[Secure-testing-commits] r847 - sarge-checks/CAN
Moritz Muehlenhoff
jmm-guest@costa.debian.org
Mon, 18 Apr 2005 17:43:44 +0000
Author: jmm-guest
Date: 2005-04-18 17:43:41 +0000 (Mon, 18 Apr 2005)
New Revision: 847
Modified:
sarge-checks/CAN/list
Log:
Lots of not-for-us
netapplet is unclear.
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-04-18 13:44:27 UTC (rev 846)
+++ sarge-checks/CAN/list 2005-04-18 17:43:41 UTC (rev 847)
@@ -31,7 +31,7 @@
CAN-2005-1135 (Cross-site scripting (XSS) vulnerability in search.php for Simple PHP ...)
NOTE: not-for-us (sphpBlog)
CAN-2005-1134 (SQL injection vulnerability in exit.php for Serendipity 0.8 and ...)
- TODO: check
+ NOTE: not-for-us (Serendipity)
CAN-2005-1133 (The POP3 server in IBM iSeries AS/400 returns different error messages ...)
NOTE: not-for-us (AS/400 system software)
CAN-2005-1132 (LG U8120 modile phone allows remote attackers to cause a denial of ...)
@@ -72,21 +72,23 @@
CAN-2005-1116 (Cross-site scripting (XSS) vulnerability in the Calendar module for ...)
TODO: check whether this is part of standard phpbb or an addon
CAN-2005-1115 (Multiple cross-site scripting (XSS) vulnerabilities in Photo Album ...)
- TODO: check
+ NOTE: not-for-us (Photo Album)
CAN-2005-1114 (Multiple SQL injection vulnerabilities in album_search.php in Photo ...)
- TODO: check
+ NOTE: not-for-us (Photo Album)
CAN-2005-1113 (Multiple cross-site scripting (XSS) vulnerabilities in PhpBB Plus 1.52 ...)
- TODO: check
+ NOTE: not-for-us (PhpBB Plus)
CAN-2005-1112 (IBM WebSphere Application Server 6.0 and earlier, when sharing the ...)
- TODO: check
+ NOTE: not-for-us (IBM Websphere)
CAN-2005-1111 (Race condition in cpio 2.6 and earlier allows local users to modify ...)
TODO: check
CAN-2005-1110 (Stack-based buffer overflow in the RespondeHTTPPendiente function in ...)
- TODO: check
+ NOTE: not-for-us (Sumus web server)
CAN-2005-1109 (The filtering of URLs in JunkBuster before 2.0.2-r3 allows remote ...)
- TODO: check
+ NOTE: only part of Woody, has been removed from Sarge and sid
+ NOTE: not-for-us (Junkbuster)
CAN-2005-1108 (The ij_untrusted_url function in JunkBuster 2.0.2-r2, with ...)
- TODO: check
+ NOTE: only part of Woody, has been removed from Sarge and sid
+ NOTE: not-for-us (Junkbuster)
CAN-2005-1107
NOTE: reserved
CAN-2005-XXXX [Multiple further vulnerabilities in Mozilla/Firefox beside CAN-2005-0989]
@@ -235,7 +237,8 @@
TODO: Check for 2.4.27
- kernel-source-2.6.8 (unfixed; bug #304548)
CAN-2005-1040 (Multiple unknown vulnerabilities in netapplet in Novell Linux Desktop ...)
- TODO: check
+ TODO: check whether Debian's netapplet is vulnerable or whether this is SuSE
+ TODO: specific; sent mail to maintainer.
CAN-2005-1039 (Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, ...)
- coreutils (unfixed; bug #304556)
CAN-2005-1038 (crontab in Vixie cron 4.1, when running with the -e option, allows ...)
@@ -4396,7 +4399,7 @@
CAN-2004-1082
NOTE: reserved
CAN-2004-1081 (The Application Framework (AppKit) for Apple Mac OS X 10.2.8 and ...)
- TODO: check
+ NOTE: not-for-us (Apple MacOS)
CAN-2004-1080 (The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, ...)
NOTE: not-for-us (Microsoft)
CAN-2004-1079 (Buffer overflow in (1) ncplogin and (2) ncpmap in nwclient.c for ncpfs ...)
@@ -4446,7 +4449,7 @@
CAN-2004-1061 (Cross-site scripting (XSS) vulnerability in unknown versions of ...)
- bugzilla 2.16.7-2
CAN-2004-1060 (Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) ...)
- TODO: check
+ NOTE: not-for-us (Novell Netware)
CAN-2004-1059 (Multiple cross-site scripting (XSS) vulnerabilities in mnoGoSearch ...)
- mnogosearch 3.2.18-2.2
CAN-2004-1058 (Race condition in Linux kernel 2.6 allows local users to read the ...)
@@ -5652,9 +5655,9 @@
CAN-2004-0535 (The e1000 driver for Linux kernel 2.4.26 and earlier does not properly ...)
NOTE: fixed in 2.4.27
CAN-2004-0534 (Cross-site scripting (XSS) vulnerability in Business Objects InfoView ...)
- TODO: check
+ NOTE: not-for-us (Business Objects WebIntelligence)
CAN-2004-0533 (Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces ...)
- TODO: check
+ NOTE: not-for-us (Business Objects WebIntelligence)
CAN-2004-0532
NOTE: reserved
CAN-2004-0531
@@ -5962,7 +5965,7 @@
CAN-2004-0391 (Cisco Wireless LAN Solution Engine (WLSE) 2.0 through 2.5 and Hosting ...)
NOTE: not-for-us (Cisco Wireless LAN Solution Engine)
CAN-2004-0390 (SCO OpenServer 5.0.5 through 5.0.7 only supports Xauthority style ...)
- TODO: check
+ NOTE: not-for-us (SCO OpenServer)
CAN-2004-0389 (RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote ...)
NOTE: not-for-us (RealNetworks Helix Universal Server)
CAN-2004-0388 (The mysqld_multi script in MySQL allows local users to overwrite ...)
@@ -6004,7 +6007,7 @@
CAN-2004-0370 (The setsockopt call in the KAME Project IPv6 implementation, as used ...)
NOTE: not-for-us (KAME)
CAN-2004-0369 (Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec ...)
- TODO: check
+ NOTE: not-for-us (Entrust LibKmp ISAKMP library)
CAN-2004-0368 (Double-free vulnerability in dtlogin in CDE on Solaris, HP-UX, and ...)
NOTE: not-for-us (CDE)
CAN-2004-0367 (Ethereal 0.10.1 to 0.10.2 allows remote attackers to cause a denial of ...)
@@ -6504,7 +6507,7 @@
CAN-2004-0091 (Cross-site scripting (XSS) vulnerability in register.php for unknown ...)
NOTE: not-for-us (vBulletin)
CAN-2004-0090 (Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 ...)
- TODO: check
+ NOTE: not-for-us (MacOS)
CAN-2004-0088 (The System Configuration subsystem in Mac OS 10.2.8 allows local users ...)
NOTE: not-for-us (MacOS)
CAN-2004-0087 (The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows ...)
@@ -6751,7 +6754,7 @@
CAN-2003-1006 (Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 ...)
NOTE: not-for-us (Apple)
CAN-2003-1005 (The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote ...)
- TODO: check
+ NOTE: not-for-us (Apple)
CAN-2003-1004 (Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN ...)
NOTE: not-for-us (Cisco)
CAN-2003-1003 (Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote ...)
@@ -6852,7 +6855,7 @@
CAN-2003-0955 (OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of ...)
NOTE: not-for-us (OpenBSD)
CAN-2003-0954 (Buffer overflow in rcp for AIX 4.3.3, 5.1 and 5.2 allows local users ...)
- TODO: check
+ NOTE: not-for-us (rcp)
CAN-2003-0953
NOTE: reserved
CAN-2003-0952
@@ -7520,9 +7523,9 @@
CAN-2003-0628 (PeopleSoft Gateway Administration servlet (gateway.administration) in ...)
NOTE: not-for-us (peoplesoft)
CAN-2003-0627 (psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote ...)
- TODO: check
+ NOTE: not-for-us (peoplesoft)
CAN-2003-0626 (psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote ...)
- TODO: check
+ NOTE: not-for-us (peoplesoft)
CAN-2003-0625 (Off-by-one error in certain versions of xfstt allows remote attackers ...)
{DSA-360}
CAN-2003-0624 (Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for ...)
@@ -7961,7 +7964,7 @@
CAN-2003-0421 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...)
NOTE: not-for-us (Apple)
CAN-2003-0420 (Information leak in dsimportexport for Apple Macintosh OS X Server ...)
- TODO: check
+ NOTE: not-for-us (Apple)
CAN-2003-0419 (SMC Networks Barricade Wireless Cable/DSL Broadband Router SMC7004VWBR ...)
NOTE: not-for-us (SMC)
CAN-2003-0418 (The Linux 2.0 kernel IP stack does not properly calculate the size of ...)
@@ -8646,7 +8649,7 @@
CAN-2003-0063
{DSA-380}
CAN-2003-0061 (Buffer overflow in passwd for HP UX B.10.20 allows local users to ...)
- TODO: check
+ NOTE: not-for-us (HP UX)
CAN-2003-0060 (Format string vulnerabilities in the logging routines for MIT Kerberos ...)
- krb5 1.2.4
CAN-2003-0057 (Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote ...)
@@ -9100,13 +9103,13 @@
CAN-2002-1355 (Multiple integer signedness errors in the BGP dissector in Ethereal ...)
- ethereal 0.9.8-1
CAN-2002-1354 (Directory traversal vulnerability in TYPSoft FTP Server 0.99.8 allows ...)
- TODO: check
+ NOTE: not-for-us (TYPSoft FTP Server)
CAN-2002-1353 (LocalWEB2000 HTTP server 2.1.0 stores passwords in plain text under ...)
- TODO: check
+ NOTE: not-for-us (LocalWEB2000 HTTP server)
CAN-2002-1352 (Per Magne Knutsen's CartMan shopping cart (cartman.php) 1.04 and ...)
NOTE: not-for-us (CartMan)
CAN-2002-1351 (Buffer overflow in Melange Chat System 1.10 allows remote attackers to ...)
- TODO: check
+ NOTE: not-for-us (Melange Chat System)
CAN-2002-1350
{DSA-206}
- tcpdump 3.6.2-2.2
@@ -9181,7 +9184,7 @@
{DSA-198}
- nullmailer 1.00RC5-17
CAN-2002-1312 (Buffer overflow in the Web management interface in Linksys BEFW11S4 ...)
- TODO: check
+ NOTE: not-for-us (Linksys)
CAN-2002-1311
{DSA-197}
- courier 0.40.0-1
@@ -9242,7 +9245,7 @@
CAN-2002-1281 (Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of ...)
{DSA-204}
CAN-2002-1280 (Memory leak in RealSecure Event Collector 6.5 allows attackers to ...)
- TODO: check
+ NOTE: not-for-us (RealSecure Event Collector)
CAN-2002-1279 (Multiple buffer overflows in conf.c for Masqmail 0.1.x before 0.1.17, ...)
{DSA-194}
CAN-2002-1277