[Secure-testing-commits] r1502 - data/CAN

Sat Jul 30 15:24:23 UTC 2005

Author: joeyh
Date: 2005-07-30 15:24:19 +0000 (Sat, 30 Jul 2005)
New Revision: 1502

Modified:
   data/CAN/list
Log:
new vpopmail holes
fetchmail fix didn't apply
claimed block


Modified: data/CAN/list
===================================================================

--- data/CAN/list	2005-07-30 13:56:12 UTC (rev 1501)
+++ data/CAN/list	2005-07-30 15:24:19 UTC (rev 1502)
@@ -336,9 +336,12 @@
 CAN-2004-2240 (Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier ...)
 	NOTE: not-for-us (Phorum)
 CAN-2004-2239 (Buffer overflow in vsybase.c in vpopmail 5.4.2 and earlier might allow ...)
-	TODO: check
+	- vpopmail (unfixed; bug filed; low)
+CAN-2005-XXXX [SQL injecton vulnerabilities in vpopmail prior to 5.4.6]
+	NOTE: see http://archives.neohapsis.com/archives/bugtraq/2004-08/0286.html
+	- vpopmail (unfixed; bug filed; high)
 CAN-2004-2238 (** DISPUTED ** ...)
-	TODO: check
+	NOTE: format string vuln in vpopmail doesn't seem to be real
 CAN-2004-2237 (Unknown vulnerability in Moodle before 1.3.4 has unknown impact and ...)
 	- moodle 1.4-1
 CAN-2004-2236 (Unknown vulnerability in Moodle before 1.3.3 has unknown impact and ...)
@@ -411,7 +414,8 @@
 CAN-2005-XXXX [tdiary cross-site request forgeries]
 	- tdiary 2.0.2-1 (medium)
 CAN-2005-2335 (Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows ...)
-	- fetchmail 6.2.5-15 (medium)
+	NOTE: previous fix broken
+	- fetchmail (unfixed; bug #320357; medium)
 CAN-2005-2320 (WebCalendar before 1.0.0 does not properly restrict access to ...)
 	{DSA-766-1}
 	- webcalender (unfixed; bug #315671; medium)
@@ -737,6 +741,7 @@
 	NOTE: not-for-us (Macromedia JRun)
 CAN-2001-1543 (Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default ...)
 	NOTE: not-for-us (Axis network camera)
+begin claimed by joeyh
 CAN-2001-1542 (NAI WebShield SMTP 4.5 and possibly 4.5 MR1a does not filter ...)
 	TODO: check
 CAN-2001-1541 (Buffer overflow in Unix-to-Unix Copy Protocol (UUCP) in BSDI BSD/OS ...)
@@ -829,6 +834,7 @@
 	TODO: check
 CAN-2000-1228 (Phorum 3.0.7 allows remote attackers to change the administrator ...)
 	TODO: check
+end claimed by joeyh
 CAN-2005-2259 (The dispallclosed2 function in dispallclosed.pl for multiple USANet ...)
 	NOTE: not-for-us (USANet)
 CAN-2005-2258 (PHP remote file inclusion vulnerability in photolist.inc.php in Squito ...)


