[Secure-testing-commits] r509 - sarge-checks/CAN

Joey Hess joeyh@costa.debian.org
Tue, 01 Mar 2005 21:14:26 +0100 

Author: joeyh
Date: 2005-03-01 21:14:23 +0100 (Tue, 01 Mar 2005)
New Revision: 509

Modified:
   sarge-checks/CAN/list
Log:
more mozilla stuff, and other TODOs that fell thru the cracks


Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-03-01 20:03:12 UTC (rev 508)
+++ sarge-checks/CAN/list	2005-03-01 20:14:23 UTC (rev 509)
@@ -228,7 +228,7 @@
 CAN-2005-0539 (Unknown vulnerability in IBM Hardware Management Console (HMC) before ...)
 	NOTE: not-for-us (IBM)
 CAN-2005-0538 (Directory traversal vulnerability in (1) GinpPictureServlet.java and ...)
-	TODO: check
+	NOTE: not-for-us (ginp)
 CAN-2005-0537 (Multiple SQL injection vulnerabilities in page.php for iGeneric (iG) ...)
 	NOTE: not-for-us (iGeneric (iG) Shop)
 CAN-2005-0536 (Directory traversal vulnerability in MediaWiki 1.3.x before 1.3.11 and ...)
@@ -267,7 +267,9 @@
 CAN-2005-0528
 	NOTE: reserved
 CAN-2005-0527 (Firefox 1.0 allows remote attackers to execute arbitrary code via ...)
-	TODO: check
+	- mozilla-firefox 1.0.1
+	NOTE: didn't other with YA mozilla-browser bug, it has enough for 1.7.6 already..
+	- mozilla-browser 2:1.7.6
 CAN-2005-0526 (Multiple cross-site scripting (XSS) vulnerabilities in PBLang 4.65 ...)
 	NOTE: not-for-us (PBLang)
 CAN-2005-0525
@@ -1469,7 +1471,9 @@
 CAN-2005-0256 (The wu_fnmatch function in wu_fnmatch.c for wu-fptd 2.6.1 and 2.6.2 ...)
 	- wu-ftpd 2.6.2-19
 CAN-2005-0255 (String handling functions in Mozilla 1.7.3 and Firefox 1.0, such as ...)
-	TODO: check
+	- mozilla-firefox 1.0.1
+	NOTE: didn't other with YA mozilla-browser bug, it has enough for 1.7.6 already..
+	- mozilla-browser 2:1.7.6
 CAN-2005-0254 (BibORB 1.3.2, and possibly earlier versions, does not properly enforce ...)
 	NOTE: not-for-us (BibORB)
 CAN-2005-0253 (Directory traversal vulnerability in index.php for BibORB 1.3.2, and ...)
@@ -1654,7 +1658,7 @@
 CAN-2005-0206 (The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 ...)
 	TODO: check
 CAN-2005-0205 (KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain ...)
-	TODO: check
+	- kppp 4:3.1.6
 CAN-2005-0204 (Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T ...)
 	NOTE: according to the CAN it is fixed in 2.6.10, but
 	NOTE: looking at the source it is not so clear, noting this
@@ -3174,9 +3178,9 @@
 CAN-2004-0946 (rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit ...)
 	NOTE: does not apply per maintainer
 CAN-2004-0945 (The web management interface for Mitel 3300 Integrated Communications ...)
-	TODO: check
+	NOTE: not-for-us (Mitel 3300 Integrated Communications Platform)
 CAN-2004-0944 (The web management interface for Mitel 3300 Integrated Communications ...)
-	TODO: check
+	NOTE: not-for-us (Mitel 3300 Integrated Communications Platform)
 CAN-2004-0943
 	NOTE: reserved
 CAN-2004-0942 (Apache webserver 2.0.52 and earlier allows remote attackers to cause a ...)