[Secure-testing-commits] r1270 - data/CAN

Joey Hess joeyh@costa.debian.org
Thu, 23 Jun 2005 23:18:10 +0000 

Author: joeyh
Date: 2005-06-23 23:18:07 +0000 (Thu, 23 Jun 2005)
New Revision: 1270

Modified:
   data/CAN/list
Log:

add a few bug numbers and urgencies


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-06-23 21:14:21 UTC (rev 1269)
+++ data/CAN/list	2005-06-23 23:18:07 UTC (rev 1270)
@@ -1,7 +1,7 @@
 CAN-2005-XXXX Multiple XSS and input validation errors in cacti
 	- cacti 0.8.6e-1 (high)
 CAN-2005-XXXX [Buffer overflow in Asterisk's command parser]
-	- asterisk (unfixed; bug pending)
+	- asterisk (unfixed; bug #315532; high)
 CAN-2005-2044 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 ...)
 	NOTE: not-for-us (ATutor)
 CAN-2005-2043 (Directory traversal vulnerability in XAMPP before 1.4.14 allows remote ...)
@@ -14,7 +14,7 @@
 	TODO: Check telnetd from netkit, krb4, krb5, as they all seem to be derived from the same BSD code base
 	- heimdal (unfixed; bug #315065; medium)
 CAN-2005-2039 (Unknown vulnerability in "various plugins" for NanoBlogger 3.2.1 and ...)
-	- nanoblogger (unfixed; bug pending)
+	- nanoblogger (unfixed; bug #315492; medium)
 CAN-2005-2038 (Fortibus CMS 4.0.0 allows remote attackers to modify information of ...)
 	NOTE: not-for-us (Fortibus CMS)
 CAN-2005-2037 (Multiple SQL injection vulnerabilities in Fortibus CMS 4.0.0 allow ...)
@@ -78,7 +78,7 @@
 CAN-2005-2009 (Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow ...)
 	NOTE: not-for-us (Ublog Reload)
 CAN-2005-2008 (Yaws Webserver 1.55 and earlier allows remote attackers to obtain the ...)
-	- yaws 1.56-1
+	- yaws 1.56-1 (low)
 CAN-2005-2007 (Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier ...)
 	- trac 0.8.4-1
 CAN-2005-2006 (JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain ...)
@@ -2485,7 +2485,7 @@
 	NOTE: not-for-us (Leafnode2 development branch)
 CAN-2005-XXXX [Missing input validation in xtradius]
 	NOTE: not shipped in deb
-	- xtradius 1.2.1-beta2-2
+	- xtradius 1.2.1-beta2-2 (low)
 CAN-2005-XXXX [fai tempfile vulnerability]
 	- fai 2.8.2
 CAN-2005-XXXX [nvu uses old version of mozilla]