[Secure-testing-commits] r1901 - data/CAN

Neil McGovern neilm at costa.debian.org
Sat Sep 10 15:12:14 UTC 2005


Author: neilm
Date: 2005-09-10 15:12:00 +0000 (Sat, 10 Sep 2005)
New Revision: 1901

Modified:
   data/CAN/list
Log:
Patches for syntax etc. (Thanks to Florian Weimer <fw at deneb.enyo.de>)


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-09-10 14:53:32 UTC (rev 1900)
+++ data/CAN/list	2005-09-10 15:12:00 UTC (rev 1901)
@@ -1611,7 +1611,7 @@
 CAN-2005-2404 (SQL injection vulnerability in sendcard.php in Sendcard 3.2.3 allows ...)
 	NOTE: not-for-us (Sendcard)
 CAN-2005-2403 (The login protocol in RealChat 3.5.1b does not use authentication, ...)
-	NPTE: not-for-us (RealChat)
+	NOTE: not-for-us (RealChat)
 CAN-2005-2402 (Cross-site scripting (XSS) vulnerability in search.php in ...)
 	NOTE: not-for-us (PHPSiteSearch)
 CAN-2005-2401 (PHP-Fusion allows remote attackers to inject arbitrary Cascading Style ...)
@@ -2152,7 +2152,7 @@
 CAN-2002-2060 (Buffer overflow in Links 2.0 pre4 allows remote attackers to crash ...)
 	- links2 2.1pre16-2 (low)
 CAN-2002-2059 (BIOS D845BG, D845HV, D845PT and D845WN on Intel motherboards does not ...)
-	NOTE; not-for-us (Intel)
+	NOTE: not-for-us (Intel)
 CAN-2002-2058 (TeeKai Tracking Online 1.0 uses weak encryption of web usage ...)
 	NOTE: not-for-us (TeeKai)
 CAN-2002-2057 (TeeKai Forum 1.2 uses weak encryption of web usage statistics in ...)
@@ -4439,7 +4439,7 @@
 	- kernel-source-2.4.27 2.4.27-11 (medium)
 CAN-2005-1767 (Unknown vulnerability in the Linux kernel 2.6.x and 2.4.x allows local ...)
 	NOTE: linux-2.6 not affected (already fixed)
-	- kernel-source 2.4.27 2.4.27-11 (unknown)
+	- kernel-source-2.4.27 2.4.27-11 (unknown)
 CAN-2005-1766 (Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 ...)
 	NOTE: not-for-us (RealPlayer)
 CAN-2005-1765 (syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, ...)
@@ -4565,8 +4565,8 @@
 CAN-2004-2098 (Cross-site scripting (XSS) vulnerability in the banner engine (TBE) ...)
 	NOTE: not-for-us (Banner engine)
 CAN-2004-2097 (Multiple scripts on SuSE Linux 9.0 allow local users to overwrite ...)
-	DONE: check these packages, whether they create tempfiles with the current PID:
-	DONE: fvwm, fvwm-gnome, x-base-clients, lvm10
+	TODO: check these packages, whether they create tempfiles with the current PID:
+	NOTE: DONE: fvwm, fvwm-gnome, x-base-clients, lvm10
 	NOTE: fvwm: uses mktemp
 	NOTE: fvwm-gnome: same as fvwm
 	NOTE: x-base-clients: x11perfcomp uses mkdir atomically
@@ -6019,7 +6019,7 @@
 	NOTE: not-for-us (Apple)
 CAN-2005-1471 (Heap-based buffer overflow in RSA SecurID Web Agent 5, 5.2, and 5.3 ...)
 	NOTE: not-for-us (RSA SecurID Web Agent)
-CAn-2005-XXXX [race condition with a buffered temp file]
+CAN-2005-XXXX [race condition with a buffered temp file]
 	NOTE: no bug ever filed for this one
 	- pysvn 1.1.2-3
 CAN-2005-XXXX [mailutils: sql injection vulnerability in sql authentication module]
@@ -11933,7 +11933,7 @@
 	- star 1.5a46
 CAN-2004-0849 (Integer overflow in the asn_decode_string() function defined in asn1.c ...)
 	NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
-	HELP: which radius daemon in debian is "GNU Radius" (if any)?
+	TODO: which radius daemon in debian is "GNU Radius" (if any)?
 CAN-2004-0848 (Buffer overflow in Microsoft Office XP allows remote attackers to ...)
 	NOTE: not-for-us (microsoft)
 CAN-2004-0847 (The Microsoft .NET forms authentication capability for ASP.NET allows ...)
@@ -12371,7 +12371,7 @@
 	NOTE: not-for-us (BEA WebLogic Server and WebLogic Express)
 CAN-2004-0651 (Unknown vulnerability in Sun Java Runtime Environment (JRE) 1.4.2 ...)
 	NOTE: JRE is not in Debian, assuming the various wrappers handle
-	NOTE the new version. Not worrying about upgrades.
+	NOTE: the new version. Not worrying about upgrades.
 CAN-2004-0650 (UploadServlet in Cisco Collaboration Server (CCS) running ServletExec ...)
 	NOTE: not-for-us (Cisco)
 CAN-2004-0649 (Buffer overflow in write_packet in control.c for l2tpd may allow ...)
@@ -14739,7 +14739,7 @@
 CAN-2003-0512 (Cisco IOS 12.2 and earlier generates a &quot;% Login invalid&quot; message ...)
 	NOTE: not-for-us (Cisco)
 CAN-2003-0511 (The web server for Cisco Aironet AP1x00 Series Wireless devices ...)
-	NOTE not-for-us (Cisco Aironet AP1x00 Series Wireless devices)
+	NOTE: not-for-us (Cisco Aironet AP1x00 Series Wireless devices)
 CAN-2003-0510 (Format string vulnerability in ezbounce 1.0 through 1.50 allows remote ...)
 	NOTE: not-for-us (ezbounce)
 CAN-2003-0509 (SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier ...)




More information about the Secure-testing-commits mailing list