Author: fw
Date: 2005-09-17 16:44:12 +0000 (Sat, 17 Sep 2005)
New Revision: 2033
Modified:
data/CAN/list
Log:
More updates picked up on bugs-dist.
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-09-17 15:33:15 UTC (rev 2032)
+++ data/CAN/list 2005-09-17 16:44:12 UTC (rev 2033)
@@ -1,3 +1,16 @@
+CAN-2005-XXXX [mkzopeinstance.py creates world-readable inituser file]
+ - zope2.7 (unfixed; bug #313644; low)
+ NOTE: first patch was incorrect
+CAN-2005-XXXX [wine-safe does not prompt the user/is registered in mailcap]
+ - wine (bug #327261; bug #327262; unfixed)
+ TODO: It is not clear what the real bug is.
+ TODO: Does wine-safe prompt properly? Or should the functionality
+ TODO: be disabled completely, like Microsoft did some time ago?
+CAN-2005-XXXX [openssl: uses MD5 by default]
+ - openssl (bug #314465; unimportant)
+ NOTE: MD5 is still good enough for most applications.
+CAN-2005-XXXX [texinfo: /tmp race condition when processing large input files]
+ - texinfo (unfixed; bug #328365; low)
CAN-2005-2920 [clamav: libclamav/upx.c: fix possible buffer overflow.]
- clamav (unfixed; bug #328660; medium)
CAN-2005-2919 [clamav: libclamav/fsg.c: fix possible infinite loop.]
@@ -24,6 +37,7 @@
- mozilla-firefox 1.0.6-5 (medium)
- mozilla (unfixed; bug #327455; medium)
- mozilla-thunderbird (unfixed; medium)
+ - epiphany-browser (unfixed; bug #327366; medium)
CAN-2005-XXXX [several buffer overflows in MS CHM library before version 0.36]
- chmlib 0.36-1 (bug #327431)
CAN-2005-2802
@@ -413,7 +427,7 @@
- kernel-source-2.4.27 2.4.27-11 (bug #322237; medium)
CAN-2005-XXXX [polygen doesn''t honor umask when creating grm.o files]
NOTE: Fix in -8 had problems
- - polygen 1.0.6-9 (low)
+ - polygen 1.0.6-9 (bug #325468; low)
CAN-2005-2761 (Cross-site scripting (XSS) vulnerability in phpGroupWare
0.9.16.000 ...)
{DSA-798-1}
- phpgroupware 0.9.16.008-1 (unknown)
@@ -426,7 +440,7 @@
{DSA-806-1 DSA-802-1}
NOTE: cvs: not shipped in binary package
- cvs 1:1.12.9-15 (bug #325106; unimportant)
- - gcvs 1.0final-8 (low)
+ - gcvs 1.0final-8 (bug #324969; low)
CAN-2005-2692 (Multiple SQL injection vulnerabilities in RunCMS 1.2 and earlier
allow ...)
NOTE: not-for-us (RunCMS)
CAN-2005-2691 (includes/common.php in RunCMS 1.2 and earlier calls the extract
...)
@@ -506,7 +520,7 @@
{DSA-794-1}
CAN-2005-2655 (lockmail in maildrop before 1.5.3 does not drop privileges
before ...)
{DSA-791-1 DTSA-11-1}
- - maildrop 1.5.3-1.1etch1 (medium)
+ - maildrop 1.5.3-1.1etch1 (bug #325135; medium)
CAN-2005-2654 (phpldapadmin before 0.9.6c allows remote attackers to gain
anonymous ...)
{DSA-790-1}
- phpldapadmin 0.9.6c-5 (medium)
@@ -1564,10 +1578,12 @@
NOTE: not-for-us (PhpList)
CAN-2005-2431 (The (1) lost password and (2) account pending features in GForge
4.5 ...)
NOTE: maintainer lacks time for backport/investigation for GForge 3.1 in
Debian
- - gforge (unfixed; medium)
+ - gforge (bug #328224; unimportant)
+ NOTE: Direct flooding is possible as well in most circumstances.
+ NOTE: maintainer lacks time for backport/investigation for GForge 3.1 in
Debian
CAN-2005-2430 (Multiple cross-site scripting (XSS) vulnerabilities in GForge
4.5 ...)
+ - gforge (bug #328224; medium)
NOTE: maintainer lacks time for backport/investigation for GForge 3.1 in
Debian
- - gforge (unfixed; medium)
CAN-2005-2429 (Firefox, when opening Microsoft Word documents, does not
properly set ...)
NOTE: not-for-us (Firefox on Windows)
CAN-2005-2428 (Lotus Domino R5 and R6 WebMail, with "Generate HTML for
all fields" ...)
@@ -2084,6 +2100,7 @@
CAN-2005-2320 (WebCalendar before 1.0.0 does not properly restrict access to
...)
{DSA-766-1}
- webcalender (unfixed; bug #315671; medium)
+ TODO: The bug report references CAN-2005-2717. What does this mean?
CAN-2005-2437 (Website Baker Project does not properly verify the file
extensions of ...)
NOTE: not-for-us (Website Baker)
CAN-2005-XXXX [fiaif: Package provided cron job updates conf files with access
definitions]