Author: jmm-guest Date: 2005-08-15 11:27:57 +0000 (Mon, 15 Aug 2005) New Revision: 1588 Modified: data/CAN/list data/embedded-code-copies Log: lots of new cases of embedded code, which had security problems in the past. Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-08-15 11:12:19 UTC (rev 1587) +++ data/CAN/list 2005-08-15 11:27:57 UTC (rev 1588) @@ -1,6 +1,6 @@ CAN-2005-XXXX [centericq embeds libgadu, which had multiple vulns] NOTE: Will be split once the maintainer has investigated this - - centericq (unfixed; bug filed; medium) + - centericq (unfixed; bug #323185; medium) CAN-2005-XXXX [Arbitrary command execution in wordpress through through cookie handling] - wordpress (unfixed; bug #323040; medium) CAN-2005-XXXX [phpldapadmin doesn''t fully prevent anonymous access when configured so] Modified: data/embedded-code-copies ==================================================================--- data/embedded-code-copies 2005-08-15 11:12:19 UTC (rev 1587) +++ data/embedded-code-copies 2005-08-15 11:27:57 UTC (rev 1588) @@ -19,6 +19,45 @@ libgadu/ekg: centericq +gaim (?) +kopete (ships the code, but links dynamically in the Debian package) +xmlrpc: (which package is the "origin" of this code?) +drupal +phpgroupware +egroupware +phpwiki +php4 (php-pear, IIRC this was reorganized some weeks ago?) + +shtool: (affects build-time only) +mysql-ocaml +php4 + + +mozilla: +mozilla-firefox +mozilla-thunderbird +nvu + + +xli: +xloadimage + + +lesstif: (beware: two different lesstif APIs supported in one package, 1.2 discarded upstream) +openmotif +xfree86/xorg (in libxpm, still the case with x.org? + + +kerberized apps with BSD origin: +krb4 +krb5 +heimdal + + +grip: (which pkg is the origin?) +libcdaudio +grip +gnome-vfs (vfs2 as well?)