Author: joeyh Date: 2005-08-09 15:27:18 +0000 (Tue, 09 Aug 2005) New Revision: 1547 Modified: data/CAN/list Log: Various holes added from a review of security tagged bugs affecting testing in the BTS. Note that I also used notfound to fix display of bugs that were fixed and stopped at the beginning of the serious severity holes at http://bugs.debian.org/cgi-bin/pkgreport.cgi?which=tag&data=security&archive=no&version=&dist=testing Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-08-09 14:23:54 UTC (rev 1546) +++ data/CAN/list 2005-08-09 15:27:18 UTC (rev 1547) @@ -1,3 +1,23 @@ +CAN-2005-XXXX [Buffer overflow in Description parsing] + - bidwatcher (unfixed; bug #319489; high) +CAN-2005-XXXX [Does not do escaping in mysql version - both a worrying flaw and stops adduser working] + - dbmail (unfixed; bug #303991; medium) +CAN-2005-XXXX [downloads.ini writable by group users, world-readable] + - mldonkey-server (unfixed; bug #300560; low) +CAN-2005-XXXX [Should include "UNRESTRICTED access to your computer" warning somewhere] + - gcjwebplugin (unfixed; bug #267040; high) +CAN-2005-XXXX [Inconsistent escaping of user supplied data in dbauthpgsql.c] + - dbmail-pgsql (unfixed; bug #290833; medium) +CAN-2005-XXXX [buffer-overrun in apache2-ssl] + - apache2-ssl (unfixed; bug #320048; low) +CAN-2005-XXXX [A client accepted by MAC address filtering to bypass any other rule] + - shorewall 2.4.1-2 (bug #318946) +CAN-2005-XXXX [time delay of password check proves account existence to attackers] + NOTE: unknown if really a bug; if it is it''s different than the + NOTE: previous ssh delay bugs + - ssh (unfixed; bug #314645; low) +CAN-2005-XXXX [null pointer oops on udp packets] + - kernel-image-2.6.8-2-686-smp (unfixed; bug #309308; low) CAN-2005-XXXX [DoS by removal of default ACLs in ext2/ext3] NOTE: Fixed in SVN for kernel-source-2.4.27 and 2.6.8, will probably result NOTE: in a kernel DSA with other issues