[Secure-testing-commits] r2220 - data/CAN

[Moritz Muehlenhoff]

Author: jmm-guest
Date: 2005-09-29 09:34:29 +0000 (Thu, 29 Sep 2005)
New Revision: 2220

Modified:
   data/CAN/list
Log:
qpopper CANified, new mantis issues, nfus


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-09-29 09:18:04 UTC (rev 2219)
+++ data/CAN/list	2005-09-29 09:34:29 UTC (rev 2220)
@@ -1,39 +1,38 @@
-begin claimed by jmm
 CAN-2005-3104 (mt-comments.cgi in Movable Type before 3.2 allows attackers to ...)
-	TODO: check
+	NOT-FOR-US: Movable Type
 CAN-2005-3103 (Cross-site scripting (XSS) vulnerability in Movable Type before 3.2 ...)
-	TODO: check
+	NOT-FOR-US: Movable Type
 CAN-2005-3102 (The administrative interface in Movable Type allows attackers to ...)
-	TODO: check
+	NOT-FOR-US: Movable Type
 CAN-2005-3101 (The password reset feature in Movable Type before 3.2 generates ...)
-	TODO: check
+	NOT-FOR-US: Movable Type
 CAN-2005-3100 (Unspecified "PPTP Remote DoS Vulnerability" in Astaro Security Linux ...)
-	TODO: check
+	NOT-FOR-US: Astato Security Linux
 CAN-2005-3099 (Unspecified vulnerability in the (1) Xsun and (2) Xprt commands in ...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CAN-2005-3098 (poppassd in Qualcomm qpopper 4.0.8 allows local users to modify ...)
-	TODO: check
+	- qpopper <unfixed> (bug #330123; unimportant)
+	NOTE: Vulnerable code does not seem to be shipped in the binary package
 CAN-2005-3097 (Directory traversal vulnerability in Avi Alkalay contribute.cgi (aka ...)
-	TODO: check
+	NOT-FOR-US: Avi Alkalay
 CAN-2005-3096 (Avi Alkalay nslookup.cgi program, dated 16 June 2002, allows remote ...)
-	TODO: check
+	NOT-FOR-US: Avi Alkalay
 CAN-2005-3095 (Avi Alkalay notify program, dated 19 Aug 2001, allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Avi Alkalay
 CAN-2005-3094 (Avi Alkalay man-cgi script allows remote attackers to execute ...)
-	TODO: check
+	NOT-FOR-US: Avi Alkalay
 CAN-2005-3093 (Nokia 7610 and 3210 phones allows attackers to cause a denial of ...)
-	TODO: check
+	NOT-FOR-US: Nokia cell phones
 CAN-2005-3092 (Heap-based buffer overflow in Image-Line Software FL Studio 5.0.1 ...)
-	TODO: check
+	NOT-FOR-US: Image-Line Software FL Studio
 CAN-2005-3091 (Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 ...)
-	TODO: check
+	- mantis <unfixed> (bug filed; unknown)
 CAN-2005-3090 (Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php ...)
-	TODO: check
+	- mantis <unfixed> (bug filed; unknown)
 CAN-2005-3089 (Firefox 1.0.6 allows attackers to cause a denial of service (crash) ...)
-	TODO: check
+	TODO: file a bug, it's not really clear, whether this has security implications
 CAN-2005-3088
-	NOTE: reserved
-end claimed by jmm
+	RESERVED
 CAN-2005-XXXX [backupninja insecure temp file]
 	- backupninja 0.8-2 (medium)
 CAN-2005-XXXX [microcode.ctl downloads microcode w/o user confirmation]
@@ -165,8 +164,6 @@
 CAN-2005-XXXX [imview: Possible buffer overflow with FITS images]
 	- imview <unfixed> (bug #326971; unknown)
 	TODO: Needs further evaluation
-CAN-2005-XXXX [Potential unspecified qpopper local root exploit]
-	- qpopper <unfixed> (bug #330123; medium)
 CAN-2005-XXXX [ Chroot escape in vserver kernel patch]
 	- kernel-patch-vserver <unfixed> (bug #329087; medium)
 CAN-2005-XXXX [Local kernel DoS through incorrect boundary checks in cipher processors]