[Secure-testing-commits] r1149 - sarge-checks/CAN
Moritz Muehlenhoff
jmm-guest@costa.debian.org
Wed, 25 May 2005 11:03:28 +0000
Author: jmm-guest
Date: 2005-05-25 11:03:25 +0000 (Wed, 25 May 2005)
New Revision: 1149
Modified:
sarge-checks/CAN/list
Log:
processed block
picasm and wordpress CANified
claim new block
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-05-25 09:40:10 UTC (rev 1148)
+++ sarge-checks/CAN/list 2005-05-25 11:03:25 UTC (rev 1149)
@@ -93,31 +93,31 @@
- gdb (unfixed)
CAN-2005-1704 (Integer overflow in the BFD library for gdb before 6.3 allows ...)
- gdb (unfixed; bug #308624)
-begin claimed by jmm
CAN-2005-1703 (Warrior Kings: Battles 1.23 and earlier allows remote attackers to ...)
- TODO: check
+ NOTE: not-for-us (Warrior Kings: Battles)
CAN-2005-1702 (Format string vulnerability in Warrior Kings: Battles 1.23 and earlier ...)
- TODO: check
+ NOTE: not-for-us (Warrior Kings: Battles)
CAN-2005-1701 (SQL injection vulnerability in PortailPHP 1.3 allows remote attackers ...)
- TODO: check
+ NOTE: not-for-us (PortailPHP)
CAN-2005-1700 (SQL injection vulnerability in pnadmin.php in the Xanthia module in ...)
- TODO: check
+ NOTE: not-for-us (PostNuke)
CAN-2005-1699 (Directory traversal vulnerability in pnadminapi.php in the Xanthia ...)
- TODO: check
+ NOTE: not-for-us (PostNuke)
CAN-2005-1698 (PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain ...)
- TODO: check
+ NOTE: not-for-us (PostNuke)
CAN-2005-1697 (The RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allows remote ...)
- TODO: check
+ NOTE: not-for-us (PostNuke)
CAN-2005-1696 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.750 ...)
- TODO: check
+ NOTE: not-for-us (PostNuke)
CAN-2005-1695 (Multiple cross-site scripting (XSS) vulnerabilities in the RSS module ...)
- TODO: check
+ NOTE: not-for-us (PostNuke)
CAN-2005-1694 (Multiple SQL injection vulnerabilities in Xanthia.php in the Xanthia ...)
- TODO: check
+ NOTE: not-for-us (PostNuke)
CAN-2005-1693 (Integer overflow in Computer Associates Vet Antivirus library, as used ...)
- TODO: check
+ NOTE: not-for-us (CA Antivirus)
CAN-2005-1692 (Format string vulnerability in gxine 0.41 through 0.44 allows remote ...)
- TODO: check
+ NOTE: Not in sarge due to RC bugs
+ - gxine (unfixed)
CAN-2005-1691
NOTE: reserved
CAN-2005-1690
@@ -125,92 +125,95 @@
CAN-2005-1689
NOTE: reserved
CAN-2005-1688 (Wordpress 1.5 and earlier allow remote attackers to obtain sensitive ...)
- TODO: check
+ NOTE: Removed from Sarge due to intransparent handling of security issues by upstream
+ - wordpress 1.5.1-1
CAN-2005-1687 (SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and ...)
- TODO: check
+ NOTE: Removed from Sarge due to intransparent handling of security issues by upstream
+ - wordpress 1.5.1-1
CAN-2005-1686 (Format string vulnerability in gedit 2.10.2 may allow attackers to ...)
- TODO: check
+ TODO: Affects experimental, check whether 2.8 from Sarge/sid is affected as well
+ - gedit (unfixed)
CAN-2005-1685 (episodex guestbook allows remote attackers to bypass authentication ...)
- TODO: check
+ NOTE: not-for-us (episodex)
CAN-2005-1684 (Cross-site scripting (XSS) vulnerability in default.asp for episodex ...)
- TODO: check
+ NOTE: not-for-us (episodex)
CAN-2005-1683 (Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft ...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2005-1682 (JavaMail API, as used by Solstice Internet Mail Server POP3 2.0, does ...)
- TODO: check
+ NOTE: not-for-us (Solstice Internet Mail Server)
CAN-2005-1681 (PHP remote code injection vulnerability in common.php in phpATM 1.21, ...)
- TODO: check
+ NOTE: not-for-us (phpATM)
CAN-2005-1680 (D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when ...)
- TODO: check
+ NOTE: not-for-us (D-Link hardware)
CAN-2005-1679 (Stack-based buffer overflow in the error directive in picasm 1.12b and ...)
- TODO: check
+ - picasm 1.12c-1
CAN-2005-1678 (Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, ...)
- TODO: check
+ NOTE: not-for-us (Groove)
CAN-2005-1677 (Unknown vulnerability in Groove Virtual Office before 3.1 build 2338, ...)
- TODO: check
+ NOTE: not-for-us (Groove)
CAN-2005-1676 (Multiple cross-site scripting (XSS) vulnerabilities in Groove Mobile ...)
- TODO: check
+ NOTE: not-for-us (Groove)
CAN-2005-1675 (Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, ...)
- TODO: check
+ NOTE: not-for-us (Groove)
CAN-2005-1674 (Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live ...)
- TODO: check
+ NOTE: not-for-us (Help Center Live)
CAN-2005-1673 (Multiple SQL injection vulnerabilities in Help Center Live allow ...)
- TODO: check
+ NOTE: not-for-us (Help Center Live)
CAN-2005-1672 (Multiple cross-site scripting (XSS) vulnerabilities in Help Center ...)
- TODO: check
+ NOTE: not-for-us (Help Center Live)
CAN-2005-1671 (The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be ...)
- TODO: check
+ NOTE: not-for-us (Yahoo Messenger)
CAN-2005-1670 (Unknown vulnerability in Extreme BlackDiamond 10808 and 8800 switches ...)
- TODO: check
+ NOTE: not-for-us (Extreme BlackDiamond hardware)
CAN-2005-1669
NOTE: reserved
CAN-2005-1668 (YusASP Web Asset Manager 1.0 allows remote attackers to gain ...)
- TODO: check
+ NOTE: not-for-us (YusASP Web Asset Manager)
CAN-2005-1667 (DataTrac Activity Console 1.1 allows remote attackers to cause a ...)
- TODO: check
+ NOTE: not-for-us (DataTrac Activity Console)
CAN-2005-1666 (Multiple buffer overflows in Orenosv HTTP/FTP Server 0.8.1 allow ...)
- TODO: check
+ NOTE: not-for-us (Orenosv)
CAN-2005-1665 (The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not ...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2005-1664 (The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote ...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2005-1663 (Jeuce Personal Web Server 2.13 allows remote attackers to cause a ...)
- TODO: check
+ NOTE: not-for-us (Jeuce Personal Web Server)
CAN-2005-1662 (Directory traversal vulnerability in Jeuce Personal Web Server 2.13 ...)
- TODO: check
+ NOTE: not-for-us (Jeuce Personal Web Server)
CAN-2005-1661 (Jeuce Personal Webserver 2.13 allows remote attackers to cause a ...)
- TODO: check
+ NOTE: not-for-us (Jeuce Personal Web Server)
CAN-2005-1660 (HTMLJunction EZGuestbook stores the guestbook.mdb file under the web ...)
- TODO: check
+ NOTE: not-for-us (EZGuestbook)
CAN-2005-1659 (Cross-site scripting (XSS) vulnerability in filemanager.cpp in ...)
- TODO: check
+ NOTE: not-for-us (MyServer)
CAN-2005-1658 (Directory traversal vulnerability in filemanager.cpp in MyServer 0.8 ...)
- TODO: check
+ NOTE: not-for-us (MyServer)
CAN-2005-1657 (Multiple directory traversal vulnerabilities in Mercur Messaging 2005 ...)
- TODO: check
+ NOTE: not-for-us (Mercur Messaging)
CAN-2005-1656 (Mercur Messaging 2005 SP2 allows remote attackers to read the source ...)
- TODO: check
+ NOTE: not-for-us (Mercur Messaging)
CAN-2005-1655 (AOL Instant Messenger 5.5.x and earlier allows remote attackers to ...)
- TODO: check
+ NOTE: not-for-us (AOL Instant Messenger)
CAN-2005-1654 (Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers ...)
- TODO: check
+ NOTE: not-for-us (Hosting Controller)
CAN-2004-2093 (Buffer overflow in the open_socket_out function in socket.c for rsync ...)
- TODO: check
+ - rsync 2.6.1-1
CAN-2004-2092 (eTrust InoculateIT for Linux 6.0 uses insecure permissions for ...)
- TODO: check
+ NOTE: not-for-us (InoculateIT)
CAN-2004-2091 (Microsoft Baseline Security Analyzer (MBSA) 1.2 does not correctly ...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2004-2090 (Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers ...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2004-2089 (Matrix FTP Server allows remote attackers to cause a denial of service ...)
- TODO: check
+ NOTE: not-for-us (Matrix FTP Server)
CAN-2004-2088 (Sophos Anti-Virus 3.78 allows remote attackers to bypass virus ...)
- TODO: check
+ NOTE: not-for-us (Sophos)
CAN-2004-2087 (Unknown vulnerability in SandSurfer before 1.7.0 allows remote ...)
- TODO: check
+ NOTE: not-for-us (SandSurfer)
CAN-2004-2086 (Stack-based buffer overflow in results.stm for Sambar Server before ...)
- TODO: check
-end claimed by jmm
+ NOTE: not-for-us (Sambar)
+begin claimed by jmm
CAN-2004-2085 (Multiple cross-site scripting (XSS) vulnerabilities in Brad Fears ...)
TODO: check
CAN-2004-2084 (Cross-site scripting (XSS) vulnerability in search.php in JShop ...)
@@ -271,14 +274,13 @@
TODO: check
CAN-2000-1224 (Caucho Technology Resin 1.2 and possibly earlier allows remote ...)
TODO: check
+end claimed by jmm
CAN-2005-XXXX [Two DoS condition in ekg]
- ekg 1:1.5+20050411-3
CAN-2005-XXXX [lcrash affected by libbfd integer overflows]
- lcrash 7.0.0.pre.cvs.20050322-3
CAN-2005-XXXX [Multiple security problems in lbreakout2]
- lbreakout2 2.5.2-2
-CAN-2005-XXXX [Buffer overflows in picasm's code for generating error messages]
- - picasm 1.12c-1
CAN-2005-XXXX [mailutils multiple vulnerabilities]
- mailutils 1:0.6.1-3
CAN-2005-1653 (Cross-site scripting (XSS) vulnerability in message.htm for Woppoware ...)
@@ -588,9 +590,6 @@
CAN-2005-XXXX [unrar: opens /tmp/debug_unrar.txt]
NOTE: Source package has been renamed from unrar to unrar-free
- unrar-free 1:0.0.1-2
-CAN-2005-XXXX [wordpress: unknown security hole]
- NOTE: Removed from Sarge due to intransparent handling of security issues by upstream
- - wordpress 1.5.1-1
CAN-2005-1512 (The Admin panel in PwsPHP 1.2.2 does not properly verify uploaded ...)
NOTE: not-for-us (PwsPHP)
CAN-2005-1511 (PwsPHP 1.2.2 allows remote attackers to bypass authentication and post ...)