Author: joeyh
Date: 2005-09-22 10:13:07 +0000 (Thu, 22 Sep 2005)
New Revision: 2081
Modified:
data/CAN/list
data/DSA/list
Log:
researched webcalendar. The changelog is 100% shite, confusing two
different holes and referring to the wrong CAN, but all the issues fixed in
the two DSAs are in fact fixed in the version in unstable/testing.
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-09-22 10:12:43 UTC (rev 2080)
+++ data/CAN/list 2005-09-22 10:13:07 UTC (rev 2081)
@@ -651,6 +651,7 @@
- courier 0.47-8 (medium; bug #325631)
CAN-2005-2801 (xattr.c in the ext2 and ext3 file system code for Linux kernel
2.6 ...)
- kernel-source-2.4.27 2.4.27-11 (medium)
+ TODO: check what version of linux-2.6 fixed this. (See bug #328395)
NOTE: http://lists.debian.org/debian-kernel/2005/08/msg00238.html
CAN-2005-2873 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel
2.6.12 and ...)
- kernel-source-2.4.27 (unfixed; low)
@@ -2334,8 +2335,7 @@
NOTE: woody is not affected according to the bug report.
CAN-2005-2320 (WebCalendar before 1.0.0 does not properly restrict access to
...)
{DSA-766-1}
- - webcalender (unfixed; bug #315671; medium)
- TODO: The bug report references CAN-2005-2717. What does this mean?
+ - webcalender 0.9.45-7 (bug #315671; medium)
CAN-2005-2437 (Website Baker Project does not properly verify the file
extensions of ...)
NOTE: not-for-us (Website Baker)
CAN-2005-XXXX [fiaif: Package provided cron job updates conf files with access
definitions]
Modified: data/DSA/list
==================================================================---
data/DSA/list 2005-09-22 10:12:43 UTC (rev 2080)
+++ data/DSA/list 2005-09-22 10:13:07 UTC (rev 2081)
@@ -73,7 +73,7 @@
NOTE: however, fixed in secure-testing archive
[02 Sep 2005] DSA-799-1 webcalendar - input validation
{CAN-2005-2717}
- - webcalendar (unfixed; bug #326223; high)
+ - webcalendar 0.9.45-7 (bug #326223; high)
NOTE: not fixed in testing at time of DSA (coordinated disclosure)
[02 Sep 2005] DSA-798-1 phpgroupware - several
{CAN-2005-2498 CAN-2005-2600 CAN-2005-2761}