[Secure-testing-commits] r1492 - data/CAN

Fri, 29 Jul 2005 20:30:16 -0700 

Author: joeyh
Date: 2005-07-30 03:29:46 +0000 (Sat, 30 Jul 2005)
New Revision: 1492

Modified:
   data/CAN/list
Log:
handle a few XXXX that got numbers and some new CANs covered by existing
DSAs


Modified: data/CAN/list
===================================================================
--- data/CAN/list       2005-07-30 03:18:06 UTC (rev 1491)
+++ data/CAN/list       2005-07-30 03:29:46 UTC (rev 1492)
@@ -71,8 +71,11 @@
        NOTE: not-for-us (Oracle Reports)
 CAN-2005-2370 (Multiple "memory alignment errors" in libgadu, as 
used in ekg before ...)
        {DSA-769-1}
+       - gaim (unfixed)
+       NOTE: DSA only covers gaim
+       TODO: check ekg and others that embed libgadu in source tree
 CAN-2005-2369 (Multiple integer signedness errors in libgadu, as used in ekg 
before ...)
-       TODO: check
+       TODO: check gaim and others that embed libgadu in source tree
 CAN-2005-2368 (vim 6.3 before 6.3.082, with modelines enabled, allows 
attackers to ...)
        - vim 1:6.3-085+1 (bug #320017; medium)
 CAN-2005-2367
@@ -157,7 +160,7 @@
 CAN-2005-2318 (Cross-site scripting (XSS) vulnerability in showerr.asp in 
DVBBS 7.1 ...)
        TODO: check
 CAN-2005-2317 (Shorewall 2.4.x before 2.4.1, 2.2.x before 2.2.5, and 2.0.x 
before ...)
-       TODO: check
+       - shorewall 2.4.1-2 (medium)
 CAN-2005-2316
        NOTE: reserved
 CAN-2005-2315
@@ -238,7 +241,7 @@
        TODO: check
 CAN-2005-2277 (Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 
allows ...)
        {DSA-762-1}
-       TODO: check
+       - affix 2.1.2-2 (medium)
 CAN-2005-2276 (Cross-site scripting (XSS) vulnerability in Novell Groupwise 
WebAccess ...)
        TODO: check
 CAN-2004-2284 (The read_list_from_file function in vacation.pl for OpenWebmail 
before ...)
@@ -417,8 +420,6 @@
        NOTE: This doesn't look like a real security issue as cron.daily should 
only be
        NOTE: writable by root, but lets include it as the maintainer considers 
it an issue
        - faif 1.19.2-14 (low)
-CAN-2005-XXXX [Shorewall lets users which have been accepted by MAC based 
access control bypass the other access checks]
-       - shorewall 2.4.1-2 (medium)
 CAN-2005-XXXX [pdns: Two DoS vulnerabilities in the LDAP backend]
        - pdns (unfixed; bug #318798; medium)
        NOTE: CVE id requested from mitre
@@ -833,8 +834,6 @@
 CAN-2005-XXXX [netpanzer: DoS through endless loop trigged through a crafted 
packet]
        - netpanzer (unfixed; bug #318329; medium)
        NOTE: CVE id requested from mitre
-CAN-2005-XXXX [Missing input sanitising in affix's btsrv/btobex services]
-       - affix 2.1.2-2 (medium)
 CAN-2005-2259 (The dispallclosed2 function in dispallclosed.pl for multiple 
USANet ...)
        NOTE: not-for-us (USANet)
 CAN-2005-2258 (PHP remote file inclusion vulnerability in photolist.inc.php in 
Squito ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to