[Secure-testing-commits] r441 - sarge-checks/CAN
SALVETTI Djoumé
djoume-guest@costa.debian.org
Fri, 18 Feb 2005 12:32:11 +0100
Author: djoume-guest
Date: 2005-02-18 12:32:09 +0100 (Fri, 18 Feb 2005)
New Revision: 441
Modified:
sarge-checks/CAN/list
Log:
* processed my block and a few more
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-02-18 09:31:59 UTC (rev 440)
+++ sarge-checks/CAN/list 2005-02-18 11:32:09 UTC (rev 441)
@@ -1,41 +1,42 @@
-begin claimed by djoume
CAN-2005-0463 (Unknown "major security flaws" in Ulog-php before 1.0, related to ...)
- TODO: check
+ NOTE: not-for-us (ulog-php)
CAN-2005-0462 (Cross-site scripting (XSS) vulnerability in MercuryBoard 1.0.x and ...)
- TODO: check
+ NOTE: not-for-us (MercuryBoard)
CAN-2005-0461 (Unknown vulnerability in NewsBruiser 2.x before 2.6.1 allows remote ...)
- TODO: check
+ NOTE: not-for-us (NewsBruiser)
CAN-2005-0460 (index.php in MercuryBoard 1.0.x and 1.1.x allows remote attackers to ...)
- TODO: check
+ NOTE: not-for-us (MercuryBoard)
CAN-2005-0459 (phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote ...)
- TODO: check
+ NOTE: not sure if this is really a security issue, I have mailed maintainer.
CAN-2005-0458 (Cross-site scripting (XSS) vulnerability in contact_us.php in ...)
- TODO: check
+ NOTE: not-for-us (oscommerce)
CAN-2005-0457 (Opera 7.54 and earlier on Gentoo Linux uses an insecure path for ...)
- TODO: check
+ NOTE: not-for-us (Opera)
CAN-2005-0456 (Opera 7.54 and earlier does not properly validate base64 encoded ...)
- TODO: check
+ NOTE: not-for-us (Opera)
CAN-2004-1491 (Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME ...)
- TODO: check
+ NOTE: not-for-us (Opera)
CAN-2004-1490 (Opera 7.54 and earlier allows remote attackers to spoof file types in ...)
- TODO: check
+ NOTE: not-for-us (Opera)
CAN-2004-1489 (Opera 7.54 and earlier does not properly limit an applet's access to ...)
- TODO: check
+ NOTE: not-for-us (Opera)
CAN-2005-0455
NOTE: reserved
CAN-2005-0454 (Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and earlier ...)
- TODO: check
+ NOTE: not-for-us (DCP-Portal)
CAN-2005-0453 (The buffer_urldecode function in Lighttpd 1.3.7 and earlier does not ...)
- TODO: check
+ NOTE: not-for-us (Lighttpd)
CAN-2005-0452 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2005-0451 (Sami HTTP Server 1.0.5 allows remote attackers to cause a denial of ...)
- TODO: check
+ NOTE: not-for-us (Sami HTTP Server)
CAN-2005-0450 (Directory traversal vulnerability in Sami HTTP Server 1.0.5 allows ...)
- TODO: check
+ NOTE: not-for-us (Sami HTTP Server)
CAN-2005-0449 (The netfilter/iptables module in Linux before 2.6.8.1 allows remote ...)
- TODO: check
-end claimed by djoume
+ NOTE: According to Herbert Xu, 2.4 is not vulnerable : http://oss.sgi.com/archives/netdev/2005-01/msg01107.html
+ - kernel-source-2.6.8 (unfixed; bug filed)
+ - kernel-source-2.6.9 (unfixed; bug filed)
+ - kernel-source-2.6.10 (unfixed; bug filed)
CAN-2005-0448
NOTE: reserved
CAN-2005-0430 (The Quake 3 engine, as used in multiple game packages, allows remote ...)
@@ -111,17 +112,17 @@
CAN-2005-0412 (Cross-site scripting (XSS) vulnerability in Spidean PostWrap allows ...)
NOTE: not-for-us (Spidean PostWrap)
CAN-2005-0411 (Directory traversal vulnerability in index.php for CitrusDB 0.3.6 and ...)
- TODO: check
+ NOTE: not-for-us (CitrusDB)
CAN-2005-0410 (SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and ...)
- TODO: check
+ NOTE: not-for-us (CitrusDB)
CAN-2005-0409 (CitrusDB 0.3.6 and earlier does not verify authorization for the (1) ...)
- TODO: check
+ NOTE: not-for-us (CitrusDB)
CAN-2005-0408 (CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of ...)
- TODO: check
+ NOTE: not-for-us (CitrusDB)
CAN-2005-0407 (Cross-site scripting (XSS) vulnerability in Openconf 1.04, and ...)
- TODO: check
+ NOTE: not-for-us (Openconf)
CAN-2005-0406 (A design flaw in image processing software that modifies JPEG images ...)
- TODO: check
+ TODO: check all softwares that modifies JPEG images in Debian...
CAN-2005-0405
NOTE: reserved
CAN-2005-0404
@@ -634,13 +635,13 @@
CAN-2005-0255
NOTE: reserved
CAN-2005-0254 (BibORB 1.3.2, and possibly earlier versions, does not properly enforce ...)
- TODO: check
+ NOTE: not-for-us (BibORB)
CAN-2005-0253 (Directory traversal vulnerability in index.php for BibORB 1.3.2, and ...)
- TODO: check
+ NOTE: not-for-us (BibORB)
CAN-2005-0252 (SQL injection vulnerability in BibORB 1.3.2, and possibly earlier ...)
- TODO: check
+ NOTE: not-for-us (BibORB)
CAN-2005-0251 (Cross-site scripting (XSS) vulnerability in bibindex.php for BibORB ...)
- TODO: check
+ NOTE: not-for-us (BibORB)
CAN-2005-0250 (Format string vulnerability in auditselect on IBM AIX 5.1, 5.2, and ...)
NOTE: not-for-us (AIX)
CAN-2005-0249 (Heap-based buffer overflow in the DEC2EXE module for Symantec ...)