Author: fw Date: 2005-09-21 08:17:48 +0000 (Wed, 21 Sep 2005) New Revision: 2066 Modified: data/CAN/list Log: Replace libxpm4 and kmail binary packages with their source packages. The reason is that the corresponding source package is not consistent across releases, which makes proper version tracking quite hard. Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-09-21 07:38:24 UTC (rev 2065) +++ data/CAN/list 2005-09-21 08:17:48 UTC (rev 2066) @@ -1709,7 +1709,8 @@ CAN-2005-XXXX [DoS to users to prevent usage of showpartial through _hard_ links] - metamail 2.7-48 (bug #321473; low) CAN-2005-XXXX [Insecure usage of temporary files in x11perfcomp and other security issues] - - xbase-clients (unfixed; bug #321447; low) + - xfree86 (unfixed; bug #321447; low) + - xorg-x11 (unfixed; bug #321447; low) CAN-2005-XXXX [kdebase: startkde does not check lnusertemp''s result?] NOTE: This hardly has security implications, lots of applications do not cope NOTE: with a filled up /tmp dir. @@ -5335,7 +5336,9 @@ CAN-2005-XXXX [clamav: DoS through multiple empty Content-Disposition header lines] - clamav 0.85.1-1 CAN-2005-XXXX [libxpm4: new s_popen() function is insecure garbage] - - libxpm4 4.3.0.dfsg.1-14 + - xfree86 4.3.0.dfsg.1-14 (bug #308783) + NOTE: Actually affected package is libxpm4. + NOTE: x11-xorg is not affected (inspected the Subversion tree). CAN-2005-1589 (The pkt_ioctl function in the pktcdvd block device ioctl handler ...) NOTE: According to Horms from kernel team 2.6.8 not affected - kernel-source-2.6.11 2.6.11-5 @@ -8750,7 +8753,10 @@ - lesstif1-1 1:0.93.94-11.1 NOTE: lesstif1 - lesstif1-1 1:0.93.94-11.3 - - libxpm4 4.3.0.dfsg.1-13 + NOTE: libxmp4 is the real culprit, but there are different + NOTE: source packages for it (xorg-x11 and xfree86). xorg-x11 + NOTE: in unstable is not affected (was fixed before the upload). + - xfree86 4.3.0.dfsg.1-13 NOTE: openmotif is non-free - openmotif 2.2.3-1.1 (medium) CAN-2005-0604 (lnss.exe in GFI Languard Network Security Scanner 5.0 stores the ...) @@ -9759,7 +9765,9 @@ NOTE: see http://www.securiteam.com/unixfocus/5GP0B0AFFE.html NOTE: see http://secunia.com/advisories/14925 NOTE: kde maintainers informed of it by security team - - kmail (unfixed; bug #305601; medium) + - kdepim (unfixed; bug #305601; medium) + NOTE: On woody, kmail is part of kdenetwork, but there is no GnuPG + NOTE: support, so this issue is not very important. CAN-2005-0403 (init_dev in tty_io.c in the Red Hat backport of NPTL to Red Hat ...) TODO: check CAN-2005-0402 (Firefox before 1.0.2 allows remote attackers to execute arbitrary code ...)