[Secure-testing-commits] r509 - sarge-checks/CAN
Joey Hess
joeyh@costa.debian.org
Tue, 01 Mar 2005 21:14:26 +0100
Author: joeyh
Date: 2005-03-01 21:14:23 +0100 (Tue, 01 Mar 2005)
New Revision: 509
Modified:
sarge-checks/CAN/list
Log:
more mozilla stuff, and other TODOs that fell thru the cracks
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-03-01 20:03:12 UTC (rev 508)
+++ sarge-checks/CAN/list 2005-03-01 20:14:23 UTC (rev 509)
@@ -228,7 +228,7 @@
CAN-2005-0539 (Unknown vulnerability in IBM Hardware Management Console (HMC) before ...)
NOTE: not-for-us (IBM)
CAN-2005-0538 (Directory traversal vulnerability in (1) GinpPictureServlet.java and ...)
- TODO: check
+ NOTE: not-for-us (ginp)
CAN-2005-0537 (Multiple SQL injection vulnerabilities in page.php for iGeneric (iG) ...)
NOTE: not-for-us (iGeneric (iG) Shop)
CAN-2005-0536 (Directory traversal vulnerability in MediaWiki 1.3.x before 1.3.11 and ...)
@@ -267,7 +267,9 @@
CAN-2005-0528
NOTE: reserved
CAN-2005-0527 (Firefox 1.0 allows remote attackers to execute arbitrary code via ...)
- TODO: check
+ - mozilla-firefox 1.0.1
+ NOTE: didn't other with YA mozilla-browser bug, it has enough for 1.7.6 already..
+ - mozilla-browser 2:1.7.6
CAN-2005-0526 (Multiple cross-site scripting (XSS) vulnerabilities in PBLang 4.65 ...)
NOTE: not-for-us (PBLang)
CAN-2005-0525
@@ -1469,7 +1471,9 @@
CAN-2005-0256 (The wu_fnmatch function in wu_fnmatch.c for wu-fptd 2.6.1 and 2.6.2 ...)
- wu-ftpd 2.6.2-19
CAN-2005-0255 (String handling functions in Mozilla 1.7.3 and Firefox 1.0, such as ...)
- TODO: check
+ - mozilla-firefox 1.0.1
+ NOTE: didn't other with YA mozilla-browser bug, it has enough for 1.7.6 already..
+ - mozilla-browser 2:1.7.6
CAN-2005-0254 (BibORB 1.3.2, and possibly earlier versions, does not properly enforce ...)
NOTE: not-for-us (BibORB)
CAN-2005-0253 (Directory traversal vulnerability in index.php for BibORB 1.3.2, and ...)
@@ -1654,7 +1658,7 @@
CAN-2005-0206 (The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 ...)
TODO: check
CAN-2005-0205 (KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain ...)
- TODO: check
+ - kppp 4:3.1.6
CAN-2005-0204 (Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T ...)
NOTE: according to the CAN it is fixed in 2.6.10, but
NOTE: looking at the source it is not so clear, noting this
@@ -3174,9 +3178,9 @@
CAN-2004-0946 (rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit ...)
NOTE: does not apply per maintainer
CAN-2004-0945 (The web management interface for Mitel 3300 Integrated Communications ...)
- TODO: check
+ NOTE: not-for-us (Mitel 3300 Integrated Communications Platform)
CAN-2004-0944 (The web management interface for Mitel 3300 Integrated Communications ...)
- TODO: check
+ NOTE: not-for-us (Mitel 3300 Integrated Communications Platform)
CAN-2004-0943
NOTE: reserved
CAN-2004-0942 (Apache webserver 2.0.52 and earlier allows remote attackers to cause a ...)