[Secure-testing-commits] r949 - sarge-checks/CAN

Moritz Muehlenhoff jmm-guest@costa.debian.org
Sun, 01 May 2005 12:39:21 +0000 

Author: jmm-guest
Date: 2005-05-01 12:39:18 +0000 (Sun, 01 May 2005)
New Revision: 949

Modified:
   sarge-checks/CAN/list
Log:
Lots of bugnums.
squid ACL misparsing has been fixed.


Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-05-01 12:15:44 UTC (rev 948)
+++ sarge-checks/CAN/list	2005-05-01 12:39:18 UTC (rev 949)
@@ -37,7 +37,7 @@
 CAN-2005-1346 (Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 ...)
 	NOTE: not-for-us (Symantec)
 CAN-2005-1345 (Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it ...)
-	- squid (unfixed; bug #307132)
+	- squid 2.5.9-7
 CAN-2005-1344 (Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to ...)
 	- apache2 (unfixed; bug #307134)
 CAN-2005-1343
@@ -83,7 +83,7 @@
 CAN-2005-1323 (Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows remote ...)
 	NOTE: not-for-us (NetTerm)
 CAN-2005-1322 (Cross-site scripting (XSS) vulnerability in Horde Nag Task List ...)
-	- nag (unfixed; bug filed)
+	- nag (unfixed; bug #307180)
 CAN-2005-1321 (Cross-site scripting (XSS) vulnerability in Horde Vacation module ...)
 	- sork-vacation (unfixed; bug filed)
 CAN-2005-1320 (Cross-site scripting (XSS) vulnerability in Horde Mnemo Note Manager ...)
@@ -92,16 +92,16 @@
 CAN-2005-1319 (Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client ...)
 	TODO: check whether this applies to imp4 as well, which is in Debian, imp 3 is not
 CAN-2005-1318 (Cross-site scripting (XSS) vulnerability in Horde Forwards E-Mail ...)
-	- sork-forwards (unfixed; bug filed)
+	- sork-forwards (unfixed; bug #307175)
 CAN-2005-1317 (Cross-site scripting (XSS) vulnerability in Horde Chora module before ...)
 	NOTE: not-for-us (Hord Chora module)
 CAN-2005-1316 (Cross-site scripting (XSS) vulnerability in Horde Accounts module ...)
-	- sork-accounts (unfixed; bug filed)
+	- sork-accounts (unfixed; bug #307178)
 CAN-2005-1315 (Cross-site scripting (XSS) vulnerability in Horde Turba module before ...)
 	NOTE: Asked maintainer whether turba2 is affected as well
-	- turba (unfixed; bug filed)
+	- turba (unfixed; bug #307179)
 CAN-2005-1314 (Cross-site scripting (XSS) vulnerability in Horde Kronolith module ...)
-	- kronolith (unfixed; bug pending)
+	- kronolith (unfixed; bug #307170)
 CAN-2005-1313 (Cross-site scripting (XSS) vulnerability in Horde Passwd module before ...)
 	- sork-passwd 2.2.2-1
 CAN-2005-1312 (PHP remote code injection vulnerability in Yappa-NG before 2.3.2 ...)
@@ -141,7 +141,7 @@
 CAN-2005-1295 (include.cgi script allows remote attackers to read arbitrary files via ...)
 	NOTE: not-for-us (include.cgi)
 CAN-2005-1294 (The affix_sock_register in the Affix Bluetooth Protocol Stack for ...)
-	- affix-kernel (unfixed; bug pending)
+	- affix-kernel (unfixed; bug #307167)
 CAN-2005-1293 (Multiple SQL injection vulnerabilities in default.asp in StorePortal ...)
 	NOTE: not-for-us (StorePortal)
 CAN-2005-1292 (Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ ASP ...)
@@ -778,9 +778,9 @@
 CAN-2005-1064 (The copy_symlink function in rsnapshot 1.2.0 and 1.1.x before 1.1.7 ...)
 	- rsnapshot 1.2.1-1 
 CAN-2005-1063 (The administration protocol for Kerio WinRoute Firewall 6.x up to ...)
-	TODO: check
+	NOTE: not-for-us (Kerio)
 CAN-2005-1062 (The administration protocol for Kerio WinRoute Firewall 6.x up to ...)
-	TODO: check
+	NOTE: not-for-us (Kerio)
 CAN-2005-1061 (The secure script in LogWatch before 2.6-2 allows attackers to prevent ...)
 	TODO: check
 CAN-2005-1060 (Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in ...)