[Secure-testing-commits] r1450 - data/CAN

Thu Jul 21 14:36:00 UTC 2005

Author: joeyh
Date: 2005-07-21 14:35:55 +0000 (Thu, 21 Jul 2005)
New Revision: 1450

Modified:
   data/CAN/list
Log:
write mitre for CAN assignments for holes reported originally to debian
bts


Modified: data/CAN/list
===================================================================

--- data/CAN/list	2005-07-21 11:08:43 UTC (rev 1449)
+++ data/CAN/list	2005-07-21 14:35:55 UTC (rev 1450)
@@ -1,7 +1,9 @@
 CAN-2005-2320 [webcalender: Inproper access control may lead to privilege escalation]
 	- webcalender (unfixed; bug #315671; medium)
+	NOTE: CAN request sent to mitre
 CAN-2005-XXXX [xsupplicant leaks sensitive password information into logfile]
 	- xsupplicant (unfixed; bug #317703; medium)
+	NOTE: CAN request sent to mitre
 CAN-2005-XXXX [Insecure temp usage in gopher]
 	- gopher 3.0.8 (low)
 CAN-2005-XXXX [fiaif: Package provided cron job updates conf files with access definitions]
@@ -728,6 +730,7 @@
 	NOTE: not-for-us (Online-bookmarks)
 CAN-2005-XXXX [base-config log should not be world readable]
 	- base-config 2.68 (low)
+	NOTE: CAN request sent to mitre
 CAN-2005-2169 (Directory traversal vulnerability in source.php in Quick &amp; Dirty ...)
 	NOTE: not-for-us (PHPSource Printer)
 CAN-2005-2168 (delete.php in Plague News System 0.6 and earlier allows remote ...)
@@ -2224,8 +2227,12 @@
 	- fuse 2.3.0-1
 CAN-2005-XXXX [Directory traversal in zoo]
 	- zoo (unfixed; bug #309594; medium)
+	NOTE: CAN request sent to mitre
 CAN-2005-XXXX [Cross Site Scripting in websieve]
 	- websieve (unfixed; bug #311838; low)
+	NOTE: CAN number requested from mitre
+	NOTE: second half of bug suggets lack of escaping of user data
+	NOTE: could be used to compromise program somehow
 CAN-2005-1840 (Directory traversal vulnerability in class.layout_phpcms.php in phpCMS ...)
 	NOTE: not-for-us (phpCMS)
 CAN-2005-1839 (Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk ...)
@@ -2509,6 +2516,7 @@
 	- moodle 1.4.4.dfsg.1-3
 CAN-2005-XXXX [Minor DoS condition in mutt due to preditable tempfiles]
 	- mutt (unfixed; bug #311296; low)
+	NOTE: CAN number assignment requested from mitre
 CAN-2005-XXXX [gforge arbitrary code execution through viewFile.php]
 	NOTE: viewFile.php has been removed along with other files in -26, so Debian is
 	NOTE: no longer affected.
@@ -3942,10 +3950,12 @@
 	- maradns 1.0.27-1
 CAN-2005-XXXX [Temp file races in gs-gpl addons scripts]
 	- gs-gpl (unfixed; bug #291373; low)
+	NOTE: CAN number requested from mitre
 CAN-2005-XXXX [Possible SQL injection in freeradius]
 	- freeradius 1.0.2-4
 CAN-2005-XXXX [Insecure temp file handling in Thunderbird]
 	- mozilla-thunderbird (unfixed; bug #306893; low)
+	NOTE: CAN request sent to mitre
 CAN-2005-XXXX [Directory traversal in unzoo]
 	- unzoo 4.4-4
 CAN-2005-XXXX [Logging bypassing through SIGHUP in syslog-ng]
@@ -4008,10 +4018,12 @@
 	NOTE: have not checked to see which security holes re in it exatly
 	NOTE: Has been removed from Sarge
 	- nvu (unfixed; bug #306822)
+	NOTE: CAN number requested from mitre
 CAN-2005-XXXX [eskuel: arbitrary file retreiving]
 	- eskuel 1.0.5-3.1 (low)
 CAN-2005-XXXX [eskuel: No authentication at all]
 	- eskuel (unfixed; bug #163653; low)
+	NOTE: CAN number requested from mitre
 CAN-2005-XXXX [Buffer overflow in elog's header buffer]
 	- elog 2.5.7+r1558-3
 CAN-2005-XXXX [Unspeficied security issue in ipsec-tool's single DES support]


