[Secure-testing-commits] r706 - sarge-checks/CAN

Joey Hess joeyh@costa.debian.org
Thu, 31 Mar 2005 19:11:24 +0000 

Author: joeyh
Date: 2005-03-31 19:11:17 +0000 (Thu, 31 Mar 2005)
New Revision: 706

Modified:
   sarge-checks/CAN/list
Log:
wow, found an old and open hole


Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-03-31 18:51:36 UTC (rev 705)
+++ sarge-checks/CAN/list	2005-03-31 19:11:17 UTC (rev 706)
@@ -115,52 +115,50 @@
 	- cgiemail 1.6-14
 CAN-2002-1651 (Cross-site scripting (XSS) vulnerability in Verity Search97 allows ...)
 	NOTE: not-for-us (Verity Search97)
-begin claimed by joeyh
 CAN-2002-1650 (The spell checker plugin (check_me.mod.php) for SquirrelMail before ...)
-	TODO: check
+	- squirrelmail 1:1.2.3
 CAN-2002-1649 (Cross-site scripting (XSS) vulnerability in read_body.php in ...)
-	TODO: check
+	- squirrelmail 1:1.2.3
 CAN-2002-1648 (Cross-site request forgery (CSRF) vulnerability in compose.php in ...)
-	TODO: check
+	- squirrelmail 1:1.2.3
 CAN-2002-1647 (The quick login feature in Slash Slashcode does not redirect the user ...)
-	TODO: check
+	- slash (unfixed; bug #160579)
 CAN-2002-1646 (SSH Secure Shell for Servers 3.0.0 to 3.1.1 allows remote attackers to ...)
-	TODO: check
+	NOTE: not-for-us (commercial ssh)
 CAN-2002-1645 (Buffer overflow in the URL catcher feature for SSH Secure Shell for ...)
-	TODO: check
+	NOTE: not-for-us (commercial ssh)
 CAN-2002-1644 (SSH Secure Shell for Servers and SSH Secure Shell for Workstations ...)
-	TODO: check
+	NOTE: not-for-us (commercial ssh)
 CAN-2002-1643 (Multiple buffer overflows in RealNetworks Helix Universal Server 9.0 ...)
-	TODO: check
+	NOTE: not-for-us (RealNetworks Helix Universal Server)
 CAN-2002-1642 (PostgreSQL 7.2.1 and 7.2.2 allows local users to delete transaction ...)
-	TODO: check
+	- postgresql 7.2.3
 CAN-2002-1641 (Multiple buffer overflows in Oracle Web Cache for Oracle 9i ...)
-	TODO: check
+	NOTE: not-for-us (Oracle)
 CAN-2002-1640 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle ...)
-	TODO: check
+	NOTE: not-for-us (Oracle)
 CAN-2002-1639 (Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote ...)
-	TODO: check
+	NOTE: not-for-us (Oracle)
 CAN-2002-1638 (Format string vulnerability in the PL/SQL module for Oracle 9i ...)
-	TODO: check
+	NOTE: not-for-us (Oracle)
 CAN-2002-1637 (Multiple components in Oracle 9i Application Server (9iAS) are ...)
-	TODO: check
+	NOTE: not-for-us (Oracle)
 CAN-2002-1636 (Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for ...)
-	TODO: check
+	NOTE: not-for-us (Oracle)
 CAN-2002-1635 (The Apache configuration file (httpd.conf) in Oracle 9i Application ...)
-	TODO: check
+	NOTE: not-for-us (Oracle)
 CAN-2002-1634 (Novell NetWare 5.1 installs sample applications that allow remote ...)
-	TODO: check
+	NOTE: not-for-us (NetWare)
 CAN-2002-1633 (Multiple buffer overflows in QNX 4.25 may allow local users to execute ...)
-	TODO: check
+	NOTE: not-for-us (QNX)
 CAN-2002-1632 (Oracle 9i Application Server (9iAS) installs multiple sample pages ...)
-	TODO: check
+	NOTE: not-for-us (Oracle)
 CAN-2002-1631 (SQL injection vulnerability in the query.xsql sample page in Oracle 9i ...)
-	TODO: check
+	NOTE: not-for-us (Oracle)
 CAN-2002-1630 (The sendmail.jsp sample page in Oracle 9i Application Server (9iAS) ...)
-	TODO: check
+	NOTE: not-for-us (Oracle)
 CAN-2002-1629 (Multi-Tech ProxyServer products MTPSR1-100, MTPSR1-120, MTPSR1-202ST, ...)
-	TODO: check
-end claimed by joeyh
+	NOTE: not-for-us (Multi-Tech ProxyServer)
 CAN-2005-0890 (SQL injection vulnerability in Dream4 Koobi CMS 4.2.3 allows remote ...)
 	NOTE: not-for-us (Dream4 Koobi CMS)
 CAN-2005-0889 (Cross-site scripting (XSS) vulnerability in index.php for Dream4 Koobi ...)