[Secure-testing-commits] r845 - sarge-checks/CAN
Moritz Muehlenhoff
jmm-guest@costa.debian.org
Mon, 18 Apr 2005 13:00:12 +0000
Author: jmm-guest
Date: 2005-04-18 13:00:08 +0000 (Mon, 18 Apr 2005)
New Revision: 845
Modified:
sarge-checks/CAN/list
Log:
Checked all claimed, all not-for-us.
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-04-18 12:02:45 UTC (rev 844)
+++ sarge-checks/CAN/list 2005-04-18 13:00:08 UTC (rev 845)
@@ -1,20 +1,19 @@
-begin claimed by jmm
CAN-2005-1150 (Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and ...)
NOTE: not-for-us (Sun Java)
CAN-2005-1149 (SQL injection vulnerability in admin/login.asp in aspclick.it ACNews ...)
- TODO: check
+ NOTE: not-for-us (ACNews)
CAN-2005-1148 (calendar.pl in CalendarScript 3.21 allows remote attackers to obtain ...)
- TODO: check
+ NOTE: not-for-us (CalenderScript)
CAN-2005-1147 (calendar.pl in CalendarScript 3.20 allows remote attackers to obtain ...)
- TODO: check
+ NOTE: not-for-us (CalenderScript)
CAN-2005-1146 (Cross-site scripting (XSS) vulnerability in the login command in ...)
- TODO: check
+ NOTE: not-for-us (CalenderScript)
CAN-2005-1145 (Cross-site scripting (XSS) vulnerability in calendar.pl in ...)
- TODO: check
+ NOTE: not-for-us (CalenderScript)
CAN-2005-1144 (popup.php in EasyPHPCalendar allows remote attackers to obtain ...)
- TODO: check
+ NOTE: not-for-us (EasyPHPCalender)
CAN-2005-1143 (Cross-site scripting (XSS) vulnerability in index.php in ...)
- TODO: check
+ NOTE: not-for-us (EasyPHPCalender)
CAN-2005-1142 (Heap-based buffer overflow in the readpgm function in pnm.c for GOCR ...)
- gocr (unfixed; bug #305068)
CAN-2005-1141 (Integer overflow in the readpgm function in pnm.c for GOCR 0.40, when ...)
@@ -22,7 +21,7 @@
CAN-2005-1140 (Cross-site scripting (XSS) vulnerability in myBloggie 2.1.1 allows ...)
NOTE: not-for-us (MyBloggie)
CAN-2005-1139 (Opera 8 Beta 3, when using first-generation vetted digital ...)
- TODO: check
+ NOTE: not-for-us (Opera)
CAN-2005-1138 (Unknown vulnerability in WebMail in Kerio MailServer before 6.0.9 ...)
NOTE: not-for-us (Kerio)
CAN-2005-1137 (Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to obtain ...)
@@ -30,7 +29,7 @@
CAN-2005-1136 (Simple PHP Blog (sphpBlog) 0.4.0 stores the (1) password.txt and (2) ...)
NOTE: not-for-us (sphpBlog)
CAN-2005-1135 (Cross-site scripting (XSS) vulnerability in search.php for Simple PHP ...)
- TODO: check
+ NOTE: not-for-us (sphpBlog)
CAN-2005-1134 (SQL injection vulnerability in exit.php for Serendipity 0.8 and ...)
TODO: check
CAN-2005-1133 (The POP3 server in IBM iSeries AS/400 returns different error messages ...)
@@ -44,15 +43,15 @@
CAN-2005-1129 (eGroupWare 1.0.6 and earlier, when an e-mail is composed with an ...)
- egroupware (unfixed; bug #304496)
CAN-2005-1128 (Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier allow ...)
- TODO: check
+ NOTE: not-for-us (VHCS)
CAN-2005-1127 (Format string vulnerability in the log function in Net::Server 0.87 ...)
NOTE: not-for-us (Free BSD)
CAN-2005-1126 (The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 ...)
- TODO: check
+ NOTE: not-for-us (Free BSD)
CAN-2005-1125 (Race condition in libsafe 2.0.16 and earlier, when running in ...)
- libsafe (unfixed; bug #305070)
CAN-2005-1124 (Unknown vulnerability in the libgss Generic Security Services Library ...)
- TODO: check
+ NOTE: not-for-us (Solaris)
CAN-2005-1123 (Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause ...)
NOTE: not-for-us (monkeyd)
CAN-2005-1122 (Format string vulnerability in cgi.c for Monkey daemon (monkeyd) ...)
@@ -63,7 +62,8 @@
TODO: file bug
- ilohamail (unfixed)
CAN-2005-1119 (Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary ...)
- TODO: Somehow related bug 283161, but file a proper one
+ TODO: Somehow related bug 283161, but file a proper one, unfortunately information
+ TODO: is very sparse
- sudo (unfixed)
CAN-2005-1118 (Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in the ...)
NOTE: not-for-us (RSA authentication agent)
@@ -71,7 +71,6 @@
NOTE: not-for-us (All4WWW Homepage creator)
CAN-2005-1116 (Cross-site scripting (XSS) vulnerability in the Calendar module for ...)
TODO: check whether this is part of standard phpbb or an addon
-end claimed by jmm
CAN-2005-1115 (Multiple cross-site scripting (XSS) vulnerabilities in Photo Album ...)
TODO: check
CAN-2005-1114 (Multiple SQL injection vulnerabilities in album_search.php in Photo ...)