[Secure-testing-commits] r1551 - data/CAN

Moritz Muehlenhoff jmm-guest at costa.debian.org
Wed Aug 10 09:53:54 UTC 2005


Author: jmm-guest
Date: 2005-08-10 09:53:51 +0000 (Wed, 10 Aug 2005)
New Revision: 1551

Modified:
   data/CAN/list
Log:
new kernel issues
tar not an issue
pstotext CANified
lots of nfus


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-08-10 09:31:18 UTC (rev 1550)
+++ data/CAN/list	2005-08-10 09:53:51 UTC (rev 1551)
@@ -1,28 +1,28 @@
-begin claimed by jmm
 CAN-2005-2546 (Arab Portal 2.0 allows remote attackers to obtain sensitive ...)
-	TODO: check
+	NOTE: not-for-us (Arab Portal)
 CAN-2005-2545 (Multiple cross-site scripting (XSS) vulnerabilities in PHPOpenChat ...)
-	TODO: check
+	NOTE: not-for-us (PHPOpenChat)
 CAN-2005-2544 (PHP remote file inclusion vulnerability in config.php in Comdev ...)
-	TODO: check
+	NOTE: not-for-us (Comdev eCommerce)
 CAN-2005-2543 (Directory traversal vulnerability in wce.download.php in Comdev ...)
-	TODO: check
+	NOTE: not-for-us (Comdev eCommerce)
 CAN-2005-2542 (Invision Power Board (IPB) 1.0.3 allows remote attackers to inject ...)
-	TODO: check
+	NOTE: not-for-us (Invision Power Board)
 CAN-2005-2541 (Tar 1.15.1 does not properly warn the user when extracting setuid or ...)
-	TODO: check
+	NOTE: This is intended behaviour, after all tar is an archiving tool and you
+	NOTE: need to give -p as a command line flag
 CAN-2005-2540 (CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier ...)
-	TODO: check
+	NOTE: not-for-us (FlatNuke)
 CAN-2005-2539 (Multiple cross-site scripting (XSS) vulnerabilities in FlatNuke 2.5.5 ...)
-	TODO: check
+	NOTE: not-for-us (FlatNuke)
 CAN-2005-2538 (FlatNuke 2.5.5 and possibly earlier versions allows remote attackers ...)
-	TODO: check
+	NOTE: not-for-us (FlatNuke)
 CAN-2005-2537 (FlatNuke 2.5.5 and possibly earlier versions allows remote attackers ...)
-	TODO: check
+	NOTE: not-for-us (FlatNuke)
 CAN-2005-2536 (pstotext before 1.8g does not properly use the "-dSAFER" option when ...)
-	TODO: check
+	- pstotext 1.9-2 (medium)
 CAN-2005-2535 (Buffer overflow in the Discovery Service in BrightStor ARCserve Backup ...)
-	TODO: check
+	NOTE: not-for-us (ARCserve Backup)
 CAN-2005-2534
 	NOTE: reserved
 CAN-2005-2533
@@ -92,7 +92,7 @@
 CAN-2005-2501
 	NOTE: reserved
 CAN-2005-2500 (Buffer overflow in the xdr_xcode_array2 function in xdr.c in Linux ...)
-	TODO: check
+	TODO: Might be affected, pinged Horms, wait for reply
 CAN-2005-2499
 	NOTE: reserved
 CAN-2005-2498
@@ -114,8 +114,8 @@
 CAN-2005-2490
 	NOTE: reserved
 CAN-2004-2302 (Race condition in the sysfs_read_file and sysfs_write_file functions ...)
-	TODO: check
-end claimed by jmm
+	- kernel-source-2.6.8 (unfixed; bug filed; medium)
+	NOTE: Already fixed in 2.6.12, AFAIK 2.4 doesn't use sysfs	
 CAN-2005-XXXX [Buffer overflow in Description parsing]
 	- bidwatcher (unfixed; bug #319489; high)
 CAN-2005-XXXX [Does not do escaping in mysql version - both a worrying flaw and stops adduser working]
@@ -468,8 +468,6 @@
 	- rsync 2.6.6-1 (low)
 CAN-2005-XXXX [Unspecified XSS in hiki]
 	- hiki 0.8.2-1
-CAN-2005-XXXX [pstotext allows malicious post script code]
-	- pstotext 1.9-2 (medium)
 CAN-2005-2404 (SQL injection vulnerability in sendcard.php in Sendcard 3.2.3 allows ...)
 	NOTE: not-for-us (Sendcard)
 CAN-2005-2403 (The login protocol in RealChat 3.5.1b does not use authentication, ...)




More information about the Secure-testing-commits mailing list