[Secure-testing-commits] r1346 - data/CAN
Moritz Muehlenhoff
jmm-guest@costa.debian.org
Thu, 07 Jul 2005 07:41:54 +0000
Author: jmm-guest
Date: 2005-07-07 07:41:51 +0000 (Thu, 07 Jul 2005)
New Revision: 1346
Modified:
data/CAN/list
Log:
cupsys issue already fixed
reorg xmlrpc issues
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-07-06 21:14:13 UTC (rev 1345)
+++ data/CAN/list 2005-07-07 07:41:51 UTC (rev 1346)
@@ -59,17 +59,18 @@
CAN-2005-2117
NOTE: reserved
CAN-2004-2154 (CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as ...)
- TODO: check
+ - cupsys 1.1.20final+rc1-1 (low)
CAN-2005-XXXX [Insecure tempfile generation in ekg]
- ekg (unfixed; bug #317027; medium)
-CAN-2005-XXXX [Missing input sanitization due in phpwiki's xmlrpc code allow execution of arb. php code]
- - phpwiki 1.3.7-4 (high)
CAN-2005-XXXX [cacti: Multiple further SQL injection, auth bypass and remote command execution issues]
- cacti 0.8.6f-1 (high)
CAN-2005-2116 (Unknown vulnerability in the third-party XML-RPC library in Drupal ...)
+ NOTE: This will probably be re-organized by the CVE editor, but lets keep it for now,
+ NOTE: as it's the same issue
- drupal 4.5.4-1 (high)
- phpgroupware 0.9.16.006-1 (high)
- egroupware (unfixed)
+ - phpwiki 1.3.7-4 (high)
- ewiki (unfixed)
- horde3 (unfixed)
CAN-2005-2115 (Soldier of Fortune II 1.02x and 1.03 allows remote attackers to cause ...)