[Secure-testing-commits] r966 - sarge-checks/CAN

Moritz Muehlenhoff jmm-guest@costa.debian.org
Tue, 03 May 2005 10:13:18 +0000 

Author: jmm-guest
Date: 2005-05-03 10:13:10 +0000 (Tue, 03 May 2005)
New Revision: 966

Modified:
   sarge-checks/CAN/list
Log:
Lots of not-for-us.
squid already fixed long ago.


Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-05-03 09:48:05 UTC (rev 965)
+++ sarge-checks/CAN/list	2005-05-03 10:13:10 UTC (rev 966)
@@ -1,62 +1,61 @@
-begin claimed by jmm
 CAN-2005-1398 (phpcart.php in PHPCart 3.2 allows remote attackers to change product ...)
-	TODO: check
+	NOTE: not-for-us (PHPCart)
 CAN-2005-1397 (SQL injection vulnerability in search.php for PHP-Calendar before ...)
-	TODO: check
+	NOTE: not-for-us (PHPCalender)
 CAN-2005-1396 (Race condition in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier allows ...)
-	TODO: check
+	NOTE: not-for-us (ARPUS Ceterm)
 CAN-2005-1395 (Buffer overflow in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier may ...)
-	TODO: check
+	NOTE: not-for-us (ARPUS Ceterm)
 CAN-2005-1394 (Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 ...)
-	TODO: check
+	NOTE: not-for-us (ArcGIS)
 CAN-2005-1393 (Multiple buffer overflows in ArcGIS for ESRI ArcInfo Workstation 9.0 ...)
-	TODO: check
+	NOTE: not-for-us (ArcGIS)
 CAN-2005-1392 (The SQL install script in phpMyAdmin 2.6.2 is created with ...)
 	TODO: check
 CAN-2005-1391 (Buffer overflow in the add_port function in APSIS Pound 1.8.2 and ...)
 	TODO: check
 CAN-2005-1390 (Squid before 2.5.STABLE7, when using persistent connections, allows ...)
-	TODO: check
+	- squid 2.5.8-1
 CAN-2005-1389 (HTTP response splitting vulnerability in Squid before 2.5.STABLE7, ...)
-	TODO: check
+	- squid 2.5.8-1
 CAN-2005-1388 (Cross-site scripting (XSS) vulnerability in SURVIVOR before 0.9.6 ...)
-	TODO: check
+	NOTE: not-for-us (SURVIVOR)
 CAN-2005-1387 (Cocktail 3.5.4 and possibly earlier in Mac OS X passes the ...)
-	TODO: check
+	NOTE: not-for-us (Mac OS X)
 CAN-2005-1386 (PHP-Nuke 7.6 and earlier allows remote attackers to obtain sensitive ...)
-	TODO: check
+	NOTE: not-for-us (PHP-Nuke)
 CAN-2005-1385 (Safari 1.3 allows remote attackers to cause a denial of service ...)
-	TODO: check
+	NOTE: not-for-us (Safari)
 CAN-2005-1384 (Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote ...)
-	TODO: check
+	NOTE: not-for-us (phpCoin)
 CAN-2005-1383 (The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled, ...)
-	TODO: check
+	NOTE: not-for-us (Oracle)
 CAN-2005-1382 (The webcacheadmin module in Oracle Webcache 9i allows remote attackers ...)
-	TODO: check
+	NOTE: not-for-us (Oracle)
 CAN-2005-1381 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle Webcache ...)
-	TODO: check
+	NOTE: not-for-us (Oracle)
 CAN-2005-1380 (Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 ...)
-	TODO: check
+	NOTE: not-for-us (BEA Weblogic)
 CAN-2005-1379 (The LAM runtime environment package (lam-runtime-7.0.6-2mdk) on ...)
 	TODO: check
 CAN-2005-1378 (SQL injection vulnerability in posting_notes.php in the notes module ...)
 	TODO: check
 CAN-2005-1377 (Multiple PHP remote code injection vulnerabilities in Claroline 1.5.3 ...)
-	TODO: check
+	NOTE: not-for-us (Claroline)
 CAN-2005-1376 (Multiple directory traversal vulnerabilities in (1) document.php or ...)
-	TODO: check
+	NOTE: not-for-us (Claroline)
 CAN-2005-1375 (Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 ...)
-	TODO: check
+	NOTE: not-for-us (Claroline)
 CAN-2005-1374 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 ...)
-	TODO: check
+	NOTE: not-for-us (Claroline)
 CAN-2005-1373 (Multiple SQL injection vulnerabilities in index.php in Dream4 Koobi ...)
-	TODO: check
+	NOTE: not-for-us (Koobi CMS)
 CAN-2005-1372 (nvstatsmngr.exe process in BakBone NetVault 7.1 does not properly drop ...)
-	TODO: check
+	NOTE: not-for-us (NetVault)
 CAN-2005-1371 (BPFTPServer service in BulletProof FTP Server 2.4.0.31 does not ...)
-	TODO: check
+	NOTE: not-for-us (NetVault)
 CAN-2005-1370 (Unknown vulnerability in Radia Management Agent (RMA) in HP OpenView ...)
-	TODO: check
+	NOTE: not-for-us (HO OpenView)
 CAN-2005-1369 (The (1) it87 and (2) via686a drivers in I2C for Linux 2.6.x before ...)
 	TODO: check
 CAN-2005-1368 (The key_user_lookup function in security/keys/key.c in Linux kernel ...)
@@ -67,7 +66,6 @@
 	NOTE: reserved
 CAN-2005-1365
 	NOTE: reserved
-end claimed by jmm
 CAN-2005-XXXX [Insecure mailbox generation in passwd's useradd
 	- shadow (unfixed; bug #307259)
 CAN-2005-XXXX [Insecure tempfile generation in shadow's vipw]