[Secure-testing-commits] r2329 - data/CAN

Moritz Muehlenhoff jmm-guest at costa.debian.org
Thu Oct 6 12:53:41 UTC 2005 

Author: jmm-guest
Date: 2005-10-06 12:53:37 +0000 (Thu, 06 Oct 2005)
New Revision: 2329

Modified:
   data/CAN/list
Log:
new issues in cfengine, processed block, claim new


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-10-06 12:45:06 UTC (rev 2328)
+++ data/CAN/list	2005-10-06 12:53:37 UTC (rev 2329)
@@ -79,30 +79,31 @@
 	NOT-FOR-US: Trillian
 CAN-2005-3140 (Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions ...)
 	NOT-FOR-US: Procom NetFORCE
-begin claimed by jmm
 CAN-2005-3137 (The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow ...)
-	TODO: check
+	{DSA-836, DSA-837}
+	- cfengine <unfixed> (bug filed)
+	- cfengine2 <unfixed> (bug filed)
 CAN-2005-3136 (Directory traversal vulnerability in Virtools Web Player 3.0.0.100 and ...)
-	TODO: check
+	NOT-FOR-US: Virtools Web Player
 CAN-2005-3135 (Buffer overflow in Virtools Web Player 3.0.0.100 and earlier allows ...)
 	NOT-FOR-US: Virtools Web Player
 CAN-2005-3134 (Citrix Metaframe Presentation Server 3.0 and 4.0 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CAN-2005-3133 (Multiple directory traversal vulnerabilities in MERAK Mail Server ...)
-	TODO: check
+	NOT-FOR-US: MERAK Mail Server
 CAN-2005-3132 (MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly ...)
-	TODO: check
+	NOT-FOR-US: MERAK Mail Server
 CAN-2005-3131 (Multiple cross-site scripting (XSS) vulnerabilities in MERAK Mail ...)
-	TODO: check
+	NOT-FOR-US: MERAK Mail Server
 CAN-2005-3130 (SQL injection vulnerability in lucidCMS 1.0.11 allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: lucidCMS
 CAN-2005-3129 (Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 ...)
-	TODO: check
+	- serendipity <itp> (bug #312413)
 CAN-2005-3128 (Cross-site scripting (XSS) vulnerability in add.php in Address Add ...)
-	TODO: check
+	NOT-FOR-US: Address Add Plugin for Squirrelmail
 CAN-2005-3127 (Cross-site scripting (XSS) vulnerability in index.php in lucidCMS ...)
-	TODO: check
-end claimed by jmm
+	NOT-FOR-US: lucidCMS
+begin claimed by jmm
 CAN-2005-3126
 	NOTE: reserved
 CAN-2005-3125
@@ -147,6 +148,7 @@
 	TODO: check
 CAN-2005-3105 (The mrpotect code (mprotect.c) in Linux 2.6 on Itanium IA64 Montecito ...)
 	TODO: check
+end claimed by jmm
 CAN-2005-XXXX [horde3 maintainer scripts don't set sufficiently strict permissions on config files]
 	- horde3 <unfixed> (bug #332289)
 CAN-2005-XXXX [horde3 permits arbitrary command execution before being finally configured]

More information about the Secure-testing-commits mailing list