[Secure-testing-commits] r649 - sarge-checks/CAN

Moritz Muehlenhoff jmm-guest@costa.debian.org
Fri, 25 Mar 2005 12:10:25 +0000 

Author: jmm-guest
Date: 2005-03-25 12:10:22 +0000 (Fri, 25 Mar 2005)
New Revision: 649

Modified:
   sarge-checks/CAN/list
Log:
ltris has been CANified.
mathopd is vulnerable.
Further entries marked unaffected.


Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-03-25 11:55:07 UTC (rev 648)
+++ sarge-checks/CAN/list	2005-03-25 12:10:22 UTC (rev 649)
@@ -43,21 +43,21 @@
 CAN-2005-0826 (OllyDbg 1.10 and earlier allows remote attackers to cause a denial of ...)
 	NOTE: not-for-us (OllyDbg MS Windows debugger)
 CAN-2005-0825 (Buffer overflow in LTris before 1.0.10 allows local users to execute ...)
-	TODO: check
+	- ltris 1.0.6-1.1
 CAN-2005-0824 (The internal_dump function in Mathopd before 1.5p5, and 1.6x before ...)
-	TODO: check
+	- mathopd (unfixed; bug pending)
 CAN-2001-1433 (Cherokee web server before 0.2.7 does not properly drop root ...)
-	TODO: check
+	NOTE: not-for-us (Cherokee not in Debian)
 CAN-2001-1432 (Directory traversal vulnerability in Cherokee Web Server allows remote ...)
-	TODO: check
+	NOTE: not-for-us (Cherokee not in Debian)
 CAN-2001-1431 (Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1 4.1 ...)
-	TODO: check
+	NOTE: not-for-us (Nokia Firewall appliances)
 CAN-2001-1430 (Cayman 3220-H DSL Router 1.0 ship without a password set, which allows ...)
 	NOTE: not-for-us (Cayman DSL router)
 CAN-2001-1429 (Buffer overflow in mcedit in Midnight Commander 4.5.1 allows local ...)
 	TODO: check
 CAN-2001-1428 (The (1) FTP and (2) Telnet services in Beck GmbH IPC@Chip are shipped ...)
-	TODO: check
+	NOTE: not-for-us (IPC@CHIP Embedded web server)
 CAN-2001-1427 (Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 ...)
 	NOTE: not-for-us (ColdFusion)
 CAN-2001-1426 (Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through ...)
@@ -70,8 +70,6 @@
 	- phpsysinfo (unfixed; bug #301118)
 CAN-2005-XXXX [Various /tmp related security issues in cernlib]
 	- cernlib 2004.11.04-3
-CAN-2005-XXXX [Buffer overflow in overly long highscore entries in ltris]
-	- ltris 1.0.6-1.1
 CAN-2005-0823 (ThePoolClub (1) iPool and (2) iSnooker 1.6.81 and earlier stores ...)
 	NOTE: not-for-us (iSnooker)
 CAN-2005-0822 (Citrix Metaframe Password Manager 2.5 and earlier stores a password in ...)