| /[secure-testing]/data/CAN/list |
Parent Directory
| 
Revision Log
| Sticky Revision: |
typo fix
add --output switch
new issue, not identical to the one fixed in -1
ruby issues fixed
some severity adjustments as proposed in t-s-t
new clamav dos already fixed
nanoblogger unaffected
Finished my block
claiming some todos
add a few bug numbers and urgencies
automatic CAN database update
completed block, no new holes
claim
two new kernel issues 2.6.12.1, nearly no descriptions.
new cacti issues already fixed
new asterisk issue, proper severity ratings requires a second look at it's default config.
automatic CAN database update
processed block
remove old begin claim that has no end checked razor claimed some new old cans
xtradius fixed
canified ruby, trac and sudo yaws already fixed
new nanoblogger issue canified heimdal-telnet lots of not-for-us claim new
lots of not-for-us and issues fixed for long. unclaim the rest of the legacy ones for now and claim a block of the fresh ones instead.
claim
automatic CAN database update
bugzilla fixed
backup-manager fixed; high severity hole
new trac issue
new sudo issue
new ruby issue
heimdal getterminaltype() buffer overflow bugnum
new heimdal vulnerability.
clean up rest of the unknowns, except reserved kernel holes
Add urgencies for unfixed items. This was a first quick pass, decisions are not final.
replace [] with CAN info once it becomes available
Consolodated MediaWiki items into one TODO, and resolved sysreport not-for-us
zoo directory traversal is unfixed
Some not-for-us for MS bugs
new adobe reader issue not affecting us
checked telnet environment variable disclosure
amd64 ptrace() issue fixed, I didn't bother to file bugs for .8 and .10, as they'll probably be removed soon.
new tcpdump dos fixed in sid's cvs checkout
tor information leak
Multiple XSSs in squirrelmail
spamassassin dos
firefox regression already fixed backup-manager unfixed
lots of not-for-us
claim
automatic CAN database update
Several not-for-us
automatic CAN database update
various fixed holes
zoo fixed a while ago
Rename sarge-checks data to something not specific to sarge, since we're working on etch now. Sorry for the probable annoyance, but it had to be done. Also, my cron jobs have been updated to use this directory and to check against testing, not sarge.
two new gaim dos
Mozillae vulnerable to frame injection again
Multiple issues in strace
Several sparsely documented amd64 specific kernel issues.
drupal CANified, the rest only not-for-us
leafnode CANified in less than 15 mins claim block
automatic CAN database update
new leafnode dos gedit fixed
New kernel vulnerabilities.
process latest CVE update
automatic CAN database update
automatic CAN database update
fuse CANified, gnome-vfs2 fixed
fuse fixed.
Two new issues already in the BTS. gforge is not affected by the viewFile.php vulnerability, as the code is question had already been removed some time before the advisory was posted.
alsa stack protection bypass fixed
Different fix was needed for ht.
fuse fix pending
automatic CAN database update
- Several not-for-us - some issues need further evaluation (kernel disk encryption, some minor temp races) - CANified ht issues
Fix elog entry.
several not-for-us, mailutils already fixed
automatic CAN database update
ettercap fixed
automatic CAN database update
More not-for-us.
ettercap format string issue
new drupal issue.
processed block, claim new
claim
automatic CAN database update
CAN-2005-0039 not an issue.
Proper fix for CAN-2004-0914
two new issues in moodle and wordpress
new mutt issue bugnum for shtool
CAN-2005-1263 not exploitable in 2.6
openmotif fixed
gdb fixed.
Two distinct issues are fixed for elog.
automatic CAN database update
new elog hole
new shtool issue
new gforge issue bugnum for xattr issue
Updated debian package revision for elog
one new kernel issue and a bit of house keeping
Two issues not affecting Debian.
automatic CAN database update
bzip2 fixed snmp not affected freebsd fixed, linux kernel not really affected
freeradius fixed
new hole in osh, no info except changelog entry
bugzilla fix
cheetah update
imagemagick nmu in progress phpbb2 2.0.13+1-6 seems to have the fix, not -5, according to maintainer add bug for netapplet since it got opened, however maintainer seems to think debian is not affected
new kernel hole
add some bug numbers
automatic CAN database update
mailutils CANified.
qpopper fixed mainscanner bugnum
gxine bugnum mailscanner bug filed
zile hole
kmd fixed bugnums
bug filed for gdb.
processed block
processed block picasm and wordpress CANified claim new block
processed first block, claim new
CANify snmp, imagemagick and gdb claim a block
automatic CAN database update
bug filed for net-snmp bugnum for imagemagick
imagemagick xwd dos
new issues: qpopper and net-snmp
ekg DoS
lbreakout fixed.
lcrash bugnum for lbreakout
Multiple issues in lbreakout.
previous wget fix has regressions.
picasm fixed.
unrar symlink race fixed
wget symlink race fixed.
gnutls dos fixed, removed duplicated entry
mailutils fixed
maxdb has been fully backported according to the maintainer.
maxdb seems not fully backported for testing, check back
These are fixed; the missing backports refered to CAN-2004-0914 and CAN-2005-0605.
Some updates.
bugnum
kmd is vulnerable to BFD integer overflow.
sqwebmail not vulnerable.
cheetah and binutils fixed
gzip fix
* xcdroast bug number
bugnum
checked CAN-2004-2069
picasm buffer overflows.
automatic CAN database update
Several not-for-us. CANified phpbb2 vulnerability. Added a note on Hyperthreading side channel attack and the kernel.
* processed my block
openmotif includes a vulnerable copy of libxpm as well...
flawed open() call in shadow doesn't affect the version in Sarge.
* claimed
automatic CAN database update
Previous unzoo fix was partially incorrect.
tiff fixed.
bugnum for cheetah
new mailutils holes
* processed my block
* claimed
tiff is unfixed.
Incorporate all info from the fixed 2.6.8-16 kernel upload. We'll have to check back for the 15sarge kernels.
2.4.27 upload with lots of fixes
Updates on viewglob and kernel.
automatic CAN database update
Removed bug number for gaim, fixed.
Added bug number for gaim
processed my block.
shadow reversion
claim
automatic CAN database update
Splitted CVE assign for latest kernel root holes.
automatic CAN database update
* metamail update
update
fix epoch
Fix for gaim in t-p-u.
* processed my block
unzoo fixed
automatic CAN database update
bugnum
New clamav DoS
Fresh local kernel root vulnerabilities.
xpm sercurity fix was not very good and added new security issues I don't think this affects the corresponding fix in libtiff, since we spotted problems with s_popen there and backported newer x.org fixes.
finished processing today's CANs
process and claim
claim
automatic CAN database update
new libotr buffer overflow corrected elog entry
new holes, some NMUs, other updates
mailutils fixed.
shadow vipw fixed for sid gnutls dos already tracked as CAN-2005-1431
new gnutls hole
qmail fix
wordpress fixed.
pound's security bug has been split off the old wishlist bug
for a new upstream version
Wordpress issue no longer affects Sarge.
automatic CAN database update
new squid issue fixed.
Kernel 2.6.11 fixed as well for ELF core_dump issue.
Kernel ELF core_dump local root hole fixed.
termpkg buffer overflows.
ELF integer overflows update.
Previous mpg123 fix was incorrect.
pam-pgsql fixed. Includes lots of non-critical fixes, though.
New issues: ht and tiff (already fixed by latest upstream), ia64 kernel issue
(fixed in svn)
Some updates/bugnums.
new unrar hole
check and update
remove trailing space
non-specific hole in wordpress
phpbb2 fix
X fixed
* metamail bug number
firefox fixed
* processed and claimed.
* processed my block * claimed a few more
updates de Moritz
automatic CAN database update
* processed my block * claimed a few more
kernel updates
gaim details
gaim upload for reserved cans
done with claimed cans
claim also filed bug on firefox issues
* claimed
automatic CAN database update
lesstif1 fully fixed now
eskuel fix
tcpdump was also vulnerable to CAN-2005-1280
ethereal backport uploaded
updates from Moritz, who cannot commit ATM
automatic CAN database update
vorlon accepted the new maradns and leafnode upstreams to sarge
add more notes about sarge propigation
updates
pysvn hole
gzip hole
automatic CAN database update
some notes on getting fixes to testing
Previous upstream fix was partially incorrect.
* openwebmail removed from Debian
new from bts
Finally fixed wget packages.
fai fixed.
automatic CAN database update
krb4 fixed.
maradns counter measures against possible attacks on AES.
More unfixed security issues from the BTS.
Some security issues from the BTS.
ethereal and leafnode CANified. leafnode2 vulns not affecting Debian.
claim
automatic CAN database update
kdewebdev fix was incomplete.
kernel elf_load DoS fixed in debian-kernel svn libsafe has been removed from Sarge
apache fix
There's another long-standing security problem in eskuel.
missing input validation in xtradius.
sork-account fixed.
pam-pgsql fixes were accidentally reverted.
postgresql already tracked and fixed; CAN-2005-1410 and -1409
fai hole
postgresql holes, already fixed in unstable
fun nvu hole
krb4 is also vulnerable to CAN-2005-0468; tracking in same bug as other hole
nmuing affix
new security hole in eskuel, from the debian bts
Nope, that's not a typo. It's really 48 new vulnerabilities.
Unspecified buffer overflow fixed in elog.
Leafnode promptly fixed.
Minor leafnode DoS
postgresql fixed. libnet-ssleay-perl already fixed back in february
According to Horms from kernel team Debian is not affected
bugnum
gnutls DoS
lots of not-for-us
openwebmail has been removed from sid Lots of not-for-us claim new
Single DES issue in ipsec-tools fixed. Claim
automatic CAN database update
bzip2 fixedbzip2 fixed.
quake2 update and link to right xpm4 hole (for sarge, not woody)`
fix version number
updates
Evolution fixes through t-p-u
I found a source for this old mcedit "vulnerability" and I think it's harmless.
innfeed fixed long ago.
bugnums for kernel DoS issues. I don't think the Postgres salt issue is a real problem, if anyone disgrees please file a bug.
Kernel DoS bugs from 2.6.11.8 filed. lam-runtime is Mandrake specific.
automatic CAN database update
only a phpbb addon
pound buffer overflow.
phpmyadmin issue not an issue.
Lots of not-for-us. squid already fixed long ago.
claim
automatic CAN database update
gnome-vfs2 2.10 in experimental fixed, so proper version will propagate to sid once Sarge is out.
oops fixed.
report for oops.
maxdb fixed.
bugnum for visudo tmp race.
Insecure mailbox generation in shadow's useradd.
vipw tempfile race.
2.4 confirmed non-vulnerable wrt fib_hash DoS
automatic CAN database update
Trimming the list of TODOs: Add some historic fixes. Some generic and thus unfixable protocol weaknesses.
All horde module vulnerabilities have been promptly fixed by Ola Lundqvist.
openwebmail is scheduled for removal.
bugnums.
Checked some older entries.
Lots of bugnums. squid ACL misparsing has been fixed.
htdigest buffer overflow "vulnerability" has already been fixed in Apache 1.3.
More Horde entries.
sork-passwd already fixed. Three other Horde module related bugs filed.
Filed bugs for affix and kronolith.
Lots of not-for-us ethereal, imagemagick and tcpdump and maxdb CANified. phpbb2 already fixed.
claim
bugnum
process
claim
gnome-vfs nmued
automatic CAN database update
automatic CAN database update
bug# for cpio directory traversal issue.
bugnum for maxdb vulns (pending upload of fixed pkg)
xine-lib and tcpdump fixed.
automatic CAN database update
automatic CAN database update
bugnum for tcpdump.
4 tcpdump DoS vulns latest cvs issues (not the ones from the latest DSA) have been fixed.
CAN ids for the repouid flaws. Buffer overflow in Convert::UUlib perl module.
Fixed freeciv uploaded to sid.
automatic CAN database update
helix-player fixed maxdb bug filed
Imagemagic PNM bug.
Two new buffer overflows in MaxDB.
cdrtools has been fixed.
Some not-for-us. Cleaned up some rejected entries.
automatic CAN database update
New imagemagick heapoverflow in PNM processing.
kdelibs pcx vuln fixed.
Let's make a bug from the quake2 issues.
Ethereal strikes again, this time five DoS conditions and one buffer overflow.
kdewebdev fixed.
Kernel ICMP SQUENCH fixed in debian-kernel.
Latest Realplayer vulns affect Helix Player, which is vulnerable to other security issues as well. Since the initial upload there have been no updates...
CANified cpio and gzip vulns. Lots of not-for-us.
heimdal telnet vuln fixed. claim a few new ones.
automatic CAN database update
bugnum for krb4
Filed bug for krb4 telnet slc_reply buffer overflow.
bugnum, removed reference that it's SuSE specific, they use this wording to point out that there product lines with 2.4 kernels are not affected.
Filed bug for sysfs_write_file() integer overflow. Fixed typo.
Mozilla javascript lambda arg passing vulnerability has already been fixed, although the bug remains open, maintainer notified.
Evolution t-p-u fix needed.
Inproper caching of pwd data in libpam-ssh with potential security implications.
automatic CAN database update
libcdaudio has been fixed.
horde2 vulnerabilities have been fixed.
kdewebdev CANified.
Kommander untrusted code execution vulnerability.
Upstream developers don't consider this an issue and this definitely holds some truth as blog software is not a typical multi user environment.
CANified xine-lib and egroupware Lots of not-for-us.
claim
automatic CAN database update
automatic CAN database update
Restore libgnome-vfs; it's libgnome-vfs2 that is not vulnerable in sid/sarge.
since gnome-vfs is not vulnerable in unstable/testing, remove it
egroupware fixes
checked privoxy
bugnums.
Minor directory traversal bugs in gunzip and cpio, only exploitable under rare circumstances.
Checked the ICMP attack scenarios on TCP.
kmail bug was fixed for CAN-2005-0404
bugnums.
Fixed heimdal has been released upstream; bug filed. A bunch of new vulns on egroupware; bug filed.
automatic CAN database update
pavuk fix
Checked the new ones.
claimed
automatic CAN database update
Checked back with maintainer; horde2 is affected as well. The issues have been fixed in horde2 CVS branch.
gocr has been fixed.
automatic CAN database update
bugnum
various updates
bug# for xine.
One of the recent vulnerabilities in MPlayer does affect xine-lib as well.
bug# for cvs.
some more not-for-us
CANify lates Firefox and Mozilla vulnerabilities.
automatic CAN database update
A bunch of CVS problems has been revealed.
Remove provisional libsafe entry; it's now CAN-2005-1125 and -1126.
automatic CAN database update
Found a confirmation that CAN-2005-0596 is fixed.
oops not included in Sarge. ilohamail bug# latest mozilla vulns have been fixed.
Lots of not-for-us netapplet is unclear.
Some not-for-us.
Checked all claimed, all not-for-us.
egroupware, gcor and libsafe CANified. New vulns: oops, ilohamail and sudo Several not-for-us (not complete yet)
claim
grip CDDB update M sarge-checks/CAN/list
automatic CAN database update
Found a CAN assignment for one of the new Firefox issues.
Another bunch of Mozilla vulnerabilities fixed in 1.0.3.
automatic CAN database update
bug# for gnome-vfs2.
Some bug numbers. Filed bug for grip-cddb lookup code in gnome-vfs2.
New vulns in gocr and libsafe. freeciv has been fixed in experimental.
postgrey DoS
automatic CAN database update
libcdaudio bug has been filed.
openmosixview has been fixed
This fixes the last remaining xpdf vulnerability.
bugnum
a few other newly reveiled hols
done claim
claim
automatic CAN database update
updates
evolution hole is fixed
Both fixes are already contained in 4.3.10-10, which pulled in a recent CVS snapshot.
openoffice.org fixed.
automatic CAN database update
rsnapshot has been fixed.
kde hole
update
bugnums
coreutils bug filed
bug# for fib_hash DoS.
updates
catch a few TODOs further down
postfix-gld has been fixed.
urk, somehow managed to do duplicate work despite claim and merged conflicts
kernel DoS bugreport filed.
Sorry joeyh, I saw your commit only after having already checked these. I'll use "claimed by foo" style msgs in the future as well. Hopefully not too much work has been duplicated.
claim some of this mass of new CANs
CANify php4, kdelibs and rsnapshot vulnerabilities. bug# for egroupware Some not-for-us.
automatic CAN database update
egroupware flaw may spread personal information.
openoffice is CAN-2005-0941
bug# for openoffice
New vulnerabilities: openoffice, mod_security, imms, php4, wordpress, kdelibs bug# for postfix-gld
Multiple issues in postfix-gld.
Fixed rsnapshot upload awaits sponsor approval.
Essentially the same as 0953 and 0988.
rsnapshot symlink handling vulnerability.
The vulnerable code exists in gnome-vfs2 and libcdaudio as well.
smarty 2.6.9 was a security upload, although the changelog doesn't mention it. Kernel vuln should affect Debian as well, it has been fixed in Ubuntu.
update
bugnum
Non-descript obexftp sscanf problems.
Checked all xpdf patches for 64bit cleanliness, gpdf needs to be fixed properly, the rest is fine. bug# for kernel bug.
bts updates
bug filed for gzip
more not-for-us
Doh, I missed firefox 1.0.2-3. bug# for plain mozilla.
Both Mozillae are vulnerable to the replace() lambda memory leak.
CANify sharutils temprace. gaim is already fixed. gzip is "vulnerable".
Lots of not-for-us.
CANify already tracked vulnerabilities.
automatic CAN database update
new gaim CANs (not on web site yet, but referenced elsewhere including #303581)
hashcash 1.17 is also safe
typo
freeciv status update
axel buffer overflow php3 backports
Cannot be fixed, that's the way ssh works.
collapse sharutils entries
gdk-pixbuf also vulnerable to gtk double free hole
Turned out that encryption support is not used in tetex-bin, so xref.cc is not used.
phpmyadmin CSS has been fixed.
pdftohtml fixed, firefox as well.
Two kernel issues fixed in SVN. GTK2 fixed.
bts updates
Checked all unfixed fixes, some additional comments, one bug fixed, one more filed.
tetex-bin used the incomplete xpdf fix as well.
kpdf is _not_ fully fixed wrt CAN-2005-0064, it lacks the range checking in XRef.cc. I've filed a new, bug for this issue.
update CAN-2005-0064
CAN-2005-0064 for kpdf is incomplete as well, bug reopened with correct patch.
pdftohtml fix for CAN-2005-0064 is complete as well, reopened with attached patch.
links is fixed. kernel-source-2.6.10 is gone.
Fixed in debian-kernel SVN.
bug# for shm_nopage() koffice CAN-2005-006 is complete.
2.6 kernel tmpfs DoS.
Fixed in debian-kernel SVN.
A bunch of bug numbers.
gpdf fix update
GTK2 BMP double free() through palette-less BMPs, despite the description Sarge is affected, I verified this with the demonstration "exploit".
bzip2 TOCTOU "vulnerability".
horde xss
not-for-us.
Yet another phpmyadmin vulnerability.
automatic CAN database update
gpdf fix was incomplete.
2.4 vulns have been fixed in debian-kernel SVN.
Two vulnerabilities in "Remote statistics system". Correct fixed versions of the telnet vulns for krb5.
kfax as of KDE 3.3.2 does no longer use a local version of libtiff.
This "DoS" doesn't look like an issue IMO.
Clarification (my phrasing was confused by the German word origin "prinzipiell")
This is nothing that can be fixed, it's a report about a principal cryptographic problem in IKE. In fact it's not the only one and this specific problem is known since ca. 2000. There's an interesting paper by Radia Perlman about flaws in IKE that describes the full details.
PHP4 DoS is already fixed in the -10 packages, which upgraded to a CVS snapshot, that contains the necessary fixes.
limewire has been removed. ISO9660 flaws/2.4 has been filed.
mailscanner fixed.
automatic CAN database update
fix bug # references
More bug nums.
bluetooth bug#, filed bug for 2005-0749 wrt kernel 2.4
bug#s for php image DoS. Filed report for bluetooth local root.
PHP4/5 remote DoS vulnerabilities in image header parsing.
fix
update with info from USN-103-1
automatic CAN database update
sharutils tempfile symlink attack vulnerability
krb5 fixed according to DSA
Updated some CANs
newer openssl needed, -1 didn't really fix it
Freeciv client DoS.
telnet/heimdal is vulnerable.
krb5 is vulnerable to both telnet issues.
Fix integer overflows for PHP3 as well.
add #299922
automatic CAN database update
netkit-telnet-ssl nmu
wow, found an old and open hole
binch of not-for-us; claim
claim
remove spurious kernel-image lines.
update bug # for CAN-2005-0916
check some CANs
Check the Kerberos implementations for the telnet vulnerabilities.
I couldn't find a proper reference that this can be remotely exploited beside DoS, as somehow claimed in 297861, but it's definitely an issue.
lesstif nmu to fix half of CAN-2004-0914
update from Martin Pitt
remove dup
MySQL privilege escalation.
Some of the Mozilla vulns affect Thunderbird as well. Some not-for-us.
automatic CAN database update
Sylpheed has been CANified.
An exploit for the remote smail issue has been published.
sharutils fix
automatic CAN database update
bugnum
checked pending cans except some of the really old ones
automatic CAN database update
mathopd has been fixed. Two vulns affecting 2.4 as well, as they have been fixed in 2.4.30rc2. Could someone with decent net access wade through debian-kernel SVN and file bugs if they are not yet fixed?
Some spelling updates
bunch-o-fixes in kernel team svn
Summarissethe smail solution. (I currently don't have decent net access until Wednesday)
bugnum
checked most of my block
claim and a few old cans checked
automatic CAN database update
Further unaffected CANs.
Vulns not affecting Debian.
automatic CAN database update
Mark some bugs fixed in kernel-source-2.4.27 2.4.27-9. There's a misnaming in the changelog: CAN-2004-1114 does not relate to the "int 0x80 hole" on AMD64, but to a Skype buffer overflow. This should be fixed retroactively in the changelog for the next upload.
Remove some kernel-image lines now that the updatelist script automatically deals with them.
OpenMosixView vulns.
Wow, debbugs is getting fast - bug# for smail.
Another buffer overflow in Sylpheed.
Remotely root-exploitable heap overflow in smail and another local vulnerability in the sighandler. The included patch for the heap overflow seems correct. Joey, in case the maintainer doesn't react in a few days, could you NMU this?
Firefox has been fixed.
wine nmu
fix syntax
fix syntax
Unaffected MacOS X vulnerabilities.
debbug #s
Bug# for mathopd. kernel-source-2.6.8 is affected by N_MOUSE line disciple vuln.
Icecast2 vulnerabilities.
ltris has been CANified. mathopd is vulnerable. Further entries marked unaffected.
Various vulns not affecting Debian.
add uniassigned vuln in cdrecord
fix
automatic CAN database update
bug# for firefox vulns.
Three vulns fixed in Firefox 1.0.2. I'll file bugreports later.
kernel update
bug# for phpsysinfo
bug# for latest imagemagick vuln.
automatic CAN database update
"Advisories" written by people with nicknames like cXIb803 that call a tarball of sources a patch; there's a certain reason why I dislike web apps. I'll file a bug for this mess later on.
New imagemagick vulns, most don't affect sarge. I'll file a bug for 0761 in a minute.
* mozilla update
limewire has been removed. Fix some malformed kernel-source entries (triggered by kernel-check.py)
tetex-bin is not vulnerable to CAN-2005-0206
ltris fix
add kernel-image-2.6.8-i386 2.6.8-15 lines
* xerces update
automatic CAN database update
Fixed a typo in DSA/list 2004-0176 Added note to CAN-2005-0210 Added fixed version to 2005-0204 Added fixed version to CAN-2005-0202
Misc not-for-us updates
automatic CAN database update
prefix package names with "- " so the automatic checker will know what they are (Moritz, please note)
Add kernel-image-2.6.8-ia64 packages that are build against kernel-source-2.6.8-14. Rationale: kernel-source-2.6.8 has entered testing; kernel-image-2.6.8-ia64 is built but hasn't entered testing yet. This is the only kernel-image-2.6.8* package uploaded to build-dep on kernel-tree-2.6.8-14 so far. Once packages start being built against -15 we can start listing those too.
kernel-source-2.6.8 2.6.8-15
kernel update
Additional xpdf fix.
* kernel-source-2.6.9 no longer in the archive.
gpg bug has been filed.
OpenPGP is a standard, and not to be confused with the commercial product PGP. gnupg implements the OpenPGP standard and is affected by this (minor) cryptographic issue. I'll file a bug later on.
Not affected by McAfee issues. Provisional description for rvxt-unicode.
automatic CAN database update
Bug and notes for 2005-0210, 0209 and some others
Readd some provisional vulnerability titles. limewire has been scheduled for removal.
Add bug number for evolution.
Some not-for-us updates (Symantec Gateway, ir, Tomcat, Subdreamer, MailEnable, The Includer, mcNews, MySQL on Windows, Hola CMS, Cain & Abel). lsh-utils update evolution update
rvxt-unicode buffer overflow with overly long escape sequences.
Kernel ISO9660/RockRidge DoS flaws.
More entries not affecting Debian.
automatic CAN database update
cernlib and ltris vulnerabilities. ltris is unfixed with an obviously correct patch for two months. Could any DD please NMU this?
irm fix
batik has been fixed (track by src pkg name)
Further unaffected.
Not part of Debian.
checked a few
claim a few
not so automatic update, makeing sure the new script works ok
openslp and wine have been CVE assigned as well. Fix numerical order of limewire entries.
limewire has been CVE assigned
OmniORB connection reset DoS
Missing vulnerability fixed by maintainer. CAN IDs for -17 have been added.
fix some syntax problems update records re last dsa
limewire vulnerabilities.
Kernel PPP Remote DoS (Should we track all the arch specific kernel-*-image packages as well?)
sylpheed fixes are uploading
xli fixed xpdf 64 incomplete fix affects at least tetex-bin
xloadimage has been fixed.
Wine information disclosure vulnerability, no public CAN assignment yet.
Not yet public on MITRE, but mentioned by maintainer, fixes a nondescript DoS vulnerability.
Bug numbers for CAN-2004-1191 and CAN-2004-1190
Resolved CAN-2005-0178
Updated CAN-2005-0207
xli seems fixed, but one the fixes requires further evaluation.
openslp has been fixed.
allow CAN names to contain uppercase letters to allow for placeholders for unknown CANs
some kernel issues fixed
automatic CAN database update
info from maintainer
trying something new -- added an item without an assigned CAN yet
updates and corrections
* xerces21 update
update
processed (done!)
process and claim
process and claim
process and claim
claim
new racoon bug
notes from new kernel source upload
automatic CAN database update
Some more updates on kernel CANs
ethereal fixes
automatic CAN database update
update
Updated status on some kernel CANs
done block
claim
* updates
* processed my block
automatic CAN database update
More information relating to kernel issues added
xpm is also vulnerable to this one
fix
fix
* processed a part of my block
bugnum
filled in some holes
updates
checked a few
claimed some CANs
* claimed some CAN
automatic CAN database update
updates
automatic CAN database update
misc updates
Failed to track down info on a kernel CAN
update
track kernel-patch-powerpc-2.6.8 (2.6.8-10), which fixed a few security holes, not all have CANs. Not sure if this CAN actually is explotable on powerpc, but..
bts updates
* processed my block
* mantis fix
* processed some CAN
update exif thumbnail CAN
squid bug filed
automatic CAN database update
processed my block
processed some and claimed some others
automatic CAN database update
Removed a couple TODOs
got a bug num
update
some minor fixes
* processed a part of my block
bugnums
more mozilla stuff, and other TODOs that fell thru the cracks
masses of mozilla updates
claim
powerpc fix (in NEW)
automatic CAN database update
bug fixes
* claimed some CANs
bug fix
automatic CAN database update
check some more CANs
check some CANs
automatic CAN database update
fix
automatic CAN database update
speakup kernel nmued
updates; new wu-ftpd hole
automatic CAN database update
processed
claims
update bug numbers
check a few
automatic CAN database update
armagetron update
did a few more..
fix
Did some research on some mozilla cookie bugs, don't look like they will be fixed any time soon.
Done checking these new TODOs
Claimed some kernel TODOs
verified curl is vulnerable to CAN-2005-0490 still; linked to bug
fill in a few holes, remove one nonexistant CAN
bug numbers
merge results of accidental duplicate work..
* processed my block
automatic CAN database update
arm is fixed at last
automatic CAN database update
Finished checking my claimed CANs
Claimed some CANs
* xerces update
* xerces bug number * claimed some CAN
* processed my block
* webcalendar fix
automatic CAN database update
already fixed
add bug nums
update
claim
* jspwiki fix
* claimed some CAN
automatic CAN database update
* processed my block
* claimed some CAN
automatic CAN database update
Added another TODO and some notes
Resolved a few of the new kernel CANs
* processed my block
* set bug number and claimed some CAN
automatic CAN database update
grabbed some kernel ones
bug update
automatic CAN database update
filled in some gaps
* update phpmyadmin
* processed my block and a few more
* claimed some CAN
automatic CAN database update
* squid fix
Removed comments to disambiguate
resolved 1337 kernel issue (another fix!)
kdeedu fixed
re-add some TODOs we lost
* bug numbers
add note
* processed my block
Went over all the kernel TODOs with joshk, found 4 unknown holes and got them in the debian packages, confirmed the others were taken care of. Three remain as unknowns, pending more info. Resolved merge conflict as another Reserved CAN became available while I was working
automatic CAN database update
Ticked off some more, claimed all the kernel team checks
Resolved two CAN TODOs, took another set
Claimed remaining CAN todos, resolved DSA TODO
Replaced erroneous bug number with correct one
Resolved some TODOs
Claiming a couple TODO
updates
automatic CAN database update
sparc kernel is fixed
updates
* usemod-wiki fix and claimed some CAN
automatic CAN database update
* processed my block.
automatic CAN database update
* claimed some CAN
automatic CAN database update
Checked a boatload of new CANs. De-claimed some of the 2004 CANs that have just been published, as I ran out of energy, I hope someone else can do them..
claim
automatic CAN database update
* kernel-patch-adamantix fix
NMUs
fix
new CANs
htdig item from anibal
add bug #
updates
automatic CAN database update
* processed my block
* claimed some CAN, I think I will processed them today, but feel free to check them if you find me too slow.
automatic CAN database update
automatic CAN database update
DSAs
fixes
automatic CAN database update
ncpfs fix
new mailman hole
heey, openslp finally fixed
280492 reassigned
hppa kernel got fixed
typo
bts update
check new CANs
automatic CAN database update
recent CANs
automatic CAN database update
dsas
fix
bug tracking
updates
automatic CAN database update
emacs fix
php4 hole
bug updates
* processed a few CAN left by "super quick" joeyh
automatic CAN database update
bug nums
mass update
automatic CAN database update
record a clamav CAN (fixed)
moz update
updatelist does bad things if the DSA is older than any on our list. replace with a note for now
automatic CAN database update
ncpfs has two holes
* processed my block and a few more
kernel updates and python2.1 ok.
automatic CAN database update
fix
update
updates
automatic CAN database update
automatic CAN database update
updates
automatic CAN database update
update
update
add powerpc kernel
automatic CAN database update
update
update
automatic CAN database update
automatic CAN database update
update
automatic CAN database update
updates
automatic CAN database update
updates
update CAN-2003-0465
update
automatic CAN database update
ignore openssh bug
fix
rssh fixed
improve report by combining lines
updates
automatic CAN database update
updates
automatic CAN database update
kernel updates
updates
automatic CAN database update
update
updates
jabber fix
fixed some indentations (please use tabs)
* processed my block & claimed a few more.
automatic CAN database update
bugs
updates
automatic CAN database update
fix
bugs
mysql-dfsg hole
update for imagemagick
new CANs
automatic CAN database update
automatic CAN database update
kde fixes
automatic CAN database update
fix
mailman
automatic CAN database update
* processed my block
typo
automatic CAN database update
more kernel
updates
update
updates
automatic CAN database update
fix
automatic CAN database update
new dsas
updates from kernel changelogs
fixes
fix uri escaping
fix
missed a few
automatic CAN database update
new stuff
exim fixed
automatic CAN database update
new DSAs, nmuing imlib2
recent updates
automatic CAN database update
update
typo
abcmidi fix
mozilla fix
automatic CAN database update
dd bug #
update
updates
automatic CAN database update
cvstraq is fixed
add some bugs
lintian fix
recent CANs
NMUing viewcvs
automatic CAN database update
cups fixed for 2004-1125
did some NMUs
kernel security updates
a few fixes
automatic CAN database update
updates from bts
updates
add bugs
check recent CANs
automatic CAN database update
updates from BTS
automatic CAN database update
automatic CAN database update
updates
automatic CAN database update
update
add descriptions to CANs
check today's CANs
automatic CAN database update
updates
update
Checked some more.
automatic CAN database update
checked new CANs, skipping some window injection vulns
automatic CAN database update
note X fix
updates
typo
bug maintenance
one more
updates from kernel people (dannf)
today's update
automatic CAN database update
automatic CAN database update
updates
automatic CAN database update
* claimed some CAN
mtink fixed
today's CANs and a few others
some fixes
glibc fixed
automatic CAN database update
some more updates
updates
bug numbers
checked recent CANs
a few more DSAs
- remove old CAN claim - update CVEs too
automatic CAN database update
add a makefile, more bugfixes
fix some bugs add missing cans to the list
formatting
Modify makelist.pl into update.pl, which will merge in CAN and DSA updates into the list. Updated the list with it. This resulted in a lot of changes due to: - DSA link format changing - some formatting fixes - previously reserved CANs no longer reserved Eyballed the changed, they look ok.
new DSA
kernel updates
new DSA
phpmyadmin already fixed
add new CANs re-checked some previously reserved CANs
ssh got fixed
new DSAs and some other fixes
Clarified a couple more problems.
info from changelog
taken from changelogs
fcron fix
imapproxy fix
new CANs
Cleared up a couple of issues.
completed my latest block, couple of TODOs remaining
got the ssh bug #
more CANs
new dsa
checked more 2003 CANs
some fixes from exim changelog
a few bugs closed
bug number for fcron holes
new dsa
Completed a few more.
updates from bugtraq, new CANs from mitre DB
CAN-2004-0658
ez-ipupdate fix
lha fixes
zip fix
ez-ipupdate bug #
openssl bug fixed
update and unclaim