[Secure-testing-commits] r1913 - data/CAN

Joey Hess joeyh at costa.debian.org
Sun Sep 11 20:05:37 UTC 2005 

Author: joeyh
Date: 2005-09-11 20:05:34 +0000 (Sun, 11 Sep 2005)
New Revision: 1913

Modified:
   data/CAN/list
Log:
processed a few (jmm, sorry for the poaching, didn't notice your claim in
time)


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-09-11 18:34:13 UTC (rev 1912)
+++ data/CAN/list	2005-09-11 20:05:34 UTC (rev 1913)
@@ -124,7 +124,7 @@
 	NOTE: not-for-us (man2web)
 CAN-2005-2811 (Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and earlier, ...)
 	NOTE: This looks like a Portage-specific configuration flaw to mee, but please double-check
-	TODO: double-check, whether this is Gentoo specific
+	NOTE: double-checked
 CAN-2005-2810 (Multiple stack-based buffer overflows in urban before 1.5.3 allow ...)
 	NOTE: not-for-us (urban game)
 CAN-2005-2809 (silc daemon (silcd.c) in Secure Internet Live Conferencing (SILC) 1.0 ...)
@@ -200,13 +200,13 @@
 CAN-2005-2773 (HP OpenView Network Node Manager 6.2 through 7.50 allows remote ...)
 	NOTE: not-for-us (HP OpenView)
 CAN-2005-2772 (Multiple stack-based buffer overflows in University of Minnesota ...)
-	TODO: check
+	- gopher (unfixed; bug #327722; high)
 CAN-2005-2771 (WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as ...)
 	NOTE: not-for-us (Reflection for Secure IT)
 CAN-2005-2770 (WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as ...)
 	NOTE: not-for-us (Reflection for Secure IT)
 CAN-2005-2769 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and ...)
-	TODO: check
+	- sqwebmail (unfixed; bug #327727; medium)
 CAN-2005-2768 (Heap-based buffer overflow in the Sophos Antivirus Library, as used by ...)
 	TODO: check
 CAN-2005-2767 (Buffer overflow in LeapFTP allows remote attackers to execute ...)
@@ -282,7 +282,8 @@
 CAN-2005-2733 (upload_img_cgi.php in Simple PHP Blog (SPHPBlog) does not properly ...)
 	NOTE: not-for-us (Simple PHP Blog)
 CAN-2005-2732 (AWStats 6.4, and possibly earlier versions, allows remote attackers to ...)
-	TODO: check
+	NOTE: path disclosure, so not very important on debian systems
+	- awstats (unfixed; bug #327729; low)
 CAN-2005-2731 (Directory traversal vulnerability in Astaro Security Linux 6.0, when ...)
 	NOTE: not-for-us (Astato specific)
 CAN-2005-2730 (The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to ...)

More information about the Secure-testing-commits mailing list