[Secure-testing-commits] r1517 - data/CAN

Joey Hess joeyh at costa.debian.org
Wed Aug 3 06:39:38 UTC 2005


Author: joeyh
Date: 2005-08-03 06:39:34 +0000 (Wed, 03 Aug 2005)
New Revision: 1517

Modified:
   data/CAN/list
Log:
updates

Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-08-03 05:57:02 UTC (rev 1516)
+++ data/CAN/list	2005-08-03 06:39:34 UTC (rev 1517)
@@ -1174,7 +1174,7 @@
 	NOTE: not-for-us (MyGuestbook)
 CAN-2005-2161 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.16 allows remote ...)
 	{DSA-768-1}
-	- phpbb2 (unfixed; bug #317739; high)
+	- phpbb2 2.0.13+1-6sarge1 (bug #317739; high)
 CAN-2005-2160 (IMail stores usernames and passwords in cleartext in a cookie, which ...)
 	NOTE: not-for-us (IMail)
 CAN-2005-2159 (mshftp.dll in PlanetDNS PlanetFileServer 2.0.1.3 allows remote ...)
@@ -2470,7 +2470,7 @@
 	- phpgroupware 0.9.16.006-1 (high)
 	- egroupware 1.0.0.007-3.dfsg-1 (high)
 	- phpwiki 1.3.7-4 (high)
-	- ewiki (unfixed; high)
+	NOTE: ewiki does not seem vulnerable (no eval, different code base)
 	- php4 (unfixed; bug #316447; high)
 	NOTE: horde3 is not affected by this issue, they ship different XMLRPC code
 CAN-2005-1920 (The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through ...)




More information about the Secure-testing-commits mailing list