[Secure-testing-commits] r2232 - data/CAN

Moritz Muehlenhoff jmm-guest at costa.debian.org
Thu Sep 29 16:27:21 UTC 2005 

Author: jmm-guest
Date: 2005-09-29 16:27:18 +0000 (Thu, 29 Sep 2005)
New Revision: 2232

Modified:
   data/CAN/list
Log:
more bugnums


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-09-29 16:09:35 UTC (rev 2231)
+++ data/CAN/list	2005-09-29 16:27:18 UTC (rev 2232)
@@ -1,3 +1,5 @@
+CAN-2005-XXXX [Heap overflow in libosip URI parsing]
+	- libosip 2.0.9-1 (bug #308737)
 CAN-2005-XXXX [rkhunter: Insecure temporary file]
 	- rkhunter 1.2.7-14 (bug #330627; medium)
 CAN-2005-XXXX [fprobe-ng: Insecure default hash]
@@ -2135,7 +2137,7 @@
 	NOT-FOR-US: First Post
 CAN-2005-2411 (Cross-Site Request Forgery (CSRF) vulnerability in tDiary 2.1.1, and ...)
 	{DSA-808-1}
-	- tdiary 2.0.2-1 (medium)
+	- tdiary 2.0.2-1 (bug #319315; medium)
 CAN-2005-2410 (Format string vulnerability in the nm_info_handler function in Network ...)
 	NOT-FOR-US: Network Manager
 CAN-2005-2409 (Format string vulnerability in util.c in nbsmtp 0.99 and earlier, ...)
@@ -2830,7 +2832,7 @@
 CAN-2002-2011 (Cross-site scripting (XSS) vulnerability in the fom CGI program ...)
 	NOT-FOR-US: faqomatic
 CAN-2002-2010 (Cross-site scripting (XSS) vulnerability in htsearch.cgi in htdig ...)
-	NOT-FOR-US: faqomatic
+	TODO: Check this, htdig is in the archive
 CAN-2002-2009 (Apache Tomcat 4.0.1 allows remote attackers to obtain the web root ...)
 	NOT-FOR-US: Tomcat
 CAN-2002-2008 (Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the ...)
@@ -4954,7 +4956,7 @@
 	NOTE: Cryptographic attack on AES, cannot be fixed
 CAN-2005-1796 (Format string vulnerability in the curses_msg function in the Ncurses ...)
 	{DSA-749-1}
-	- ettercap 1:0.7.1-1.1
+	- ettercap 1:0.7.1-1.1 (bug #311615)
 CAN-2005-1795 (The filecopy function in misc.c in Clam AntiVirus (ClamAV) before ...)
 	NOT-FOR-US: ClamAV on Mac OS X
 CAN-2005-1794 (Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 ...)
@@ -5174,7 +5176,7 @@
 	NOTE: no longer affected.
 	- gforge 3.1-26
 CAN-2005-XXXX [osh buffer overflow]
-	- osh 1.7-13
+	- osh 1.7-13 (bug #311369)
 CAN-2005-XXXX [xile buffer overrun in terminal code]
 	- zile 2.0.4-2
 CAN-2005-1750 (SQL injection vulnerability in login.asp in ezdwc NewsletterEz 3.0 ...)
@@ -9485,7 +9487,7 @@
 CAN-2004-1654 (SQL injection vulnerability in the calendar module in phpWebsite ...)
 	NOT-FOR-US: phpWebsite
 CAN-2004-1653 (The default configuration for OpenSSH enables AllowTcpForwarding, ...)
-	NOT-FOR-US: Documented SSH protocol behaviour, cannot be fixed
+	- ssh <not-affected> (Documented SSH protocol behaviour, cannot be "fixed")
 	NOTE: See bug #296547 for details
 CAN-2004-1652 (phpScheduleIt 1.0.0 RC1 does not clear administrative privileges if ...)
 	NOT-FOR-US: phpScheduleIt

More information about the Secure-testing-commits mailing list