Author: jmm-guest
Date: 2005-08-10 09:53:51 +0000 (Wed, 10 Aug 2005)
New Revision: 1551
Modified:
data/CAN/list
Log:
new kernel issues
tar not an issue
pstotext CANified
lots of nfus
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-08-10 09:31:18 UTC (rev 1550)
+++ data/CAN/list 2005-08-10 09:53:51 UTC (rev 1551)
@@ -1,28 +1,28 @@
-begin claimed by jmm
CAN-2005-2546 (Arab Portal 2.0 allows remote attackers to obtain sensitive ...)
- TODO: check
+ NOTE: not-for-us (Arab Portal)
CAN-2005-2545 (Multiple cross-site scripting (XSS) vulnerabilities in
PHPOpenChat ...)
- TODO: check
+ NOTE: not-for-us (PHPOpenChat)
CAN-2005-2544 (PHP remote file inclusion vulnerability in config.php in Comdev
...)
- TODO: check
+ NOTE: not-for-us (Comdev eCommerce)
CAN-2005-2543 (Directory traversal vulnerability in wce.download.php in Comdev
...)
- TODO: check
+ NOTE: not-for-us (Comdev eCommerce)
CAN-2005-2542 (Invision Power Board (IPB) 1.0.3 allows remote attackers to
inject ...)
- TODO: check
+ NOTE: not-for-us (Invision Power Board)
CAN-2005-2541 (Tar 1.15.1 does not properly warn the user when extracting
setuid or ...)
- TODO: check
+ NOTE: This is intended behaviour, after all tar is an archiving tool
and you
+ NOTE: need to give -p as a command line flag
CAN-2005-2540 (CRLF injection vulnerability in FlatNuke 2.5.5 and possibly
earlier ...)
- TODO: check
+ NOTE: not-for-us (FlatNuke)
CAN-2005-2539 (Multiple cross-site scripting (XSS) vulnerabilities in FlatNuke
2.5.5 ...)
- TODO: check
+ NOTE: not-for-us (FlatNuke)
CAN-2005-2538 (FlatNuke 2.5.5 and possibly earlier versions allows remote
attackers ...)
- TODO: check
+ NOTE: not-for-us (FlatNuke)
CAN-2005-2537 (FlatNuke 2.5.5 and possibly earlier versions allows remote
attackers ...)
- TODO: check
+ NOTE: not-for-us (FlatNuke)
CAN-2005-2536 (pstotext before 1.8g does not properly use the
"-dSAFER" option when ...)
- TODO: check
+ - pstotext 1.9-2 (medium)
CAN-2005-2535 (Buffer overflow in the Discovery Service in BrightStor ARCserve
Backup ...)
- TODO: check
+ NOTE: not-for-us (ARCserve Backup)
CAN-2005-2534
NOTE: reserved
CAN-2005-2533
@@ -92,7 +92,7 @@
CAN-2005-2501
NOTE: reserved
CAN-2005-2500 (Buffer overflow in the xdr_xcode_array2 function in xdr.c in
Linux ...)
- TODO: check
+ TODO: Might be affected, pinged Horms, wait for reply
CAN-2005-2499
NOTE: reserved
CAN-2005-2498
@@ -114,8 +114,8 @@
CAN-2005-2490
NOTE: reserved
CAN-2004-2302 (Race condition in the sysfs_read_file and sysfs_write_file
functions ...)
- TODO: check
-end claimed by jmm
+ - kernel-source-2.6.8 (unfixed; bug filed; medium)
+ NOTE: Already fixed in 2.6.12, AFAIK 2.4 doesn't use sysfs
CAN-2005-XXXX [Buffer overflow in Description parsing]
- bidwatcher (unfixed; bug #319489; high)
CAN-2005-XXXX [Does not do escaping in mysql version - both a worrying flaw
and stops adduser working]
@@ -468,8 +468,6 @@
- rsync 2.6.6-1 (low)
CAN-2005-XXXX [Unspecified XSS in hiki]
- hiki 0.8.2-1
-CAN-2005-XXXX [pstotext allows malicious post script code]
- - pstotext 1.9-2 (medium)
CAN-2005-2404 (SQL injection vulnerability in sendcard.php in Sendcard 3.2.3
allows ...)
NOTE: not-for-us (Sendcard)
CAN-2005-2403 (The login protocol in RealChat 3.5.1b does not use
authentication, ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
