[Secure-testing-commits] r539 - sarge-checks/CAN

SALVETTI Djoumé djoume-guest@costa.debian.org
Thu, 10 Mar 2005 17:29:59 +0100 

Author: djoume-guest
Date: 2005-03-10 17:29:56 +0100 (Thu, 10 Mar 2005)
New Revision: 539

Modified:
   sarge-checks/CAN/list
Log:
* processed a part of my block


Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-03-09 22:51:05 UTC (rev 538)
+++ sarge-checks/CAN/list	2005-03-10 16:29:56 UTC (rev 539)
@@ -123,43 +123,47 @@
 CAN-2005-0643
 	NOTE: reserved
 CAN-2005-0642 (SQL injection vulnerability in the Query Designer for Computer ...)
-	TODO: check
+	NOTE: not-for-us (Computer Associates UAM)
 CAN-2005-0641 (Cross-site scripting (XSS) vulnerability in the Reporter for Computer ...)
-	TODO: check
+	NOTE: not-for-us (Computer Associates UAM)
 CAN-2005-0640 (Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not ...)
-	TODO: check
+	NOTE: not-for-us (Computer Associates UAM)
 CAN-2005-0639 (Multiple vulnerabilities in xli before 1.17 may allow remote attackers ...)
-	TODO: check
+	- xli (unfixed; bug #298039)
+	NOTE: I think xloadimage might be also vulnerable, I have mailed 
+	NOTE: Tavis Ormandy  about this. -- Djoume
 CAN-2005-0638 (xloadimage before 4.1-r2, and xli before 1.17, allows attackers to ...)
-	TODO: check
+	- xli (unfixed; bug #298039)
+	- xloadimage (unfixed; bug filed)
 CAN-2005-0637 (The copy functions in locore.s in OpenBSD 3.5 and 3.6 may allow ...)
-	TODO: check
+	NOTE: not-for-us (OpenBSD)
 CAN-2005-0636 (Format string vulnerability in Foxmail Server 2.0 allows remote ...)
-	TODO: check
+	NOTE: not-for-us (Foxmail)
 CAN-2005-0635 (Buffer overflow in Foxmail Server 2.0 allows remote attackers to ...)
-	TODO: check
+	NOTE: not-for-us (Foxmail)
 CAN-2005-0634 (Buffer overflow in Golden FTP Server 1.92 allows remote attackers to ...)
-	TODO: check
+	NOTE: not-for-us (Golden FTP Server)
 CAN-2005-0633 (Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to ...)
-	TODO: check
+	NOTE: not-for-us (Trillian)
 CAN-2005-0632 (PHP remote code injection vulnerability in auth.php in PHPNews 1.2.4 ...)
-	TODO: check
+	NOTE: not-for-us (PHPNews)
 CAN-2005-0631 (delpm.php in PBLang 4.63 allows remote authenticated users to delete ...)
-	TODO: check
+	NOTE: not-for-us (PBLang)
 CAN-2005-0630 (sendpm.php in PBLang 4.63 allows remote authenticated users to read ...)
-	TODO: check
+	NOTE: not-for-us (PBLang)
 CAN-2005-0629 (Multiple cross-site scripting (XSS) vulnerabilities in profile.php in ...)
-	TODO: check
+	NOTE: not-for-us (427BB)
 CAN-2005-0628 (Multiple cross-site scripting (XSS) vulnerabilities in Forumwa 1.0 ...)
-	TODO: check
+	NOTE: not-for-us (Forumwa)
 CAN-2005-0627 (Qt before 3.3.4 searches the BUILD_PREFIX directory, which could be ...)
-	TODO: check
+	NOTE: We are not vulnerable to this since RPATH has been disable in QT3 ever since
+	NOTE: Martin Loschwitz maintain it.
 CAN-2004-1754 (The DNS proxy (DNSd) for multiple Symantec Gateway Security products ...)
-	TODO: check
+	NOTE: not-for-us (Symantec DNSd)
 CAN-2003-1089 (index.php for Zorum 3.4 allows remote attackers to determine the full ...)
-	TODO: check
+	NOTE: not-for-us (Zorum not in Debian)
 CAN-2003-1088 (Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 ...)
-	TODO: check
+	NOTE: not-for-us (Zorum not in Debian)
 end claimed by djoume
 CAN-2005-0626 (Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the ...)
 	- squid 2.5.9-2