[Secure-testing-commits] r293 - sarge-checks/CAN

SALVETTI Djoumé djoume-guest@costa.debian.org
Wed, 19 Jan 2005 22:58:42 +0100


Author: djoume-guest
Date: 2005-01-19 22:58:39 +0100 (Wed, 19 Jan 2005)
New Revision: 293

Modified:
   sarge-checks/CAN/list
Log:
* processed my block & claimed a few more.


Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-01-19 20:14:16 UTC (rev 292)
+++ sarge-checks/CAN/list	2005-01-19 21:58:39 UTC (rev 293)
@@ -6113,6 +6113,7 @@
 	TODO: check
 CAN-2002-0972 (Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial ...)
 	{DSA-165}
+begin claimed by djoume
 CAN-2002-0971 (Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to ...)
 	TODO: check
 CAN-2002-0970
@@ -6209,70 +6210,71 @@
 	TODO: check
 CAN-2002-0905 (Buffer overflow in sqlexec for Informix SE-7.25 allows local users to ...)
 	TODO: check
+end claimed by djoume
 CAN-2002-0903 (register.php for WoltLab Burning Board (wbboard) 1.1.1 uses a small ...)
-	TODO: check
+	NOTE: not-for-us (wbboard not in Debian)
 CAN-2002-0902 (Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows ...)
-	TODO: check
+	- phpbb2 2.0.6c-1
 CAN-2002-0901 (Multiple buffer overflows in Advanced Maryland Automatic Network Disk ...)
-	TODO: check
+	- amanda 2.4.0b6-1
 CAN-2002-0899 (Falcon web server 2.0.0.1021 and earlier allows remote attackers to ...)
-	TODO: check
+	NOTE: not-for-us (Falcon not in Debian)
 CAN-2002-0896 (The throttle capability in Swatch may fail to report certain events if ...)
-	TODO: check
+	- swatch 3.0.4-1
 CAN-2002-0894 (NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to cause a ...)
-	TODO: check
+	NOTE: not-for-us
 CAN-2002-0893 (Directory traversal vulnerability in NewAtlanta ServletExec ISAPI 4.1 ...)
-	TODO: check
+	NOTE: not-for-us
 CAN-2002-0888 (3Com OfficeConnect Remote 812 ADSL Router, firmware 1.1.9 and 1.1.7, ...)
-	TODO: check
+	NOTE: not-for-us (3com)
 CAN-2002-0886 (Cisco DSL CPE devices running CBOS 2.4.4 and earlier allows remote ...)
-	TODO: check
+	NOTE: not-for-us (Cisco)
 CAN-2002-0885 (Multiple buffer overflows in in.rarpd (ARP server) on Solaris, and ...)
-	TODO: check
+	NOTE: not-for-us
 CAN-2002-0884 (Multiple format string vulnerabilities in in.rarpd (ARP server) on ...)
-	TODO: check
+	NOTE: not-for-us
 CAN-2002-0883 (Vulnerability in Compaq ProLiant BL e-Class Integrated Administrator ...)
-	TODO: check
+	NOTE: not-for-us (Compaq)
 CAN-2002-0882 (The web server for Cisco IP Phone (VoIP) models 7910, 7940, and 7960 ...)
-	TODO: check
+	NOTE: not-for-us (Cisco)
 CAN-2002-0881 (Cisco IP Phone (VoIP) models 7910, 7940, and 7960 use a default ...)
-	TODO: check
+	NOTE: not-for-us (Cisco)
 CAN-2002-0880 (Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allow remote ...)
-	TODO: check
+	NOTE: not-for-us (Cisco)
 CAN-2002-0879 (showtemp.cfm for Gafware CFXImage 1.6.6 allows remote attackers to ...)
-	TODO: check
+	NOTE: not-for-us (CFXImage not in Debian)
 CAN-2002-0878 (SQL injection vulnerability in the login form for LogiSense software ...)
-	TODO: check
+	NOTE: not-for-us (LogiSense not in Debian)
 CAN-2002-0877 (Directory traversal vulnerability in the FTP server for Shambala 4.5 ...)
-	TODO: check
+	NOTE: not-for-us (Shambala)
 CAN-2002-0876 (Web server for Shambala 4.5 allows remote attackers to cause a denial ...)
-	TODO: check
+	NOTE: not-for-us (Shambala)
 CAN-2002-0874 (Vulnerability in Interchange 4.8.6, 4.8.3, and other versions, when ...)
 	{DSA-150}
 CAN-2002-0870 (The original patch for the Cisco Content Service Switch 11000 Series ...)
-	TODO: check
+	NOTE: not-for-us (Cisco)
 CAN-2002-0869 (Unknown vulnerability in the hosting process (dllhost.exe) for ...)
-	TODO: check
+	NOTE: not-for-us (IIS)
 CAN-2002-0868
 	NOTE: reserved
 CAN-2002-0863 (Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and ...)
-	TODO: check
+	NOTE: not-for-us (Windows)
 CAN-2002-0862 (The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, ...)
-	TODO: check
+	NOTE: not-for-us (Microsoft)
 CAN-2002-0861 (Microsoft Office Web Components (OWC) 2000 and 2002 allows remote ...)
-	TODO: check
+	NOTE: not-for-us (Microsoft)
 CAN-2002-0858 (catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a ...)
-	TODO: check
+	NOTE: not-for-us (Oracle)
 CAN-2002-0857 (Format string vulnerabilities in Oracle Listener Control utility ...)
-	TODO: check
+	NOTE: not-for-us (Oracle)
 CAN-2002-0855 (Cross-site scripting vulnerability in Mailman before 2.0.12 allows ...)
 	{DSA-147}
 CAN-2002-0854 (Buffer overflows in ISDN Point to Point Protocol (PPP) daemon (ipppd) ...)
-	TODO: check
+	NOTE: not-for-us (SuSE specific)
 CAN-2002-0852 (Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 ...)
-	TODO: check
+	NOTE: not-for-us Cisco
 CAN-2002-0849 (Linux-iSCSI iSCSI implementation installs the iscsi.conf file with ...)
-	TODO: check
+	NOTE: not-for-us (iSCSI not in Debian)
 CAN-2002-0843 (Buffer overflows in the ApacheBench benchmark support program (ab.c) ...)
 	{DSA-195 DSA-188 DSA-187}
 	- apache 1.3.27-0.1
@@ -6287,126 +6289,126 @@
 	- apache 1.3.27-0.1
 CAN-2002-0838 (Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and ...)
 	{DSA-182 DSA-179 DSA-176}
-begin claimed by djoume
 CAN-2002-0837 (wordtrans 1.1pre8 and earlier in the wordtrans-web package allows ...)
-	TODO: check
+	- wordtrans 1.1pre9
 CAN-2002-0836
 	{DSA-207}
 CAN-2002-0834 (Buffer overflow in the ISIS dissector for Ethereal 0.9.5 and earlier ...)
 	{DSA-162}
 CAN-2002-0833 (Buffer overflow in Eudora 5.1.1 and 5.0-J for Windows, and possibly ...)
-	TODO: check
+	NOTE: not-for-us (Eudora)
 CAN-2002-0832 (Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass ...)
-	TODO: check
+	NOTE: not-for-us (Internet Explorer)
 CAN-2002-0828
 	NOTE: rejected
 CAN-2002-0827 (Vulnerability in pppd on UnixWare 7.1.1 and Open UNIX 8.0.0 allows ...)
-	TODO: check
+	NOTE: not-for-us (UnixWare)
 CAN-2002-0825 (Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 ...)
-	TODO: check
+  - libnss-ldap 199-1
 CAN-2002-0822 (Ethereal 0.9.4 and earlier allows remote attackers to cause a denial ...)
-	TODO: check
+	- ethereal 0.9.4-1woody1
 CAN-2002-0821 (Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers ...)
-	TODO: check
+	- ethereal 0.9.4-1woody1
 CAN-2002-0820 (FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2 ...)
-	TODO: check
+	NOTE: not-for-us (FreeBSD)
 CAN-2002-0819 (Format string vulnerability in artsd, when called by artswrapper, ...)
-	TODO: check
+	NOTE: not-for-us (artscontrol not suid root)
 CAN-2002-0815 (The Javascript "Same Origin Policy" (SOP), as implemented in (1) ...)
-	TODO: check
+	- mozilla (2:1.0.0-1)
 CAN-2002-0812 (Information leak in Compaq WL310, and the Orinoco Residential Gateway ...)
-	TODO: check
+	NOTE: not-for-us
 CAN-2002-0811 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote ...)
-	TODO: check
+	NOTE: bugzilla 2.16.0-2.1
 CAN-2002-0807 (Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, ...)
-	TODO: check
+	NOTE: bugzilla 2.16.0-2.1
 CAN-2002-0803 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote ...)
-	TODO: check
+	NOTE: bugzilla 2.16.0-2.1
 CAN-2002-0800 (BadBlue 1.7.0 allows remote attackers to list the contents of ...)
-	TODO: check
+	NOTE: not-for-us
 CAN-2002-0799 (Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers ...)
-	TODO: check
+	NOTE: not-for-us
 CAN-2002-0798 (Vulnerability in swinstall for HP-UX 11.00 and 11.11 allows local ...)
-	TODO: check
+	NOTE: not-for-us (HP)
 CAN-2002-0797 (Buffer overflow in the MIB parsing component of mibiisa for Solaris ...)
-	TODO: check
+	NOTE: not-for-us (Solaris)
 CAN-2002-0796 (Format string vulnerability in the logging component of snmpdx for ...)
-	TODO: check
+	NOTE: not-for-us (Solaris)
 CAN-2002-0793 (Hard link and possibly symbolic link following vulnerabilities in QNX ...)
-	TODO: check
+	NOTE: not-for-us (QNX)
 CAN-2002-0792 (The web management interface for Cisco Content Service Switch (CSS) ...)
-	TODO: check
+	NOTE: not-for-us (Cisco)
 CAN-2002-0791 (Novell Netware FTP server NWFTPD before 5.02r allows remote attackers ...)
-	TODO: check
+	NOTE: not-for-us (Novell)
 CAN-2002-0787 (Cross-site scripting vulnerabilities in iCon administrative web server ...)
-	TODO: check
+	NOTE: not-for-us
 CAN-2002-0786 (iCon administrative web server for Critical Path inJoin Directory ...)
-	TODO: check
+	NOTE: not-for-us
 CAN-2002-0784 (Directory traversal vulnerability in Lysias Lidik web server 0.7b ...)
-	TODO: check
+	NOTE: not-for-us
 CAN-2002-0783 (Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary ...)
-	TODO: check
+	NOTE: not-for-us (Opera)
 CAN-2002-0782 (Novell BorderManager 3.5 with PAT (Port-Address Translate) enabled ...)
-	TODO: check
+	NOTE: not-for-us (Novell)
 CAN-2002-0781 (RTSP proxy for Novell BorderManager 3.6 SP 1a allows remote attackers ...)
-	TODO: check
+	NOTE: not-for-us (Novell)
 CAN-2002-0780 (IP/IPX gateway for Novell BorderManager 3.6 SP 1a allows remote ...)
-	TODO: check
+	NOTE: not-for-us (Novell)
 CAN-2002-0779 (FTP proxy server for Novell BorderManager 3.6 SP 1a allows remote ...)
-	TODO: check
+	NOTE: not-for-us (Novell)
 CAN-2002-0775 (browse.asp in Hosting Controller allows remote attackers to view ...)
-	TODO: check
+	NOTE: not-for-us
 CAN-2002-0774 (Hosting Controller creates a default user AdvWebadmin with a default ...)
-	TODO: check
+	NOTE: not-for-us
 CAN-2002-0773 (imp_rootdir.asp for Hosting Controller allows remote attackers to copy ...)
-	TODO: check
+	NOTE: not-for-us
 CAN-2002-0772 (Directory traversal vulnerability in dsnmanager.asp for Hosting ...)
-	TODO: check
+	NOTE: not-for-us
 CAN-2002-0771 (Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS 0.9.2 ...)
-	TODO: check
+	- viewcvs 0.9.2-5
 CAN-2002-0770 (Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain ...)
-	TODO: check
+	NOTE: not-for-us (Quake server)
 CAN-2002-0769 (The web-based configuration interface for the Cisco ATA 186 Analog ...)
-	TODO: check
+	NOTE: not-for-us (Cisco)
 CAN-2002-0767 (simpleinit on Linux systems does not close a read/write FIFO file ...)
-	TODO: check
+	NOTE: not-for-us (simpleinit not in Debian)
 CAN-2002-0764 (Phorum 3.3.2a allows remote attackers to execute arbitrary commands ...)
-	TODO: check
+	NOTE: not-for-us (Phorum not in Debian)
 CAN-2002-0763 (Vulnerability in administration server for HP VirtualVault 4.5 on ...)
-	TODO: check
+  NOTE: not-for-us (HP)
 CAN-2002-0757 ((1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled ...)
-	TODO: check
+  - webmin 0.980-1
+  - usermin 0.910-1
 CAN-2002-0756 (Cross-site scripting vulnerability in the authentication page for (1) ...)
-	TODO: check
+  - webmin 0.980-1
+  - usermin 0.910-1
 CAN-2002-0753 (Buffer overflow in Talentsoft Web+ 5.0 allows remote attackers to ...)
-	TODO: check
+  NOTE: not-for-us (Talentsoft not in Debian)
 CAN-2002-0752 (CGIscript.net csMailto.cgi program exports feedback to a file that is ...)
-	TODO: check
+	NOTE: not-for-us (CGIscript.net not in Debian)
 CAN-2002-0751 (CGIscript.net csMailto.cgi program allows remote attackers to use ...)
-	TODO: check
+	NOTE: not-for-us (CGIscript.net not in Debian)
 CAN-2002-0750 (CGIscript.net csMailto.cgi program allows remote attackers to read ...)
-	TODO: check
+	NOTE: not-for-us (CGIscript.net not in Debian)
 CAN-2002-0749 (CGIscript.net csMailto.cgi allows remote attackers to execute ...)
-	TODO: check
+	NOTE: not-for-us (CGIscript.net not in Debian)
 CAN-2002-0747 (Buffer overflow in lsmcode in AIX 4.3.3. ...)
-	TODO: check
+	NOTE: not-for-us (AIX)
 CAN-2002-0746 (Vulnerability in template.dhcpo in AIX 4.3.3 related to an insecure ...)
-	TODO: check
+	NOTE: not-for-us (AIX)
 CAN-2002-0745 (Buffer overflow in uucp in AIX 4.3.3. ...)
-	TODO: check
+	NOTE: not-for-us (AIX)
 CAN-2002-0744 (namerslv in AIX 4.3.3 core dumps when called with a very long ...)
-	TODO: check
+	NOTE: not-for-us (AIX)
 CAN-2002-0743 (mail and mailx in AIX 4.3.3 core dump when called with a very long ...)
-	TODO: check
+	NOTE: not-for-us (AIX)
 CAN-2002-0742 (Buffer overflow in pioout on AIX 4.3.3. ...)
-	TODO: check
+	NOTE: not-for-us (AIX)
 CAN-2002-0740 (Buffer overflow in slrnpull for the SLRN package, when installed ...)
-	TODO: check
+  - slrn 0.9.6.2-9
 CAN-2002-0739 (Cross-site scripting in PostCalendar 3.02 allows remote attackers to ...)
-	TODO: check
+	NOTE: not-for-us (PostCalendat not in Debian)
 CAN-2002-0735 (Format string vulnerability in the logging() function in C-Note Squid ...)
-	TODO: check
-end claimed by djoume
+	NOTE: not-for-us (only potato was vulnerable)
 CAN-2002-0732 (Cross-site scripting vulnerability in MyGuestbook 1.0 allows remote ...)
 	NOTE: not-for-us (MyGuestbook)
 CAN-2002-0731 (Cross-site scripting vulnerability in demonstration scripts for ...)