[Secure-testing-commits] r771 - sarge-checks/CAN
Moritz Muehlenhoff
jmm-guest@costa.debian.org
Wed, 06 Apr 2005 19:16:12 +0000
Author: jmm-guest
Date: 2005-04-06 19:16:09 +0000 (Wed, 06 Apr 2005)
New Revision: 771
Modified:
sarge-checks/CAN/list
Log:
Cannot be fixed, that's the way ssh works.
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-04-06 18:27:32 UTC (rev 770)
+++ sarge-checks/CAN/list 2005-04-06 19:16:09 UTC (rev 771)
@@ -1544,7 +1544,8 @@
CAN-2004-1654 (SQL injection vulnerability in the calendar module in phpWebsite ...)
NOTE: not-for-us (phpWebsite)
CAN-2004-1653 (The default configuration for OpenSSH enables AllowTcpForwarding, ...)
- - ssh (unfixed; bug #296547)
+ NOTE: not-for-us (Documented SSH protocol behaviour, cannot be fixed)
+ NOTE: See bug #296547 for details
CAN-2004-1652 (phpScheduleIt 1.0.0 RC1 does not clear administrative privileges if ...)
NOTE: not-for-us (phpScheduleIt)
CAN-2004-1651 (Multiple Cross-site scripting (XSS) vulnerabilities in the ...)