[Secure-testing-commits] r1149 - sarge-checks/CAN

Moritz Muehlenhoff jmm-guest@costa.debian.org
Wed, 25 May 2005 11:03:28 +0000


Author: jmm-guest
Date: 2005-05-25 11:03:25 +0000 (Wed, 25 May 2005)
New Revision: 1149

Modified:
   sarge-checks/CAN/list
Log:
processed block
picasm and wordpress CANified
claim new block


Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-05-25 09:40:10 UTC (rev 1148)
+++ sarge-checks/CAN/list	2005-05-25 11:03:25 UTC (rev 1149)
@@ -93,31 +93,31 @@
 	- gdb (unfixed)
 CAN-2005-1704 (Integer overflow in the BFD library for gdb before 6.3 allows ...)
 	- gdb (unfixed; bug #308624)
-begin claimed by jmm
 CAN-2005-1703 (Warrior Kings: Battles 1.23 and earlier allows remote attackers to ...)
-	TODO: check
+	NOTE: not-for-us (Warrior Kings: Battles)
 CAN-2005-1702 (Format string vulnerability in Warrior Kings: Battles 1.23 and earlier ...)
-	TODO: check
+	NOTE: not-for-us (Warrior Kings: Battles)
 CAN-2005-1701 (SQL injection vulnerability in PortailPHP 1.3 allows remote attackers ...)
-	TODO: check
+	NOTE: not-for-us (PortailPHP)
 CAN-2005-1700 (SQL injection vulnerability in pnadmin.php in the Xanthia module in ...)
-	TODO: check
+	NOTE: not-for-us (PostNuke)
 CAN-2005-1699 (Directory traversal vulnerability in pnadminapi.php in the Xanthia ...)
-	TODO: check
+	NOTE: not-for-us (PostNuke)
 CAN-2005-1698 (PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain ...)
-	TODO: check
+	NOTE: not-for-us (PostNuke)
 CAN-2005-1697 (The RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allows remote ...)
-	TODO: check
+	NOTE: not-for-us (PostNuke)
 CAN-2005-1696 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.750 ...)
-	TODO: check
+	NOTE: not-for-us (PostNuke)
 CAN-2005-1695 (Multiple cross-site scripting (XSS) vulnerabilities in the RSS module ...)
-	TODO: check
+	NOTE: not-for-us (PostNuke)
 CAN-2005-1694 (Multiple SQL injection vulnerabilities in Xanthia.php in the Xanthia ...)
-	TODO: check
+	NOTE: not-for-us (PostNuke)
 CAN-2005-1693 (Integer overflow in Computer Associates Vet Antivirus library, as used ...)
-	TODO: check
+	NOTE: not-for-us (CA Antivirus)
 CAN-2005-1692 (Format string vulnerability in gxine 0.41 through 0.44 allows remote ...)
-	TODO: check
+	NOTE: Not in sarge due to RC bugs
+	- gxine (unfixed)
 CAN-2005-1691
 	NOTE: reserved
 CAN-2005-1690
@@ -125,92 +125,95 @@
 CAN-2005-1689
 	NOTE: reserved
 CAN-2005-1688 (Wordpress 1.5 and earlier allow remote attackers to obtain sensitive ...)
-	TODO: check
+	NOTE: Removed from Sarge due to intransparent handling of security issues by upstream
+	- wordpress 1.5.1-1
 CAN-2005-1687 (SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and ...)
-	TODO: check
+	NOTE: Removed from Sarge due to intransparent handling of security issues by upstream
+	- wordpress 1.5.1-1
 CAN-2005-1686 (Format string vulnerability in gedit 2.10.2 may allow attackers to ...)
-	TODO: check
+	TODO: Affects experimental, check whether 2.8 from Sarge/sid is affected as well
+	- gedit (unfixed)
 CAN-2005-1685 (episodex guestbook allows remote attackers to bypass authentication ...)
-	TODO: check
+	NOTE: not-for-us (episodex)
 CAN-2005-1684 (Cross-site scripting (XSS) vulnerability in default.asp for episodex ...)
-	TODO: check
+	NOTE: not-for-us (episodex)
 CAN-2005-1683 (Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft ...)
-	TODO: check
+	NOTE: not-for-us (Microsoft)
 CAN-2005-1682 (JavaMail API, as used by Solstice Internet Mail Server POP3 2.0, does ...)
-	TODO: check
+	NOTE: not-for-us (Solstice Internet Mail Server)
 CAN-2005-1681 (PHP remote code injection vulnerability in common.php in phpATM 1.21, ...)
-	TODO: check
+	NOTE: not-for-us (phpATM)
 CAN-2005-1680 (D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when ...)
-	TODO: check
+	NOTE: not-for-us (D-Link hardware)
 CAN-2005-1679 (Stack-based buffer overflow in the error directive in picasm 1.12b and ...)
-	TODO: check
+	- picasm 1.12c-1
 CAN-2005-1678 (Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, ...)
-	TODO: check
+	NOTE: not-for-us (Groove)
 CAN-2005-1677 (Unknown vulnerability in Groove Virtual Office before 3.1 build 2338, ...)
-	TODO: check
+	NOTE: not-for-us (Groove)
 CAN-2005-1676 (Multiple cross-site scripting (XSS) vulnerabilities in Groove Mobile ...)
-	TODO: check
+	NOTE: not-for-us (Groove)
 CAN-2005-1675 (Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, ...)
-	TODO: check
+	NOTE: not-for-us (Groove)
 CAN-2005-1674 (Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live ...)
-	TODO: check
+	NOTE: not-for-us (Help Center Live)
 CAN-2005-1673 (Multiple SQL injection vulnerabilities in Help Center Live allow ...)
-	TODO: check
+	NOTE: not-for-us (Help Center Live)
 CAN-2005-1672 (Multiple cross-site scripting (XSS) vulnerabilities in Help Center ...)
-	TODO: check
+	NOTE: not-for-us (Help Center Live)
 CAN-2005-1671 (The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be ...)
-	TODO: check
+	NOTE: not-for-us (Yahoo Messenger)
 CAN-2005-1670 (Unknown vulnerability in Extreme BlackDiamond 10808 and 8800 switches ...)
-	TODO: check
+	NOTE: not-for-us (Extreme BlackDiamond hardware)
 CAN-2005-1669
 	NOTE: reserved
 CAN-2005-1668 (YusASP Web Asset Manager 1.0 allows remote attackers to gain ...)
-	TODO: check
+	NOTE: not-for-us (YusASP Web Asset Manager)
 CAN-2005-1667 (DataTrac Activity Console 1.1 allows remote attackers to cause a ...)
-	TODO: check
+	NOTE: not-for-us (DataTrac Activity Console)
 CAN-2005-1666 (Multiple buffer overflows in Orenosv HTTP/FTP Server 0.8.1 allow ...)
-	TODO: check
+	NOTE: not-for-us (Orenosv)
 CAN-2005-1665 (The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not ...)
-	TODO: check
+	NOTE: not-for-us (Microsoft)
 CAN-2005-1664 (The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote ...)
-	TODO: check
+	NOTE: not-for-us (Microsoft)
 CAN-2005-1663 (Jeuce Personal Web Server 2.13 allows remote attackers to cause a ...)
-	TODO: check
+	NOTE: not-for-us (Jeuce Personal Web Server)
 CAN-2005-1662 (Directory traversal vulnerability in Jeuce Personal Web Server 2.13 ...)
-	TODO: check
+	NOTE: not-for-us (Jeuce Personal Web Server)
 CAN-2005-1661 (Jeuce Personal Webserver 2.13 allows remote attackers to cause a ...)
-	TODO: check
+	NOTE: not-for-us (Jeuce Personal Web Server)
 CAN-2005-1660 (HTMLJunction EZGuestbook stores the guestbook.mdb file under the web ...)
-	TODO: check
+	NOTE: not-for-us (EZGuestbook)
 CAN-2005-1659 (Cross-site scripting (XSS) vulnerability in filemanager.cpp in ...)
-	TODO: check
+	NOTE: not-for-us (MyServer)
 CAN-2005-1658 (Directory traversal vulnerability in filemanager.cpp in MyServer 0.8 ...)
-	TODO: check
+	NOTE: not-for-us (MyServer)
 CAN-2005-1657 (Multiple directory traversal vulnerabilities in Mercur Messaging 2005 ...)
-	TODO: check
+	NOTE: not-for-us (Mercur Messaging)
 CAN-2005-1656 (Mercur Messaging 2005 SP2 allows remote attackers to read the source ...)
-	TODO: check
+	NOTE: not-for-us (Mercur Messaging)
 CAN-2005-1655 (AOL Instant Messenger 5.5.x and earlier allows remote attackers to ...)
-	TODO: check
+	NOTE: not-for-us (AOL Instant Messenger)
 CAN-2005-1654 (Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers ...)
-	TODO: check
+	NOTE: not-for-us (Hosting Controller)
 CAN-2004-2093 (Buffer overflow in the open_socket_out function in socket.c for rsync ...)
-	TODO: check
+	- rsync 2.6.1-1
 CAN-2004-2092 (eTrust InoculateIT for Linux 6.0 uses insecure permissions for ...)
-	TODO: check
+	NOTE: not-for-us (InoculateIT)
 CAN-2004-2091 (Microsoft Baseline Security Analyzer (MBSA) 1.2 does not correctly ...)
-	TODO: check
+	NOTE: not-for-us (Microsoft)
 CAN-2004-2090 (Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers ...)
-	TODO: check
+	NOTE: not-for-us (Microsoft)
 CAN-2004-2089 (Matrix FTP Server allows remote attackers to cause a denial of service ...)
-	TODO: check
+	NOTE: not-for-us (Matrix FTP Server)
 CAN-2004-2088 (Sophos Anti-Virus 3.78 allows remote attackers to bypass virus ...)
-	TODO: check
+	NOTE: not-for-us (Sophos)
 CAN-2004-2087 (Unknown vulnerability in SandSurfer before 1.7.0 allows remote ...)
-	TODO: check
+	NOTE: not-for-us (SandSurfer)
 CAN-2004-2086 (Stack-based buffer overflow in results.stm for Sambar Server before ...)
-	TODO: check
-end claimed by jmm
+	NOTE: not-for-us (Sambar)
+begin claimed by jmm
 CAN-2004-2085 (Multiple cross-site scripting (XSS) vulnerabilities in Brad Fears ...)
 	TODO: check
 CAN-2004-2084 (Cross-site scripting (XSS) vulnerability in search.php in JShop ...)
@@ -271,14 +274,13 @@
 	TODO: check
 CAN-2000-1224 (Caucho Technology Resin 1.2 and possibly earlier allows remote ...)
 	TODO: check
+end claimed by jmm
 CAN-2005-XXXX [Two DoS condition in ekg]
 	- ekg 1:1.5+20050411-3
 CAN-2005-XXXX [lcrash affected by libbfd integer overflows]
 	- lcrash 7.0.0.pre.cvs.20050322-3
 CAN-2005-XXXX [Multiple security problems in lbreakout2]
 	- lbreakout2 2.5.2-2
-CAN-2005-XXXX [Buffer overflows in picasm's code for generating error messages]
-	- picasm 1.12c-1
 CAN-2005-XXXX [mailutils multiple vulnerabilities]
 	- mailutils 1:0.6.1-3
 CAN-2005-1653 (Cross-site scripting (XSS) vulnerability in message.htm for Woppoware ...)
@@ -588,9 +590,6 @@
 CAN-2005-XXXX [unrar: opens /tmp/debug_unrar.txt]
 	NOTE: Source package has been renamed from unrar to unrar-free
 	- unrar-free 1:0.0.1-2
-CAN-2005-XXXX [wordpress: unknown security hole]
-	NOTE: Removed from Sarge due to intransparent handling of security issues by upstream
-	- wordpress 1.5.1-1
 CAN-2005-1512 (The Admin panel in PwsPHP 1.2.2 does not properly verify uploaded ...)
 	NOTE: not-for-us (PwsPHP)
 CAN-2005-1511 (PwsPHP 1.2.2 allows remote attackers to bypass authentication and post ...)