[Secure-testing-commits] r1328 - data/CAN
Moritz Muehlenhoff
jmm-guest@costa.debian.org
Mon, 04 Jul 2005 10:09:45 +0000
Author: jmm-guest
Date: 2005-07-04 10:09:43 +0000 (Mon, 04 Jul 2005)
New Revision: 1328
Modified:
data/CAN/list
Log:
some house-keeping on older bugs
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-07-03 13:45:06 UTC (rev 1327)
+++ data/CAN/list 2005-07-04 10:09:43 UTC (rev 1328)
@@ -239,7 +239,11 @@
CAN-2002-1955 (Iomega NAS A300U uses cleartext LANMAN authentication when mounting ...)
NOTE: not-for-us (Iomega hardware issue)
CAN-2002-1954 (Cross-site scripting (XSS) vulnerability in the phpinfo function in ...)
- TODO: check
+ NOTE: According to http://bugs.php.net/bug.php?id=19881 this only affects a
+ NOTE: php function that displays the PHP logo and version information. In the bug
+ NOTE: log the developers seem unwilling to fix this, as it only affects a debug
+ NOTE: function.
+ TODO: check, whether the mentioned XSS still affects current PHP versions in Debian
CAN-2002-1953 (Heap-based buffer overflow in the goim handler of AOL Instant ...)
NOTE: not-for-us (AIM)
CAN-2002-1952 (phpRank 1.8 does not properly check the return codes for MySQL ...)
@@ -1176,7 +1180,7 @@
CAN-2005-1913 [Kernel changelog for 2.6.12.1: Clean up subthread exec]
NOTE: reserved
TODO: Check 2.6.8
- - kernel-source-2.6.11 (unfixed)
+ - kernel-source-2.6.11 2.6.11-6 (normal)
CAN-2005-1912
NOTE: reserved
CAN-2005-1911 (The fetchnews NNTP client in leafnode 1.11.2 and earlier can hang ...)
@@ -1493,7 +1497,7 @@
CAN-2005-1761 [Kernel changelog for 2.6.12.1: ia64 ptrace + sigrestore_context]
NOTE: reserved
TODO: Check 2.6.8
- - kernel-source-2.6.11 (unfixed)
+ - kernel-source-2.6.11 2.6.11-6 (normal)
CAN-2005-1760 (sysreport 1.3.15 and earlier includes contents of the up2date file in ...)
NOTE: not-for-us (sysreport)
CAN-2005-1759 (Race condition in shtool 2.0.1 and earlier allows local users to ...)
@@ -4863,11 +4867,11 @@
CAN-2005-0774 (SQL injection vulnerability in member.php and possibly other scripts ...)
NOTE: not-for-us (PhotoPost)
CAN-2005-0773 (Stack-based buffer overflow in VERITAS Backup Exec Remote Agent 9.0 ...)
- TODO: check
+ NOTE: not-for-us (VERITAS Backup Exec)
CAN-2005-0772 (VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and 9.0.4019 ...)
NOTE: not-for-us (VERITAS Backup Exec)
CAN-2005-0771 (VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for Windows ...)
- TODO: check
+ NOTE: not-for-us (VERITAS Backup Exec)
CAN-2005-0770 (Format string vulnerability in DataRescue Interactive Disassembler and ...)
NOTE: not-for-us (IDA Pro)
CAN-2005-0768 (Buffer overflow in the administration web server for GoodTech Telnet ...)
@@ -6511,7 +6515,7 @@
CAN-2005-0361
NOTE: reserved
CAN-2005-0360 (The Microsoft Log Sink Class ActiveX control in pkmcore.dll is marked ...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2005-0359
NOTE: reserved
CAN-2005-0358