[Secure-testing-commits] r672 - sarge-checks/CAN
Joey Hess
joeyh@costa.debian.org
Mon, 28 Mar 2005 00:07:56 +0000
Author: joeyh
Date: 2005-03-28 00:07:52 +0000 (Mon, 28 Mar 2005)
New Revision: 672
Modified:
sarge-checks/CAN/list
Log:
checked most of my block
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-03-27 23:20:47 UTC (rev 671)
+++ sarge-checks/CAN/list 2005-03-28 00:07:52 UTC (rev 672)
@@ -1,77 +1,79 @@
-begin claimed by joeyh
CAN-2005-0890 (SQL injection vulnerability in Dream4 Koobi CMS 4.2.3 allows remote ...)
- TODO: check
+ NOTE: not-for-us (Dream4 Koobi CMS)
CAN-2005-0889 (Cross-site scripting (XSS) vulnerability in index.php for Dream4 Koobi ...)
- TODO: check
+ NOTE: not-for-us (Dream4 Koobi CMS)
CAN-2005-0888 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOTE: the hole was introduced in 0.9.4.3; I suppose that having
+ NOTE: this package be orphaned and not get updated for years from 0.9.2
+ NOTE: is good for _something_ after all :-P
CAN-2005-0887 (Code injection vulnerability in Double Choco Latte before 0.9.4.3 ...)
- TODO: check
+ - dcl (unfixed; bug filed)
CAN-2005-0886 (Cross-site scripting (XSS) vulnerability in Invision Power Board 2.0.2 ...)
- TODO: check
+ NOTE: not-for-us (Invision Power Board)
CAN-2005-0885 (Multiple cross-site scripting (XSS) vulnerabilities in XMB Forum 1.9.1 ...)
- TODO: check
+ NOTE: not-for-us (XMB Forum)
CAN-2005-0884 (DigitalHive 2.0 allows remote attackers to re-install the product by ...)
- TODO: check
+ NOTE: not-for-us (DigitalHive)
CAN-2005-0883 (Multiple cross-site scripting (XSS) vulnerabilities in base.php for ...)
- TODO: check
+ NOTE: not-for-us (DigitalHive)
CAN-2005-0882 (SQL injection vulnerability in admincore.php in BirdBlog before 1.2.0 ...)
- TODO: check
+ NOTE: not-for-us (BirdBlog)
CAN-2005-0881 (Cross-site scripting (XSS) vulnerability in articles.newcomment for ...)
- TODO: check
+ NOTE: not-for-us (Interspire ArticleLive)
CAN-2005-0880 (content.php in Vortex Portal allows remote attackers to obtain ...)
- TODO: check
+ NOTE: not-for-us (Vortex Portal)
CAN-2005-0879 (PHP remote code injection vulnerability in (1) content.php and (2) ...)
- TODO: check
+ NOTE: not-for-us (Vortex Portal)
CAN-2005-0878 (Cross-site scripting (XSS) vulnerability in MercuryBoard before 1.1.3 ...)
- TODO: check
+ NOTE: not-for-us (MercuryBoard)
CAN-2005-0877 (Dnsmasq before 2.21 allows remote attackers to poison the DNS cache ...)
- TODO: check
+ - dnsmasq 2.21
CAN-2005-0876 (Off-by-one buffer overflow in Dnsmasq before 2.21 may allow attackers ...)
- TODO: check
+ - dnsmasq 2.21
CAN-2005-0875 (Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0, 3.0, ...)
- TODO: check
+ NOTE: not-for-us (Trillian plugin)
CAN-2005-0874 (Multiple buffer overflows in the (1) AIM, (2) MSN, (3) RSS, and other ...)
- TODO: check
+ NOTE: not-for-us (Trillian plugin)
CAN-2005-0873 (Multiple cross-site scripting (XSS) vulnerabilities in test.jsp in ...)
- TODO: check
+ NOTE: not-for-us (Oracle)
CAN-2005-0872 (Cross-site scripting (XSS) vulnerability in calendar_scheduler.php in ...)
- TODO: check
+ NOTE: not-for-us (Topic Calendar phpbb2 plugin)
CAN-2005-0871 (calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when ...)
- TODO: check
+ NOTE: not-for-us (Topic Calendar phpbb2 plugin)
CAN-2005-0870 (Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, ...)
- TODO: check
+ - phpsysinfo (unfixed; bug #301118)
CAN-2005-0869 (phpSysInfo 2.3 allows remote attackers to obtain sensitive information ...)
- TODO: check
+ - phpsysinfo (unfixed; bug #301118)
CAN-2005-0868 (AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) ...)
- TODO: check
+ NOTE: checked tn5250, apparently the only AS/400 emulator in debian
+ NOTE: cannot find STRPCO or STRPCCMD in tn5250.
CAN-2005-0867 (Integer overflow in Linux kernel 2.6 allows local users to overwrite ...)
- TODO: check
+ TODO: check with kernel team
CAN-2005-0866 (cdrecord before 4:2.0, when DEBUG is enabled, allows local users to ...)
- TODO: check
+ - cdrecord (unfixed; bug #291376)
CAN-2004-1771 (Scalable OGo (SOGo) 1.0 allows remote authenticated users to bypass ...)
- TODO: check
+ NOTE: not-for-us (Scalable OGo (SOGo))
CAN-2002-1628 (Directory traversal vulnerability in vote.cgi for Mike Spice Mike's ...)
- TODO: check
+ NOTE: not-for-us (Mike Spice Mike's Vote CGI)
CAN-2002-1627 (Directory traversal vulnerability in quiz.cgi for Mike Spice Quiz Me! ...)
- TODO: check
+ NOTE: not-for-us (Mike Spice Quiz CGI)
CAN-2002-1626 (Directory traversal vulnerability in Mike Spice My Calendar before 1.5 ...)
- TODO: check
+ NOTE: not-for-us (Mike Spice My Calendar)
CAN-2002-1625 (Macromedia Flash Player 6 does not terminate connections when the user ...)
- TODO: check
+ NOTE: fixed in macromedia flash shortly after discovery 3 years ago
+ NOTE: did not check the other flash players in debian for this
CAN-2002-1624 (Buffer overflow in Lotus Domino web server before R5.0.10, when ...)
- TODO: check
+ NOTE: not-for-us (Lotus Domino
CAN-2002-1623 (The design of the Internet Key Exchange (IKE) protocol, when using ...)
- TODO: check
+ TODO: check implementatons (isakmpd, etc)
CAN-2002-1622 (Buffer overflow in certain RPC routines in IBM AIX 4.3 may allow ...)
- TODO: check
+ NOTE: not-for-us (AIX)
CAN-2002-1621 (Buffer overflow in the file_comp function in rcp for IBM AIX 4.3.x and ...)
- TODO: check
+ NOTE: not-for-us (AIX)
CAN-2002-1620 (Unknown vulnerability in IBM AIX Parallel Systems Support Programs ...)
- TODO: check
+ NOTE: not-for-us (AIX)
CAN-2002-1619 (Buffer overflow in the FC client for IBM AIX 4.3.x allows remote ...)
- TODO: check
-end claimed by joeyh
+ NOTE: not-for-us (AIX)
CAN-2005-0865 (Samsung ADSL Modem SMDK8947v1.2 uses default passwords for the (1) ...)
NOTE: not-for-us (Samsung ADSL modems)
CAN-2005-0864 (The Boa web server, as used in Samsung ADSL Modem SMDK8947v1.2 and ...)
@@ -221,8 +223,6 @@
NOTE: not-for-us (Alcatel Speed Touch)
CAN-2001-1424 (Alcatel Speed Touch ADSL modem running firmware KHDSAA.108, ...)
NOTE: not-for-us (Alcatel Speed Touch)
-CAN-2005-XXXX [Various path disclosure and Cross-Site-Scripting issues in phpsysinfo]
- - phpsysinfo (unfixed; bug #301118)
CAN-2005-XXXX [Various /tmp related security issues in cernlib]
- cernlib 2004.11.04-3
CAN-2005-0823 (ThePoolClub (1) iPool and (2) iSnooker 1.6.81 and earlier stores ...)