[Secure-testing-commits] r1537 - data/CAN

Moritz Muehlenhoff jmm-guest at costa.debian.org
Mon Aug 8 09:52:52 UTC 2005 

Author: jmm-guest
Date: 2005-08-08 09:52:49 +0000 (Mon, 08 Aug 2005)
New Revision: 1537

Modified:
   data/CAN/list
Log:
new minor unzip toctou issue
netpbm CANified
lots of nfus


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-08-08 09:36:18 UTC (rev 1536)
+++ data/CAN/list	2005-08-08 09:52:49 UTC (rev 1537)
@@ -1,42 +1,41 @@
-begin claimed by jmm
 CAN-2005-2489 (Web Content Management News System allows remote attackers to create ...)
-	TODO: check
+	NOTE: not-for-us (Web Content Management News System)
 CAN-2005-2488 (Cross-site scripting (XSS) vulnerability in Web Content Management ...)
-	TODO: check
+	NOTE: not-for-us (Web Content Management News System)
 CAN-2005-2487 (Unknown vulnerability in Sun McData switches and directors 4300, 4500, ...)
-	TODO: check
+	NOTE: not-for-us (Sun switches)
 CAN-2005-2486 (SQL injection vulnerability in mod_forum/read_message.php in ...)
-	TODO: check
+	NOTE: not-for-us (PortailPHP)
 CAN-2005-2485 (Cross-site scripting (XSS) vulnerability in the Helpdesk in Logicampus ...)
-	TODO: check
+	NOTE: not-for-us (Logicampus)
 CAN-2005-2484 (Buffer overflow in the rdb_query function for Denora IRC Stats 1.0 ...)
-	TODO: check
+	NOTE: not-for-us (Denora IRC stats)
 CAN-2005-2483 (Direct dynamic code evaluation vulnerability in Karrigell before 2.1.8 ...)
-	TODO: check
+	NOTE: not-for-us (Karrigell)
 CAN-2005-2482 (The StateToOptions function in msfweb in Metasploit Framework 2.4 and ...)
-	TODO: check
+	NOTE: not-for-us (Metasploit Framework)
 CAN-2005-2481 (ColdFusion Fusebox 4.1.0 allows remote attackers to obtain sensitive ...)
-	TODO: check
+	NOTE: not-for-us (Fusebox)
 CAN-2005-2480 (Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 ...)
-	TODO: check
+	NOTE: not-for-us (Fusebox)
 CAN-2005-2479 (Quick 'n Easy FTP Server 3.0 allows remote attackers to cause a denial ...)
-	TODO: check
+	NOTE: not-for-us (Quick 'n Easy FTP Server)
 CAN-2005-2478 (SQL injection vulnerability in SilverNews 2.0.3 allows remote ...)
-	TODO: check
+	NOTE: not-for-us (Silvernews)
 CAN-2005-2477 (shop_display_products.php in Naxtor Shopping Cart 1.0 allows remote ...)
-	TODO: check
+	NOTE: not-for-us (Naxtor Shopping Cart)
 CAN-2005-2476 (Cross-site scripting (XSS) vulnerability in lost_passowrd.php in Naxtor ...)
-	TODO: check
+	NOTE: not-for-us (Naxtor Shopping Cart)
 CAN-2005-2475 (Race condition in Unzip 5.52 allows local users to modify permissions ...)
-	TODO: check
+	- unzip (unfixed; bug filed; low)
 CAN-2005-2474 (ChurchInfo allows remote attackers to execute obtain sensitive ...)
-	TODO: check
+	NOTE: not-for-us (ChurchInfo)
 CAN-2005-2473 (Multiple SQL injection vulnerabilities in ChurchInfo allow remote ...)
-	TODO: check
+	NOTE: not-for-us (ChurchInfo)
 CAN-2005-2472 (Multiple buffer overflows in BusinessMail 4.60.00 allow remote ...)
-	TODO: check
+	NOTE: not-for-us (BusinessMail)
 CAN-2005-2471 (pstopnm in netpbm does not properly use the "-dSAFER" option when ...)
-	TODO: check
+	- netpbm (unfixed; bug #319757; low)
 CAN-2005-2470
 	NOTE: reserved
 CAN-2005-2469
@@ -46,20 +45,19 @@
 CAN-2005-2458
 	NOTE: reserved
 CAN-2004-2301 (Eudora before 6.1.1 allows remote attackers to cause a denial of ...)
-	TODO: check
+	NOTE: not-for-us (Eudora)
 CAN-2004-2300 (Buffer overflow in snmpd in ucd-snmp 4.2.6 and earlier, when installed ...)
-	TODO: check
+	NOTE: snmpd is neither setuid nor setgid in Debian
 CAN-2004-2299 (Buffer overflow in Omnicron OmniHTTPd 3.0a and earlier allows remote ...)
-	TODO: check
+	NOTE: not-for-us (Omnicron)
 CAN-2004-2298 (Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 ...)
-	TODO: check
+	NOTE: not-for-us (Novell Internet Messaging System)
 CAN-2002-2122 (Pointsec before 1.2 for PalmOS stores a user's PIN number in memory in ...)
-	TODO: check
+	NOTE: not-for-us (Pointsec)
 CAN-2002-2121 (SurfControl SuperScout Email filter for SMTP 3.5.1 allows remote ...)
-	TODO: check
+	NOTE: not-for-us (SurfControl)
 CAN-2002-2120 (Multiple buffer overflows in QNX RTOS 4.25 may allow attackers to ...)
-	TODO: check
-end claimed by jmm
+	NOTE: not-for-us (QNX)
 CAN-2002-2119 (Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which ...)
 	TODO: check
 CAN-2002-2118 (Buffer overflow in Blue World Lasso Web Data Engine 3.6.5 allows ...)
@@ -429,7 +427,7 @@
 CAN-2005-2347
 	NOTE: reserved
 CAN-2005-2346 (Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers ...)
-	TODO: check
+	NOTE: not-for-us (Novell)
 CAN-2005-2345
 	NOTE: reserved
 CAN-2005-2344
@@ -725,8 +723,6 @@
 	- netdiag 0.7-7.1 (bug #206905; low)
 CAN-2005-XXXX [Integer overflow in ffmpeg's MPEG encoding]
 	- ffmpeg (unfixed; bug #320150; medium)
-CAN-2005-XXXX [netpbm: arbitrary postscript code execution]
-	- netpbm (unfixed; bug #319757; low)
 CAN-2005-XXXX [Further minor security issues in phpbb]
 	NOTE: Maintainers already preparing packages of 2.0.17
 	- phpbb2 (unfixed; low)

More information about the Secure-testing-commits mailing list