Author: joeyh Date: 2005-02-23 21:56:18 +0100 (Wed, 23 Feb 2005) New Revision: 476 Modified: sarge-checks/CAN/list Log: merge results of accidental duplicate work.. Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-02-23 20:28:19 UTC (rev 475) +++ sarge-checks/CAN/list 2005-02-23 20:56:18 UTC (rev 476) @@ -1,16 +1,17 @@ CAN-2005-0510 (The daemon for fallback-reboot before 0.995 allows attackers to cause ...) NOTE: not-for-us (fallback-reboot) CAN-2005-0509 (Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 ...) + - mono (unfixed; bug filed) NOTE: default config of Mono not vulnerable NOTE: Mono wont be in Sarge according to http://wiki.debian.net/?MonoDebianPlan CAN-2005-0508 (Unknown vulnerability in Squiggle for Batik before 1.5.1 allows ...) - NOTE: not-for-us (Squiggle for Batik) + - libbatik-java (unfixed; bug #288009) CAN-2005-0507 (Directory traversal vulnerability in SD Server 4.0.70 and earlier ...) NOTE: not-for-us (SD Server) CAN-2005-0506 (The Avaya IP Office Phone Manager, and other products such as the IP ...) - NOTE: not-for-us (Avaya) + NOTE: not-for-us (Avaya IP Office Phone Manager) CAN-2005-0505 (Unknown vulnerability in Information Resource Manager (IRM) before ...) - NOTE: not-for-us (IRM) + - irm (unfixed; bug filed) CAN-2005-0504 (Buffer overflow in the MoxaDriverIoctl function for the moxa serial ...) TODO: check with kernel team CAN-2005-0503 (uim before 0.4.5.1 trusts certain environment variables when libUIM is ...)
Joey Hess
2006-Mar-13 12:28 UTC
[Secure-testing-team] Re: [Secure-testing-commits] r476 - sarge-checks/CAN
Djoume SALVETTI wrote:> Le mercredi 02/23/05 Joey Hess <joeyh@costa.debian.org> a ?crit : > > CAN-2005-0508 (Unknown vulnerability in Squiggle for Batik before 1.5.1 allows ...) > > - NOTE: not-for-us (Squiggle for Batik) > > + - libbatik-java (unfixed; bug #288009) > > CAN-2005-0505 (Unknown vulnerability in Information Resource Manager (IRM) before ...) > > - NOTE: not-for-us (IRM) > > + - irm (unfixed; bug filed) > > Well... 2 mistakes in only a few check... > > I hope I didn''t do more before and I apologise for these. :-/I wish we had manpower to double-check each other more often..> I used to check if a package is part of Debian with apt-cache search > from an up to date Debian sid, please tell me if this is not a good method > (note that I could have avoid these two mistake if I haven''t read two > quickly apt-cache output...)I don''t know of anything better, though I''ll sometimes double-check with the projet''s web page to see if it has a more Debian-like alternate name than the one used in the CVE info or advisory. -- see shy jo -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20050223/a1b8594c/attachment.pgp