[Secure-testing-commits] r535 - sarge-checks/CAN

Stefan Fritsch stef-guest@costa.debian.org
Wed, 09 Mar 2005 12:06:36 +0100


Author: stef-guest
Date: 2005-03-09 12:06:33 +0100 (Wed, 09 Mar 2005)
New Revision: 535

Modified:
   sarge-checks/CAN/list
Log:
checked a few

Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-03-09 09:49:27 UTC (rev 534)
+++ sarge-checks/CAN/list	2005-03-09 11:06:33 UTC (rev 535)
@@ -18,50 +18,49 @@
 	TODO: check
 CAN-2005-0694 (Hosting Controller 6.1 Hotfix 1.7 and earlier stores log files under ...)
 	TODO: check
-begin claimed by stef
 CAN-2005-0693 (Buffer overflow in JoWood Chaser 1.50 and earlier allows remote ...)
-	TODO: check
+	NOTE: not-for-us (JoWood Chaser (for Windows))
 CAN-2005-0692 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 5.x allows ...)
-	TODO: check
+	NOTE: not-for-us (PHP-Fusion not in Debian)
 CAN-2005-0691 (PHP remote code injection vulnerability in article mode for ...)
-	TODO: check
+	NOTE: not-for-us (SocialMPN not in Debian)
 CAN-2005-0690 (Gene6 FTP Server does not properly restrict access to the control ...)
-	TODO: check
+	NOTE: not-for-us (Gene6 FTP Server for Win)
 CAN-2005-0689 (includer.cgi in The Includer allows remote attackers to execute ...)
-	TODO: check
+	NOTE: not-for-us (The Includer not in Debian)
 CAN-2005-0688 (Windows Server 2003 and XP SP2, with Windows Firewall turned off, ...)
-	TODO: check
+	NOTE: not-for-us (Windows)
 CAN-2005-0687 (Format string vulnerability in Hashcash 1.16 allows remote attackers ...)
-	TODO: check
+	- hashcash (unfixed; bug #298692)
 CAN-2005-0686 (Integer overflow in mlterm 2.5.0 through 2.9.1, with gdk-pixbuf ...)
-	TODO: check
+	- mlterm 2.9.2
+	NOTE: see bug #298621, was stalled in NEW, now accepted
 CAN-2005-0685 (Multiple access validation errors in OutStart Participate Enterprise ...)
-	TODO: check
+	NOTE: not-for-us (OutStart Participate Enterprise)
 CAN-2005-0684
 	NOTE: reserved
 CAN-2005-0683 (phpBB 2.0.13 and earlier allows remote attackers to obtain the full ...)
-	TODO: check
+	- phpbb2 (unfixed; bug #298688)
 CAN-2005-0682 (Cross-site scripting (XSS) vulnerability in common.inc in Drupal ...)
-	TODO: check
+	- drupal 4.5.2
 CAN-2005-0681 (Nokia Symbian 60 allows remote attackers to cause a denial of service ...)
-	TODO: check
+	NOTE: not-for-us (Nokia)
 CAN-2005-0680 (PHP remote code injection vulnerability in ...)
-	TODO: check
+	NOTE: not-for-us (Download Center Lite not in Debian)
 CAN-2005-0679 (PHP remote code injection vulnerability in tell_a_friend.inc.php for ...)
-	TODO: check
+	NOTE: not-for-us (Tell A Friend Script not in Debian)
 CAN-2005-0678 (PHP remote code injection vulnerability in formmail.inc.php for Form ...)
-	TODO: check
+	NOTE: not-for-us (Form Mail Script not in Debian)
 CAN-2005-0677 (index.php for Zorum 3.5 allows remote attackers to perform certain ...)
-	TODO: check
+	NOTE: not-for-us (Zorum not in Debian)
 CAN-2005-0676 (index.php in Zorum 3.5 allows remote attackers to trigger an SQL ...)
-	TODO: check
+	NOTE: not-for-us (Zorum not in Debian)
 CAN-2005-0675 (Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.5 ...)
-	TODO: check
+	NOTE: not-for-us (Zorum not in Debian)
 CAN-2005-0674 (Cross-site scripting (XSS) vulnerability in the News module for paBox ...)
-	TODO: check
+	NOTE: not-for-us (Pabox for PHPNuke not in Debian)
 CAN-2005-0673 (Cross-site scripting (XSS) vulnerability in usercp_register.php for ...)
-	TODO: check
-end claimed by stef
+	- phpbb2 (unfixed; bug #298690)
 begin claimed by djoume
 CAN-2005-0672 (Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows ...)
 	TODO: check