[Secure-testing-commits] r824 - sarge-checks/CAN

Joey Hess joeyh@costa.debian.org
Thu, 14 Apr 2005 21:41:18 +0000 

Author: joeyh
Date: 2005-04-14 21:41:15 +0000 (Thu, 14 Apr 2005)
New Revision: 824

Modified:
   sarge-checks/CAN/list
Log:
done claim


Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-04-14 21:23:12 UTC (rev 823)
+++ sarge-checks/CAN/list	2005-04-14 21:41:15 UTC (rev 824)
@@ -1,21 +1,20 @@
-begin claimed by joeyh
 CAN-2005-1106 (PictureViewer in QuickTime for Windows 6.5.2 allows remote attackers ...)
-	TODO: check
+	NOTE: not-for-us (Windows)
 CAN-2005-1105 (Directory traversal vulnerability in the MimeBodyPart.getFileName ...)
-	TODO: check
+	NOTE: api vulnerablity
+	- libgnumail-java (unfixed; bug filed)
 CAN-2005-1104 (Multiple cross-site scripting (XSS) vulnerabilities in Centra 7 ...)
-	TODO: check
+	NOTE: not-for-us (Centra)
 CAN-2005-1103 (Sygate Security Agent (SSA) in Sygate Secure Enterprise 3.5 through ...)
-	TODO: check
+	NOTE: not-for-us (Sygate Secure Enterprise)
 CAN-2005-1102 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	TODO: check
+	- wordpress (unfixed; bug #304468)
 CAN-2005-1101 (Multiple buffer overflows in Lotus Domino Server 6.0.5 and 6.5.4 allow ...)
-	TODO: check
+	NOTE: not-for-us (Lotus Domino Server)
 CAN-2005-1100 (Format string vulnerability in the ErrorLog function in cnf.c in ...)
-	TODO: check
+	- postfix-gld 1.5-1
 CAN-2005-1099 (Multiple buffer overflows in the HandleChild function in server.c in ...)
-	TODO: check
-end claimed by joeyh
+	- postfix-gld 1.5-1
 CAN-2005-1098 (GetDataBack for NTFS 2.31 stores the username and license key in ...)
 	NOTE: not-for-us (GetDataBack for NTFS (Windows))
 CAN-2005-1097 (Rebrand P2P Share Spy 2.2 stores the user password in plaintext in the ...)
@@ -197,10 +196,6 @@
 	NOTE: Reported by NGSS and fixed in 4.3.11, but they decided not to reveal the
 	NOTE: details before July 12th. The security fixes are accompanied by dozens of
 	NOTE: non-security bugfixes, so it's not obvious from the diff either.
-CAN-2005-XXXX [Wordpress XSS and HTML injection vulnerabilities
-	- wordpress (unfixed; bug #304468)
-CAN-2005-XXXX [Multiple security issues in postfix-gld leading to possible remote root access]
-	- postfix-gld 1.5-1
 CAN-2005-XXXX [Variable function calls in Smarty allow bypassing security settings]
 	- smarty 2.6.9-1
 CAN-2005-XXXX [Possible problem with insecure usage of sscanf in obexftp client]