[Secure-testing-commits] r1410 - data/CAN

Moritz Muehlenhoff jmm-guest at costa.debian.org
Sat Jul 16 17:15:28 UTC 2005 

Author: jmm-guest
Date: 2005-07-16 17:15:25 +0000 (Sat, 16 Jul 2005)
New Revision: 1410

Modified:
   data/CAN/list
Log:
several not-for-us
xmlstarlet already fixed
multiple new issues in tutos


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-07-16 10:47:02 UTC (rev 1409)
+++ data/CAN/list	2005-07-16 17:15:25 UTC (rev 1410)
@@ -196,7 +196,6 @@
 	NOTE: not-for-us (AliveSites)
 CAN-2004-2210 (Multiple cross-site scripting (XSS) vulnerabilities in Express-Web ...)
 	NOTE: not-for-us (Express-Web)
-begin claimed by jmm
 CAN-2004-2209 (SQL injection vulnerability in Ideal Science IdealBB 1.4.9 through ...)
 	NOTE: not-for-us (IdealBB)
 CAN-2004-2208 (CRLF injection vulnerability in Ideal Science IdealBB 1.4.9 through ...)
@@ -271,7 +270,6 @@
 	NOTE: not-for-us (Microsoft)
 CAN-2004-2175 (Multiple SQL injection vulnerabilities in ReviewPost PHP Pro allow ...)
 	NOTE: not-for-us (ReviewPost)
-end claimed by jmm
 CAN-2004-2174 (Cross-site scripting (XSS) vulnerability in Custva.asp in EarlyImpact ...)
 	NOTE: not-for-us (EarlyImpact)
 CAN-2004-2173 (SQL injection vulnerability in advSearch_h.asp in EarlyImpact ...)
@@ -297,21 +295,23 @@
 CAN-2004-2163 (login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not ...)
 	NOTE: not-for-us (OpenBSD)
 CAN-2004-2162 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow ...)
-	TODO: check
+	- tutos (unfixed; bug filed; medium)
 CAN-2004-2161 (SQL injection vulnerability in file_overview.php in TUTOS 1.1 allows ...)
-	TODO: check
+	- tutos (unfixed; bug filed; medium)
 CAN-2004-2160 (Format string vulnerability in xml_elem.c for XMLStarlet Command Line ...)
-	TODO: check
+	- xmlstarlet 1.0.0-1
 CAN-2004-2159 (Multiple buffer overflows in XMLStarlet Command Line XML Toolkit 0.9.3 ...)
-	TODO: check
+	- xmlstarlet 1.0.0-1
 CAN-2004-2158 (SQL injection vulnerability in Serendipity 0.7-beta1 allows remote ...)
-	TODO: check
+	NOTE: Not yet in Debian, but there's an ITP pending.
+	TODO: Track #312413
 CAN-2004-2157 (Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity ...)
-	TODO: check
+	NOTE: Not yet in Debian, but there's an ITP pending.
+	TODO: Track #312413
 CAN-2004-2156 (Multiple unknown vulnerabilities in Online Recruitment Agency 1.0 have ...)
-	TODO: check
+	NOTE: not-for-us (Online Recruitment Agency)
 CAN-2004-2155 (Online-bookmarks before 0.4.6 allows remote attackers to bypass its ...)
-	TODO: check
+	NOTE: not-for-us (Online-bookmarks)
 CAN-2005-XXXX [base-config log should not be world readable]
 	- base-config 2.68 (low)
 CAN-2005-2169 (Directory traversal vulnerability in source.php in Quick & Dirty ...)
@@ -356,7 +356,7 @@
 	NOTE: currently too busy 
 	- courier (unfixed; low)
 CAN-2005-2150 (Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does ...)
-	TODO: check
+	NOTE: not-for-us (Microsoft)
 CAN-2005-2149 (config.php in Cacti 0.8.6e and earlier allows remote attackers to set ...)
 	- cacti 0.8.6f-1 (high)
 CAN-2005-2148 (Cacti 0.8.6e and earlier does not perform proper input validation to ...)

More information about the Secure-testing-commits mailing list