Author: fw
Date: 2005-09-17 15:33:15 +0000 (Sat, 17 Sep 2005)
New Revision: 2032
Modified:
data/CAN/list
data/DSA/list
Log:
Add data found on bugs-dist, mainly known-fixed versions and bug
xrefs.
CAN-2005-2918: New CAN for gtkdiskfree.
CAN-2005-2876: loop-aes-utils is also affected.
CAN-2005-2558: mysql-dfsg is also vulnerable.
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-09-17 13:19:32 UTC (rev 2031)
+++ data/CAN/list 2005-09-17 15:33:15 UTC (rev 2032)
@@ -2,6 +2,8 @@
- clamav (unfixed; bug #328660; medium)
CAN-2005-2919 [clamav: libclamav/fsg.c: fix possible infinite loop.]
- clamav (unfixed; bug #328660; medium)
+CAN-2005-2918 [/tmp race condition in gtkdiskfree 1.9.3 and earlier]
+ - gtkdiskfree (bug #328566; low)
CAN-2005-XXXX [Two local kernel DoS through incorrect ioctl refcounter
handling]
TODO: Pinged Horms for 2.4
- linux-2.6 (unfixed; medium)
@@ -11,6 +13,7 @@
- twiki 20040902-2
CAN-2005-2876 (umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2
allows ...)
- util-linux (unfixed; bug #328141; medium)
+ - loop-aes-utils 2.12p-9 (bug #328626; medium)
CAN-2005-2875 (Py2Play allows remote attackers to execute arbitrary Python code
via ...)
- py2play (unfixed; bug #326976; medium)
CAN-2005-2874 (The is_path_absolute function in scheduler/client.c for the
daemon in ...)
@@ -31,7 +34,7 @@
CAN-2005-2870 (Unknown vulnerability in the net-svc script on Solaris 10 allows
...)
NOTE: not-for-us (Solaris)
CAN-2005-2869 (Multiple cross-site scripting (XSS) vulnerabilities in
phpMyAdmin ...)
- - phpmyadmin (unfixed; bug #327345; medium)
+ - phpmyadmin 4:2.6.4-pl1-1 (bug #327345; medium)
CAN-2005-2868 (ZipTorrent 1.3.7.3 stores sensitive information in plaintext in
the ...)
NOTE: not-for-us (ZipTorrent)
CAN-2005-2867 (SQL injection vulnerability in BlueWhaleCRM allows remote
attackers to ...)
@@ -919,7 +922,8 @@
NOTE: not-for-us (e107 portal)
CAN-2005-2558 (Stack-based buffer overflow in the init_syms function in MySQL
4.0 ...)
- mysql-dfsg-4.1 4.1.13 (medium)
- - mysql-dfsg-5.0 5.0.7beta (medium)
+ - mysql-dfsg-5.0 5.0.7beta-1 (medium)
+ - mysql-dfsg (unfixed; bug #322133; medium)
CAN-2005-2557
NOTE: reserved
{DSA-778-1}
@@ -1258,7 +1262,7 @@
NOTE: reserved
- xorg-x11 6.8.2.dfsg.1-7 (medium)
CAN-2005-2494 (kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain
root ...)
- - kdebase (unfixed; bug #327039; medium)
+ - kdebase 4:3.4.2-3 (bug #327039; medium)
CAN-2005-2493
NOTE: reserved
CAN-2005-2492 [Linux kernel sendmsg() DoS/information disclosure]
@@ -1304,10 +1308,6 @@
NOTE: Fixed in SVN for kernel-source-2.4.27 and 2.6.8, will probably result
NOTE: in a kernel DSA with other issues
TODO: Check, whether this is fixed in linux-2.6 SVN as well
-CAN-2005-XXXX [Buffer overflow in mysql''s user defined functions]
- - mysql-dfsg (unfixed; bug #322133; medium)
- - mysql-dfsg-4.1 4.1.13-1 (medium)
- - mysql-dfsg-5.0 5.0.7beta-1 (medium)
CAN-2005-XXXX [Unspecified buffer overflow in metar]
- metar 20050807.1-1 (unknown)
CAN-2005-2489 (Web Content Management News System allows remote attackers to
create ...)
@@ -4977,7 +4977,7 @@
NOTE: not-for-us (NPDS)
CAN-2005-1636 (mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to
5.0.4 ...)
{DSA-783-1}
- - mysql-dfsg 4.0.12-2
+ - mysql-dfsg 4.0.12-2 (bug #319526; low)
CAN-2005-1635 (JGS-XA JGS-Portal 3.0.2 and earlier allows remote attackers to
obtain ...)
NOTE: not-for-us (JGS-Portal)
CAN-2005-1634 (Multiple cross-site scripting (XSS) vulnerabilities in JGS-XA
...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2005-09-17 13:19:32 UTC (rev 2031)
+++ data/DSA/list 2005-09-17 15:33:15 UTC (rev 2032)
@@ -138,7 +138,7 @@
NOTE: not fixed in testing at time of DSA (glibc transition)
[24 Aug 2005] DSA-783-1 mysql-dfsg-4.1 - insecure temporary file
{CAN-2005-1636}
- - mysql-dfsg-4.1 4.1.12 (medium)
+ - mysql-dfsg-4.1 4.1.12 (medium; bug #319526)
NOTE: not fixed in testing at time of DSA (glibc transition)
- mysql-dfsg-5.0 5.0.11beta-3 (medium)
NOTE: not fixed in testing at time of DSA (glibc transition)