[Secure-testing-commits] r1323 - data/CAN
Moritz Muehlenhoff
jmm-guest@costa.debian.org
Sat, 02 Jul 2005 22:57:38 +0000
Author: jmm-guest
Date: 2005-07-02 22:57:35 +0000 (Sat, 02 Jul 2005)
New Revision: 1323
Modified:
data/CAN/list
Log:
new drupal issues already fixed
new mozillae dos not yet fixed
new freebsd issue not yet fixed
wordpress, apache, asterisk CANified
lots of not-for-us
lowered asterisk urgency, as it doesn't run as root in Debian
some older issues from 2004 already fixed
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-07-02 22:10:35 UTC (rev 1322)
+++ data/CAN/list 2005-07-02 22:57:35 UTC (rev 1323)
@@ -1,30 +1,32 @@
CAN-2005-XXXX [cacti: Multiple further SQL injection, auth bypass and remote command execution issues]
- cacti 0.8.6f-1 (high)
-begin claimed by jmm
CAN-2005-2116 (Unknown vulnerability in the third-party XML-RPC library in Drupal ...)
- TODO: check
+ - drupal 4.5.4-1
CAN-2005-2115 (Soldier of Fortune II 1.02x and 1.03 allows remote attackers to cause ...)
- TODO: check
+ NOTE: not-for-us (Soldier of Fortune)
CAN-2005-2114 (Mozilla 1.7.8, Firefox 1.0.4 and Camino 0.8.4 allow remote attackers ...)
- TODO: check
+ - mozilla-firefox (unfixed; low)
+ - mozilla (unfixed; low)
+CAN-2005-XXXX [XSS, SQL injection and other issues in Wordpress]
+ - wordpress 1.5.1.3-1
CAN-2005-2113 (SQL injection vulnerability in the loginUser function in the XMLRPC ...)
- TODO: check
+ NOTE: not-for-us (XOOPS)
CAN-2005-2112 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 ...)
- TODO: check
+ NOTE: not-for-us (XOOPS)
CAN-2005-2111 (login.cgi in Community Link Pro Web Editor allows remote attackers to ...)
- TODO: check
+ NOTE: not-for-us (Community Link Pro Web Editor)
CAN-2005-2110 (WordPress 1.5.1.2 and earlier allows remote attackers to obtain ...)
- TODO: check
+ - wordpress 1.5.1.3-1
CAN-2005-2109 (wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers ...)
- TODO: check
+ - wordpress 1.5.1.3-1
CAN-2005-2108 (SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and ...)
- TODO: check
+ - wordpress 1.5.1.3-1
CAN-2005-2107 (Multiple cross-site scripting (XSS) vulnerabilities in post.php in ...)
- TODO: check
+ - wordpress 1.5.1.3-1
CAN-2005-2106 (Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 ...)
- TODO: check
+ - drupal 4.5.4-1
CAN-2005-2105 (Cisco IOS 12.2T through 12.4 allows remote attackers to bypass ...)
- TODO: check
+ NOTE: not-for-us (IOS)
CAN-2005-2104
NOTE: reserved
CAN-2005-2103
@@ -46,78 +48,77 @@
CAN-2005-2095
NOTE: reserved
CAN-2005-2094 (Sun SunONE web server 6.1 SP1 allows remote attackers to poison the ...)
- TODO: check
+ NOTE: not-for-us (Sun)
CAN-2005-2093 (Oracle 9i Application Server (Oracle9iAS) 9.0.2 allows remote ...)
- TODO: check
+ NOTE: not-for-us (Oracle)
CAN-2005-2092 (BEA Systems WebLogic 8.1 SP1 allows remote attackers to poison the web ...)
- TODO: check
+ NOTE: not-for-us (BEA WebLogic)
CAN-2005-2091 (IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison ...)
- TODO: check
+ NOTE: not-for-us (Websphere)
CAN-2005-2090 (Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) ...)
TODO: check
CAN-2005-2089 (Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web ...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2005-2088 (Apache 2.0.45 and 1.3.29 allows remote attackers to poison the web ...)
- TODO: check
+ - apache (unfixed; bug #316173; medium)
CAN-2005-2087 (Internet Explorer 6.0.2900.2180 on Windows XP allows remote attackers ...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2005-2086 (PHP remote file inclusion vulnerability in viewtopic.php in phpBB ...)
- TODO: check
+ NOTE: phpbb versions in Debian not affected
CAN-2005-2085 (Buffer overflow in Inframail Advantage Server Edition 6.0 through 6.7 ...)
- TODO: check
+ NOTE: not-for-us (Inframail)
CAN-2005-2084 (Cross-site scripting (XSS) vulnerability in SearchResults.aspx in ...)
- TODO: check
+ NOTE: not-for-us (Community Forum)
CAN-2005-2083 (Format string vulnerability in IMAP4 in IA eMailServer Corporate ...)
- TODO: check
+ NOTE: not-for-us (IA eMailServer)
CAN-2005-2082 (im_trbbs.cgi in imTRSET 1.02 and earlier allows remote attackers to ...)
- TODO: check
+ NOTE: not-for-us (imTRSET)
CAN-2005-2081 (Stack-based buffer overflow in the function that parses commands in ...)
- TODO: check
+ - asterisk (unfixed; bug #315532; medium)
CAN-2005-2080 (Unknown vulnerability in Remote Agent for Windows Servers (RAWS) in ...)
- TODO: check
+ NOTE: not-for-us (Veritas Backup)
CAN-2005-2079 (Heap-based buffer overflow in the Admin Plus Pack Option for VERITAS ...)
- TODO: check
+ NOTE: not-for-us (Veritas Backup)
CAN-2005-1932 (Lpanel 1.59 and earlier, and other versions before 1.597, allows ...)
- TODO: check
+ NOTE: not-for-us (Lpanel)
CAN-2005-1931 (GoodTech SMTP Server 5.14 allows remote attackers to cause a denial of ...)
- TODO: check
+ NOTE: not-for-us (GoodTech SMTP Server)
CAN-2004-2153 (Multiple unknown vulnerabilities in Real Estate Management Software ...)
- TODO: check
+ NOTE: not-for-us (Real Estate Management Software)
CAN-2004-2152 (Cross-site scripting (XSS) vulnerability in 'raw' page output mode for ...)
- TODO: check
+ NOTE: not-for-us (Mediawiki not yet in Debian)
+ TODO: track ITP: #217571, check CAN-2005-1245, CAN-2005-0536, CAN-2005-0535, CAN-2005-0534, CAN-2004-1405
CAN-2004-2151 (Chatman 1.1.1 RCL and earlier allows remote attackers to cause a ...)
- TODO: check
+ NOTE: not-for-us (Chatman)
CAN-2004-2150 (Nettica Corporation INTELLIPEER Email Server 1.01 displays different ...)
- TODO: check
+ NOTE: not-for-us (INTELLIPEER Email Server)
CAN-2004-2149 (Buffer overflow in the prepared statements API in libmysqlclient for ...)
- TODO: check
+ - mysql-dfsg-4.1 4.1.5-1
CAN-2004-2148 (Unknown local vulnerability in the "change user" feature of Slava ...)
- TODO: check
+ - fprobe-ng 1.1-1
+ TODO: Check, whether fprobe is affected as well
CAN-2004-2147 (Unknown versions of Symantec Norton AntiVirus and Microsoft Outlook ...)
- TODO: check
+ NOTE: not-for-us (Symantec Antivirus)
CAN-2004-2146 (CRLF injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows ...)
- TODO: check
+ NOTE: not-for-us (MegaBBS)
CAN-2004-2145 (SQL injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows ...)
- TODO: check
+ NOTE: not-for-us (MegaBBS)
CAN-2004-2144 (Baal Smart Forms before 3.2 allows remote attackers to bypass ...)
- TODO: check
+ NOTE: not-for-us (Baal Smart Forms)
CAN-2004-2143 (SQL injection vulnerability in the ReMOSitory module in Mambo Portal ...)
- TODO: check
+ NOTE: not-for-us (Mambo Portal)
CAN-2004-2142 (Unknown vulnerability in the remote tape support (remote.c) in the RMT ...)
- TODO: check
+ - sdd 1.52-1
CAN-2004-2141 (Cross-site scripting (XSS) vulnerability in YaBBC.pl in YaBB 1 Gold ...)
- TODO: check
+ NOTE: not-for-us (YaBB)
CAN-2004-2140 (CRLF injection vulnerability in YaBB 1 Gold before 1.3.2 allows remote ...)
- TODO: check
+ NOTE: not-for-us (YaBB)
CAN-2004-2139 (Unknown vulnerability in Adminedit.pl YaBB 1 Gold before 1.3.2 allows ...)
- TODO: check
+ NOTE: not-for-us (YaBB)
CAN-2004-2138 (Cross-site scripting (XSS) vulnerability in AWSguest.php in ...)
- TODO: check
-end claimed by jmm
+ NOTE: not-for-us (MySQLGuest)
CAN-2005-XXXX [proftpd: format string vulnerability in mod_sql's SQLShowInfo]
- proftpd 1.2.10-20 (medium)
-CAN-2005-XXXX [XSS, SQL injection and other issues in Wordpress]
- - wordpress 1.5.1.3-1
CAN-2005-XXXX [proftpd format string vulnerability in ftpshut]
- proftpd 1.2.10-19 (medium)
CAN-2005-2078 (BisonFTP Server V4R1 allows remote authenticated users to cause a ...)
@@ -141,7 +142,7 @@
CAN-2005-2069 (pam_ldap and OpenLDAP, when connecting to a slave using TLS, does not ...)
TODO: check
CAN-2005-2068 (FreeBSD 4.x through 4.11 and 5.x through 5.4 allows remote attackers ...)
- TODO: check
+ - kfreebsd-source (unfixed)
CAN-2005-2067 (SQL injection vulnerability in article.asp in unknown versions of ...)
NOTE: not-for-us (ASP Nuke)
CAN-2005-2066 (SQL injection vulnerability in comment_post.asp in ASP Nuke 0.80 ...)
@@ -586,8 +587,6 @@
TODO: check
CAN-2000-1227 (Windows NT 4.0 and Windows 2000 hosts allow remote attackers to cause ...)
TODO: check
-CAN-2005-XXXX [HTTP request smuggling/spooing in apache2's HTTP proxy mode]
- - apache (unfixed; bug #316173; medium)
CAN-2005-XXXX [Unspecified DoS vulnerability in dhcpcd]
- dhcpcd 1:1.3.22pl4-22 (medium)
CAN-2005-2053 (Just another flat file (JAF) CMS before 3.0 Final allows remote ...)
@@ -610,8 +609,6 @@
NOTE: not-for-us (Duware)
CAN-2005-XXXX [Insecure handling of tempfile for burning the backup in backup-manager]
- backup-manager 0.5.8-2 (low)
-CAN-2005-XXXX [Buffer overflow in Asterisk's command parser]
- - asterisk (unfixed; bug #315532; high)
CAN-2005-2044 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 ...)
NOTE: not-for-us (ATutor)
CAN-2005-2043 (Directory traversal vulnerability in XAMPP before 1.4.14 allows remote ...)
@@ -1229,7 +1226,6 @@
NOTE: not-for-us (Sun ONE)
CAN-2005-1888 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 ...)
NOTE: not-for-us (MediaWiki not yet in Debian)
- TODO: track ITP: #217571, check CAN-2005-1245, CAN-2005-0536, CAN-2005-0535, CAN-2005-0534, CAN-2004-1405
CAN-2005-1887 (Unknown vulnerability in the Sun Solaris C library (libc and ...)
NOTE: not-for-us (Solaris)
CAN-2005-1886 (Cross-site scripting (XSS) vulnerability in view.php in YaPiG 0.92b, ...)