[Secure-testing-commits] r1292 - data/CAN

Moritz Muehlenhoff jmm-guest@costa.debian.org
Tue, 28 Jun 2005 09:26:25 +0000 

Author: jmm-guest
Date: 2005-06-28 09:26:22 +0000 (Tue, 28 Jun 2005)
New Revision: 1292

Modified:
   data/CAN/list
Log:
tor CANified
new phpbb2 issue
some n-f-u


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-06-28 09:14:28 UTC (rev 1291)
+++ data/CAN/list	2005-06-28 09:26:22 UTC (rev 1292)
@@ -1,21 +1,23 @@
+CAN-2005-XXXX [Improper escaping in viewtopic.php in phpbb2]
+	- phpbb2 (unfixed; bug filed; high)
 CAN-2005-2053 (Just another flat file (JAF) CMS before 3.0 Final allows remote ...)
-	TODO: check
+	NOTE: not-for-us (JAF CMS)
 CAN-2005-2052 (Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 ...)
-	TODO: check
+	NOTE: not-for-us (RealPlayer)
 CAN-2005-2051 (Buffer overflow in the Backup Exec Web Administration Console (BEWAC) ...)
-	TODO: check
+	NOTE: not-for-us (BEWAC)
 CAN-2005-2050 (Unknown vulnerability in Tor before 0.1.0.10 allows remote attackers ...)
-	TODO: check
+	- tor 0.0.9.10-1 (medium)
 CAN-2005-2049 (Multiple SQL injection vulnerabilities in DUware DUclassmate 1.2 allow ...)
-	TODO: check
+	NOTE: not-for-us (Duware)
 CAN-2005-2048 (Multiple SQL injection vulnerabilities in DUware DUforum 3.1 allow ...)
-	TODO: check
+	NOTE: not-for-us (Duware)
 CAN-2005-2047 (Multiple SQL injection vulnerabilities in DUware DUpaypal Pro 3.0 ...)
-	TODO: check
+	NOTE: not-for-us (Duware)
 CAN-2005-2046 (Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and ...)
-	TODO: check
+	NOTE: not-for-us (Duware)
 CAN-2005-2045 (Multiple SQL injection vulnerabilities in DUware DUportal PRO 3.4.3 ...)
-	TODO: check
+	NOTE: not-for-us (Duware)
 CAN-2005-XXXX [Insecure handling of tempfile for burning the backup in backup-manager]
 	- backup-manager 0.5.8-2 (low)
 CAN-2005-XXXX [clamav libmspack decompressor DoS]
@@ -460,8 +462,6 @@
 	- snort 1.6.1-1
 CAN-2000-1225 (Xitami 2.5b installs the testcgi.exe program by default in the cgi-bin ...)
 	NOTE: not-for-us (Xitami)
-CAN-2005-XXXX [Tor: Information leak through insufficient length verification of relay calls]
-	- tor 0.0.9.10-1 (medium)
 CAN-2005-1975 (Multiple cross-site scripting (XSS) vulnerabilities in Annuaire 1Two ...)
 	NOTE: not-for-us (Annuaire)
 CAN-2005-1974 (Unknown vulnerability in Java 2 Platform, Standard Edition (J2SE) 5.0 ...)