[Secure-testing-commits] r807 - sarge-checks/CAN

Joey Hess joeyh@costa.debian.org
Wed, 13 Apr 2005 22:27:17 +0000 

Author: joeyh
Date: 2005-04-13 22:27:14 +0000 (Wed, 13 Apr 2005)
New Revision: 807

Modified:
   sarge-checks/CAN/list
Log:
urk, somehow managed to do duplicate work despite claim and merged
conflicts


Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-04-13 22:23:26 UTC (rev 806)
+++ sarge-checks/CAN/list	2005-04-13 22:27:14 UTC (rev 807)
@@ -3,15 +3,15 @@
 CAN-2005-1097 (Rebrand P2P Share Spy 2.2 stores the user password in plaintext in the ...)
 	NOTE: not-for-us (Rebrand P2P Share Spy)
 CAN-2005-1096 (SQL injection vulnerability in main.asp for Ocean12 Membership Manager ...)
-	NOTE: not-for-us (Ocean12 Membership Manager)
+	NOTE: not-for-us (Ocean12 Membership Manager Pro)
 CAN-2005-1095 (Cross-site scripting (XSS) vulnerability in main.asp for Ocean12 ...)
-	NOTE: not-for-us (Ocean12 Membership Manager)
+	NOTE: not-for-us (Ocean12 Membership Manager Pro)
 CAN-2005-1094 (FTP Now 2.6.14 stores usernames and passwords in plaintext in ...)
 	NOTE: not-for-us (FTP Now)
 CAN-2005-1093 (Buffer overflow in the PopUp Plus 2.0.3.8 plugin for Miranda IM, with ...)
 	NOTE: not-for-us (Miranda IM)
 CAN-2005-1092 (Lightspeed DeluxeFTP 6.01 stores usernames and passwords in plaintext ...)
-	NOTE: not-for-us (Deluxe FTP)
+	NOTE: not-for-us (DeluxeFTP)
 CAN-2005-1091 (Maxthon 1.2.0 and 1.2.1 allows remote attackers to bypass the security ...)
 	NOTE: not-for-us (Maxthon)
 CAN-2005-1090 (Directory traversal vulnerability in the readFile and writeFile API ...)
@@ -19,7 +19,7 @@
 CAN-2005-1089 (Unknown vulnerability in DC++ before 0.674 allows attackers to append ...)
 	NOTE: not-for-us (DC++)
 CAN-2005-1088 (Unknown vulnerability in DameWare NT Utilities 4.8 and earlier, and ...)
-	NOTE: not-for-us (DameWare NT Utilities)
+	NOTE: not-for-us (DameWare NT Utilities and Mini Remote Control)
 CAN-2005-1087 (CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD ...)
 	NOTE: not-for-us (AN HTTPD)
 CAN-2005-1086 (Buffer overflow in the cmdIS.DLL plugin for AN HTTPD Server 1.42n ...)
@@ -35,7 +35,8 @@
 CAN-2005-1081 (Cross-site scripting (XSS) vulnerability in view.php in ...)
 	NOTE: not-for-us (AtDGDatingPlatinum)
 CAN-2005-1080 (Directory traversal vulnerability in the Java Archive Tool (Jar) ...)
-	NOTE: not-for-us (Sun Java)
+	NOTE: not-for-us (JAR in J2SE SDK)
+	TODO: check jar extractors in Debian just to be safe
 CAN-2005-1079 (SQL injection vulnerability in index.php for zOOm Media Gallery 2.1.2 ...)
 	NOTE: not-for-us (zOOm Media Gallery)
 CAN-2005-1078 (XAMPP 1.4.x has multiple default or null passwords, which allows ...)
@@ -45,11 +46,11 @@
 CAN-2005-1076 (Cross-site scripting (XSS) vulnerability in the discussion board ...)
 	NOTE: not-for-us (WebCT)
 CAN-2005-1075 (Multiple cross-site scripting (XSS) vulnerabilities in RadScripts ...)
-	NOTE: not-for-us (RadBids Gold)
+	NOTE: not-for-us (RadScripts RadBids Gold)
 CAN-2005-1074 (SQL injection vulnerability in index.php for RadScripts RadBids Gold 2 ...)
-	NOTE: not-for-us (RadBids Gold)
+	NOTE: not-for-us (RadScripts RadBids Gold)
 CAN-2005-1073 (Directory traversal vulnerability in index.php for RadScripts RadBids ...)
-	NOTE: not-for-us (RadBids Gold)
+	NOTE: not-for-us (RadScripts RadBids Gold)
 CAN-2005-1072 (Cross-site scripting (XSS) vulnerability in PunBB before 1.2.5 allows ...)
 	NOTE: not-for-us (PunBB)
 CAN-2005-1071 (SQL injection vulnerability in banner.inc.php in JPortal Web Portal ...)
@@ -61,11 +62,12 @@
 CAN-2005-1068 (Cross-site scripting (XSS) vulnerability in sCssBoard 1.11 and earlier ...)
 	NOTE: not-for-us (sCssBoard)
 CAN-2005-1067 (Vulnerability in Access_user Class before 1.75 allows local users to ...)
-	NOTE: not-for-us (Access_user)
+	NOTE: not-for-us (Access_user class)
 CAN-2005-1066 (Race condition in rpdump in Pine 4.62 and earlier allows local users ...)
-	TODO: check
+	- pine (unfixed; bug filed)
 CAN-2005-1065 (tetex in Novell Linux Desktop 9 allows local users to determine the ...)
-	TODO: check
+	NOTE: we do not seem to be vulnerable; /var/cache/fonts is not
+	NOTE: writiable by normal users in Debian, only by root.
 CAN-2005-1064 (The copy_symlink function in rsnapshot 1.2.0 and 1.1.x before 1.1.7 ...)
 	- rsnapshot (pending; bug #304366)
 CAN-2005-1063
@@ -77,13 +79,13 @@
 CAN-2005-1060 (Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in ...)
 	NOTE: not-for-us (Novell Netware)
 CAN-2005-1059 (Linksys WET11 1.5.4 allows remote attackers to change the password ...)
-	NOTE: not-for-us (Linksys)
+	NOTE: not-for-us (Linksys WET11)
 CAN-2005-1058 (Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile ...)
-	NOTE: not-for-us (IOS)
+	NOTE: not-for-us (Cisco)
 CAN-2005-1057 (Cisco IOS 12.2T, 12.3 and 12.3T, when using Easy VPN Server XAUTH ...)
-	NOTE: not-for-us (IOS)
+	NOTE: not-for-us (Cisco)
 CAN-2005-1056 (Unknown vulnerability in HP OpenView Network Node Manager (NMM) 6.2 ...)
-	NOTE: not-for-us (HP OpenView)
+	NOTE: not-for-us (HP OpenView Network Node Manager)
 CAN-2005-1055 (TowerBlog 0.6 and earlier stores the login data file under the web ...)
 	NOTE: not-for-us (TowerBlog)
 CAN-2005-1054 (PHP remote code injection vulnerability in news.php in ModernBill ...)