Author: jmm-guest Date: 2005-08-14 11:55:27 +0000 (Sun, 14 Aug 2005) New Revision: 1580 Modified: data/CAN/list Log: housekeeping on older TODO items. Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-08-14 11:24:05 UTC (rev 1579) +++ data/CAN/list 2005-08-14 11:55:27 UTC (rev 1580) @@ -272,7 +272,6 @@ NOTE: not-for-us (SGI IRIX) CAN-2002-2092 (Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and ...) NOTE: not-for-us (OpenBSD/NetBSD/FreeBSD - TODO: check kfreebsd-source-5.3 CAN-2002-2091 (Format string vulnerability in Deception Finger Daemon, decfingerd, ...) NOTE: not-for-us (decfingerd) CAN-2002-2090 (Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers ...) @@ -341,9 +340,7 @@ CAN-2005-2457 NOTE: reserved CAN-2005-2456 (Array index overflow in the xfrm_sk_policy_insert function in ...) - NOTE: Does affect 2.4 per Horms, fix will be in 2.4.27 DSA - TODO: Check if this made it into further 2.4 sid uploads as well (there doesn''t - TODO: seem to be a more recent 2.4 package right now) + NOTE: Will also be fixed in DSAs for 2.4.27 and 2.6.8 - linux-2.6 2.6.12-2 (bug #321401; medium) CAN-2005-2455 (Greasemonkey before 0.3.5 allows remote web servers to (1) read ...) NOTE: not-for-us (Greasemonkey) @@ -393,9 +390,9 @@ CAN-2005-2432 (SQL injection vulnerability in PhpList allows remote attackers to ...) NOTE: not-for-us (PhpList) CAN-2005-2431 (The (1) lost password and (2) account pending features in GForge 4.5 ...) - TODO: check, whether these apply to 3.1 as well + NOTE: Pinged maintainer, whether these are present in Debian''s much older version CAN-2005-2430 (Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 ...) - TODO: check, whether these apply to 3.1 as well + NOTE: Pinged maintainer, whether these are present in Debian''s much older version CAN-2005-2429 (Firefox, when opening Microsoft Word documents, does not properly set ...) NOTE: not-for-us (Firefox on Windows) CAN-2005-2428 (Lotus Domino R5 and R6 WebMail stores data in hidden form fields in ...) @@ -1788,10 +1785,10 @@ NOTE: reserved CAN-2005-2099 [kernel 2.6 keyring related DoS] NOTE: reserved - - linux-2.6 (unfixed; bug filed; medium) + - linux-2.6 (unfixed; bug #323039; medium) CAN-2005-2098 [kernel 2.6 keyring related DoS] NOTE: reserved - - linux-2.6 (unfixed; bug filed; medium) + - linux-2.6 (unfixed; bug #323039; medium) CAN-2005-2097 [DoS against xpdf by specially crafted loca tables in PDF documents] NOTE: reserved NOTE: kpdf will be fixed with next 3.4.2 upload @@ -3297,7 +3294,7 @@ CAN-2005-1768 (Race condition in the ia32 compatibility code for the execve system ...) - kernel-source-2.4.27 2.4.27-11 (medium) CAN-2005-1767 (Unknown vulnerability in the Linux kernel 2.6.x and 2.4.x allows local ...) - TODO: check + NOTE: Lacks info, pinged debian-kernel, which is roughly equivalent to a bug report CAN-2005-1766 (Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 ...) NOTE: not-for-us (RealPlayer) CAN-2005-1765 (syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, ...)