[Secure-testing-commits] r2111 - data/CAN

Thu Sep 22 21:54:50 UTC 2005

Author: jmm-guest
Date: 2005-09-22 21:54:46 +0000 (Thu, 22 Sep 2005)
New Revision: 2111

Modified:
   data/CAN/list
Log:
CANified bacula and ncompress
the remaining ones are nfus


Modified: data/CAN/list
===================================================================

--- data/CAN/list	2005-09-22 21:33:28 UTC (rev 2110)
+++ data/CAN/list	2005-09-22 21:54:46 UTC (rev 2111)
@@ -62,53 +62,52 @@
 	NOTE: not-for-us (Ensim webppliance)
 CAN-2005-3013 (Buffer overflow in YaST for SuSE Linux 9.3 allows local users to ...)
 	NOTE: not-for-us (YaST)
-begin claimed by jmm
 CAN-2005-3012 (The MasterDataCD::createImage function in masterdatacd.cpp for ...)
-	TODO: check
+	NOTE: not-for-us (SimpleCDR-X)
 CAN-2005-3011 (texindex in texinfo 4.7 and earlier allows local users to overwrite ...)
-	TODO: check
+	- texinfo (unfixed; bug #328265; low)
 CAN-2005-3010 (Direct static code injection vulnerability in the flood protection ...)
-	TODO: check
+	NOTE: not-for-us (CuteNews)
 CAN-2005-3009 (Cross-site scripting (XSS) vulnerability in CuteNews allows remote ...)
-	TODO: check
+	NOTE: not-for-us (CuteNews)
 CAN-2005-3008 (Tofu 0.2 allows remote attackers to execute arbitrary Python code via ...)
-	TODO: check
+	NOTE: not-for-us (Tofu)
+	TODO: Please double-check, there's a twisted, soya and other stuff, it's all a wild mix
 CAN-2005-3007 (Opera before 8.50 allows remote attackers to spoof the content type of ...)
-	TODO: check
+	NOTE: not-for-us (Opera)
 CAN-2005-3006 (The mail client in Opera before 8.50 opens attached files from the ...)
-	TODO: check
+	NOTE: not-for-us (Opera)
 CAN-2005-3005 (Helpdesk Software Hesk allows remote attackers to bypass ...)
-	TODO: check
+	NOTE: not-for-us (Helpdesk Software Hesk)
 CAN-2005-3004 (SQL injection vulnerability in Interakt MX Shop 3.2.0 allows remote ...)
-	TODO: check
+	NOTE: not-for-us (Interakt MX Shop)
 CAN-2005-3003 (SQL injection vulnerability in index.php in NooTopList 1.0.0 release ...)
-	TODO: check
+	NOTE: not-for-us (NooTopList)
 CAN-2005-3002 (Multi-Computer Control System (MCCS) 1.0 allows remote attackers to ...)
-	TODO: check
+	NOTE: not-for-us (Multi-Computer Control System)
 CAN-2005-3001 (Unspecified vulnerability in the &quot;tl&quot; driver in Solaris 10 allows ...)
-	TODO: check
+	NOTE: not-for-us (Solaris)
 CAN-2005-3000 (Multiple cross-site scripting (XSS) vulnerabilities in viewers/txt.php ...)
-	TODO: check
+	NOTE: not-for-us (PHP Advanced Transfer Manager)
 CAN-2005-2999 (PHP Advanced Transfer Manager 1.30 allows remote attackers to obtain ...)
-	TODO: check
+	NOTE: not-for-us (PHP Advanced Transfer Manager)
 CAN-2005-2998 (PHP Advanced Transfer Manager 1.30 has a default password for the ...)
-	TODO: check
+	NOTE: not-for-us (PHP Advanced Transfer Manager)
 CAN-2005-2997 (Multiple directory traversal vulnerabilities in PHP Advanced Transfer ...)
-	TODO: check
+	NOTE: not-for-us (PHP Advanced Transfer Manager)
 CAN-2005-2996 (Multiple heap-based and stack-based buffer overflows in certain DCOM ...)
-	TODO: check
+	NOTE: not-for-us (VERITAS storage solutions)
 CAN-2005-2995 (bacula 1.36.3 and earlier allows local users to modify or read ...)
-	TODO: check
+	- bacula (bug #329271; low)
 CAN-2005-2994 (Unspecified vulnerability in the web client for IBM Rational ...)
-	TODO: check
+	NOTE: not-for-us (IBM Rational ClearQuest)
 CAN-2005-2993 (Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64 UNIX ...)
-	TODO: check
+	NOTE: not-for-us (HP Tru64)
 CAN-2005-2991 (ncompress 4.2.4 and earlier allows local users to overwrite arbitrary ...)
-	TODO: check
+	- ncompress (unfixed; bug #329052; unimportant)
 CAN-2005-2992 [Another arc tempfile issue]
 	NOTE: reserved
 	- arc 5.21m-1 (low)
-end claimed by jmm
 CAN-2005-XXXX [Firefox passes URLs with backticks from external programs to the shell]
 	- mozilla-firefox not-affected (Debian ships a non-vulnerable wrapper script)
 	- mozilla-thunderbird (unfixed; bug #329667; high)
@@ -116,8 +115,6 @@
 	- ruby1.6 1.6.8-13 (medium)
 	- ruby1.8 1.8.3-1 (medium)
 	- ruby1.9 1.9.0+20050921-1 (medium)
-CAN-2005-XXXX [Insecure temp files in bacula]
-	- bacula (bug #329271; low)
 CAN-2005-XXXX [freeradius buffer overflows and SQL injection]
 	- freeradius 1.0.5-1 (medium)
 CAN-2005-2990 (AuthInfo.java in LineContol Java Client (jlc) before 0.8.1 stores ...)
@@ -338,8 +335,6 @@
 	NOTE: not-for-us (Advansysperu Software USB Lock Auto-Protect)
 CAN-2005-2945 (arc 5.21j and earlier create temporary files with world-readable ...)
 	- arc 5.21m-1 (bug #329053; low)
-CAN-2005-XXXX [insecure temporary file handling in ncompress]
-	- ncompress (unfixed; bug #329052; unimportant)
 CAN-2005-2917 [DoS vulnerability in squid's NMTL auth code]
 	NOTE: reserved
 	- squid 2.5.10-6 (unknown)


