[Secure-testing-commits] r522 - sarge-checks/CAN

SALVETTI Djoumé djoume-guest@costa.debian.org
Fri, 04 Mar 2005 15:45:34 +0100


Author: djoume-guest
Date: 2005-03-04 15:45:31 +0100 (Fri, 04 Mar 2005)
New Revision: 522

Modified:
   sarge-checks/CAN/list
Log:
* processed some CAN



Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-03-04 11:08:48 UTC (rev 521)
+++ sarge-checks/CAN/list	2005-03-04 14:45:31 UTC (rev 522)
@@ -208,53 +208,55 @@
 	TODO: check
 CAN-2004-1734 (PHP remote code injection vulnerability in Mantis 0.19.0a allows ...)
 	TODO: check
+	NOTE: I have mailed upstream to be sure. -- Djoume
 CAN-2004-1733 (Directory traversal vulnerability in MyDMS 1.4.2 and other versions ...)
-	TODO: check
+	NOTE: not-for-us (MyDMS)
 CAN-2004-1732 (SQL injection vulnerability in out.ViewFolder.php in MyDMS before ...)
-	TODO: check
+	NOTE: not-for-us (MyDMS)
 CAN-2004-1731 (signup_page.php in Mantis bugtracker allows remote attackers to send ...)
-	TODO: check
+	- mantis 0.19.0-1
 CAN-2004-1730 (Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows ...)
-	TODO: check
+	- mantis 0.19.0-1
+	NOTE: I have mailed upstream to be sure. -- Djoume
+end claimed by djoume
 CAN-2004-1729 (Cross-site scripting (XSS) vulnerability in Nihuo Web Log Analyzer 1.6 ...)
-	TODO: check
+	NOTE: not-for-us (Nihuo Web Log Analyzer)
 CAN-2004-1728 (Buffer overflow in British National Corpus SARA (sarad) allows remote ...)
-	TODO: check
+	NOTE: not-for-us (sarad)
 CAN-2004-1727 (BadBlue 2.5 allows remote attackers to cause a denial of service ...)
-	TODO: check
+	NOTE: not-for-us (BadBlue)
 CAN-2004-1726 (Multiple integer overflows in (1) xviris.c, (2) xvpcx.c, and (3) ...)
-	TODO: check
+	NOTE: not-for-us (XV)
 CAN-2004-1725 (Stack-based buffer overflow in xvbmp.c in XV allows remote attackers ...)
-	TODO: check
+	NOTE: not-for-us (XV)
 CAN-2004-1724 (The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the ...)
-	TODO: check
+	NOTE: not-for-us (PHP-Fusion)
 CAN-2004-1723 (The (1) updateuser.php and (2) forums_prune.php scripts in PHP-Fusion ...)
-	TODO: check
+	NOTE: not-for-us (PHP-Fusion)
 CAN-2004-1722 (SQL injection vulnerability in calendar.html in Merak Mail Server ...)
-	TODO: check
+	NOTE: not-for-us (Merak Mail Server)
 CAN-2004-1721 (The (1) function.php or (2) function.view.php scripts in Merak Mail ...)
-	TODO: check
+	NOTE: not-for-us (Merak Mail Server)
 CAN-2004-1720 (The (1) address.html or (2) calendar.html pages in Merak Mail Server ...)
-	TODO: check
+	NOTE: not-for-us (Merak Mail Server)
 CAN-2004-1719 (Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail ...)
-	TODO: check
+	NOTE: not-for-us (Merak Webmail Server)
 CAN-2004-1718 (The ZwOpenSection function in Integrity Protection Driver (IPD) 1.4 ...)
-	TODO: check
+	NOTE: not-for-us (IPD)
 CAN-2004-1717 (Multiple buffer overflows in the psscan function in ps.c for gv ...)
-	TODO: check
+	- gv 1:3.6.1-1
 CAN-2004-1716 (Cross-site scripting (XSS) vulnerability in PForum before 1.26 allows ...)
-	TODO: check
+	NOTE: not-for-us (PForum)
 CAN-2004-1715 (Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 ...)
-	TODO: check
+	NOTE: not-for-us (MIMEsweeper)
 CAN-2004-1714 (BlackICE PC Protection and Server Protection installs (1) ...)
-	TODO: check
+	NOTE: not-for-us (BlackICE PC Protection)
 CAN-2004-1713 (Unknown vulnerability in HP Process Resource Manager (PRM) ...)
-	TODO: check
+	NOTE: not-for-us (PRM on HP-UX)
 CAN-2004-1712 (Cross-site scripting (XSS) vulnerability in TypePad allows remote ...)
-	TODO: check
+	NOTE: not-for-us (TypePad)
 CAN-2004-1711 (Cross-site scripting (XSS) vulnerability in post.php in Moodle before ...)
-	TODO: check
-end claimed by djoume
+	- moodle 1.4-1
 CAN-2004-1710 (page.cgi allows remote attackers to execute arbitrary commands via ...)
 	NOTE: not-for-us (page.cgi)
 CAN-2004-1709 (Datakey Rainbow iKey2032 USB token, when using the CIP client package, ...)