[Secure-testing-commits] r1402 - data/CAN

Moritz Muehlenhoff jmm-guest at costa.debian.org
Fri Jul 15 12:38:34 UTC 2005


Author: jmm-guest
Date: 2005-07-15 12:38:28 +0000 (Fri, 15 Jul 2005)
New Revision: 1402

Modified:
   data/CAN/list
Log:
backup-manager CANified, claim more


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-07-15 12:14:58 UTC (rev 1401)
+++ data/CAN/list	2005-07-15 12:38:28 UTC (rev 1402)
@@ -101,41 +101,40 @@
 	NOTE: not-for-us (MediaWiki)
 CAN-2005-2214 (apt-setup in Debian GNU/Linux installs the apt.conf file with insecure ...)
 	- base-config (unfixed; bug #305142; low)
-begin claimed by jmm
 CAN-2005-2213 (Buffer overflow in the mms_interp_header function in mms.c in MMS ...)
-	TODO: check
+	NOTE: not-for-us (MMS Ripper)
 CAN-2005-2212 (Backup Manager 0.5.8a creates an archive repository with world ...)
-	TODO: check
+	- backup-manager 0.5.8-2 (low)
 CAN-2005-2211 (Backup Manager 0.5.8a creates temporary files insecurely, which allows ...)
-	TODO: check
+	- backup-manager 0.5.8-2 (low)
 CAN-2005-2210 (Stack-based buffer overflow in Internet Download Manager 4.05 allows ...)
-	TODO: check
+	NOTE: not-for-us (Internet Down)
 CAN-2005-2209 (Capturix ScanShare 1.06 build 50 stores sensitive information such as ...)
-	TODO: check
+	NOTE: not-for-us (ScanShare)
 CAN-2005-2208 (PrivaShare 1.1b allows remote attackers to cause a denial of service ...)
-	TODO: check
+	NOTE: not-for-us (PrivaShare)
 CAN-2005-2207 (Cross-site scripting (XSS) vulnerability in store/login.asp in CartWIZ ...)
-	TODO: check
+	NOTE: not-for-us (CartWIZ)
 CAN-2005-2206 (Multiple SQL injection vulnerabilities in CartWIZ allow remote ...)
-	TODO: check
+	NOTE: not-for-us (CartWIZ)
 CAN-2005-2205 (The ReadLog function in kaiseki.cgi in pngren allows remote attackers ...)
-	TODO: check
+	NOTE: not-for-us (kaiseki.cgi)
 CAN-2005-2204 (Cross-site scripting (XSS) vulnerability in Computer Associates (CA) ...)
-	TODO: check
+	NOTE: not-for-us (SiteMinder)
 CAN-2005-2203 (login.php in phpWishlist before 0.1.15 allows remote attackers to ...)
-	TODO: check
+	NOTE: not-for-us (phpWishlist)
 CAN-2005-2202 (Cross-site scripting (XSS) vulnerability in the MicroServer Web Server ...)
-	TODO: check
+	NOTE: not-for-us (Xerox Hardware issue)
 CAN-2005-2201 (Unknown vulnerability in the MicroServer Web Server for Xerox ...)
-	TODO: check
+	NOTE: not-for-us (Xerox hardware)
 CAN-2005-2200 (Multiple unknown vulnerabilities in the MicroServer Web Server for ...)
-	TODO: check
+	NOTE: not-for-us (Xerox hardware)
 CAN-2005-2199 (PHP remote file inclusion vulnerability in inc/functions.inc.php in ...)
-	TODO: check
+	NOTE: not-for-us (PPA web photo gallery)
 CAN-2005-2198 (PHP remote file inclusion vulnerability in lang.php in SPiD before ...)
-	TODO: check
+	NOTE: not-for-us (SPiD)
 CAN-2005-2197 (SQL injection vulnerability in sql.cls.php in Id Board 1.1.3 allows ...)
-	TODO: check
+	NOTE: not-for-us (Id Board)
 CAN-2005-2196
 	NOTE: reserved
 CAN-2005-2195
@@ -143,16 +142,16 @@
 CAN-2005-2194
 	NOTE: reserved
 CAN-2005-2193 (SQL injection vulnerability in the user profile edit module in ...)
-	TODO: check
+	NOTE: not-for-us (PunBB)
 CAN-2005-2192 (SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with ...)
-	TODO: check
+	NOTE: not-for-us (SimplePHPBlog)
 CAN-2005-2191 (Multiple cross-site scripting (XSS) vulnerabilities in Comersus ...)
-	TODO: check
+	NOTE: not-for-us (Comersus)
 CAN-2005-2190 (Multiple SQL injection vulnerabilities in Comersus shopping cart allow ...)
-	TODO: check
+	NOTE: not-for-us (Comersus)
 CAN-2005-2189 (Lantronix SecureLinx console server running firmware 2.0 and 3.0 ...)
-	TODO: check
-end claimed by jmm
+	NOTE: not-for-us (Lantronix SecureLinx)
+begin claimed by jmm
 CAN-2005-2188 (McAfee IntruShield Security Management System obtains the user ID from ...)
 	TODO: check
 CAN-2005-2187 (McAfee IntruShield Security Management System allows remote ...)
@@ -197,6 +196,7 @@
 	TODO: check
 CAN-2004-2210 (Multiple cross-site scripting (XSS) vulnerabilities in Express-Web ...)
 	TODO: check
+end claimed by jmm
 CAN-2004-2209 (SQL injection vulnerability in Ideal Science IdealBB 1.4.9 through ...)
 	TODO: check
 CAN-2004-2208 (CRLF injection vulnerability in Ideal Science IdealBB 1.4.9 through ...)
@@ -1066,8 +1066,6 @@
 	NOTE: not-for-us (Duware)
 CAN-2005-2045 (Multiple SQL injection vulnerabilities in DUware DUportal PRO 3.4.3 ...)
 	NOTE: not-for-us (Duware)
-CAN-2005-XXXX [Insecure handling of tempfile for burning the backup in backup-manager]
-	- backup-manager 0.5.8-2 (low)
 CAN-2005-2044 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 ...)
 	NOTE: not-for-us (ATutor)
 CAN-2005-2043 (Directory traversal vulnerability in XAMPP before 1.4.14 allows remote ...)




More information about the Secure-testing-commits mailing list