[Secure-testing-commits] r2440 - data/CAN

[Moritz Muehlenhoff]

Author: jmm-guest
Date: 2005-10-18 09:23:49 +0000 (Tue, 18 Oct 2005)
New Revision: 2440

Modified:
   data/CAN/list
Log:
gallery2 CANified, some nfus and minor updates


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-10-18 09:14:17 UTC (rev 2439)
+++ data/CAN/list	2005-10-18 09:23:49 UTC (rev 2440)
@@ -1,7 +1,7 @@
 CAN-2005-3251 (Directory traversal vulnerability in the gallery script in Gallery 2.0 ...)
-	TODO: check
+	- gallery 2.0.1-1 (medium)
 CAN-2005-3250 (Unknown vulnerability in Solaris 10 allows local users to cause a ...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CAN-2005-3249
 	RESERVED
 CAN-2005-3248
@@ -23,8 +23,9 @@
 CAN-2005-3240
 	RESERVED
 CAN-2005-3238 (Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket Option ...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CAN-2005-XXXX [local root via loadkeys]
+	NOTE: CVE assignment requested
 	- linux-2.6 <unfixed> (bug #334113; medium)
 	- kernel-source-2.4.27 <unfixed> (medium)
 CAN-2005-3237 (Cross-site scripting (XSS) vulnerability in Cyphor 0.19 allows remote ...)
@@ -114,7 +115,6 @@
 	NOT-FOR-US: Planet Technology switch
 CAN-2005-3195
 	REJECTED
-	NOTE: This is a duplicate from CAN-2005-3178, will be rejected
 CAN-2005-3194 (Multiple buffer overflows in ALZip 6.12 (Korean), 6.1 (International), ...)
 	NOT-FOR-US: ALZip
 CAN-2005-3193
@@ -149,8 +149,6 @@
 	- enigmail 2:0.93-1 (unknown)
 CAN-2005-XXXX [Unspecified vulnerability in zope's docutils]
 	- zope2.8 2.8.1-7
-CAN-2005-XXXX [gallery2: Information disclosure through missing input sanitising]
-	- gallery 2.0.1-1 (medium)
 CAN-2005-3185 (Stack-based buffer overflow in the ntlm_output function in http-ntlm.c ...)
 	- wget 1.10.2-1 (medium)
 	- curl 7.15.0-1 (bug #333734; medium)