[Secure-testing-commits] r1498 - data/CAN

Joey Hess joeyh at costa.debian.org
Sat Jul 30 04:59:35 UTC 2005 

Author: joeyh
Date: 2005-07-30 04:59:32 +0000 (Sat, 30 Jul 2005)
New Revision: 1498

Modified:
   data/CAN/list
Log:
done with block
also, found old uudeview hole that was miscategorised


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-07-30 04:21:58 UTC (rev 1497)
+++ data/CAN/list	2005-07-30 04:59:32 UTC (rev 1498)
@@ -172,7 +172,7 @@
 CAN-2005-2312 (management.php in Realnode Emilda 1.2.2 and earlier allows remote ...)
 	NOTE: not-for-us (Realnode Emilda)
 CAN-2005-2311 (SMS 1.9.2m and earlier allows local users to overwrite arbitrary files ...)
-	- sms-pl (unfixed; bug filed; low)
+	- sms-pl (unfixed; bug #320540; low)
 	NOTE: vulnerable contrib file only in source package
 CAN-2005-2310 (Buffer overflow in Winamp 5.03a, 5.09 and 5.091 allows remote ...)
 	NOTE: not-for-us (Winamp)
@@ -222,73 +222,71 @@
 	NOTE: not-for-us (PHPCounter)
 CAN-2005-2287 (SoftiaCom wMailServer 1.0 and 2.0 allows remote attackers to cause a ...)
 	NOTE: not-for-us (SoftiaCom wMailServer)
-begin claimed by joeyh
 CAN-2005-2286 (WebEOC before 6.0.2 does not properly check user authorization, which ...)
-	TODO: check
+	NOTE: not-for-us (WebEOC)
 CAN-2005-2285 (WebEOC before 6.0.2 stores sensitive information in locations such as ...)
-	TODO: check
+	NOTE: not-for-us (WebEOC)
 CAN-2005-2284 (Multiple SQL injection vulnerabilities in WebEOC before 6.0.2 allow ...)
-	TODO: check
+	NOTE: not-for-us (WebEOC)
 CAN-2005-2283 (WebEOC before 6.0.2 does not properly restrict the size of an uploaded ...)
-	TODO: check
+	NOTE: not-for-us (WebEOC)
 CAN-2005-2282 (Multiple cross-site scripting (XSS) vulnerabilities in WebEOC 6.0.2 ...)
-	TODO: check
+	NOTE: not-for-us (WebEOC)
 CAN-2005-2281 (WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which ...)
-	TODO: check
+	NOTE: not-for-us (WebEOC)
 CAN-2005-2280 (Cisco Security Agent (CSA) 4.5 allows remote attackers to cause a ...)
-	TODO: check
+	NOTE: not-for-us (Cisco)
 CAN-2005-2279 (Cisco ONS 15216 Optical Add/Drop Multiplexer (OADM) running firmware ...)
-	TODO: check
+	NOTE: not-for-us (Cisco)
 CAN-2005-2278 (Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable ...)
-	TODO: check
+	NOTE: not-for-us (MailEnable)
 CAN-2005-2277 (Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows ...)
 	{DSA-762-1}
 	- affix 2.1.2-2 (medium)
 CAN-2005-2276 (Cross-site scripting (XSS) vulnerability in Novell Groupwise WebAccess ...)
-	TODO: check
+	NOTE: not-for-us (Novell Groupwise WebAccess)
 CAN-2004-2284 (The read_list_from_file function in vacation.pl for OpenWebmail before ...)
-	TODO: check
+	NOTE: not-for-us (OpenWebmail)
 CAN-2004-2283 (Unknown vulnerability in DansGuardian before 2.6.1-13 allows remote ...)
-	TODO: check
+	- dansguardian 2.6.1-13 (medium)
 CAN-2004-2282 (DansGuardian before 2.7.7-2 allows remote attackers to bypass URL ...)
-	TODO: check
+	- dansguardian 2.7.7-2
 CAN-2004-2281 (Multiple unknown vulnerabilities in IBM Lotus Notes 6.5.x before 6.5.4 ...)
-	TODO: check
+	NOTE: not-for-us (IBM Lotus Notes)
 CAN-2004-2280 (Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before ...)
-	TODO: check
+	NOTE: not-for-us (IBM Lotus Notes)
 CAN-2004-2279 (Cross-site scripting (XSS) vulnerability in Invision Power Board 1.3 ...)
-	TODO: check
+	NOTE: not-for-us (Invision Power Board)
 CAN-2004-2278 (Unknown cross-site scripting (XSS) vulnerability in the web GUI in ...)
-	TODO: check
+	NOTE: not-for-us (vHost)
 CAN-2004-2277 (Buffer overflow in aGSM Half-Life client allows remote Half-Life ...)
-	TODO: check
+	NOTE: not-for-us (aGSM Half-Life)
 CAN-2004-2276 (F-Secure Anti-Virus 5.41 and 5.42 on Windows, Client Security 5.50 and ...)
-	TODO: check
+	NOTE: not-for-us (F-Secure Anti-Virus)
 CAN-2004-2275 (i-mall.cgi in I-Mall Commerce allows remote attackers to execute ...)
-	TODO: check
+	NOTE: not-for-us (I-Mall Commerce)
 CAN-2004-2274 (Unknown vulnerability in Jigsaw before 2.2.4 has unknown impact and ...)
-	TODO: check
+	NOTE: not-for-us (w3m Jigsaw)
 CAN-2004-2273 (efFingerD 0.2.12 allows remote attackers to cause a denial of service ...)
-	TODO: check
+	NOTE: not-for-us (efFingerD)
 CAN-2004-2272 (Buffer overflow in the sockFinger_DataArrival function in efFingerD ...)
-	TODO: check
+	NOTE: not-for-us (efFingerD)
 CAN-2004-2271 (Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers ...)
-	TODO: check
+	NOTE: not-for-us (MiniShare)
 CAN-2004-2270 (Unknown vulnerability in IBM Parallel Environment (PE) 3.2 and 4.1 ...)
-	TODO: check
+	NOTE: not-for-us (IBM Parallel Environment)
 CAN-2004-2269 (Stack-based buffer overflow in pads.c in Passive Asset Detection ...)
-	TODO: check
+	- pads 1.1.1 (high)
 CAN-2004-2268 (PimenGest2 before 1.1.1 allows remote attackers to obtain the database ...)
-	TODO: check
+	NOTE: not-for-us (PimenGest2)
 CAN-2004-2267 (Cross-site scripting (XSS) vulnerability in Ansel 2.1 and earlier ...)
-	TODO: check
+	NOTE: not-for-us (Ansel)
 CAN-2004-2266 (SQL injection vulnerability in Ansel 2.1 and earlier allows remote ...)
-	TODO: check
+	NOTE: not-for-us (Ansel)
 CAN-2004-2265 (UUDeview 0.5.20 and earlier handles temporary files insecurely during ...)
-	TODO: check
+	- uudeview (unfixed; bug filed; medium)
 CAN-2004-2264 (** DISPUTED ** Format string bug in the open_altfile function in ...)
-	TODO: check
-end claimed by joeyh
+	NOTE: less is not suid, explotability unlikely
 CAN-2004-2263 (SQL injection vulnerability in the valid function in fr_left.php in ...)
 	TODO: check
 CAN-2004-2262 (ImageManager in e107 before 0.617 does not properly check the types of ...)
@@ -11384,7 +11382,7 @@
 CAN-2004-0334 (AXIS 2100 Network Camera allows remote attackers to bypass Basic ...)
 	NOTE: not-for-us (AXIS 2100)
 CAN-2004-0333 (Buffer overflow in the UUDeview package, as used in WinZip 6.2 through ...)
-	NOTE: not-for-us (WinZip)
+	- uudeview 0.5.20 (medium)
 CAN-2004-0332 (Extremail 1.5.9 does not check passwords correctly when they are all ...)
 	NOTE: not-for-us (extremail)
 CAN-2004-0331 (Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0 allows ...)

More information about the Secure-testing-commits mailing list