[Secure-testing-commits] r2213 - data/CAN

Moritz Muehlenhoff jmm-guest at costa.debian.org
Wed Sep 28 21:31:27 UTC 2005 

Author: jmm-guest
Date: 2005-09-28 21:31:24 +0000 (Wed, 28 Sep 2005)
New Revision: 2213

Modified:
   data/CAN/list
Log:
two new issues in wzdftpd and eric
hylafax and interchange CANified
lots of nfus


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-09-28 21:16:02 UTC (rev 2212)
+++ data/CAN/list	2005-09-28 21:31:24 UTC (rev 2213)
@@ -5,62 +5,60 @@
 	- icebreaker <unfixed> (bug #297644; low)
 CAN-2001-XXXX [gnupg: inproper flagging of signatures as being local)
 	- gnupg 1.0.7-1 (bug #107374)
-begin claimed by jmm
 CAN-2005-3087 (The SecureW2 3.0 TLS implementation uses weak random number generators ...)
-	TODO: check
+	NOT-FOR-US: SecureW2 TLS
 CAN-2005-3086 (Directory traversal vulnerability in admin/about.php in contentServ ...)
-	TODO: check
+	NOT-FOR-US: contentSrv
 CAN-2005-3085 (Multiple cross-site scripting (XSS) vulnerabilities in rss.php in ...)
-	TODO: check
+	NOT-FOR-US: Riverdark Studios RSS Syndicator
 CAN-2005-3084 (Buffer overflow in the TIFF library in the Photo Viewer for Sony PSP ...)
-	TODO: check
+	NOT-FOR-US: Sony PSP
 CAN-2005-3083 (Cross-site scripting (XSS) vulnerability in index.php in CMS Made ...)
-	TODO: check
+	NOT-FOR-US: CMS Made Simple
 CAN-2005-3082 (SQL injection vulnerability in admin.php in SEO-Board 1.0.2 allows ...)
-	TODO: check
+	NOT-FOR-US: SEO-Board
 CAN-2005-3081 (wzdftpd 0.5.4 allows remote authenticated users to execute arbitrary ...)
-	TODO: check
+	- wzdftpd 0.5.5-1 (high)
 CAN-2005-3080 (contrib/example.php in GeSHi before 1.0.7.3 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: GeSHi
 CAN-2005-3079 (PunBB before 1.2.8 allows remote attackers to perform &quot;code inclusion&quot; ...)
-	TODO: check
+	NOT-FOR-US: PunBB
 CAN-2005-3078 (Cross-site scripting (XSS) vulnerability in PunBB before 1.2.8 allows ...)
-	TODO: check
+	NOT-FOR-US: PunBB
 CAN-2005-3077 (Microsoft Internet Explorer 5.2.3 for Mac OS allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CAN-2005-3076 (Simplog 0.9.1 might allow remote attackers to execute arbitrary SQL ...)
-	TODO: check
+	NOT-FOR-US: Simplog
 CAN-2005-3075 (SQL injection vulnerability in Zengaia before 0.2 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Zengaia
 CAN-2005-3074 (SQL injection vulnerability in rsyslogd in RSyslog before 1.0.1 and ...)
-	TODO: check
+	NOT-FOR-US: RSyslog
 CAN-2005-3073 (Unspecified vulnerability in Interchange 5.0.1 allows attackers 4.9.3, ...)
-	TODO: check
+	- interchange 5.2.1-1 (bug #329705; unknown)
 CAN-2005-3072 (SQL injection vulnerability in pages/forum/submit.html in Interchange ...)
-	TODO: check
+	- interchange 5.2.1-1 (bug #329705; medium)
 CAN-2005-3071 (Unspecified vulnerability in Unix File System (UFS) on Solaris 8 and ...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CAN-2005-3070 (HylaFax 4.2.1 and earlier on Debian GNU/Linux does not create or ...)
-	TODO: check
+	- hylafax 1:4.2.2+rc1 (bug #329384; low)
 CAN-2005-3069 (xferfaxstats in HylaFax 4.2.1 and earlier allows local users to ...)
-	TODO: check
+	- hylafax 1:4.2.2+rc1 (bug #329384; low)
 CAN-2005-3068 (Unspecified vulnerability in Eric Integrated Development Environment ...)
-	TODO: check
+	- eric <unfixed> (bug filed; unknown)
 CAN-2005-3067 (Cross-site scripting (XSS) vulnerability in perldiver.cgi in PerlDiver ...)
-	TODO: check
+	NOT-FOR-US: PerlDiver
 CAN-2005-3066 (Cross-site scripting (XSS) vulnerability in perldiver.pl in PerlDiver ...)
-	TODO: check
+	NOT-FOR-US: PerlDiver
 CAN-2005-3065 (MultiTheftAuto 0.5 patch 1 and earlier allows remote attackers cause a ...)
-	TODO: check
+	NOT-FOR-US: MultiTheftAuto
 CAN-2005-3064 (MultiTheftAuto 0.5 patch 1 and earlier does not properly verify client ...)
-	TODO: check
+	NOT-FOR-US: MultiTheftAuto
 CAN-2005-3063 (SQL injection vulnerability in MailGust 1.9 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: MailGust
 CAN-2005-3062 (PHP remote file inclusion vulnerability in index.php in AlstraSoft ...)
-	TODO: check
+	NOT-FOR-US: AlstraSoft E-Friends
 CAN-2005-3061 (Multiple stack-based buffer overflows in PowerArchiver 8.10 through ...)
-	TODO: check
-end claimed by jmm
+	NOT-FOR-US: PowerArchiver
 CAN-2003-XXXX [libsafe: does not prevent some exploit types]
 	TODO: We should push for removal, maintainer already voiced consent during Sarge prep phase	
 	- libsafe <unfixed> (bug #173227; medium)
@@ -136,12 +134,8 @@
 	- qpopper <unfixed> (bug #330123; medium)
 CAN-2005-XXXX [ Chroot escape in vserver kernel patch]
 	- kernel-patch-vserver <unfixed> (bug #329087; medium)
-CAN-2005-XXXX [Some security flaws in hylafax's xferfaxstats tool]
-	- hylafax 1:4.2.2+rc1 (bug #329384; low)
 CAN-2005-XXXX [Local kernel DoS through incorrect boundary checks in cipher processors]
 	- linux-2.6 2.6.12-7 (low)
-CAN-2005-XXXX [ITL injection in interchange]
-	- interchange 5.2.1-1 (bug #329705; unknown)
 CAN-2005-3043 (SQL injection vulnerability in AddItem.asp in Mall23 eCommerce allows ...)
 	NOT-FOR-US: Mall23 eCommerce
 CAN-2005-3042 (miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when ...)

More information about the Secure-testing-commits mailing list