[Secure-testing-commits] r1300 - data/CAN

Moritz Muehlenhoff jmm-guest@costa.debian.org
Wed, 29 Jun 2005 09:42:28 +0000 

Author: jmm-guest
Date: 2005-06-29 09:42:25 +0000 (Wed, 29 Jun 2005)
New Revision: 1300

Modified:
   data/CAN/list
Log:
processed the recent block, nothing new except CAN assignments
for the two clamav issue. claim some older ones as well.


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-06-29 09:34:25 UTC (rev 1299)
+++ data/CAN/list	2005-06-29 09:42:25 UTC (rev 1300)
@@ -1,55 +1,54 @@
-begin claimed by jmm
 CAN-2005-2078 (BisonFTP Server V4R1 allows remote authenticated users to cause a ...)
-	TODO: check
+	NOTE: not-for-us (BisonFTP Server)
 CAN-2005-2077 (Cross-site scripting (XSS) vulnerability in error.asp for Hosting ...)
-	TODO: check
+	NOTE: not-for-us (Hosting Controller)
 CAN-2005-2076 (HP Version Control Repository Manager (VCRM) before 2.1.1.730 does not ...)
-	TODO: check
+	NOTE: not-for-us (HP Version Control Repository Manager)
 CAN-2005-2075 (PHP-Fusion 5.0 and 6.0 stores the database file with a predictable ...)
-	TODO: check
+	NOTE: not-for-us (PHP-Fusion)
 CAN-2005-2074 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.0.105 allows ...)
-	TODO: check
+	NOTE: not-for-us (PHP-Fusion)
 CAN-2005-2073 (Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through ...)
-	TODO: check
+	NOTE: not-for-us (DB2)
 CAN-2005-2072 (ld.so in Solaris 9 and 10 trusts the LD_AUDIT environment variable in ...)
-	TODO: check
+	NOTE: not-for-us (Solaris)
 CAN-2005-2071 (traceroute in Sun Solaris 10 on x86 systems allows local users to ...)
-	TODO: check
+	NOTE: not-for-us (Solaris)
 CAN-2005-2070 (The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used ...)
-	TODO: check
+	- clamav 0.86-1 (medium)
 CAN-2005-2069
 	NOTE: reserved
 CAN-2005-2068
 	NOTE: reserved
 CAN-2005-2067 (SQL injection vulnerability in article.asp in unknown versions of ...)
-	TODO: check
+	NOTE: not-for-us (ASP Nuke)
 CAN-2005-2066 (SQL injection vulnerability in comment_post.asp in ASP Nuke 0.80 ...)
-	TODO: check
+	NOTE: not-for-us (ASP Nuke)
 CAN-2005-2065 (HTTP response splitting vulnerability in language_select.asp in ASP ...)
-	TODO: check
+	NOTE: not-for-us (ASP Nuke)
 CAN-2005-2064 (Multiple cross-site scripting vulnerabilities in ASP Nuke 0.80 allow ...)
-	TODO: check
+	NOTE: not-for-us (ASP Nuke)
 CAN-2005-2063 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	TODO: check
+	NOTE: not-for-us (ActiveBuyAndSell)
 CAN-2005-2062 (Multiple SQL injection vulnerabilities in ActiveBuyAndSell 6.2 allow ...)
-	TODO: check
+	NOTE: not-for-us (ActiveBuyAndSell)
 CAN-2005-2061 (Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to include ...)
-	TODO: check
+	NOTE: not-for-us (Infopop UBB.Threads)
 CAN-2005-2060 (Multiple HTTP Response Splitting vulnerabilities in (1) ...)
-	TODO: check
+	NOTE: not-for-us (Infopop UBB.Threads)
 CAN-2005-2059 (Multiple cross-site request forgery (CSRF) vulnerabilities in (1) ...)
-	TODO: check
+	NOTE: not-for-us (Infopop UBB.Threads)
 CAN-2005-2058 (Multiple SQL injection vulnerabilities in Infopop UBB.Threads before ...)
-	TODO: check
+	NOTE: not-for-us (Infopop UBB.Threads)
 CAN-2005-2057 (Multiple cross-site scripting (XSS) vulnerabilities in Infopop ...)
-	TODO: check
+	NOTE: not-for-us (Infopop UBB.Threads)
 CAN-2005-2056 (The Quantum archive decompressor in Clam AntiVirus (ClamAV) before ...)
-	TODO: check
+	- clamav 0.86.1-1 (medium)
 CAN-2005-2055 (RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and RealOne ...)
-	TODO: check
+	NOTE: not-for-us (RealPlayer)
 CAN-2005-2054 (Unknown vulnerability in RealPlayer 10 and 10.5 (6.0.12.1040-1069) and ...)
-	TODO: check
-end claimed by jmm
+	NOTE: not-for-us (RealPlayer)
+begin claimed by jmm
 CAN-2002-1986 (Perception LiteServe 2.0 through 2.0.1 allows remote attackers to ...)
 	TODO: check
 CAN-2002-1985 (iSMTP 5.0.1 allows remote attackers to cause a denial of service via a ...)
@@ -120,6 +119,7 @@
 	TODO: check
 CAN-2002-1952 (phpRank 1.8 does not properly check the return codes for MySQL ...)
 	TODO: check
+end claimed by jmm
 CAN-2002-1951 (Buffer overflow in GoAhead WebServer 2.1 allows remote attackers to ...)
 	TODO: check
 CAN-2002-1950 (Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote ...)
@@ -484,10 +484,6 @@
 	NOTE: not-for-us (Duware)
 CAN-2005-XXXX [Insecure handling of tempfile for burning the backup in backup-manager]
 	- backup-manager 0.5.8-2 (low)
-CAN-2005-XXXX [clamav libmspack decompressor DoS]
-	- clamav 0.86.1-1 (medium)
-CAN-2005-XXXX [clamav-milter timeout DoS]
-	- clamav 0.86-1 (medium)
 CAN-2005-XXXX [Buffer overflow in Asterisk's command parser]
 	- asterisk (unfixed; bug #315532; high)
 CAN-2005-2044 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 ...)