[Secure-testing-commits] r2140 - data/CAN
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Fri Sep 23 22:51:03 UTC 2005
Author: jmm-guest
Date: 2005-09-23 22:51:00 +0000 (Fri, 23 Sep 2005)
New Revision: 2140
Modified:
data/CAN/list
Log:
Track our open ITPs with <itp>
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-09-23 22:36:40 UTC (rev 2139)
+++ data/CAN/list 2005-09-23 22:51:00 UTC (rev 2140)
@@ -938,18 +938,15 @@
CAN-2005-2637 (Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and earlier ...)
NOTE: not-for-us (PHPFreeNews not in Debian)
CAN-2005-2636 (SQL injection vulnerability in lib-view-direct.inc.php in phpAdsNew ...)
- NOTE: not-for-us (phpAdsNew and phpPgAds not in Debian)
- NOTE: sent info to ITP #226636 (phpAdsNew)
+ - phpadsnew <itp> (bug #226636)
CAN-2005-2635 (Multiple directory traversal vulnerabilities in phpAdsNew and phpPgAds ...)
- NOTE: not-for-us (phpAdsNew and phpPgAds not in Debian)
- NOTE: sent info to ITP #226636 (phpAdsNew)
+ - phpadsnew <itp> (bug #226636)
CAN-2005-2634 (Buffer overflow in the Log-SCR function in the "Log to Screen" feature ...)
NOTE: not-for-us (WinFTP Server)
CAN-2005-2633 (Multiple PHP file inclusion vulnerabilities in (1) admin_o.php, (2) ...)
NOTE: not-for-us (PHPTB Topic Board not in Debian)
CAN-2005-2632 (SQL injection vulnerability in login_admin_mediabox404.php in ...)
- NOTE: not-for-us (mediabox404 not in Debian)
- NOTE: sent info to ITP #294397
+ - mediabox404 <itp> (bug #294397)
CAN-2005-2631 (Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and 3.5.0 to ...)
NOTE: not-for-us (Cisco)
CAN-2005-2630
@@ -2044,8 +2041,7 @@
CAN-2005-2397 (Cross-site scripting (XSS) vulnerability in guestbook.php in phpBook ...)
NOTE: not-for-us (phpBook)
CAN-2005-2396 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and ...)
- NOTE: see ITP#276057 and #217571
- TODO: track ITPs/work with mediawiki team (alioth)
+ - mediawiki <itp> (bug #276057)
CAN-2005-2395 (Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the ...)
- mozilla-firefox <unfixed> (bug #320539; medium)
- mozilla <unfixed> (bug #320538; medium)
@@ -2910,7 +2906,7 @@
{DSA-762-1}
- affix 2.1.2-2 (medium)
CAN-2005-2249 (Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown impact ...)
- TODO: track ITP#289487
+ - jinzora <itp> (bug #289487)
CAN-2005-2248 (Directory traversal vulnerability in DownloadProtect before 1.0.3 ...)
NOTE: not-for-us (DownloadProtect)
CAN-2005-2247 (Multiple unknown vulnerabilities in Moodle before 1.5.1 have unknown ...)
@@ -3128,14 +3124,11 @@
CAN-2004-2188 (Cross-site scripting (XSS) vulnerability in DMXReady Site Chassis ...)
NOTE: not-for-us (DMXReady)
CAN-2004-2187 (Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to ...)
- NOTE: fixed in 1.3.6
- NOTE: ITP#217571
+ - mediawiki <itp> (bug #276057)
CAN-2004-2186 (SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers ...)
- NOTE: fixed in 1.3.6
- NOTE: ITP#217571
+ - mediawiki <itp> (bug #276057)
CAN-2004-2185 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 ...)
- NOTE: fixed in 1.3.6
- NOTE: ITP#217571
+ - mediawiki <itp> (bug #276057)
CAN-2004-2184 (Directory traversal vulnerability in Digicraft Yak! server 2.0 through ...)
NOTE: not-for-us (Digicraft Yak!)
CAN-2004-2183 (Unknown vulnerability in WeHelpBUS 0.1 allows remote attackers to ...)
@@ -3185,11 +3178,9 @@
CAN-2004-2159 (Multiple buffer overflows in XMLStarlet Command Line XML Toolkit 0.9.3 ...)
- xmlstarlet 1.0.0-1
CAN-2004-2158 (SQL injection vulnerability in Serendipity 0.7-beta1 allows remote ...)
- NOTE: Not yet in Debian, but there's an ITP pending.
- TODO: Track #312413
+ - serendipity <itp> (bug #312413)
CAN-2004-2157 (Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity ...)
- NOTE: Not yet in Debian, but there's an ITP pending.
- TODO: Track #312413
+ - serendipity <itp> (bug #312413)
CAN-2004-2156 (Multiple unknown vulnerabilities in Online Recruitment Agency 1.0 have ...)
NOTE: not-for-us (Online Recruitment Agency)
CAN-2004-2155 (Online-bookmarks before 0.4.6 allows remote attackers to bypass its ...)
@@ -3436,8 +3427,7 @@
CAN-2004-2153 (Multiple unknown vulnerabilities in Real Estate Management Software ...)
NOTE: not-for-us (Real Estate Management Software)
CAN-2004-2152 (Cross-site scripting (XSS) vulnerability in 'raw' page output mode for ...)
- NOTE: not-for-us (Mediawiki not yet in Debian)
- TODO: track ITP: #217571, check CAN-2005-1245, CAN-2005-0536, CAN-2005-0535, CAN-2005-0534, CAN-2004-1405
+ - mediawiki <itp> (bug #276057)
CAN-2004-2151 (Chatman 1.1.1 RCL and earlier allows remote attackers to cause a ...)
NOTE: not-for-us (Chatman)
CAN-2004-2150 (Nettica Corporation INTELLIPEER Email Server 1.01 displays different ...)
@@ -3902,7 +3892,7 @@
CAN-2002-1803 (Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows remote ...)
NOTE: not-for-us (PHP-Nuke)
CAN-2002-1802 (Cross-site scripting (XSS) vulnerability in Xoops 1.0 RC3 allows ...)
- NOTE: not-for-us (track ITP#207640)
+ - xoops <itp> (bug #207640)
CAN-2002-1801 (ImageFolio 2.23 through 2.27 allows remote attackers to obtain ...)
NOTE: not-for-us (ImageFolio)
CAN-2002-1800 (phpRank 1.8 stores the administrative password in plaintext on the ...)
@@ -4515,14 +4505,11 @@
- clamav 0.86.1-1 (low)
CAN-2005-1921 (Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka ...)
{DSA-789-1 DSA-746-1 DSA-747-1 DSA-745-1 DTSA-15-1}
- NOTE: ITP #312413 - submitter contacted, she has already addressed this
- NOTE: This will probably be re-organized by the CVE editor, but lets keep it for now,
- NOTE: as it's the same issue
+ - serendipity <itp> (bug #312413)
- drupal 4.5.4-1 (high; bug #316362)
- phpgroupware 0.9.16.006-1 (high)
- egroupware 1.0.0.007-3.dfsg-1 (high)
- phpwiki 1.3.7-4 (high)
- NOTE: ewiki does not seem vulnerable (no eval, different code base)
- php4 4.3.10-16etch1 (high; bug #316447)
NOTE: horde3 is not affected by this issue, they ship different XMLRPC code
CAN-2005-1920 (The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through ...)
@@ -4596,7 +4583,7 @@
CAN-2005-1889 (Unknown vulnerability in Sun ONE Application Server 6.5 SP1 ...)
NOTE: not-for-us (Sun ONE)
CAN-2005-1888 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 ...)
- NOTE: not-for-us (MediaWiki not yet in Debian)
+ - mediawiki <itp> (bug #276057)
CAN-2005-1887 (Unknown vulnerability in the Sun Solaris C library (libc and ...)
NOTE: not-for-us (Solaris)
CAN-2005-1886 (Cross-site scripting (XSS) vulnerability in view.php in YaPiG 0.92b, ...)
@@ -7001,8 +6988,7 @@
- quake2 <unfixed> (bug #280573; low)
NOTE: CVE id requested from mitre
CAN-2005-1245 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, ...)
- NOTE: not-for-us (MediaWiki)
- NOTE: see CAN-2005-1888
+ - mediawiki <itp> (bug #276057)
CAN-2005-1244 (Directory traversal vulnerability in the third party tool from NetIQ, ...)
NOTE: not-for-us (AS/400 FTP server addon)
CAN-2005-1243 (Directory traversal vulnerability in the third party tool from ...)
@@ -9129,14 +9115,11 @@
CAN-2005-0537 (Multiple SQL injection vulnerabilities in page.php for iGeneric (iG) ...)
NOTE: not-for-us (iGeneric (iG) Shop)
CAN-2005-0536 (Directory traversal vulnerability in MediaWiki 1.3.x before 1.3.11 and ...)
- NOTE: not-for-us (MediaWiki not yet in Debian)
- NOTE: see CAN-2005-1888
+ - mediawiki <itp> (bug #276057)
CAN-2005-0535 (Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x ...)
- NOTE: not-for-us (MediaWiki not yet in Debian)
- NOTE: see CAN-2005-1888
+ - mediawiki <itp> (bug #276057)
CAN-2005-0534 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.x ...)
- NOTE: not-for-us (MediaWiki not yet in Debian)
- NOTE: see CAN-2005-1888
+ - mediawiki <itp> (bug #276057)
CAN-2005-0533 (Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI ...)
NOTE: not-for-us (Trend Micro AntiVirus)
CAN-2005-0532 (The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c ...)
@@ -10181,8 +10164,7 @@
CAN-2004-1406 (SQL injection vulnerability in ikonboard.cgi in Ikonboard 3.1.0 ...)
NOTE: not-for-us (Ikonboard)
CAN-2004-1405 (MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not ...)
- NOTE: not-for-us (MediaWiki not yet in Debian)
- NOTE: see CAN-2005-1888
+ - mediawiki <itp> (bug #276057)
CAN-2004-1404 (Attachment Mod 2.3.10 module for phpBB, when used with Apache ...)
NOTE: not-for-us (Attachment Mod for phpBB)
CAN-2004-1403 (PHP remote code injection vulnerability in index.php in GNUBoard 3.39 ...)
More information about the Secure-testing-commits
mailing list