[Secure-testing-commits] r1596 - data/CAN

Moritz Muehlenhoff jmm-guest at costa.debian.org
Tue Aug 16 09:36:06 UTC 2005 

Author: jmm-guest
Date: 2005-08-16 09:36:03 +0000 (Tue, 16 Aug 2005)
New Revision: 1596

Modified:
   data/CAN/list
Log:
xmlrpc bugnums
new vuln in kernel
new vuln in bluez-utils
some nfus


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-08-16 09:14:16 UTC (rev 1595)
+++ data/CAN/list	2005-08-16 09:36:03 UTC (rev 1596)
@@ -1,17 +1,17 @@
 CAN-2005-2554 (The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 ...)
-	TODO: check
+	NOTE: not-for-us (Network Associated ePolicy Orchestrator Agent)
 CAN-2005-2553 (The find_target function in ptrace32.c in the Linux kernel 2.4.x ...)
-	TODO: check
+	- kernel-source-2.4.27 (unfixed; bug filed; medium)
 CAN-2005-2552 (Unknown vulnerability in HP ProLiant DL585 servers running Integrated ...)
-	TODO: check
+	NOTE: not-for-us (Integrated Light Out in HP servers)
 CAN-2005-2551 (Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 ...)
-	TODO: check
+	NOTE: not-for-us (Novell eDirectory)
 CAN-2005-2550 (Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows ...)
-	TODO: check
+	- evolution (unfixed; bug #322535; high)
 CAN-2005-2549 (Multiple format string vulnerabilities in Evolution 1.5 through ...)
-	TODO: check
+	- evolution (unfixed; bug #322535; high)
 CAN-2005-2547 (security.c in hcid for BlueZ 2.18 and earlier allows remote attackers ...)
-	TODO: check
+	- bluez-utils (unfixed; bug filed; medium)
 CAN-2005-XXXX [centericq embeds libgadu, which had multiple vulns]
 	NOTE: Will be split once the maintainer has investigated this
 	- centericq (unfixed; bug #323185; medium)
@@ -19,8 +19,6 @@
 	- wordpress (unfixed; bug #323040; medium)
 CAN-2005-XXXX [phpldapadmin doesn't fully prevent anonymous access when configured so]
 	- phpldapadmin 0.9.6c-5 (medium)
-CAN-2005-XXXX [Multiple format string vulnerabilities in Evolution]
-	- evolution (unfixed; bug #322535; high)
 CAN-2005-2546 (Arab Portal 2.0 allows remote attackers to obtain sensitive ...)
 	NOTE: not-for-us (Arab Portal)
 CAN-2005-2545 (Multiple cross-site scripting (XSS) vulnerabilities in PHPOpenChat ...)
@@ -121,9 +119,9 @@
 	NOTE: reserved
 CAN-2005-2498 [XMLRPC: Inproper handling of nested tags allows arbitrary code execution]
 	NOTE: reserved
-	- drupal (unfixed; bug filed; high)
-	- phpgroupware (unfixed; bug filed; high)
-	- egroupware (unfixe; bug filed; high)
+	- drupal (unfixed; bug #323347; high)
+	- phpgroupware (unfixed; bug #323349; high)
+	- egroupware (unfixe; bug #323350; high)
 	TODO: phpwiki has disabled the XMLRPC in the last upload, it orphaned as well, should be fixed anyway
 	TODO: check php4 and php5 (I guess both are affected)
 CAN-2005-2497

More information about the Secure-testing-commits mailing list