[Secure-testing-commits] r863 - sarge-checks/CAN

Joey Hess joeyh@costa.debian.org
Tue, 19 Apr 2005 17:30:26 +0000


Author: joeyh
Date: 2005-04-19 17:30:23 +0000 (Tue, 19 Apr 2005)
New Revision: 863

Modified:
   sarge-checks/CAN/list
Log:
various updates


Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-04-19 15:18:22 UTC (rev 862)
+++ sarge-checks/CAN/list	2005-04-19 17:30:23 UTC (rev 863)
@@ -5,9 +5,9 @@
 CAN-2005-1172 (Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine ...)
 	NOTE: not-for-us (Coppermine Photo Gallery)
 CAN-2005-1171 (Cross-site scripting (XSS) vulnerability in datenbank module for phpBB ...)
-	TODO: check, whether this is part of standard phpBB or an addon
+	NOTE: not-for-us (moddb phpbb2 add-on)
 CAN-2005-1170 (SQL injection vulnerability in datenbank module for phpBB allows ...)
-	TODO: check, whether this is part of standard phpBB or an addon
+	NOTE: not-for-us (moddb phpbb2 add-on)
 CAN-2005-1169 (Mafia Blog .4 BETA does not properly protect the admin directory, ...)
 	NOTE: not-for-us (Mafia Blog)
 CAN-2005-1168 (DiagCollectionControl.dll in Musicmatch 10.00.2047 and earlier allows ...)
@@ -126,7 +126,7 @@
 CAN-2005-1117 (PHP remote code injection vulnerability in index.php in ...)
 	NOTE: not-for-us (All4WWW Homepage creator)
 CAN-2005-1116 (Cross-site scripting (XSS) vulnerability in the Calendar module for ...)
-	TODO: check whether this is part of standard phpbb or an addon
+	NOTE: not-for-us (phpbb2 calendar addon)
 CAN-2005-1115 (Multiple cross-site scripting (XSS) vulnerabilities in Photo Album ...)
 	NOTE: not-for-us (Photo Album)
 CAN-2005-1114 (Multiple SQL injection vulnerabilities in album_search.php in Photo ...)
@@ -136,7 +136,7 @@
 CAN-2005-1112 (IBM WebSphere Application Server 6.0 and earlier, when sharing the ...)
 	NOTE: not-for-us (IBM Websphere)
 CAN-2005-1111 (Race condition in cpio 2.6 and earlier allows local users to modify ...)
-	TODO: check
+	- cpio (unfixed; bug filed)
 CAN-2005-1110 (Stack-based buffer overflow in the RespondeHTTPPendiente function in ...)
 	NOTE: not-for-us (Sumus web server)
 CAN-2005-1109 (The filtering of URLs in JunkBuster before 2.0.2-r3 allows remote ...)
@@ -1659,9 +1659,9 @@
 CAN-2005-0555 (Buffer overflow in the Content Advisor in Microsoft Internet Explorer ...)
 	NOTE: not-for-us (MSIE)
 CAN-2005-0554 (Buffer overflow in the URL processor of Microsoft Internet Explorer ...)
-	TODO: not-for-us (MSIE)
+	NOTE: not-for-us (MSIE)
 CAN-2005-0553 (Race condition in the memory management routines in the DHTML object ...)
-	TODO: not-for-us (MSIE)
+	NOTE: not-for-us (MSIE)
 CAN-2005-0552
 	NOTE: reserved
 CAN-2005-0551 (Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime ...)
@@ -7010,7 +7010,7 @@
 CAN-2003-0901 (Buffer overflow in to_ascii for PostgreSQL 7.2.x, and 7.3.x before ...)
 	{DSA-397}
 CAN-2003-0900 (Perl 5.8.1 on Fedora Core does not properly initialize the random ...)
-	TODO: check
+	- perl 5.8.2
 CAN-2003-0899 (Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 ...)
 	{DSA-396}
 CAN-2003-0898 (IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, ...)
@@ -7245,7 +7245,7 @@
 CAN-2003-0792 (Fetchmail 6.2.4 and earlier does not properly allocate memory for long ...)
 	- fetchmail 6.2.5
 CAN-2003-0791 (The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and ...)
-	TODO: check
+	- mozilla-browser 2:1.5
 CAN-2003-0790
 	NOTE: rejected
 CAN-2003-0789 (mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not ...)
@@ -7253,9 +7253,9 @@
 CAN-2003-0788 (Unknown vulnerability in the Internet Printing Protocol (IPP) ...)
 	- cupsys 1.1.19
 CAN-2003-0787 (The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets ...)
-	-ssh 1:3.7.1p2
+	- ssh 1:3.7.1p2
 CAN-2003-0786 (The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and ...)
-	-ssh 1:3.7.1p2
+	- ssh 1:3.7.1p2
 CAN-2003-0785 (ipmasq before 3.5.12, in certain configurations, may forward packets ...)
 	{DSA-389}
 CAN-2003-0784 (Format string vulnerability in tsm for the bos.rte.security fileset on ...)
@@ -7539,7 +7539,7 @@
 CAN-2003-0645 (man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled DEFINE ...)
 	{DSA-364}
 CAN-2003-0644 (Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc ...)
-	TODO: check
+	- kdbg 1.2.9-1
 CAN-2003-0643 (Integer signedness error in the Linux Socket Filter implementation ...)
 	{DSA-358}
 	NOTE: fixed in 2.4.22-pre10 (Introduced in 2.4.3-pre3)