[Secure-testing-commits] r983 - sarge-checks/CAN

Moritz Muehlenhoff jmm-guest@costa.debian.org
Wed, 04 May 2005 09:32:51 +0000 

Author: jmm-guest
Date: 2005-05-04 09:32:48 +0000 (Wed, 04 May 2005)
New Revision: 983

Modified:
   sarge-checks/CAN/list
Log:
openwebmail has been removed from sid
Lots of not-for-us
claim new


Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-05-04 09:23:22 UTC (rev 982)
+++ sarge-checks/CAN/list	2005-05-04 09:32:48 UTC (rev 983)
@@ -1,53 +1,52 @@
 CAN-2005-XXXX [Unspeficied security issue in ipsec-tool's single DES support]
 	- ipsec-tools 0.5.2-1
-begin claimed by jmm
 CAN-2005-1452 (Serendipity before 0.8 allows Chief users to "hide plugins installed ...)
-	TODO: check
+	NOTE: not-for-us (Serendipity)
 CAN-2005-1451 (The media manager in Serendipity before 0.8 allows remote attackers to ...)
-	TODO: check
+	NOTE: not-for-us (Serendipity)
 CAN-2005-1450 (Unknown vulnerability in "the function used to validate path-names for ...)
-	TODO: check
+	NOTE: not-for-us (Serendipity)
 CAN-2005-1449 (Unknown vulnerability in serendipity_config_local.inc.php for ...)
-	TODO: check
+	NOTE: not-for-us (Serendipity)
 CAN-2005-1448 (Cross-site scripting (XSS) vulnerability in the BBCode plugin for ...)
-	TODO: check
+	NOTE: not-for-us (Serendipity)
 CAN-2005-1447 (PHP remote code injection vulnerability in main.php in SitePanel 2.6.1 ...)
-	TODO: check
+	NOTE: not-for-us (SitePanel)
 CAN-2005-1446 (SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to ...)
-	TODO: check
+	NOTE: not-for-us (SitePanel)
 CAN-2005-1445 (Multiple directory traversal vulnerabilities in SitePanel 2.6.1 and ...)
-	TODO: check
+	NOTE: not-for-us (SitePanel)
 CAN-2005-1444 (Multiple cross-site scripting (XSS) vulnerabilities in SitePanel 2.6.1 ...)
-	TODO: check
+	NOTE: not-for-us (SitePanel)
 CAN-2005-1443 (Multiple cross-site scripting (XSS) vulnerabilities in index.php for ...)
-	TODO: check
+	NOTE: not-for-us (Invision Power Board)
 CAN-2005-1442 (Buffer overflow in the Lotus Notes client for Domino 6.5 before 6.5.4 ...)
-	TODO: check
+	NOTE: not-for-us (Lotus Domino)
 CAN-2005-1441 (Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and ...)
-	TODO: check
+	NOTE: not-for-us (Lotus Domino)
 CAN-2005-1440 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop ...)
-	TODO: check
+	NOTE: not-for-us (ViArt Shop)
 CAN-2005-1439 (Directory traversal vulnerability in attachments.php in osTicket ...)
-	TODO: check
+	NOTE: not-for-us (osTicket)
 CAN-2005-1438 (PHP remote code injection vulnerability in main.php in osTicket allows ...)
-	TODO: check
+	NOTE: not-for-us (osTicket)
 CAN-2005-1437 (Multiple SQL injection vulnerabilities in osTicket allow remote ...)
-	TODO: check
+	NOTE: not-for-us (osTicket)
 CAN-2005-1436 (Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow ...)
-	TODO: check
+	NOTE: not-for-us (osTicket)
 CAN-2005-1435 (Open WebMail (OWM) before 2.51 20050430 allows remote authenticated ...)
-	TODO: check
+	NOTE: Was once part of Debian, but has been removed
 CAN-2005-1434 (Multiple unknown vulnerabilities in OpenView Network Node Manager (OV ...)
-	TODO: check
+	NOTE: not-for-us (HP OpenView)
 CAN-2005-1433 (Multiple unknown vulnjerabilities HP OpenView Event Correlation ...)
-	TODO: check
+	NOTE: not-for-us (HP OpenView)
 CAN-2005-1432
 	NOTE: reserved
 CAN-2005-1431 (The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before ...)
 	TODO: check
 CAN-2005-1430 (Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo ...)
-	TODO: check
-end claimed by jmm
+	NOTE: not-for-us (Mac OS X)
+begin claimed by jmm
 CAN-2005-1429 (SQL injection vulnerability in login.asp in WWWguestbook 1.1 allows ...)
 	TODO: check
 CAN-2005-1428 (edit_image.asp in Uapplication Uphotogallery allows remote attackers ...)
@@ -114,6 +113,7 @@
 	TODO: check
 CAN-2004-1777 (A "range check error" in Skype for Windows before 0.98.0.28 allows ...)
 	TODO: check
+end claimed by jmm
 CAN-2005-1398 (phpcart.php in PHPCart 3.2 allows remote attackers to change product ...)
 	NOTE: not-for-us (PHPCart)
 CAN-2005-1397 (SQL injection vulnerability in search.php for PHP-Calendar before ...)
@@ -174,7 +174,7 @@
 CAN-2005-1371 (BPFTPServer service in BulletProof FTP Server 2.4.0.31 does not ...)
 	NOTE: not-for-us (NetVault)
 CAN-2005-1370 (Unknown vulnerability in Radia Management Agent (RMA) in HP OpenView ...)
-	NOTE: not-for-us (HO OpenView)
+	NOTE: not-for-us (HP OpenView)
 CAN-2005-1369 (The (1) it87 and (2) via686a drivers in I2C for Linux 2.6.x before ...)
 	- kernel-source-2.6.8 (unfixed; bug #307552)
 CAN-2005-1368 (The key_user_lookup function in security/keys/key.c in Linux kernel ...)
@@ -1184,8 +1184,7 @@
 CAN-2005-0967 (Gaim 1.2.0 allows remote attackers to cause a denial of service ...)
 	- gaim 1.2.1-1
 CAN-2005-XXXX [Insecure tempfile handling in openwebmail CGI scripts]
-	NOTE: Not in testing, only sid; scheduled for removal, see bug# below for tracking
-	- openwebmail (unfixed; bug #301561)
+	NOTE: Was once part of Debian, but has been removed
 CAN-2005-0966 gaim my be crashed remotely
 	- gaim 1:1.2.1-1
 CAN-2005-0965 gaim my be crashed remotely