[Secure-testing-commits] r944 - sarge-checks/CAN
Moritz Muehlenhoff
jmm-guest@costa.debian.org
Sun, 01 May 2005 11:28:29 +0000
Author: jmm-guest
Date: 2005-05-01 11:28:26 +0000 (Sun, 01 May 2005)
New Revision: 944
Modified:
sarge-checks/CAN/list
Log:
Lots of not-for-us
ethereal, imagemagick and tcpdump and maxdb CANified.
phpbb2 already fixed.
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-05-01 10:12:59 UTC (rev 943)
+++ sarge-checks/CAN/list 2005-05-01 11:28:26 UTC (rev 944)
@@ -69,21 +69,20 @@
NOTE: reserved
CAN-2005-1330
NOTE: reserved
-begin claimed by jmm
CAN-2005-1329 (owOfflineCC.asp in OneWorldStore allows remote attackers to obtain ...)
- TODO: check
+ NOTE: not-for-us (OneWorldStore)
CAN-2005-1328 (OneWorldStore allows remote attackers to cause a denial of service ...)
- TODO: check
+ NOTE: not-for-us (OneWorldStore)
CAN-2005-1327 (Cross-site scripting (XSS) vulnerability in pms.php for Woltlab ...)
- TODO: check
+ NOTE: not-for-us (Woltlab Burning Board)
CAN-2005-1326 (Buffer overflow in VooDoo cIRCle BOTNET before 1.0.33 allows remote ...)
- TODO: check
+ NOTE: not-for-us (VooDoo cIRCle BOTNET)
CAN-2005-1325 (set_lang.php in phpMyVisites 1.3 allows remote attackers to read and ...)
- TODO: check
+ NOTE: not-for-us (phpMyVisites)
CAN-2005-1324 (Multiple cross-site scripting (XSS) vulnerabilities in index.php for ...)
- TODO: check
+ NOTE: not-for-us (phpMyVisites)
CAN-2005-1323 (Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows remote ...)
- TODO: check
+ NOTE: not-for-us (NetTerm)
CAN-2005-1322 (Cross-site scripting (XSS) vulnerability in Horde Nag Task List ...)
TODO: check
CAN-2005-1321 (Cross-site scripting (XSS) vulnerability in Horde Vacation module ...)
@@ -109,9 +108,9 @@
CAN-2005-1311 (Cross-site scripting (XSS) vulnerability in Yappa-NG before 2.3.2 ...)
TODO: check
CAN-2005-1310 (SQL injection vulnerability in bBlog 0.7.4 allows remote attackers to ...)
- TODO: check
+ NOTE: not-for-us (bBlog)
CAN-2005-1309 (Cross-site scripting (XSS) vulnerability in bBlog 0.7.4 allows remote ...)
- TODO: check
+ NOTE: not-for-us (bBlog)
CAN-2005-1308 (SqWebMail allows remote attackers to inject arbitrary web script or ...)
TODO: check
CAN-2005-1307
@@ -119,69 +118,69 @@
CAN-2005-1306
NOTE: reserved
CAN-2005-1305 (The hyper.cgi script allows remote attackers to read arbitrary files ...)
- TODO: check
+ NOTE: not-for-us (hyper.cgi)
CAN-2005-1304 (The citat.pl script allows remote attackers to execute arbitrary files ...)
- TODO: check
+ NOTE: not-for-us (citat.pl)
CAN-2005-1303 (The citat.pl script allows remote attackers to read arbitrary files ...)
- TODO: check
+ NOTE: not-for-us (citat.pl)
CAN-2005-1302 (SQL injection vulnerability in Confixx 3.08 and earlier allows remote ...)
- TODO: check
+ NOTE: not-for-us (Confixx)
CAN-2005-1301 (nProtect:Netizen 2005.3.17.1 does not properly verify that the update ...)
- TODO: check
+ NOTE: not-for-us (nProtect:Netizen)
CAN-2005-1300 (Cross-site scripting (XSS) vulnerability in the inserter.cgi script ...)
- TODO: check
+ NOTE: not-for-us (inserter.cgi)
CAN-2005-1299 (The inserter.cgi script allows remote attackers to execute arbitrary ...)
- TODO: check
+ NOTE: not-for-us (inserter.cgi)
CAN-2005-1298 (The inserter.cgi script allows remote attackers to read arbitrary ...)
- TODO: check
+ NOTE: not-for-us (inserter.cgi)
CAN-2005-1297 (Cross-site scripting (XSS) vulnerability in the include.cgi script ...)
- TODO: check
+ NOTE: not-for-us (include.cgi)
CAN-2005-1296 (include.cgi script allows remote attackers to execute arbitrary ...)
- TODO: check
+ NOTE: not-for-us (include.cgi)
CAN-2005-1295 (include.cgi script allows remote attackers to read arbitrary files via ...)
- TODO: check
+ NOTE: not-for-us (include.cgi)
CAN-2005-1294 (The affix_sock_register in the Affix Bluetooth Protocol Stack for ...)
TODO: check
CAN-2005-1293 (Multiple SQL injection vulnerabilities in default.asp in StorePortal ...)
- TODO: check
+ NOTE: not-for-us (StorePortal)
CAN-2005-1292 (Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ ASP ...)
- TODO: check
+ NOTE: not-for-us (CartWIZ ASP Cart)
CAN-2005-1291 (Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow ...)
- TODO: check
+ NOTE: not-for-us (CartWIZ ASP Cart)
CAN-2005-1290 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 ...)
- TODO: check
+ - phpbb2 2.0.13+1-5
CAN-2005-1289 (index.cgi in E-Cart 2004 1.1 and earlier allows remote attackers to ...)
- TODO: check
+ NOTE: not-for-us (E-Cart)
CAN-2005-1288 (inc_login_check.asp ACS Blog 0.8 through 1.1.3 allows remote attackers ...)
- TODO: check
+ NOTE: not-for-us (ACS Blog)
CAN-2005-1287 (Multiple SQL injection vulnerabilities in BK Forum 4.0 allow remote ...)
- TODO: check
+ NOTE: not-for-us (BK Forum)
CAN-2005-1286 (BitDefender 8 allows local users to prevent BitDefender from starting ...)
- TODO: check
+ NOTE: not-for-us (Bitdefender)
CAN-2005-1285 (Cross-site scripting (XSS) vulnerability in thread.php in WoltLab ...)
- TODO: check
+ NOTE: not-for-us (Woltlab Burning Board)
CAN-2005-1284 (The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote ...)
- TODO: check
+ NOTE: not-for-us (Argosoft Mail Server Pro)
CAN-2005-1283 (Multiple directory traversal vulnerabilities in Argosoft Mail Server ...)
- TODO: check
+ NOTE: not-for-us (Argosoft Mail Server Pro)
CAN-2005-1282 (Multiple cross-site scripting (XSS) vulnerabilities in Argosoft Mail ...)
- TODO: check
+ NOTE: not-for-us (Argosoft Mail Server Pro)
CAN-2005-1281 (Ethereal 0.10.10 and earlier allows remote attackers to cause a denial ...)
- TODO: check
+ - ethereal 0.10.10-2
CAN-2005-1280 (The rsvp_print function in tcpdump 3.9.1 and earlier allows remote ...)
- TODO: check
+ - ethereal 0.10.10-2
CAN-2005-1279 (tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of ...)
- TODO: check
+ - tcpdump 3.8.3-4
CAN-2005-1278 (The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 ...)
- TODO: check
+ - tcpdump 3.8.3-4
CAN-2005-1277
NOTE: reserved
CAN-2005-1276
NOTE: reserved
CAN-2005-1275 (Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ...)
- TODO: check
+ - imagemagick (unfixed; bug #306424)
CAN-2005-1274 (Stack-based buffer overflow in the getIfHeader function in the WebDAV ...)
- TODO: check
+ - maxdb-7.5.00 (unfixed; #306454)
CAN-2005-1273
NOTE: reserved
CAN-2005-1272
@@ -192,13 +191,8 @@
TODO: check
CAN-2002-1658 (Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow ...)
TODO: check
-end claimed by jmm
-CAN-2005-XXXX [Four DoS vulnerabilities in tcpdump]
- - tcpdump 3.8.3-4
CAN-2005-XXXX [Unspecified buffer overflow in Convert::UUlib perl module]
- libconvert-uulib-perl 1.0.5.1-1
-CAN-2005-XXXX [Two buffer overflows in MaxDB]
- - maxdb-7.5.00 (unfixed; #306454)
CAN-2005-1269
NOTE: reserved
CAN-2005-1268
@@ -247,12 +241,8 @@
NOTE: not-for-us (Novell Nsure Audit)
CAN-2005-1246 (Format string vulnerability in the snmppd_log function in ...)
NOTE: not-for-us (snmppd)
-CAN-2005-XXXX [Heap overflow in Imagemagick's ReadPNMImage()]
- - imagemagick (unfixed; bug #306424)
CAN-2005-XXXX [Multiple security problems in Quake 2]
- quake2 (unfixed; bug #280573)
-CAN-2005-XXXX [Security problems in Ethereal's DLSw, ICE, NDPS, Q931, RSVP and SRVLOC dissectors]
- - ethereal 0.10.10-2
CAN-2005-1245 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, ...)
NOTE: not-for-us (MediaWiki not yet in Debian)
TODO: track ITP: #217571