Author: jmm-guest Date: 2005-08-04 13:07:34 +0000 (Thu, 04 Aug 2005) New Revision: 1523 Modified: data/CAN/list Log: further zlib issues affecting at least rsync obscure tiff issue only affects Woody Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-08-04 12:37:59 UTC (rev 1522) +++ data/CAN/list 2005-08-04 13:07:34 UTC (rev 1523) @@ -1,7 +1,14 @@ +CAN-2005-XXXX [DoS against rsync in embedded zlib copy] + NOTE: This is distinct from CAN-2005-2096, please see rsync''s 2.6.6 announcement + NOTE: It refers to one the the two vaguely described fixes from zlib 1.2.3 + NOTE: I haven''t verified this with source so far, but it looks like a DoS + NOTE: This is fixed in zlib 1.2.3, we could check if other apps embedding + NOTE: zlib 1.2 are affected as well + - rsync 2.6.6-1 (low) CAN-2005-XXXX [Unspecified XSS in hiki] - hiki 0.8.2-1 CAN-2005-XXXX [DoS in libtiff through div/0 in ycbcr code] - TODO: check whether tiff 3.7 is affected as well, reports against 3.6. + NOTE: Only affects Woody, tiff 3.7 not affected CAN-2005-XXXX [pstotext allows malicious post script code] - pstotext 1.9-2 (medium) CAN-2005-2404 (SQL injection vulnerability in sendcard.php in Sendcard 3.2.3 allows ...)