[Secure-testing-commits] r1188 - sarge-checks/CAN

Moritz Muehlenhoff jmm-guest@costa.debian.org
Thu, 02 Jun 2005 09:50:44 +0000


Author: jmm-guest
Date: 2005-06-02 09:50:40 +0000 (Thu, 02 Jun 2005)
New Revision: 1188

Modified:
   sarge-checks/CAN/list
Log:
processed block, claim new


Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-06-02 09:18:21 UTC (rev 1187)
+++ sarge-checks/CAN/list	2005-06-02 09:50:40 UTC (rev 1188)
@@ -1,88 +1,88 @@
-begin claimed by jmm
 CAN-2005-1811 (Cross-site scripting (XSS) vulnerability in usercp.php for ...)
-	TODO: check
+        NOTE: not-for-us (MyBB)
 CAN-2005-1810 (SQL injection vulnerability in template-functions-category.php in ...)
-	TODO: check
+	NOTE: Not in Sarge
+	- wordpress 1.5.1.2-1
 CAN-2005-1809 (Sony Ericsson P900 Beamer allows remote attackers to cause a denial of ...)
-	TODO: check
+        NOTE: not-for-us (Sony hardware issue)
 CAN-2005-1808 (Firefly Studios Stronghold 2 1.2 and earlier allows remote attackers ...)
-	TODO: check
+        NOTE: not-for-us (Stronghold game)
 CAN-2005-1807 (The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier ...)
-	TODO: check
+        NOTE: not-for-us (PHPMailer)
 CAN-2005-1806 (Format string vulnerability in PeerCast 0.1211 and earlier allows ...)
-	TODO: check
+        NOTE: not-for-us (PeerCast)
 CAN-2005-1805 (SQL injection vulnerability in login.asp in an unknown product by ...)
-	TODO: check
+        NOTE: not-for-us (Online Solutions for Educators)
 CAN-2005-1804 (Multiple SQL injection vulnerabilities in Net Portal Dynamic System ...)
-	TODO: check
+        NOTE: not-for-us (Net Portal Dynamic System)
 CAN-2005-1803 (Multiple cross-site scripting (XSS) vulnerabilities in Net Portal ...)
-	TODO: check
+        NOTE: not-for-us (Net Portal Dynamic System)
 CAN-2005-1802 (Nortel VPN Router (aka Contivity) allows remote attackers to cause a ...)
-	TODO: check
+        NOTE: not-for-us (Nortel hardware)
 CAN-2005-1801 (The vCard viewer in Nokia 9500 allows attackers to cause a denial of ...)
-	TODO: check
+        NOTE: not-for-us (Nokia hardware)
 CAN-2005-1800 (Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 ...)
-	TODO: check
+        NOTE: not-for-us (Jaws glossary gadget)
 CAN-2005-1799 (Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.5.7 and ...)
-	TODO: check
+        NOTE: not-for-us (FreeStyle Wiki)
 CAN-2005-1798 (Directory traversal vulnerability in ServersCheck Monitoring Software ...)
-	TODO: check
+        NOTE: not-for-us (ServersCheck)
 CAN-2005-1797 (The design of Advanced Encryption Standard (AES), aka Rijndael, allows ...)
-	TODO: check
+        NOTE: Cryptographic attack on AES, cannot be fixed
 CAN-2005-1796 (Format string vulnerability in the curses_msg function in the Ncurses ...)
 	TODO: check
 CAN-2005-1795 (The filecopy function in misc.c in Clam AntiVirus (ClamAV) before ...)
-	TODO: check
+        NOTE: not-for-us (ClamAV on Mac OS X)
 CAN-2005-1794 (Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 ...)
-	TODO: check
+        NOTE: not-for-us (Microsoft)
 CAN-2005-1793 (User32.DLL in Microsoft Windows 98SE, and possibly other operating ...)
-	TODO: check
+        NOTE: not-for-us (Microsoft)
 CAN-2005-1792 (Memory leak in Windows Management Instrumentation (WMI) service allows ...)
-	TODO: check
+        NOTE: not-for-us (Microsoft)
 CAN-2005-1791 (Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the ...)
-	TODO: check
+        NOTE: not-for-us (Microsoft)
 CAN-2005-1790 (Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106 ...)
-	TODO: check
+        NOTE: not-for-us (Microsoft)
 CAN-2005-1789 (SQL injection vulnerability in SignIn.asp in India Software Solution ...)
-	TODO: check
+        NOTE: not-for-us (India Software Solution shopping cart)
 CAN-2005-1788 (SQL injection vulnerability in resellerresources.asp in Hosting ...)
-	TODO: check
+        NOTE: not-for-us (Hosting Controller)
 CAN-2005-1787 (setup.php in phpStat 1.5 allows remote attackers to bypass ...)
-	TODO: check
+        NOTE: not-for-us (phpStat)
 CAN-2005-1786 (SQL injection vulnerability in admin.asp in FunkyASP AD System 1.1 ...)
-	TODO: check
+        NOTE: not-for-us (FunkyASP)
 CAN-2005-1785 (SQL injection vulnerability in ad/login.asp in ZonGG 1.2 allows remote ...)
-	TODO: check
+        NOTE: not-for-us (ZonGG)
 CAN-2005-1784 (Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers ...)
-	TODO: check
+        NOTE: not-for-us (Hosting Controller)
 CAN-2005-1783 (BookReview beta 1.0 allows remote attackers to obtain the path of the ...)
-	TODO: check
+        NOTE: not-for-us (BookReview)
 CAN-2005-1782 (Multiple cross-site scripting (XSS) vulnerabilities in BookReview beta ...)
-	TODO: check
+        NOTE: not-for-us (BookReview)
 CAN-2005-1781 (Unknown vulnerability in SMTP authentication for MailEnable allows ...)
-	TODO: check
+        NOTE: not-for-us (MailEnable)
 CAN-2005-1780 (SQL injection vulnerability in admin/login.asp in Active News Manager ...)
-	TODO: check
+        NOTE: not-for-us (Active News Manager)
 CAN-2005-1779 (SQL injection vulnerability in password.asp in MaxWebPortal 1.35, ...)
-	TODO: check
+	NOTE: not-for-us (MaxWebPortal)
 CAN-2005-1778 (Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke ...)
-	TODO: check
+	NOTE: not-for-us (PostNuke)
 CAN-2005-1777 (SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows ...)
-	TODO: check
+	NOTE: not-for-us (PostNuke)
 CAN-2005-1776 (Buffer overflow in the READ_TCP_STRING function in ...)
-	TODO: check
+	NOTE: not-for-us (C'Nedra)
 CAN-2005-1775 (Terminator 3: War of the Machines 1.16 and earlier allows remote ...)
-	TODO: check
+	NOTE: not-for-us (Terminator game)
 CAN-2005-1774 (WEB-DAV Linux File System (davfs2) 0.2.3 does not properly enforce ...)
-	TODO: check
+        - davfs2 (unfixed; bug #310757)
 CAN-2005-1773 (Multiple unknown vulnerabilities in L-Soft LISTSERV 14.3, 1.8e, and ...)
-	TODO: check
+	NOTE: not-for-us (Listserv)
 CAN-2005-1772 (Buffer overflow in the client cd-key hash in Terminator 3: War of the ...)
-	TODO: check
+	NOTE: not-for-us (Terminator game)
 CAN-2005-1771 (Unknown vulnerability in HP-UX trusted systems B.11.00 through B.11.23 ...)
-	TODO: check
+	NOTE: not-for-us (HPUX)
 CAN-2005-1770 (Buffer overflow in the Aavmker4 device driver in Avast! Antivirus 4.6 ...)
-	TODO: check
+	NOTE: not-for-us (Avast)
 CAN-2005-1769
 	NOTE: reserved
 CAN-2005-1768
@@ -112,38 +112,38 @@
 CAN-2005-1756
 	NOTE: reserved
 CAN-2005-1751 (Race condition in shtool 2.0.1 and earlier allows local users to ...)
-	TODO: check
+	- shtool (unfixed; bug #311206)
 CAN-2004-2136 (dm-crypt on Linux kernel 2.6.x, when used on certain file systems ...)
 	TODO: check
 CAN-2004-2135 (cryptoloop on Linux kernel 2.6.x, when used on certain file systems ...)
 	TODO: check
 CAN-2004-2134 (Oracle toplink mapping workBench uses a weak encryption algorithm for ...)
-	TODO: check
+	NOTE: not-for-us (Oracle)
 CAN-2004-2133 (Certain third-party packages for CVSup 16.1h, such as SuSE Linux, ...)
 	TODO: check
 CAN-2004-2132 (Directory traversal vulnerability in PJreview_Neo.cgi in PJ CGI Neo ...)
-	TODO: check
+	NOTE: not-for-us (PJ CGI Nero)
 CAN-2004-2131 (Stack-based buffer overflow in ontape for IBM Informix Dynamic Server ...)
-	TODO: check
+	NOTE: not-for-us (Informix Dynamic Server)
 CAN-2004-2130 (Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in ...)
-	TODO: check
+        - phpbb2 2.0.6d-2
 CAN-2004-2129 (SurfNOW 2.2 allows remote attackers to cause a denial of service ...)
-	TODO: check
+	NOTE: not-for-us (SurfNOW)
 CAN-2004-2128 (Cross-site scripting (XSS) vulnerability in BRS WebWeaver 1.07 allows ...)
-	TODO: check
+	NOTE: not-for-us (WebWeaver)
 CAN-2004-2127 (Directory traversal vulnerability in Web Blog 1.1 allows remote ...)
-	TODO: check
+	NOTE: not-for-us (Web Blog)
 CAN-2004-2126 (The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure ...)
-	TODO: check
+	NOTE: not-for-us (BlackICE)
 CAN-2004-2125 (Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and ...)
-	TODO: check
+	NOTE: not-for-us (BlackICE)
 CAN-2004-2124 (The register_globals simulation capability in Gallery 1.3.1 through ...)
-	TODO: check
+        - gallery 1.4.4-pl1-1
 CAN-2004-2123 (Multiple cross-site scripting (XSS) vulnerabilities in Nextplace.com ...)
-	TODO: check
+	NOTE: not-for-us (Nextplace)
 CAN-2004-2122 (Cross-site scripting (XSS) vulnerability in intraforum_db.cgi in Intra ...)
-	TODO: check
-end claimed by jmm
+	NOTE: not-for-us (Intra Forum)
+begin claimed by jmm
 CAN-2004-2121 (Multiple directory traversal vulnerabilities in Borland Web Server ...)
 	TODO: check
 CAN-2004-2120 (Reptile Web Server allows remote attackers to cause a denial of ...)
@@ -208,17 +208,13 @@
 	TODO: check
 CAN-2002-1664 (Yahoo! Messenger before February 2002 allows remote attackers to add ...)
 	TODO: check
-CAN-2005-XXXX [SQL injection in Wordpress's template handling]
-	NOTE: Not in Sarge
-	- wordpress 1.5.1.2-1
+end claimed by jmm
 CAN-2005-XXXX [Unspecified issue in moodle's admin/delete.php]
 	- moodle 1.4.4.dfsg.1-3
 CAN-2005-XXXX [Minor DoS condition in mutt due to preditable tempfiles]
 	- mutt (unfixed; bug #311296)
 CAN-2005-XXXX [Buffer overflow in elog header_buffer]
 	- elog 2.5.9+r1674-1
-CAN-2005-XXXX [Insecure tempfile generation in shtool]
-	- shtool (unfixed; bug #311206)
 CAN-2005-XXXX [gforge arbitrary code execution through viewFile.php]
 	NOTE: According to advisory posted to Bugtraq fixed in 3.1-30, however it's
 	NOTE: not mentioned in the changelog, so it's either a hidden fix or unfixed