[Secure-testing-commits] r594 - sarge-checks/CAN

Stefan Fritsch stef-guest@costa.debian.org
Mon, 21 Mar 2005 15:08:32 +0100 

Author: stef-guest
Date: 2005-03-21 15:08:29 +0100 (Mon, 21 Mar 2005)
New Revision: 594

Modified:
   sarge-checks/CAN/list
Log:
checked a few

Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-03-21 13:22:45 UTC (rev 593)
+++ sarge-checks/CAN/list	2005-03-21 14:08:29 UTC (rev 594)
@@ -56,43 +56,42 @@
 	TODO: check
 CAN-2005-0795 (HolaCMS 1.4.9 does not restrict file access to the holaDB/votes ...)
 	TODO: check
-begin claimed by stef
 CAN-2005-0794 (ZPanel 2.0 and 2.5 beta 10 does not remove or protect installation ...)
-	TODO: check
+	NOTE: not-for-us (ZPanel not in Debian)
 CAN-2005-0793 (PHP remote code injection vulnerability in zpanel.php in ZPanel allows ...)
-	TODO: check
+	NOTE: not-for-us (ZPanel not in Debian)
 CAN-2005-0792 (SQL injection vulnerability in ZPanel 2.0 allows remote attackers to ...)
-	TODO: check
+	NOTE: not-for-us (ZPanel not in Debian)
 CAN-2005-0791 (Cross-site scripting (XSS) vulnerability in adframe.php in phpAdsNew ...)
-	TODO: check
+	NOTE: not-for-us (phpAdsNew not in Debian)
 CAN-2005-0790 (phpAdsNew 2.0.4 allows remote attackers to obtain sensitive ...)
-	TODO: check
+	NOTE: not-for-us (phpAdsNew not in Debian)
 CAN-2005-0786 (SQL injection vulnerability in gb_new.inc in SimpGB allows remote ...)
-	TODO: check
+	NOTE: not-for-us (SimpGB not in Debian)
 CAN-2005-0785 (Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB ...)
-	TODO: check
+	NOTE: not-for-us (YaBB not in Debian)
 CAN-2005-0784 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum before ...)
-	TODO: check
+	NOTE: not-for-us (Phorum not in Debian)
 CAN-2005-0783 (Cross-site scripting (XSS) vulnerability in Phorum before 5.0.14a ...)
-	TODO: check
+	NOTE: not-for-us (Phorum not in Debian)
 CAN-2005-0782 (Cross-site scripting (XSS) vulnerability in (1) viewall.php and (2) ...)
-	TODO: check
+	NOTE: not-for-us (paFileDB not in Debian)
 CAN-2005-0781 (SQL injection vulnerability in (1) viewall.php and (2) category.php in ...)
-	TODO: check
+	NOTE: not-for-us (paFileDB not in Debian)
 CAN-2005-0780 (paFileDB 3.1 and earlier allows remote attackres to obtain sensitive ...)
-	TODO: check
+	NOTE: not-for-us (paFileDB not in Debian)
 CAN-2005-0779 (PlatinumFTP 1.0.18, and possibly earlier versions, allows remote ...)
-	TODO: check
+	NOTE: not-for-us (PlatinumFTP not in Debian)
 CAN-2005-0778 (PhotoPost PHP 5.0 RC3 does not fully verify that an uploaded file is ...)
-	TODO: check
+	NOTE: not-for-us (PhotoPost)
 CAN-2005-0777 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP ...)
-	TODO: check
+	NOTE: not-for-us (PhotoPost)
 CAN-2005-0776 (adm-photo.php in PhotoPost PHP 5.0 RC3 does not properly verify ...)
-	TODO: check
+	NOTE: not-for-us (PhotoPost)
 CAN-2005-0775 (The reportpost action in misc.php for PhotoPost PHP 5.0 RC3 does not ...)
-	TODO: check
+	NOTE: not-for-us (PhotoPost)
 CAN-2005-0774 (SQL injection vulnerability in member.php and possibly other scripts ...)
-	TODO: check
+	NOTE: not-for-us (PhotoPost)
 CAN-2005-0773
 	NOTE: reserved
 CAN-2005-0772
@@ -100,15 +99,15 @@
 CAN-2005-0771
 	NOTE: reserved
 CAN-2005-0770 (Format string vulnerability in DataRescue Interactive Disassembler and ...)
-	TODO: check
+	NOTE: not-for-us (IDA Pro)
 CAN-2005-0768 (Buffer overflow in the administration web server for GoodTech Telnet ...)
-	TODO: check
+	NOTE: not-for-us (GoodTech Telnet Server)
 CAN-2005-0767 (Race condition in the Radeon DRI driver for Linux kernel 2.6.8.1 ...)
-	TODO: check
+	- kernel-source-2.6.8 (unfixed; bug #297203)
 CAN-2005-0766 (Unknown vulnerability in the sFlow dissector in Ethereal 0.9.14 ...)
-	TODO: check
+	- ethereal 0.10.10-1
 CAN-2005-0765 (Unknown vulnerability in the JXTA dissector in Ethereal 0.10.9 allows ...)
-	TODO: check
+	- ethereal 0.10.10-1
 CAN-2005-0764
 	NOTE: reserved
 CAN-2005-0763
@@ -142,28 +141,28 @@
 CAN-2005-0749
 	NOTE: reserved
 CAN-2003-1131 (PHP remote code injection vulnerability in index.php in ...)
-	TODO: check
+	NOTE: not-for-us (ActiveCampaign KnowledgeBuilder)
 CAN-2002-1601 (The Connectables feature in Adobe PhotoDeluxe 3.1 prepends the Adobe ...)
-	TODO: check
+	NOTE: not-for-us (Adobe PhotoDeluxe)
 CAN-2001-1423 (Advanced Poll before 1.61, when using a flat file database, allows ...)
-	TODO: check
+	NOTE: not-for-us (Advanced Poll not in Debian)
 CAN-2001-1422 (WinVNC 3.3.3 and earlier generates the same challenge string for ...)
-	TODO: check
+	NOTE: not-for-us (WinVNC)
 CAN-2001-1421 (AOL Instant Messenger (AIM) 4.7 and earlier allows remote attackers to ...)
-	TODO: check
+	NOTE: not-for-us (AOL Instant Messenger)
 CAN-2001-1420 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a ...)
-	TODO: check
+	NOTE: not-for-us (AOL Instant Messenger)
 CAN-2001-1419 (AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote ...)
-	TODO: check
+	NOTE: not-for-us (AOL Instant Messenger)
 CAN-2001-1418 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a ...)
-	TODO: check
+	NOTE: not-for-us (AOL Instant Messenger)
 CAN-2001-1417 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a ...)
-	TODO: check
+	NOTE: not-for-us (AOL Instant Messenger)
 CAN-2001-1416 (Multiple cross-site scripting (XSS) vulnerabilities in the log ...)
-	TODO: check
+	NOTE: not-for-us (AOL Instant Messenger)
 CAN-2001-1415 (vi.recover in OpenBSD before 3.1 allows local users to remove ...)
-	TODO: check
-end claimed by stef
+	NOTE: not-for-us
+	NOTE: Debian's nvi recover script is very different
 CAN-2005-XXXX
 	- omniorb4 4.0.5-2
 CAN-2005-0789 Possible remote access to arbitrary files in Limewire