[Secure-testing-commits] r1094 - sarge-checks/CAN

Moritz Muehlenhoff jmm-guest@costa.debian.org
Wed, 18 May 2005 14:43:41 +0000


Author: jmm-guest
Date: 2005-05-18 14:43:38 +0000 (Wed, 18 May 2005)
New Revision: 1094

Modified:
   sarge-checks/CAN/list
Log:
processed my block.


Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-05-18 13:59:05 UTC (rev 1093)
+++ sarge-checks/CAN/list	2005-05-18 14:43:38 UTC (rev 1094)
@@ -1,60 +1,62 @@
-begin claimed by jmm
 CAN-2005-1653 (Cross-site scripting (XSS) vulnerability in message.htm for Woppoware ...)
-	TODO: check
+	NOTE: not-for-us (Woppoware)
 CAN-2005-1652 (message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote ...)
-	TODO: check
+	NOTE: not-for-us (Woppoware)
 CAN-2005-1651 (Directory traversal vulnerability in message.htm for Woppoware ...)
-	TODO: check
+	NOTE: not-for-us (Woppoware)
 CAN-2005-1650 (The web mail service in Woppoware PostMaster 4.2.2 (build 3.2.5) ...)
-	TODO: check
+	NOTE: not-for-us (Woppoware)
 CAN-2005-1649 (The IpV6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, ...)
-	TODO: check
+	NOTE: not-for-us (Windows)
 CAN-2005-1648 (Gurgens (GASoft) Ultimate Forum 1.0 stores the db/Genid.dat database ...)
-	TODO: check
+	NOTE: not-for-us (GASoft)
 CAN-2005-1647 (Gurgens (GASoft) Guest Book 2.1 stores the db/Genid.dat database file ...)
-	TODO: check
+	NOTE: not-for-us (GASoft)
 CAN-2005-1646 (The default installation of Fastream NETFile FTP/Web Server 7.4.6, ...)
-	TODO: check
+	NOTE: not-for-us (Fastream NETFile)
 CAN-2005-1645 (Keyvan1 ImageGallery stores the image.mdb database under the web ...)
-	TODO: check
+	NOTE: not-for-us (Keyvan1 Gallery)
 CAN-2005-1644 (Cross-site scripting (XSS) vulnerability in guestbook.php for 1Two ...)
-	TODO: check
+	NOTE: not-for-us (Livre d'Or)
 CAN-2005-1643 (The ZCom_BitStream::Deserialize function in Zoidcom 1.0 beta 4 and ...)
-	TODO: check
+	NOTE: not-for-us (Zoidcom)
 CAN-2005-1642 (SQL injection vulnerability in the verify_email function in Woltlab ...)
-	TODO: check
+	NOTE: not-for-us (Woltlab Burning Board)
 CAN-2005-1641 (mod_channel in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and ...)
-	TODO: check
+	NOTE: not-for-us (Ignition Project)
 CAN-2005-1640 (mod_channel.bas in The Ignition Project ignitionServer 0.3.0 to 0.3.6, ...)
-	TODO: check
+	NOTE: not-for-us (Ignition Project)
 CAN-2005-1639 (SQL injection vulnerability in Sigmaweb.DLL in Sigma ISP Manager 6.6 ...)
-	TODO: check
+	NOTE: not-for-us (Sigma)
 CAN-2005-1638 (The _writeAttrs function in SafeHTML before 1.3.2 does not properly ...)
-	TODO: check
+	NOTE: not-for-us (SafeHTML)
 CAN-2005-1637 (Multiple SQL injection vulnerabilities in NPDS 4.8 and 5.0 allow ...)
-	TODO: check
+	NOTE: not-for-us (NPDS)
 CAN-2005-1636 (mysql_install_db in MySQL 4.x before 4.0.12 and 5.x up to 5.0.4 ...)
-	TODO: check
+	TODO: mysql-dfsg-4.1 should be already be fixed as well, double check
+	- mysql-dfsg 4.0.12-2
 CAN-2005-1635 (JGS-XA JGS-Portal 3.0.2 and earlier allows remote attackers to obtain ...)
-	TODO: check
+	NOTE: not-for-us (JGS-Portal)
 CAN-2005-1634 (Multiple cross-site scripting (XSS) vulnerabilities in JGS-XA ...)
-	TODO: check
+	NOTE: not-for-us (JGS-Portal)
 CAN-2005-1633 (Multiple SQL injection vulnerabilities in JGS-XA JGS-Portal 3.0.2 and ...)
-	TODO: check
+	NOTE: not-for-us (JGS-Portal)
 CAN-2005-1632 (Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules ...)
-	TODO: check
+	- cheetah (unfixed; bug filed)
 CAN-2005-1631 (booby.php in Booby 1.0.0 and earlier allows remote attackers to view ...)
-	TODO: check
+	NOTE: not-for-us (Booby)
 CAN-2005-1630 (Unknown vulnerability in Attachment Mod before 2.3.13, related to a ...)
-	TODO: check
+	NOTE: not-for-us (phpbb attachment mod)
 CAN-2005-1629 (SQL injection vulnerability in member.php for Photopost PHP Pro allows ...)
-	TODO: check
+	NOTE: not-for-us (Photopost)
 CAN-2005-1628 (WebAPP apage.cgi allows remote attackers to execute arbitrary commands ...)
-	TODO: check
+	NOTE: not-for-us (WebAPP)
 CAN-2005-1627 (Unknown vulnerability in Viewglob before 2.0.1, related to "a ...)
-	TODO: check
+	NOTE: The reporter of the supposed vulnerability is the Debian maintainer; I've
+	NOTE: send him mail wrt his plans for this fix
+	TODO: Recheck with maintainer
 CAN-2005-1626 (Multiple buffer overflows in handlers.c for Pico Server (pServ) before ...)
-	TODO: check
+	NOTE: not-for-us (Pico Server)
 CAN-2005-1625
 	NOTE: reserved
 CAN-2005-1624
@@ -62,20 +64,19 @@
 CAN-2005-1623
 	NOTE: reserved
 CAN-2005-1622 (Cross-site scripting (XSS) vulnerability in productsByCategory.asp in ...)
-	TODO: check
+	NOTE: not-for-us (MetaCart)
 CAN-2005-1621 (Directory traversal vulnerability in the pnModFunc function in ...)
-	TODO: check
+	NOTE: not-for-us (Postnuke mod)
 CAN-2005-1620 (Cross-site scripting (XSS) vulnerability in Skull-Splitter Guestbook ...)
-	TODO: check
+	NOTE: not-for-us (Skull-Splitter Guestbook)
 CAN-2005-1619 (Multiple Cross-site scripting (XSS) vulnerabilities in (1) ...)
-	TODO: check
+	NOTE: not-for-us (PHPMyChat)
 CAN-2005-1618 (The YMSGR URL handler in Yahoo! Messenger 5.x through 6.0 allows ...)
-	TODO: check
+	NOTE: not-for-us (Yahoo Messenger)
 CAN-2005-1617 (Willings WebCam and WebCam Lite 2.8 and earlier stores the password in ...)
-	TODO: check
+	NOTE: not-for-us (Willings WebCAM)
 CAN-2005-1616 (viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows ...)
-	TODO: check
-end claimed by jmm
+	NOTE: not-for-us (Ultimate PHP Board)
 CAN-2005-1615 (viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 may allow ...)
 	TODO: check
 CAN-2005-1614 (Cross-site scripting (XSS) vulnerability in viewforum.php in Ultimate ...)