Moritz Muehlenhoff
2005-Oct-10 19:48 UTC
[Secure-testing-commits] r2382 - in data: CAN DSA
Author: jmm-guest
Date: 2005-10-10 19:48:18 +0000 (Mon, 10 Oct 2005)
New Revision: 2382
Modified:
data/CAN/list
data/DSA/list
Log:
two new dsas
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-10-10 12:16:27 UTC (rev 2381)
+++ data/CAN/list 2005-10-10 19:48:18 UTC (rev 2382)
@@ -13,9 +13,10 @@
NOTE: Reported w/o bug to Horms
CAN-2005-XXXX [DoS vulnerability in msg id parsing of spampd]
- spampd <unfixed> (bug #332259; medium)
-CAN-2005-XXXX [Multiple buffer overflows in xloadimage]
+CAN-2005-3178 [Multiple buffer overflows in xloadimage]
- xloadimage 4.1-15 (bug #332524; medium)
- NOTE: xli verified not exploitable
+ - xli <unfixed> (medium)
+ NOTE: xli couldn''t load the provided test images when I checked?
CAN-2005-XXXX [Arbitrary command execution in import script for bvh files in
Blender]
- blender <unfixed> (bug #330895; medium)
CAN-2005-3177 (CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4,
...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2005-10-10 12:16:27 UTC (rev 2381)
+++ data/DSA/list 2005-10-10 19:48:18 UTC (rev 2382)
@@ -1,3 +1,11 @@
+[10 Oct 2005] DSA-859-1 xli - buffer overflows
+ {CAN-2005-3178}
+ - xli <unfixed> (medium)
+ NOTE: not fixed in testing at time of DSA (unfixed in sid)
+[10 Oct 2005] DSA-858-1 xloadimage - buffer overflows
+ {CAN-2005-3178}
+ - xloadimage 4.1-15 (bug #332524; medium)
+ NOTE: not fixed in testing at time of DSA (too young)
[10 Oct 2005] DSA-857-1 graphviz - insecure temporary file
{CAN-2005-2965}
- graphviz 2.2.1-1sarge1 (low)