[Secure-testing-commits] r1076 - sarge-checks/CAN
Joey Hess
joeyh@costa.debian.org
Mon, 16 May 2005 23:37:19 +0000
Author: joeyh
Date: 2005-05-16 23:37:16 +0000 (Mon, 16 May 2005)
New Revision: 1076
Modified:
sarge-checks/CAN/list
Log:
process and claim
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-05-16 22:52:44 UTC (rev 1075)
+++ sarge-checks/CAN/list 2005-05-16 23:37:16 UTC (rev 1076)
@@ -1,75 +1,75 @@
CAN-2005-1589
NOTE: reserved
-begin claimed by joeyh
CAN-2005-1588 (SQL injection vulnerability in index.php for Quick.cart 0.3.0 allows ...)
- TODO: check
+ NOTE: not-for-us (Quick.cart)
CAN-2005-1587 (Cross-site scripting (XSS) vulnerability in index.php for Quick.cart ...)
- TODO: check
+ NOTE: not-for-us (Quick.cart)
CAN-2005-1586 (Quick.Forum 2.1.6 stores potentially sensitive information such as ...)
- TODO: check
+ NOTE: not-for-us (Quick.Forum)
CAN-2005-1585 (Multiple SQL injection vulnerabilities in Quick.Forum 2.1.6 allow ...)
- TODO: check
+ NOTE: not-for-us (Quick.Forum)
CAN-2005-1584 (Cross-site scripting (XSS) vulnerability in index.php for Quick.Forum ...)
- TODO: check
+ NOTE: not-for-us (Quick.Forum)
CAN-2005-1583 (1Two News 1.0 allows remote attackers to (1) delete images for new ...)
- TODO: check
+ NOTE: not-for-us (1Two News)
CAN-2005-1582 (Cross-site scripting (XSS) vulnerability in index.php for 1Two News ...)
- TODO: check
+ NOTE: not-for-us (1Two News)
CAN-2005-1581 (Cross-site scripting (XSS) vulnerability in Bug Report 1.0 allows ...)
- TODO: check
+ NOTE: not-for-us (bug_list.php
CAN-2005-1580 (users.ini.php in BoastMachine 3.0 does not properly restrict the types ...)
- TODO: check
+ NOTE: not-for-us (BoastMachine)
CAN-2005-1579 (Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote attackers to ...)
- TODO: check
+ NOTE: not-for-us (Apple)
CAN-2005-1578 (EnCase Forensic Edition 4.18a does not support Device Configuration ...)
- TODO: check
+ NOTE: not-for-us (EnCase)
CAN-2005-1577 (APG Technology ClassMaster does not properly restrict access to ...)
- TODO: check
+ NOTE: not-for-us (APG Classmaster)
CAN-2005-1576 (The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows ...)
- TODO: check
+ NOTE: appears windows specific
CAN-2005-1575 (The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows ...)
- TODO: check
+ NOTE: appears windows specific
CAN-2005-1574 (Windows Media Player 9 and 10, in certain cases, allows content ...)
- TODO: check
+ NOTE: not-for-us (Windows)
CAN-2005-1573 (SQL injection vulnerability in admin_login.asp for ASP Virtual News ...)
- TODO: check
+ NOTE: not-for-us (ASP Virtual News Manager)
CAN-2005-1572 (ShowOff! 1.5.4 allows remote attackers to cause a denial of service ...)
- TODO: check
+ NOTE: not-for-us (ShowOff)
CAN-2005-1571 (Multiple directory traversal vulnerabilities in ShowOff! 1.5.4 allow ...)
- TODO: check
+ NOTE: not-for-us (ShowOff)
CAN-2005-1570 (forum.asp in bttlxeForum 2.0 allows remote attackers to obtain full ...)
- TODO: check
+ NOTE: for-for-us (bttlxeForum)
CAN-2005-1569 (Cross-site scripting (XSS) vulnerability in DirectTopics 2.1 and 2.2 ...)
- TODO: check
+ NOTE: not-for-us (DirectTopics)
CAN-2005-1568 (topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to ...)
- TODO: check
+ NOTE: not-for-us (DirectTopics)
CAN-2005-1567 (SQL injection vulnerability in topic.php in DirectTopics 2.1 and 2.2 ...)
- TODO: check
+ NOTE: not-for-us (DirectTopics)
CAN-2005-1566 (Acrowave AAP-3100AR wireless router allows remote attackers to bypass ...)
- TODO: check
+ NOTE: not-for-us (Acrowave AAP-3100AR wireless router)
CAN-2005-1565 (Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is ...)
- TODO: check
+ - bugzilla (unfixed; bug #308789)
+ NOTE: only affects sid
CAN-2005-1564 (post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows ...)
- TODO: check
+ - bugzilla (unfixed; bug #308787)
CAN-2005-1563 (Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different ...)
- TODO: check
+ - bugzilla (unfixed; bug #308787)
CAN-2005-1562 (Multiple SQL injection vulnerabilities in MaxWebPortal 1.3.5 and ...)
- TODO: check
+ NOTE: not-for-us (MaxWebPortal)
CAN-2005-1561 (Multiple cross-site scripting (XSS) vulnerabilities in post.asp in ...)
- TODO: check
+ NOTE: not-for-us (MaxWebPortal)
CAN-2005-1560 (The SSH module in Neteyes Nexusway allows remote attackers to execute ...)
- TODO: check
+ NOTE: not-for-us (Nexusway)
CAN-2005-1559 (The web module in Neteyes Nexusway allows remote attackers to execute ...)
- TODO: check
+ NOTE: not-for-us (Nexusway)
CAN-2005-1558 (The web module in Neteyes Nexusway allows remote attackers to bypass ...)
- TODO: check
+ NOTE: not-for-us (Nexusway)
CAN-2005-1557 (Multiple cross-site scripting (XSS) vulnerabilities in WebApp ...)
- TODO: check
+ NOTE: not-for-us (WebApp Guestbook PRO)
CAN-2005-1556 (Gamespy cd-key validation system allows remote attackers to cause a ...)
- TODO: check
+ NOTE: not-for-us (Gamespy cd-key validation system)
CAN-2005-1555 (Cross-site scripting (XSS) vulnerability in the JRun Web Server in ...)
- TODO: check
-end claimed by joeyh
+ NOTE: not-for-us (JRun)
+begin claimed by joeyh
CAN-2005-1554 (SQL injection vulnerability in view_user.php in WowBB 1.6, 1.61, and ...)
TODO: check
CAN-2005-1553 (GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0 uses a ...)
@@ -92,6 +92,7 @@
TODO: check
CAN-2005-1544 (Stack-based buffer overflow in libTIFF before 1.53 allows remote ...)
TODO: check
+end claimed by joeyh
CAN-2005-1543
NOTE: reserved
CAN-2005-1542
@@ -171,11 +172,6 @@
CAN-2005-XXXX [wordpress: unknown security hole]
NOTE: Removed from Sarge due to intransparent handling of security issues by upstream
- wordpress 1.5.1-1
-CAN-2005-XXXX [insecure password handling]
- - bugzilla (unfixed; bug #308789)
- NOTE: only affects sid
-CAN-2005-XXXX [Minor information leak in product handling]
- - bugzilla (unfixed; bug #308787)
CAN-2005-1512 (The Admin panel in PwsPHP 1.2.2 does not properly verify uploaded ...)
NOTE: not-for-us (PwsPHP)
CAN-2005-1511 (PwsPHP 1.2.2 allows remote attackers to bypass authentication and post ...)