[Secure-testing-commits] r605 - sarge-checks/CAN

Tue, 22 Mar 2005 02:42:31 +0100

Author: dom-guest
Date: 2005-03-22 02:42:28 +0100 (Tue, 22 Mar 2005)
New Revision: 605

Modified:
   sarge-checks/CAN/list
Log:
Some not-for-us updates (Symantec Gateway, ir, Tomcat, Subdreamer, MailEnable,
The Includer, mcNews, MySQL on Windows, Hola CMS, Cain & Abel).

lsh-utils update
evolution update


Modified: sarge-checks/CAN/list
===================================================================

--- sarge-checks/CAN/list	2005-03-22 00:08:06 UTC (rev 604)
+++ sarge-checks/CAN/list	2005-03-22 01:42:28 UTC (rev 605)
@@ -15,16 +15,16 @@
 CAN-2005-0818 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.3 allows remote ...)
 	NOTE: not-for-us (Pun BB)
 CAN-2005-0817 (Unknown vulnerability in the DNSd proxy, as used in Symantec Gateway ...)
-	TODO: check
+	NOTE: not-for-us (Symantec Gateway)
 CAN-2005-0816 (Buffer overflow in newgrp in Solaris 7 through 9 allows local users to ...)
 	NOTE: not-for-us (Solaris)
 CAN-2005-0815 (Multiple &quot;range checking flaws&quot; in the ISO9660 filesystem handler in ...)
 	- kernel-source-2.6.8 (unfixed; bug #300783)
 	NOTE: Seems to affect 2.4 as well, needs clarification
 CAN-2005-0814 (Unknown vulnerability in lshd in Lysator LSH 1.x and 2.x before 2.0.1 ...)
-	TODO: check
+	- lsh-utils 2.0.1-1
 CAN-2005-0813 (Buffer overflow in Initial Redirect (ir) Squid Proxy Plug-In 0.1 and ...)
-	TODO: check
+	NOTE: not-for-us (ir)
 CAN-2005-0812 (The web interface in NotifyLink 3.0 displays passwords in cleartext on ...)
 	NOTE: not-for-us (NotifyLink)
 CAN-2005-0811 (The web interface in NotifyLink 3.0 does not properly restrict access ...)
@@ -34,31 +34,31 @@
 CAN-2005-0809 (NotifyLink, when configured for client key retrieval, allows remote ...)
 	NOTE: not-for-us (NotifyLink)
 CAN-2005-0808 (Apache Tomcat before 5.x allows remote attackers to cause a denial of ...)
-	TODO: check
+	NOTE: not-for-us (Does not affect Tomcat 4.x according to http://www.securityfocus.com/bid/12795/info/)
 CAN-2005-0807 (Heap-based buffer overflow in the PSK sniffer for Cain &amp; Abel 2.65 ...)
-	TODO: check
+	NOTE: not-for-us (Cain &amp; Abel)
 CAN-2005-0806 (Evolution 2.0.3 allows remote attackers to cause a denial of service ...)
-	TODO: check
+	- evolution (unfixed; bug pending)
 CAN-2005-0805 (SQL injection vulnerability in index.php in Subdreamer Light, when ...)
-	TODO: check
+	NOTE: not-for-us (Subdreamer)
 CAN-2005-0804 (Format string vulnerability in MailEnable 1.8 allows remote attackers ...)
-	TODO: check
+	NOTE: not-for-us (MailEnable)
 CAN-2005-0803 (The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 ...)
 	NOTE: not-for-us (Windows)
 CAN-2005-0802 (Cross-site scripting (XSS) vulnerability in search.asp in ACS Blog 0.8 ...)
 	NOTE: not-for-us (ACS Blog)
 CAN-2005-0801 (Directory traversal vulnerability in includer.cgi in The Includer ...)
-	TODO: check
+	NOTE: not-for-us (The Includer)
 CAN-2005-0800 (PHP remote code injection vulnerability in install.php in mcNews 1.3 ...)
-	TODO: check
+	NOTE: not-for-us (mcNews)
 CAN-2005-0799 (MySQL 4.1.9, and possibly earlier versions, allows remote attackers ...)
-	TODO: check
+	NOTE: not-for-us (MySQL on Windows)
 CAN-2005-0798 (Novell iChain Mini FTP Server 2.3, and possibly earlier versions, does ...)
 	NOTE: not-for-us (Novell iChain)
 CAN-2005-0797 (Novell iChain Mini FTP Server 2.3 displays different error messages ...)
 	NOTE: not-for-us (Novell iChain)
 CAN-2005-0796 (Directory traversal vulnerability in HolaCMS 1.4.9-1 allows remote ...)
-	TODO: check
+	NOTE: not-for-us (Hola CMS)
 CAN-2005-0795 (HolaCMS 1.4.9 does not restrict file access to the holaDB/votes ...)
 	NOTE: not-for-us (Hola CMS)
 CAN-2005-0794 (ZPanel 2.0 and 2.5 beta 10 does not remove or protect installation ...)



