[Secure-testing-commits] r2325 - data/CAN

[Moritz Muehlenhoff]

Author: jmm-guest
Date: 2005-10-06 09:59:06 +0000 (Thu, 06 Oct 2005)
New Revision: 2325

Modified:
   data/CAN/list
Log:
new mediawiki issues
new minor blender issue
new polipo issue
uim CANified
lots of nfus
readjust claimed blocked


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-10-06 09:36:41 UTC (rev 2324)
+++ data/CAN/list	2005-10-06 09:59:06 UTC (rev 2325)
@@ -1,62 +1,62 @@
-begin claimed by jmm
 CAN-2005-3177 (CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CAN-2005-3176 (Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CAN-2005-3175 (Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CAN-2005-3174 (Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CAN-2005-3173 (Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CAN-2005-3172 (The WideCharToMultiByte function in Microsoft Windows 2000 before ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CAN-2005-3171 (Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CAN-2005-3170 (The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CAN-2005-3169 (Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CAN-2005-3168 (The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CAN-2005-3167 (Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not ...)
-	TODO: check
+	- mediawiki <unfixed> (bug filed; medium)
 CAN-2005-3166 (Unspecified vulnerability in &quot;edit submission handling&quot; for MediaWiki ...)
-	TODO: check
+	- mediawiki <unfixed> (bug filed; unknown)
 CAN-2005-3165 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki ...)
-	TODO: check
+	- mediawiki 1.4.9 
 CAN-2005-3164 (Hitachi Cosminexus Application Server has unknown impact and attack ...)
-	TODO: check
+	NOT-FOR-US: Hitachi Cosminexus Application Server
 CAN-2005-3163 (Unspecified vulnerability in Polipo 0.9.8 and earlier allows attackers ...)
-	TODO: check
+	- polipo <unfixed> (bug filed; medium)
 CAN-2005-3162 (Multiple SQL injection vulnerabilities in PHP-Fusion 6.00.109 allow ...)
-	TODO: check
+	NOT-FOR-US: PHP-Fusion
 CAN-2005-3161 (SQL injection vulnerability in PHP-Fusion before 6.00.110 allows ...)
-	TODO: check
+	NOT-FOR-US: PHP-Fusion
 CAN-2005-3160 (Multiple SQL injection vulnerabilities in photogallery.php in ...)
-	TODO: check
+	NOT-FOR-US: PHP-Fusion
 CAN-2005-3159 (SQL injection vulnerability in messages.php in PHP-Fusion allows ...)
-	TODO: check
+	NOT-FOR-US: PHP-Fusion
 CAN-2005-3158 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.106 and ...)
-	TODO: check
+	NOT-FOR-US: PHP-Fusion
 CAN-2005-3157 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 ...)
-	TODO: check
+	NOT-FOR-US: PHP-Fusion
 CAN-2005-3156 (Directory traversal vulnerability in printfaq.php in EasyGuppy (Guppy ...)
-	TODO: check
+	NOT-FOR-US: EasyGuppy
 CAN-2005-3155 (Buffer overflow in the W3C logging for MailEnable Enterprise 1.1 and ...)
-	TODO: check
+	NOT-FOR-US: MailEnable Enterprise
 CAN-2005-3154 (Format string vulnerability in the logging funtionality in BitDefender ...)
-	TODO: check
+	NOT-FOR-US: Bitdefender Antivirus
 CAN-2005-3153 (login.php in MyBloggie 2.1.3 beta allows remote attackers to bypass a ...)
-	TODO: check
+	NOT-FOR-US: MyBloggie
 CAN-2005-3152 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 ...)
-	TODO: check
+	NOT-FOR-US: CubeCart
 CAN-2005-3151 (Buffer overflow in blenderplay in Blender Player 2.37a allows ...)
-	TODO: check
+	- blender <unfixed>
+begin claimed by jmm
 CAN-2005-3150 (Format string vulnerability in the Log_Flush function in Weex 2.6.1.5, ...)
 	TODO: check
 CAN-2005-3149 (Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly ...)
-	TODO: check
+	- uim <unfixed> (bug #331620; medium)
 CAN-2005-3148 (StoreBackup before 1.19 in SUSE Linux does not properly set the uid ...)
 	TODO: check
 CAN-2005-3147 (StoreBackup before 1.19 in SUSE Linux creates the backup root with ...)
@@ -68,16 +68,15 @@
 CAN-2005-3144 (httpAdapter.c in sblim-sfcb before 0.9.2 allows remote attackers to ...)
 	TODO: check
 CAN-2005-3143 (Unspecified vulnerability in the Mailbox Server for 4D WebStar before ...)
-	TODO: check
+	NOT-FOR-US: Mailbox Server for 4D WebStar
 CAN-2005-3142 (Heap-based buffer overflow in Kaspersky Antivirus (KAV) 5.0 and ...)
-	TODO: check
+	NOT-FOR-US: Kaspersky Antivirus
 CAN-2005-3141 (Cerulean Studios Trillian 3.0 allows remote attackers to cause a ...)
-	TODO: check
+	NOT-FOR-US: Trillian
 CAN-2005-3140 (Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions ...)
 	TODO: check
 CAN-2005-3137 (The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow ...)
 	TODO: check
-end claimed by jmm
 CAN-2005-3136 (Directory traversal vulnerability in Virtools Web Player 3.0.0.100 and ...)
 	TODO: check
 CAN-2005-3135 (Buffer overflow in Virtools Web Player 3.0.0.100 and earlier allows ...)
@@ -98,6 +97,7 @@
 	TODO: check
 CAN-2005-3127 (Cross-site scripting (XSS) vulnerability in index.php in lucidCMS ...)
 	TODO: check
+end claimed by jmm
 CAN-2005-3126
 	NOTE: reserved
 CAN-2005-3125
@@ -149,8 +149,6 @@
 CAN-2005-XXXX [Minor local DoS as libldap]
 	- openldap <unfixed> (bug #253838; low)
 	TODO: Check, whether openldap2.2 is affected as well
-CAN-2005-XXXX [Local privilege escalation in uim]
-	- uim <unfixed> (bug #331620; medium)
 CAN-2005-XXXX [Insecure bounds checking in mpack's content parser]
 	- mpack 1.6-1 (bug #216566)
 CAN-2005-XXXX [coreutils ignore umask when using -m in mkdir, mkfifo and mknod]