Author: jmm-guest
Date: 2005-09-29 21:18:49 +0000 (Thu, 29 Sep 2005)
New Revision: 2242
Modified:
data/CAN/list
Log:
bugnums and three older issues from the BTS
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-09-29 21:14:17 UTC (rev 2241)
+++ data/CAN/list 2005-09-29 21:18:49 UTC (rev 2242)
@@ -1,3 +1,12 @@
+CAN-2005-XXXX [Insecure temp files in linux-wlan-ng]
+ - linux-wlan-ng 0.2.0+0.2.1pre21-1.1 (bug #290047; low)
+CAN-2004-XXXX [kmail may send out sensitive information when used on NFS homes]
+ - kmail <unfixed> (bug #280287; low)
+CAN-2002-XXXX [sanitizer bypassal through quoted file names]
+ - sanitizer <unfixed> (bug #149799; medium)
+ TODO: We should followup, this is probably fixed since the last three years
+CAN-2005-XXXX [hdup does not preserve directory permissions]
+ - hdup <unfixed> (bug #302790)
CAN-2005-XXXX [Heap overflow in libosip URI parsing]
- libosip 2.0.9-1 (bug #308737)
CAN-2005-XXXX [rkhunter: Insecure temporary file]
@@ -4220,7 +4229,7 @@
NOT-FOR-US: Finjan SurfinGate
CAN-2005-1993 (Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL ...)
{DSA-735-2 DSA-735-1}
- - sudo 1.6.8p9-1 (medium)
+ - sudo 1.6.8p9-1 (bug #315718; bug #315115; medium)
CAN-2005-1992 (The XMLRPC server in utils.rb for the ruby library (libruby) 1.8
sets ...)
{DSA-748-1}
- ruby1.8 1.8.2-8 (medium)
@@ -7888,7 +7897,7 @@
CAN-2005-0978 (Directory traversal vulnerability in the Object Push service in
IVT ...)
NOT-FOR-US: IVT BlueSoleil
CAN-2005-0977 (The shmem_nopage function in shmem.c for the tmpfs driver in
Linux ...)
- - kernel-source-2.6.8 2.6.8-16
+ - kernel-source-2.6.8 2.6.8-16 (bug #303177)
CAN-2005-0976 (AppleWebKit (WebCore and WebKit), as used in multiple products
such as ...)
NOT-FOR-US: Apple
CAN-2005-0975 (Integer signedness error in the parse_machfile function in the
mach-o ...)
@@ -9577,7 +9586,7 @@
NOTE: This is fixed in lynx-cur, maybe a fix can be extracted from there
- lynx <unfixed> (bug #296340; low)
CAN-2004-1616 (Links allows remote attackers to cause a denial of service
(memory ...)
- - links 0.99+1.00pre12-1
+ - links 0.99+1.00pre12-1 (bug #296341; low)
CAN-2004-1615 (Opera allows remote attackers to cause a denial of service
(invalid ...)
NOT-FOR-US: Opera
CAN-2004-1614 (Mozilla allows remote attackers to cause a denial of service
...)
@@ -10038,8 +10047,8 @@
- mozilla-firefox 1.0.2-1
- mozilla-thunderbird 1.0.2-1
CAN-2005-0400 (The ext2_make_empty function call in the Linux kernel before
2.6.11.6 ...)
- - kernel-source-2.4.27 2.4.27-10
- - kernel-source-2.6.8 2.6.8-16
+ - kernel-source-2.4.27 2.4.27-10 (bug #303294)
+ - kernel-source-2.6.8 2.6.8-16 (bug #303294)
CAN-2005-0399 (Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2,
...)
- mozilla-firefox 1.0.2-1
- mozilla-thunderbird 1.0.2-1
@@ -10938,7 +10947,7 @@
NOT-FOR-US: Irix
CAN-2005-0137 (Linux kernel 2.6 on Itanium (ia64) architectures allows local
users to ...)
NOTE: Does not affect 2.6 based kernels in Debian
- - kernel-source-2.4.27 2.4.27-10
+ - kernel-source-2.4.27 2.4.27-10 (bug #308584)
CAN-2005-0136
RESERVED
- kernel-source-2.6.8 2.6.8-14