - cpio (unfixed; bug #305372)
+ - cpio (unfixed; bug #305372; low)
CAN-2005-1110 (Stack-based buffer overflow in the RespondeHTTPPendiente
function in ...)
NOTE: not-for-us (Sumus web server)
CAN-2005-1109 (The filtering of URLs in JunkBuster before 2.0.2-r3 allows
remote ...)
@@ -2965,7 +2966,7 @@
NOTE: not-for-us (Windows)
CAN-2005-1105 (Directory traversal vulnerability in the
MimeBodyPart.getFileName ...)
NOTE: api vulnerablity
- - libgnumail-java (unfixed; bug #304712)
+ - libgnumail-java (unfixed; bug #304712; low)
CAN-2005-1104 (Multiple cross-site scripting (XSS) vulnerabilities in Centra 7
...)
NOTE: not-for-us (Centra)
CAN-2005-1103 (Sygate Security Agent (SSA) in Sygate Secure Enterprise 3.5
through ...)
@@ -3104,7 +3105,7 @@
CAN-2005-1040 (Multiple unknown vulnerabilities in netapplet in Novell Linux
Desktop ...)
NOTE: Debian is not affected; see bug # 310833
CAN-2005-1039 (Race condition in Core Utilities (coreutils) 5.2.1, when (1)
mkdir, ...)
- - coreutils (unfixed; bug #304556)
+ - coreutils (unfixed; bug #304556; low)
CAN-2005-1038 (crontab in Vixie cron 4.1, when running with the -e option,
allows ...)
NOTE: long fixed in Debian''s cron
CAN-2005-1037 (Unknown vulnerability in AIX 5.3.0, when configured as an NIS
client, ...)
@@ -3462,7 +3463,7 @@
CAN-2002-1648 (Cross-site request forgery (CSRF) vulnerability in compose.php
in ...)
- squirrelmail 1:1.2.3
CAN-2002-1647 (The quick login feature in Slash Slashcode does not redirect the
user ...)
- - slash (unfixed; bug #160579)
+ - slash (unfixed; bug #160579; low)
CAN-2002-1646 (SSH Secure Shell for Servers 3.0.0 to 3.1.1 allows remote
attackers to ...)
NOTE: not-for-us (commercial ssh)
CAN-2002-1645 (Buffer overflow in the URL catcher feature for SSH Secure Shell
for ...)
@@ -3667,9 +3668,9 @@
CAN-2005-0839 (Linux kernel 2.6 before 2.6.11 does not restrict access to the
N_MOUSE ...)
- kernel-source-2.6.8 2.6.8-16
CAN-2005-0838 (Multiple buffer overflows in the XSL parser for IceCast 2.20 may
allow ...)
- - icecast2 (unfixed; bug #301368)
+ - icecast2 (unfixed; bug #301368; low)
CAN-2005-0837 (IceCast 2.20 allows remote attackers to bypass the XSL parser
and ...)
- - icecast2 (unfixed; bug #301368)
+ - icecast2 (unfixed; bug #301368; low)
CAN-2005-0836 (Argument injection vulnerability in Java Web Start for J2SE
1.4.2 up ...)
NOTE: not-for-us (Java Web Start for proprietary Sun Java)
CAN-2005-0835 (The SNMP service in the Belkin 54G (F5D7130) wireless router
allows ...)
@@ -3857,10 +3858,10 @@
NOTE: see http://bugs.gentoo.org/show_bug.cgi?id=90626
- gzip 1.3.5-10
CAN-2005-0757 (The xattr file system code, as backported in Red Hat Enterprise
Linux ...)
- - kernel-source-2.4.27 (unfixed; bug #311164)
+ - kernel-source-2.4.27 (unfixed; bug #311164; medium)
CAN-2005-0756 (ptrace 2.6.8.1 does not properly verify addresses on the amd64
...)
- - kernel-source-2.6.8 (unfixed)
- - kernel-source-2.6.11 2.6.11-7
+ - kernel-source-2.6.8 (unfixed; medium)
+ - kernel-source-2.6.11 2.6.11-7 (medium)
CAN-2005-0755 (Heap-based buffer overflow in RealPlayer 10 and earlier, Helix
Player ...)
- helix-player 1.0.4-1
CAN-2005-0754 (Kommander in KDE 3.2 through KDE 3.4.0 executes data files
without ...)
@@ -4093,10 +4094,10 @@
NOTE: not-for-us (Ipswitch Collaboration Suite)
CAN-2005-0706 (Buffer overflow in discdb.c for grip 3.1.2 allows attackers to
cause a ...)
NOTE: Sarge version does not install the module with the vulnerable code
- - gnome-vfs2 2.10.1-4
- - grip 3.2.0-4
- - libcdaudio 0.99.9-2.1
- - gnome-vfs 1.0.5-5.1
+ - gnome-vfs2 2.10.1-4 (low)
+ - grip 3.2.0-4 (low)
+ - libcdaudio 0.99.9-2.1 (low)
+ - gnome-vfs 1.0.5-5.1 (low)
CAN-2005-0705 (The GPRS-LLC dissector in Ethereal 0.10.7 through 0.10.9, with
the ...)
- ethereal 0.10.10-1
CAN-2005-0704 (Buffer overflow in the Etheric dissector in Ethereal 0.10.7
through ...)
@@ -4531,7 +4532,7 @@
CAN-2004-1736 (Cacti 0.8.5a allows remote attackers to gain sensitive
information via ...)
- cacti 0.8.5a-5
CAN-2004-1735 (Cross-site scripting (XSS) vulnerability in the create list
option in ...)
- - sympa (unfixed; bug #298105)
+ - sympa (unfixed; bug #298105; low)
CAN-2004-1734 (PHP remote code injection vulnerability in Mantis 0.19.0a allows
...)
- mantis 0.19.2-1
CAN-2004-1733 (Directory traversal vulnerability in MyDMS 1.4.2 and other
versions ...)
@@ -4867,8 +4868,8 @@
CAN-2005-0488 (Certain BSD-based Telnet clients, including those used on
Solaris and ...)
NOTE: netkit-telnet not affected
TODO: check heimdal
- - krb4 (unfixed)
- - krb5 (unfixed)
+ - krb4 (unfixed; low)
+ - krb5 (unfixed; low)
CAN-2004-1639 (Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913
allows ...)
NOTE: This is not a real security issue; it just describes the fact that the
Gecko
NOTE: engine of the Mozillae may be lead into a crash if you feed it with
large chunks
@@ -4921,7 +4922,7 @@
NOTE: not-for-us (Tonecast)
CAN-2004-1617 (Lynx allows remote attackers to cause a denial of service
(infinite ...)
NOTE: This is fixed in lynx-cur, maybe a fix can be extracted from there
- - lynx (unfixed; bug #296340)
+ - lynx (unfixed; bug #296340; medium)
CAN-2004-1616 (Links allows remote attackers to cause a denial of service
(memory ...)
- links 0.99+1.00pre12-1
CAN-2004-1615 (Opera allows remote attackers to cause a denial of service
(invalid ...)
@@ -5271,7 +5272,7 @@
CAN-2005-0449 (The netfilter/iptables module in Linux before 2.6.8.1 allows
remote ...)
NOTE: According to Herbert Xu, 2.4 is not vulnerable :
http://oss.sgi.com/archives/netdev/2005-01/msg01107.html
NOTE: Seems to be stuck with the ABI bump / debian-installer problem
- - kernel-source-2.6.8 (unfixed; bug #295949)
+ - kernel-source-2.6.8 (unfixed; bug #295949; high)
CAN-2005-0448 (Race condition in the rmtree function in File::Path.pm in Perl
before ...)
{DSA-696-1}
- perl 5.8.4-7
@@ -5361,7 +5362,7 @@
NOTE: not-for-us (Openconf)
CAN-2005-0406 (A design flaw in image processing software that modifies JPEG
images ...)
TODO: check all softwares that modifies JPEG images in Debian...
- - imagemagick (unfixed; bug #298051)
+ - imagemagick (unfixed; bug #298051; low)
CAN-2005-0405
NOTE: reserved
CAN-2005-0404 (KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email
...)
@@ -5370,7 +5371,7 @@
NOTE: see http://www.securiteam.com/unixfocus/5GP0B0AFFE.html
NOTE: see http://secunia.com/advisories/14925
NOTE: kde maintainers informed of it by security team
- - kmail (unfixed; bug #305601)
+ - kmail (unfixed; bug #305601; medium)
CAN-2005-0403
NOTE: reserved
CAN-2005-0402 (Firefox before 1.0.2 allows remote attackers to execute
arbitrary code ...)
@@ -5477,7 +5478,7 @@
CAN-2005-0357
NOTE: reserved
CAN-2005-0356 (Multiple TCP implementations with Protection Against Wrapped
Sequence ...)
- - kernel-source-2.6.8 (unfixed; bug #310804)
+ - kernel-source-2.6.8 (unfixed; bug #310804; medium)
TODO: 2.4?
CAN-2005-0355
NOTE: reserved
@@ -5503,7 +5504,7 @@
NOTE: checked inetutils 2:1.4.2+20040207-4; not vulnerable and its tftpd is
not shipped
NOTE: atftp checks h_length
NOTE: netkit-tftp not vulnerable
- - tftpd-hpa (unfixed; bug #295297)
+ - tftpd-hpa (unfixed; bug #295297; low)
CAN-2004-1484 (Format string vulnerability in the _msg function in error.c in
socat ...)
- socat 1.4.0.3-1
CAN-2004-1483 (Multiple unknown vulnerabilities in the ActiveX and HTML file
browsers ...)
@@ -7560,7 +7561,8 @@
{DSA-583-1}
NOTE: lvmcreate_initrd not in debian
CAN-2004-0971 (The krb5-send-pr script in the kerberos5 (krb5) package in
Trustix ...)
- - krb5 (unfixed; bug #278271; not shipped in binary package)
+ NOTE: not shipped in deb
+ - krb5 (unfixed; bug #278271; low)
- arla 0.36.2-11
CAN-2004-0970 (The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip
package in ...)
{DSA-588-1}
@@ -8152,8 +8154,8 @@
NOTE: This has been fixed in mozilla-firefox 0.8 and mozilla 1.6, but recent
NOTE: upstream versions became vulnerable again, see
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=296850
- - mozilla (unfixed)
- - mozilla-firefox 1.0.4-3
+ - mozilla (unfixed; medium)
+ - mozilla-firefox 1.0.4-3 (medium)
CAN-2004-0717 (Opera 7.51 for Windows and 7.50 for Linux does not properly
prevent a ...)
NOTE: not-for-us (opera 7.50)
CAN-2004-0716 (Buffer overflow in the DCE daemon (DCED) for the DCE endpoint
mapper ...)
@@ -8225,7 +8227,7 @@
NOTE: Matej Vela has checked that these are backported to lesstif1 as well
- lesstif1-1 1:0.93.94-9
NOTE: openmotif is non-free
- - openmotif (unfixed; bug #308819)
+ - openmotif (unfixed; bug #308819; low)
CAN-2004-0686 (Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4,
when the ...)
- samba 3.0.5
CAN-2004-0685 (Certain USB drivers in the Linux 2.4 kernel use the copy_to_user
...)