[Secure-testing-commits] r1849 - data/CAN

Moritz Muehlenhoff jmm-guest at costa.debian.org
Thu Sep 8 10:43:06 UTC 2005


Author: jmm-guest
Date: 2005-09-08 10:43:02 +0000 (Thu, 08 Sep 2005)
New Revision: 1849

Modified:
   data/CAN/list
Log:
hiki xss, kernel sg_seqfile dos, ssh, phpldapadmin CANified
new squid issue (dos again)


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-09-08 10:12:00 UTC (rev 1848)
+++ data/CAN/list	2005-09-08 10:43:02 UTC (rev 1849)
@@ -75,69 +75,69 @@
 	NOTE: reserved
 begin claimed by jmm
 CAN-2005-2803 (Cross-site scripting (XSS) vulnerability in Hiki 0.8.1 to 0.8.2 allows ...)
-	TODO: check
+	- hiki 0.8.3-1
 CAN-2005-2800 (Memory leak in the seq_file implemenetation in the SCSI procfs ...)
-	TODO: check
+	- linux-2.6 2.6.12-6 (low)
 CAN-2005-2799
 	NOTE: reserved
 CAN-2005-2798 (sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, ...)
-	TODO: check
+	- openssh (unfixed; bug #326065; medium)
 CAN-2005-2797 (OpenSSH 4.0, and other versions before 4.2, does not properly handle ...)
-	TODO: check
+	- openssh (unfixed; bug #326065; medium)
 CAN-2005-2796 (The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and ...)
-	TODO: check
+	- squid 2.5.10-5 (medium)
 CAN-2005-2795
 	NOTE: reserved
 CAN-2005-2794 (store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to ...)
-	TODO: check
+	- squid 2.5.10-5 (medium)
 CAN-2005-2793 (PHP remote code injection vulnerability in welcome.php in phpLDAPadmin ...)
-	TODO: check
+	- phpldapadmin 0.9.6c-7 (bug #325785; medium)
 CAN-2005-2792 (Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 ...)
-	TODO: check
+	- phpldapadmin 0.9.6c-7 (bug #325785; medium)
 CAN-2005-2791 (BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC ...)
-	TODO: check
+	NOTE: not-for-us (BFCC)
 CAN-2005-2790 (BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC ...)
-	TODO: check
+	NOTE: not-for-us (BFCC)
 CAN-2005-2789 (BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC ...)
-	TODO: check
+	NOTE: not-for-us (BFCC)
 CAN-2005-2788 (Multiple SQL injection vulnerabilities in Land Down Under (LDU) 801 ...)
-	TODO: check
+	NOTE: not-for-us (Land Down Under)
 CAN-2005-2787 (comment_delete_cgi.php in Simple PHP Blog allows remote attackers to ...)
-	TODO: check
+	NOTE: not-for-us (Simple PHP Blog)
 CAN-2005-2786 (Directory traversal vulnerability in bestmail_edit.cgi in cosmoshop ...)
-	TODO: check
+	NOTE: not-for-us (cosmoshop)
 CAN-2005-2785 (cosmoshop 8.10.78 and earlier stores passwords in plaintext in the ...)
-	TODO: check
+	NOTE: not-for-us (cosmoshop)
 CAN-2005-2784 (SQL injection vulnerability in the login function for the ...)
-	TODO: check
+	NOTE: not-for-us (cosmoshop)
 CAN-2005-2783 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.00.107 and ...)
-	TODO: check
+	NOTE: not-for-us (PHP-Fusion)
 CAN-2005-2782 (PHP remote file inclusion vulnerability in al_initialize.php for ...)
-	TODO: check
+	NOTE: not-for-us (AutoLinks Pro)
 CAN-2005-2781 (The Avatar upload feature in FUD Forum before 2.7.0 does not properly ...)
-	TODO: check
+	TODO: check, whether egroupware-fudforum and phpgroupware-fudforum are affected
 CAN-2005-2780 (Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) ...)
-	TODO: check
+	NOTE: not-for-us (Land Down Under)
 CAN-2005-2779 (The iTAN Online-Banking Security System allows remote attackers to ...)
-	TODO: check
+	NOTE: not-for-us (iTAN)
 CAN-2005-2778 (SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) ...)
-	TODO: check
+	NOTE: not-for-us (MyBB)
 CAN-2005-2777 (Looking Glass 20040427 allows remote attackers to execute arbitrary ...)
-	TODO: check
+	NOTE: not-for-us (Looking Glass)
 CAN-2005-2776 (Multiple cross-site scripting (XSS) vulnerabilities in Looking Glass ...)
-	TODO: check
+	NOTE: not-for-us (Looking Glass)
 CAN-2005-2775 (php_api.php in phpWebNotes 2.0.0 uses the extract function to modify ...)
-	TODO: check
+	NOTE: not-for-us (Looking Glass)
 CAN-2005-2774 (Format string vulnerability in Lithium II mod 1.24 for Quake 2 allows ...)
-	TODO: check
+	NOTE: not-for-us (Litium Quake mod)
 CAN-2005-2773 (HP OpenView Network Node Manager 6.2 through 7.50 allows remote ...)
-	TODO: check
+	NOTE: not-for-us (HP OpenView)
 CAN-2005-2772 (Multiple stack-based buffer overflows in University of Minnesota ...)
 	TODO: check
 CAN-2005-2771 (Reflection for Secure IT Windows Server 6.0 (formerly known as ...)
-	TODO: check
+	NOTE: not-for-us (Reflection for Secure IT)
 CAN-2005-2770 (WRQ Reflection for Secure IT Windows Server 6.0 does not properly ...)
-	TODO: check
+	NOTE: not-for-us (Reflection for Secure IT)
 CAN-2005-2769 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and ...)
 	TODO: check
 CAN-2005-2768 (Heap-based buffer overflow in the Sophos Antivirus Library, as used by ...)
@@ -301,12 +301,6 @@
 CAN-2005-XXXX [osh buffer overflow in handlers.c]
 	NOTE: This is not the same as -13
 	- osh 1.7-14 (bug #323424; medium)
-CAN-2005-XXXX [Insecure delegation of GSSAPI credentials in ssh]
-	- openssh (unfixed; bug #326065; medium)
-CAN-2005-XXXX [Incorrect port forwarding for dynamic ports in ssh]
-	- openssh (unfixed; bug #326065; medium)
-CAN-2005-XXXX [XSS and information information disclosure in phpldapadmin's welcome.php]
-	- phpldapadmin 0.9.6c-7 (bug #325785; medium)
 CAN-2005-XXXX [Insecure symlink handling in smb4k]
 	- smb4k 0.6.3-1 (medium)
 CAN-2005-2724 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows ...)
@@ -1390,8 +1384,6 @@
 	- nvi 1.79-22 (medium)
 CAN-2005-XXXX [bugzilla: Maintainer's postinst script use temporary files in an unsafe way]
 	- bugzilla (unfixed; bug #321567; medium)
-CAN-2005-XXXX [Unspecified XSS in hiki]
-	- hiki 0.8.3-1
 CAN-2005-XXXX [Crypto weakness in Tor's handshaking process]
 	- tor 0.1.0.14-1 (medium)
 CAN-2005-2457 (The driver for compressed ISO file systems (zisofs) in the Linux ...)




More information about the Secure-testing-commits mailing list