[Secure-testing-commits] r545 - sarge-checks/CAN

SALVETTI Djoumé djoume-guest@costa.debian.org
Fri, 11 Mar 2005 16:54:59 +0100 

Author: djoume-guest
Date: 2005-03-11 16:54:56 +0100 (Fri, 11 Mar 2005)
New Revision: 545

Modified:
   sarge-checks/CAN/list
Log:
* processed my block


Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-03-11 08:14:20 UTC (rev 544)
+++ sarge-checks/CAN/list	2005-03-11 15:54:56 UTC (rev 545)
@@ -116,63 +116,63 @@
 	NOTE: not-for-us (Pabox for PHPNuke not in Debian)
 CAN-2005-0673 (Cross-site scripting (XSS) vulnerability in usercp_register.php for ...)
 	- phpbb2 (unfixed; bug #298690)
-begin claimed by djoume
 CAN-2005-0672 (Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows ...)
-	TODO: check
+	NOTE: not-for-us (Ca3DE)
 CAN-2005-0671 (Format string vulnerability in Carsten's 3D Engine (Ca3DE), March 2004 ...)
-	TODO: check
+	NOTE: not-for-us (Ca3DE)
 CAN-2005-0670 (Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through ...)
-	TODO: check
+	NOTE: not-for-us (phpCOIN)
 CAN-2005-0669 (Multiple SQL injection vulnerabilities in mod.php for phpCOIN 1.2.0 ...)
-	TODO: check
+	NOTE: not-for-us (phpCOIN)
 CAN-2005-0668 (Unknown vulnerability in HTTP Anti Virus Proxy (HAVP) before 0.51 ...)
-	TODO: check
+	NOTE: not-for-us (HAVP)
 CAN-2005-0667 (Buffer overflow in Sylpheed before 1.0.3 and other versions before ...)
-	TODO: check
+	- sylpheed (unfixed; bug #298173)
 CAN-2005-0666 (Unknown vulnerability in PaX from the September 2003 release to 2.2 ...)
-	TODO: check
+	- kernel-patch-adamantix 1.7
 CAN-2005-0665 (Format string vulnerability in xv before 3.10a allows remote attackers ...)
-	TODO: check
+	NOTE: not-for-us (XV)
 CAN-2005-0664 (Buffer overflow in the EXIF library (libexif) 0.6.9 does not properly ...)
-	TODO: check
+	- libexif 0.6.9-5
 CAN-2005-0663 (SQL injection vulnerability in index.php for MercuryBoard 1.1.2 allows ...)
-	TODO: check
+	NOTE: not-for-us (Mercury Board)
 CAN-2005-0662 (Cross-site scripting (XSS) vulnerability in index.php for MercuryBoard ...)
-	TODO: check
+	NOTE: not-for-us (Mercury Board)
 CAN-2005-0661 (SQL injection vulnerability in the getwbbuserdata function in ...)
-	TODO: check
+	NOTE: not-for-us (Woltlab Burning Board)
 CAN-2005-0660 (Multiple cross-site scripting (XSS) vulnerabilities in D-Forum 1.11 ...)
-	TODO: check
+	NOTE: not-for-us (D-Forum)
 CAN-2005-0659 (phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive ...)
-	TODO: check
+	NOTE: This is not a security issue as the installation path is known.
 CAN-2005-0658 (SQL injection vulnerability in a third party extension to TYPO3 allows ...)
-	TODO: check
+	NOTE: not-for-us (Typo3)
 CAN-2005-0657 (Directory traversal vulnerability in Computalynx CProxy 3.3.x and ...)
-	TODO: check
+	NOTE: not-for-us (Computalynx CProxy)
 CAN-2005-0656 (Multiple cross-site scripting (XSS) vulnerabilities in auraCMS 1.5 ...)
-	TODO: check
+	NOTE: not-for-us (auraCMS)
 CAN-2005-0655 (auraCMS 1.5 allows remote attackers to obtain sensitive information ...)
-	TODO: check
+	NOTE: not-for-us (auraCMS)
 CAN-2005-0654 (gifload.exe in GIMP 2.0.5, 2.2.3, and possibly 2.2.4 allows remote ...)
-	TODO: check
+	NOTE: I don't think this is a security issue
+	NOTE: I've mailed maintainer -- Djoume
 CAN-2005-0653 (phpMyAdmin 2.6.1 does not properly grant permissions on tables with an ...)
-	TODO: check
+	- phpmyadmin 3:2.6.1-pl3-1
 CAN-2005-0652 (Unknown vulnerability in HP OpenVMS VAX 7.x and 6.x and OpenVMS Alpha ...)
-	TODO: check
+	NOTE: not-for-us (OpenVMS)
 CAN-2005-0651 (SQL injection vulnerability in divers.php (incorrectly referred to as ...)
-	TODO: check
+	NOTE: not-for-us (ProjectBB)
 CAN-2005-0650 (Cross-site scripting (XSS) vulnerability in divers.php (incorrectly ...)
-	TODO: check
+	NOTE: not-for-us (ProjectBB)
 CAN-2005-0649 (Pixel-Apes SafeHTML before 1.2.1 allows remote attackers to bypass ...)
-	TODO: check
+	NOTE: not-for-us (Pixel-Apes SafeHTML)
 CAN-2005-0648 (Multiple vulnerabilities in Pixel-Apes SafeHTML before 1.3.0 allow ...)
-	TODO: check
+	NOTE: not-for-us (Pixel-Apes SafeHTML)
 CAN-2005-0647 (admin_setup.php in paNews 2.0.4b allows remote attackers to inject ...)
-	TODO: check
+	NOTE: not-for-us (paNews)
 CAN-2005-0646 (SQL injection vulnerability in auth.php in paNews 2.0.4b allows remote ...)
-	TODO: check
+	NOTE: not-for-us (paNews)
 CAN-2005-0645 (Cross-site scripting (XSS) vulnerability in show.inc.php in cuteNews ...)
-	TODO: check
+	NOTE: not-for-us (CuteNews)
 CAN-2005-0644
 	NOTE: reserved
 CAN-2005-0643
@@ -219,7 +219,6 @@
 	NOTE: not-for-us (Zorum not in Debian)
 CAN-2003-1088 (Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 ...)
 	NOTE: not-for-us (Zorum not in Debian)
-end claimed by djoume
 CAN-2005-0626 (Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the ...)
 	- squid 2.5.9-2
 CAN-2005-0940