[Secure-testing-commits] r648 - sarge-checks/CAN

Moritz Muehlenhoff jmm-guest@costa.debian.org
Fri, 25 Mar 2005 11:55:10 +0000 

Author: jmm-guest
Date: 2005-03-25 11:55:07 +0000 (Fri, 25 Mar 2005)
New Revision: 648

Modified:
   sarge-checks/CAN/list
Log:
Various vulns not affecting Debian.


Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-03-25 03:02:42 UTC (rev 647)
+++ sarge-checks/CAN/list	2005-03-25 11:55:07 UTC (rev 648)
@@ -1,20 +1,19 @@
 CAN-2005-XXXX [Unsafe recommendation (and implementation) of debugging in rscsi]
 	- cdrtools (unfixed; bug #291376)
 CAN-2005-0846 (Multiple cross-site scripting (XSS) vulnerabilities in the email ...)
-	TODO: check
+	NOTE: not-for-us (SurgeMail)
 CAN-2005-0845 (Directory traversal vulnerability in the Webmail interface in ...)
-	TODO: check
+	NOTE: not-for-us (SurgeMail)
 CAN-2005-0844 (Nortel VPN client 5.01 stores the cleartext password in the memory or ...)
-	TODO: check
+	NOTE: not-for-us (Nortel Contivity)
 CAN-2005-0843 (CRLF injection vulnerability in search.php in Phorum 5.0.14a allows ...)
-	TODO: check
+	NOTE: not-for-us (Phorum)
 CAN-2005-0842 (Cross-site scripting (XSS) vulnerability in index.php in Kayako ...)
-	TODO: check
+	NOTE: not-for-us (Kayako eSupport)
 CAN-2005-0841 (SQL injection vulnerability in (1) people.php, (2) track.php, (3) ...)
-	TODO: check
+	NOTE: not-for-us (phpmyfamily)
 CAN-2005-0840
 	NOTE: rejected
-	TODO: check
 CAN-2005-0839 (Linux kernel 2.6 before 2.6.11 does not restrict access to the N_MOUSE ...)
 	TODO: check
 CAN-2005-0838 (Multiple buffer overflows in the XSL parser for IceCast 2.20 may allow ...)
@@ -24,25 +23,25 @@
 CAN-2005-0836 (Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up ...)
 	TODO: check
 CAN-2005-0835 (The SNMP service in the Belkin 54G (F5D7130) wireless router allows ...)
-	TODO: check
+	NOTE: not-for-us (Belkin 54G router)
 CAN-2005-0834 (Belkin 54G (F5D7130) wireless router enables SNMP by default in a ...)
-	TODO: check
+	NOTE: not-for-us (Belkin 54G router)
 CAN-2005-0833 (Belkin 54G (F5D7130) wireless router allows remote attackers to access ...)
-	TODO: check
+	NOTE: not-for-us (Belkin 54G router)
 CAN-2005-0832 (Cross-site scripting (XSS) vulnerability in PHP-Post before 0.33 ...)
-	TODO: check
+	NOTE: not-for-us (PHP-Post)
 CAN-2005-0831 (PHP-Post allows remote attackers to spoof the names of other users by ...)
-	TODO: check
+	NOTE: not-for-us (PHP-Post)
 CAN-2005-0830 (Multiple buffer overflows in Xzabite DYNDNSUpdate 0.6.15 and earlier, ...)
-	TODO: check
+	NOTE: not-for-us (Xzabite DynDNS Updater)
 CAN-2005-0829 (Cross-site scripting (XSS) vulnerability in setuser.php of the ...)
-	TODO: check
+	NOTE: not-for-us (PHP-Fusion Addon)
 CAN-2005-0828 (highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops ...)
-	TODO: check
+	NOTE: not-for-us (e-Xoops based products)
 CAN-2005-0827 (Viewcat.php in (1) RUNCMS 1.1A, (2) Ciamos 0.9.2 RC1, e-Xoops 1.05 ...)
-	TODO: check
+	NOTE: not-for-us (e-Xoops based products)
 CAN-2005-0826 (OllyDbg 1.10 and earlier allows remote attackers to cause a denial of ...)
-	TODO: check
+	NOTE: not-for-us (OllyDbg MS Windows debugger)
 CAN-2005-0825 (Buffer overflow in LTris before 1.0.10 allows local users to execute ...)
 	TODO: check
 CAN-2005-0824 (The internal_dump function in Mathopd before 1.5p5, and 1.6x before ...)
@@ -54,19 +53,19 @@
 CAN-2001-1431 (Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1 4.1 ...)
 	TODO: check
 CAN-2001-1430 (Cayman 3220-H DSL Router 1.0 ship without a password set, which allows ...)
-	TODO: check
+	NOTE: not-for-us (Cayman DSL router)
 CAN-2001-1429 (Buffer overflow in mcedit in Midnight Commander 4.5.1 allows local ...)
 	TODO: check
 CAN-2001-1428 (The (1) FTP and (2) Telnet services in Beck GmbH IPC@Chip are shipped ...)
 	TODO: check
 CAN-2001-1427 (Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 ...)
-	TODO: check
+	NOTE: not-for-us (ColdFusion)
 CAN-2001-1426 (Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through ...)
-	TODO: check
+	NOTE: not-for-us (Alcatel Speed Touch)
 CAN-2001-1425 (The challenge-response authentication of the EXPERT user for Alcatel ...)
-	TODO: check
+	NOTE: not-for-us (Alcatel Speed Touch)
 CAN-2001-1424 (Alcatel Speed Touch ADSL modem running firmware KHDSAA.108, ...)
-	TODO: check
+	NOTE: not-for-us (Alcatel Speed Touch)
 CAN-2005-XXXX [Various path disclosure and Cross-Site-Scripting issues in phpsysinfo]
 	- phpsysinfo (unfixed; bug #301118)
 CAN-2005-XXXX [Various /tmp related security issues in cernlib]