[Secure-testing-commits] r1290 - data/CAN
Moritz Muehlenhoff
jmm-guest@costa.debian.org
Tue, 28 Jun 2005 08:03:59 +0000
Author: jmm-guest
Date: 2005-06-28 08:03:56 +0000 (Tue, 28 Jun 2005)
New Revision: 1290
Modified:
data/CAN/list
Log:
process some older TODOs
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-06-28 07:40:47 UTC (rev 1289)
+++ data/CAN/list 2005-06-28 08:03:56 UTC (rev 1290)
@@ -321,7 +321,7 @@
CAN-2002-1698 (Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 ...)
NOTE: not-for-us (Microsoft)
CAN-2002-1697 (Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak ...)
- TODO: check
+ - vtun 2.6-1
CAN-2002-1696 (Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently ...)
NOTE: not-for-us (Microsoft Outlook plugin)
CAN-2002-1695 (Norton Internet Security 2001 opens log files with FILE_SHARE_READ and ...)
@@ -343,34 +343,35 @@
CAN-2002-1686 (Buffer overflow in lscfg of unknown versions of AIX has unknown ...)
NOTE: not-for-us (AIX)
CAN-2002-1685 (Cross-site scripting vulnerability (XSS) in BadBlue Enterprise Edition ...)
- TODO: check
+ NOTE: not-for-us (BadBlue Enterprise Edition)
CAN-2002-1684 (Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2) ...)
- TODO: check
+ NOTE: not-for-us (Deerfield D2Gfx)
CAN-2002-1683 (Cross-site scripting (XSS) vulnerability in BadBlue Personal Edition ...)
- TODO: check
+ NOTE: not-for-us (BadBlue Personal Edition)
CAN-2002-1682 (NewsReactor 1.0 uses a weak encryption scheme, which could allow local ...)
- TODO: check
+ NOTE: not-for-us (NewsReactor)
CAN-2002-1681 (Cross-site scripting (XSS) vulnerability in Slashcode CVS releases ...)
- TODO: check
+ NOTE: Only present in intermediate CVS version, not released in Debian
CAN-2002-1680 (Cross-site scripting (XSS) vulnerability in CGI Online Worldweb ...)
- TODO: check
+ NOTE: not-for-us (COWS)
CAN-2002-1679 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 2.2.0 ...)
- TODO: check
+ NOTE: not-for-us (vBulletin)
CAN-2002-1678 (Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft ...)
- TODO: check
+ NOTE: not-for-us (vBulletin)
CAN-2002-1677 (14all.cgi 1.1p15 in mrtgconfig allows remote attackers to determine ...)
- TODO: check
+ NOTE: not-for-us (mrtgconfig)
CAN-2002-1676 (BindView NetInventory 1.0, when used with NetRC 1.0, allows local ...)
- TODO: check
+ NOTE: not-for-us (BindView NetInventory)
CAN-2002-1675 (Format string vulnerability in the Cio_PrintF function of cio_main.c ...)
- TODO: check
+ NOTE: not-for-us (Unreal IRCd)
CAN-2002-1674 (procfs on FreeBSD before 4.5 allows local users to cause a denial of ...)
NOTE: kfreebsd use a much more recent version of the freebsd kernel
NOTE: not-for-us (FreeBSD)
CAN-2002-1673 (The web interface for Webmin 0.92 does not properly quote or filter ...)
TODO: check
CAN-2002-1672 (Webmin 0.92, when installed from an RPM, creates /var/webmin with ...)
- TODO: check
+ NOTE: Packaging flaw of an unknown RPM based distro. Permissions of Debian's
+ NOTE: webmin package look sane and FHS compliant
CAN-2002-1671 (Microsoft Internet Explorer 5.0, 5.01, and 5.5 allows remote attackers ...)
NOTE: not-for-us (Microsoft)
CAN-2002-1670 (Microsoft Windows XP Professional upgrade edition overwrites ...)
@@ -385,7 +386,7 @@
CAN-2002-1666 (Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 ...)
NOTE: not-for-us (Oracle)
CAN-2001-1506 (Unknown vulnerability in the file system protection subsystem in HP ...)
- TODO: check
+ NOTE: not-for-us (HP Secure OS layer)
CAN-2001-1505 (tinc 1.0pre3 and 1.0pre4 allows remote attackers to inject data into ...)
- tinc 1.0pre5-1
CAN-2001-1504 (Lotus Notes R5 Client 4.6 allows remote attackers to execute arbitrary ...)
@@ -393,11 +394,12 @@
CAN-2001-1503 (The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS ...)
NOTE: not-for-us (Sun)
CAN-2001-1502 (webcart.cgi in Mountain Network Systems WebCart 8.4 allows remote ...)
- TODO: check
+ NOTE: not-for-us (WebCart)
CAN-2001-1501 (The glob functionality in ProFTPD 1.2.1, and possibly other versions ...)
- TODO: check
+ NOTE: Fix went into proftpd CVS on 2002-12-12
+ - proftpd 1.2.8-1
CAN-2001-1500 (ProFTPD 1.2.2rc2, and possibly other versions, does not properly ...)
- TODO: check
+ - proftpd 1.2.4-1
CAN-2001-1499 (Check Point VPN-1 4.1SP4 using SecuRemote returns different error ...)
NOTE: not-for-us (Check Point)
CAN-2001-1498 (Buffer overflow in mod_bf 0.2 allows local users execute arbitrary ...)
@@ -407,7 +409,7 @@
CAN-2001-1496 (Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd ...)
TODO: check
CAN-2001-1495 (network_query.php in Network Query Tool 1.0 allows remote attackers ...)
- TODO: check
+ NOTE: not-for-us (Network Query Tool)
CAN-2001-1494 (script command in the util-linux package before 2.11n allows local ...)
- util-linux 2.11n-1
CAN-2001-1492 ( ...)
@@ -1058,7 +1060,7 @@
CAN-2005-1730
NOTE: reserved
CAN-2005-1729 (Novell eDirectory 8.7.3 allows remote attackers to cause a denial of ...)
- TODO: check
+ NOTE: not-for-us (Novell)
CAN-2005-1728 (MCX Client for Apple Mac OS X 10.4.x up to 10.4.1 insecurely logs ...)
NOTE: not-for-us (Apple)
CAN-2005-1727 (Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and ...)
@@ -1183,7 +1185,7 @@
CAN-2005-1670 (Unknown vulnerability in Extreme BlackDiamond 10808 and 8800 switches ...)
NOTE: not-for-us (Extreme BlackDiamond hardware)
CAN-2005-1669 (Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 ...)
- TODO: check
+ NOTE: not-for-us (Opera)
CAN-2005-1668 (YusASP Web Asset Manager 1.0 allows remote attackers to gain ...)
NOTE: not-for-us (YusASP Web Asset Manager)
CAN-2005-1667 (DataTrac Activity Console 1.1 allows remote attackers to cause a ...)
@@ -2415,7 +2417,7 @@
- mozilla-firefox 1.0.4-1
TODO: check mozilla too
CAN-2005-1475 (The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote ...)
- TODO: check
+ NOTE: not-for-us (Opera)
CAN-2005-1474 (Dashboard in Apple Mac OS X 10.4.1 allows remote attackers to install ...)
NOTE: not-for-us (Apple)
CAN-2005-1473 (SecurityAgent in Apple Mac OS X 10.4.1 allows attackers with physical ...)