Secure testing commits - Oct 2005 - r2456 - data/CAN

Author: fw
Date: 2005-10-19 20:42:23 +0000 (Wed, 19 Oct 2005)
New Revision: 2456

Modified:
   data/CAN/list
Log:
Some more items from bugs-dist.


Modified: data/CAN/list
==================================================================---
data/CAN/list	2005-10-19 20:09:09 UTC (rev 2455)
+++ data/CAN/list	2005-10-19 20:42:23 UTC (rev 2456)
@@ -545,9 +545,6 @@
 	NOTE: Only affects distcc in a very non-standard setup
 CAN-2004-XXXX [phpwiki shares a cookie for all wikis on a host]
 	- phpwiki <unfixed> (bug #282565; medium)
-CAN-2005-XXXX [MySQL authentication bypass]
-	- mysql-dfsg-4.1 4.1.11a-1 (bug #330164; medium)
-	- mysql-dfsg-5.0 <not-affected> (Was fixed before MySQL 5.0 was uploaded
into the archive)
 CAN-2005-XXXX [Possibly incorrect virtualisation in php4]
 	- php4 <unfixed> (bug #317577; bug #330419; unknown)
 	NOTE: Maintainer can''t reproduce
@@ -13125,6 +13122,7 @@
 CAN-2004-0817 (Multiple heap-based buffer overflows in the imlib BMP image
handler ...)
 	{DSA-548-1}
 	- imlib+png2 1.9.14-16.2
+	- imlib 1.9.14-17 (bug #285025)
 CAN-2004-0816 (Integer underflow in the firewall logging rules for iptables in
Linux ...)
 	NOTE: fixed in 2.6.8, does not affect 2.4 per dannf''s notes
 CAN-2004-0815 (The unix_clean_name function in Samba 2.2.x through 2.2.11, and
3.0.x ...)
@@ -13550,8 +13548,10 @@
 CAN-2004-0628 (Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and
5.0, ...)
 	NOTE: apparently only affects mysql-dfsg >= 4.1.x, debian has older version
 CAN-2004-0627 (The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and
5.0, ...)
-	NOTE: apparently only affects mysql-dfsg >= 4.1.x, debian has older version
-	- mysql-dfsg-4.1 <not-affected> (fixed before first Debian upload)
+	TODO: Unclear if older MySQL versions are affected.  Code seems to be
+	TODO: present in a different function, but exploit does not work.
+	- mysql-dfsg-4.1 4.1.11a-1 (bug #330164; medium)
+	- mysql-dfsg-5.0 <not-affected> (Was fixed before MySQL 5.0 was uploaded
into the archive)
 CAN-2004-0626 (The tcp_find_option function of the netfilter subsystem in Linux
...)
 	NOTE: fixed after 2.6.6 kernel
 CAN-2004-0625 (SQL injection vulnerability in Infinity WEB 1.0 allows remote
...)