Author: jmm-guest
Date: 2005-10-06 08:58:04 +0000 (Thu, 06 Oct 2005)
New Revision: 2321
Modified:
data/CAN/list
Log:
wine fixed
fixed the included "etch" entries from DTSAs to the respective
versions in
sid, CAN/list tracks sid, if you prepare a DTSA add a cross-reference in
{}, which includes the fix prepared for etch
removed a stray claimed entry
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-10-06 08:40:08 UTC (rev 2320)
+++ data/CAN/list 2005-10-06 08:58:04 UTC (rev 2321)
@@ -620,16 +620,16 @@
- zope2.7 <unfixed> (bug #313644; low)
NOTE: first patch was incorrect
CAN-2005-XXXX [wine-safe does not prompt the user/is registered in mailcap]
- - wine <unfixed> (bug #327261; bug #327262; high)
+ - wine 0.0.20050830-1 (bug #327261; bug #327262; high)
TODO: It is not clear what the real bug is.
TODO: Does wine-safe prompt properly? Or should the functionality
TODO: be disabled completely, like Microsoft did some time ago?
CAN-2005-2920 (Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV)
before ...)
{DSA-824-1 DTSA-19-1}
- - clamav 0.86.2-4etch2 (bug #328660; medium)
+ - clamav 0.87-1 (bug #328660; medium)
CAN-2005-2919 (libclamav/fsg.c in Clam AntiVirus (ClamAV) before 0.87 allows
remote ...)
{DSA-824-1 DTSA-19-1}
- - clamav 0.86.2-4etch2 (bug #328660; medium)
+ - clamav 0.87-1 (bug #328660; medium)
CAN-2005-2918 (The open_cmd_tube function in mount.c for gtkdiskfree 1.9.3 and
...)
{DSA-822-1}
- gtkdiskfree 1.9.3-4sarge1 (bug #328566; low)
@@ -1238,10 +1238,10 @@
RESERVED
CAN-2005-2627 (Multiple integer underflows in Kismet before 2005-08-R1 allow
remote ...)
{DSA-788-1 DTSA-1-1}
- - kismet 2005.08.R1-0.1etch1 (bug #323386; high)
+ - kismet 2005.08.R1-1 (bug #323386; high)
CAN-2005-2626 (Unspecified vulnerability in Kismet before 2005-08-R1 allows
remote ...)
{DSA-788-1 DTSA-1-1}
- - kismet 2005.08.R1-0.1etch1 (bug #323386; high)
+ - kismet 2005.08.R1-1 (bug #323386; high)
CAN-2004-2476 (Microsoft Internet Explorer 6.0 allows remote attackers to cause
a ...)
NOT-FOR-US: MS IE
CAN-2004-2475 (Cross-site scripting (XSS) vulnerability in Google Toolbar
2.0.114.1 ...)
@@ -1789,7 +1789,7 @@
NOT-FOR-US: Novell eDirectory
CAN-2005-2547 (security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote
...)
{DSA-782-1 DTSA-9-1}
- - bluez-utils 2.19-0.1etch1 (bug #323365; medium)
+ - bluez-utils 2.19-1 (bug #323365; medium)
CAN-2005-2546 (Arab Portal 2.0 allows remote attackers to obtain sensitive ...)
NOT-FOR-US: Arab Portal
CAN-2005-2545 (Multiple cross-site scripting (XSS) vulnerabilities in
PHPOpenChat ...)
@@ -1896,7 +1896,7 @@
- egroupware 1.0.0.009.dfsg-1 (bug #323350; high)
- phpwiki <unfixed> (unimportant)
NOTE: phpwiki has disabled the XMLRPC in the last upload, it orphaned as well,
should be fixed anyway
- - php4 4:4.3.10-16etch1 (bug #323366; high)
+ - php4 4:4.3.10-16 (bug #323366; high)
TODO: check php5
CAN-2005-2497
RESERVED
@@ -1916,7 +1916,7 @@
- linux-2.6 2.6.12-7 (bug #327416; medium)
CAN-2005-2491 (Integer overflow in pcre_compile.c in Perl Compatible Regular
...)
{DSA-821-1 DSA-819-1 DSA-817-1 DSA-800-1 DTSA-10-1}
- - pcre3 6.3-0.1etch1 (bug #324531; medium)
+ - pcre3 6.3-1 (bug #324531; medium)
- gnumeric <unfixed> (bug #326628; bug #326898; unimportant)
- goffice <unfixed> (bug #326898; unimportant)
NOTE: gnumeric/goffice includes one as well; not exploitable as affected code
not used
@@ -2123,22 +2123,22 @@
- fftw3 3.0.1-12 (low; bug #321566)
CAN-2005-XXXX [clamav-getfile: Insecure use of temporary files]
- clamav-getfiles 0.5-1 (bug #321446; medium)
-begin claimed by neilm
CAN-2005-XXXX [cgiwrap: Minimum UID does not include all system users]
- - cgiwrap 3.9-3.0etch1 (bug #316881; low)
+ {DTSA-6-1}
+ - cgiwrap 3.9-3.1 (bug #316881; low)
CAN-2005-XXXX [cgiwrap: CGIs can be used to disclose system information]
- - cgiwrap 3.9-3.0etch1 (bug #316901; low)
+ {DTSA-6-1}
+ - cgiwrap 3.9-3.1 (bug #316901; low)
CAN-2004-2162 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1
allow ...)
- tutos 1.1.20031017-2.1 (bug #318633; medium)
CAN-2004-2161 (SQL injection vulnerability in file_overview.php in TUTOS 1.1
allows ...)
- tutos 1.1.20031017-2.1 (bug #318633; medium)
CAN-2005-2550 (Format string vulnerability in Evolution 1.4 through 2.3.6.1
allows ...)
{DTSA-13-1}
- - evolution 2.2.3-2etch1 (high; bug #322535)
+ - evolution 2.2.3-3 (high; bug #322535)
CAN-2005-2549 (Multiple format string vulnerabilities in Evolution 1.5 through
...)
{DTSA-13-1}
- - evolution 2.2.3-2etch1 (high; bug #322535)
-end claimed by neilm
+ - evolution 2.2.3-3 (high; bug #322535)
CAN-2005-XXXX [libnet-ssleay-perl: /tmp/entropy insecure]
- libnet-ssleay-perl 1.25-1.1 (bug #296112; low)
CAN-2005-XXXX [nvi: init.d recover file security bugs]
@@ -2174,7 +2174,7 @@
CAN-2005-2448 (Multiple "endianness errors" in libgadu in ekg
before 1.6rc2 allow ...)
{DSA-813-1 DTSA-2-1 DTSA-4-1}
- ekg 1:1.5+20050718+1.6rc3-1 (low)
- - centericq 4.20.0-8etch1 (bug #323185; medium)
+ - centericq 4.20.0-9 (bug #323185; medium)
CAN-2005-2447
REJECTED
CAN-2005-2446
@@ -2376,14 +2376,14 @@
CAN-2005-2370 (Multiple "memory alignment errors" in libgadu,
as used in ekg before ...)
{DSA-813-1 DSA-769-1 DTSA-2-1 DTSA-5-1}
- gaim 1:1.4.0-5 (low)
- - centericq 4.20.0-8etch1 (bug #323185; low)
+ - centericq 4.20.0-9 (bug #323185; low)
CAN-2005-2369 (Multiple integer signedness errors in libgadu, as used in ekg
before ...)
{DSA-813-1 DTSA-2-1}
TODO: check gaim and others that embed libgadu in source tree
- - centericq 4.20.0-8etch1 (bug #323185; medium)
+ - centericq 4.20.0-9 (bug #323185; medium)
CAN-2005-2368 (vim 6.3 before 6.3.082, with modelines enabled, allows external
...)
{DTSA-12-1}
- - vim 1:6.3-085+0.0etch1 (bug #320017; medium)
+ - vim 1:6.3-085+1 (bug #320017; medium)
CAN-2005-2367 (Format string vulnerability in the proto_item_set_text function
in ...)
- ethereal 0.10.12-1 (bug #320183; medium)
CAN-2005-2366 (Unknown vulnerability in the BER dissector in Ethereal 0.10.11
allows ...)
@@ -4786,7 +4786,7 @@
- phpgroupware 0.9.16.006-1 (high)
- egroupware 1.0.0.007-3.dfsg-1 (bug #317263; high)
- phpwiki 1.3.7-4 (bug #316714; high)
- - php4 4:4.3.10-16etch1 (high; bug #316447)
+ - php4 4:4.3.10-16 (high; bug #316447)
NOTE: horde3 is not affected by this issue, they ship different XMLRPC code
CAN-2005-1920 (The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x
through ...)
{DSA-804-1}
@@ -5184,7 +5184,7 @@
{DSA-789-1 DTSA-15-1}
- shtool 2.0.1-2 (bug #311206; low)
- mysql-ocaml 1.0.3-6 (bug #314464; low)
- - php4 4:4.3.10-16etch1 (low)
+ - php4 4:4.3.10-16 (low)
NOTE: the patch applied to NMU #311206 fixes both CAN-2005-1759 and
CAN-2005-1751
CAN-2004-2136 (dm-crypt on Linux kernel 2.6.x, when used on certain file
systems ...)
NOTE: This looks like a minor issue, the paper is from Feb 2004, check whether
this still applies