Author: fw
Date: 2005-09-11 21:01:42 +0000 (Sun, 11 Sep 2005)
New Revision: 1917
Modified:
data/CAN/list
Log:
Unify syntax of not-for-us notes.
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-09-11 20:27:29 UTC (rev 1916)
+++ data/CAN/list 2005-09-11 21:01:42 UTC (rev 1917)
@@ -1385,7 +1385,7 @@
CAN-2002-2093 (The Video Control Panel on SGI O2/IRIX 6.5, when the Default
Input is ...)
NOTE: not-for-us (SGI IRIX)
CAN-2002-2092 (Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2
and ...)
- NOTE: not-for-us (OpenBSD/NetBSD/FreeBSD
+ NOTE: not-for-us (OpenBSD/NetBSD/FreeBSD)
CAN-2002-2091 (Format string vulnerability in Deception Finger Daemon,
decfingerd, ...)
NOTE: not-for-us (decfingerd)
CAN-2002-2090 (Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote
attackers ...)
@@ -2382,7 +2382,7 @@
NOTE: current twig package seems to have secure cookies enabled
NOTE: still uses "basic" security setting.
CAN-2001-1536 (Autogalaxy stores usernames and passwords in cleartext in
cookies, ...)
- NOTE: not-for-us (Autogalaxy
+ NOTE: not-for-us (Autogalaxy)
CAN-2001-1535 (Slashcode 2.0 creates new accounts with an 8-character random
...)
NOTE: cannot find paper about this anymore
TODO: followup
@@ -2556,7 +2556,7 @@
CAN-2005-2218 (The device file system (devfs) in FreeBSD 5.x does not properly
check ...)
- kfreebsd5-source 5.3-17 (medium)
CAN-2005-2217 (Dansie Shopping Cart stores the vars.dat file under the web
root with ...)
- NOTE: not-for-us (Dansie Shopping Cart
+ NOTE: not-for-us (Dansie Shopping Cart)
CAN-2005-2216 (PHP remote file inclusion vulnerability in gals.php in PhotoGal
Photo ...)
NOTE: not-for-us (PhotoGal)
CAN-2005-2215 (Cross-site scripting (XSS) vulnerability in MediaWiki before
1.4.x ...)
@@ -5518,7 +5518,7 @@
CAN-2004-1953 (phProfession 2.5 allows remote attackers to gain sensitive
information ...)
NOTE: not-for-us (phProfession)
CAN-2004-1952 (SQL injection vulnerability in Advanced Guestbook 2.2 allows
remote ...)
- NOTE: not-for-us (Advanced Guestbook
+ NOTE: not-for-us (Advanced Guestbook)
CAN-2004-1951 (xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and
xine-ui ...)
- xine-ui 0.99.1
CAN-2004-1950 (phpBB 2.0.8a and earlier trusts the IP address that is in the
...)
@@ -6567,7 +6567,8 @@
- quake2 (unfixed; bug #280573; low)
NOTE: CVE id requested from mitre
CAN-2005-1245 (Cross-site scripting (XSS) vulnerability in MediaWiki before
1.4.2, ...)
- NOTE: not-for-us (MediaWiki not yet in Debian), see CAN-2005-1888
+ NOTE: not-for-us (MediaWiki)
+ NOTE: see CAN-2005-1888
CAN-2005-1244 (Directory traversal vulnerability in the third party tool from
NetIQ, ...)
NOTE: not-for-us (AS/400 FTP server addon)
CAN-2005-1243 (Directory traversal vulnerability in the third party tool from
...)
@@ -7628,7 +7629,7 @@
NOTE: fixed in macromedia flash shortly after discovery 3 years ago
NOTE: did not check the other flash players in debian for this
CAN-2002-1624 (Buffer overflow in Lotus Domino web server before R5.0.10, when
...)
- NOTE: not-for-us (Lotus Domino
+ NOTE: not-for-us (Lotus Domino)
CAN-2002-1623 (The design of the Internet Key Exchange (IKE) protocol, when
using ...)
NOTE: not-for-us (General protocol flaw, cannot be fixed)
CAN-2002-1622 (Buffer overflow in certain RPC routines in IBM AIX 4.3 may
allow ...)
@@ -8073,7 +8074,7 @@
CAN-2003-1129 (Buffer overflow in the Yahoo! Audio Conferencing (aka Voice
Chat) ...)
NOTE: not-for-us (Yahoo Audio Conferencing ActiveX control)
CAN-2003-1128 (XMMS.pm in X2 XMMS Remote, as obtained from the vendor server
between ...)
- NOTE: not-for-us (X2 XMMS Remote
+ NOTE: not-for-us (X2 XMMS Remote)
CAN-2003-1127 (Whale Communications e-Gap 2.5 on Windows 2000 allows remote
attackers ...)
NOTE: not-for-us (e-Gap)
CAN-2003-1126 (Unknown vulnerability in SunOne/iPlanet Web Server SP3 through
SP5 on ...)
@@ -8115,9 +8116,9 @@
CAN-2003-1108 (The Session Initiation Protocol (SIP) implementation in Alcatel
...)
NOTE: not-for-us (Alcatel)
CAN-2003-1107 (The DHTML capability in Microsoft Windows Media Player (WMP)
6.4, 7.0, ...)
- NOTE: not-for-us (Microsoft
+ NOTE: not-for-us (Microsoft)
CAN-2003-1106 (The SMTP service in Microsoft Windows 2000 before SP4 allows
remote ...)
- NOTE: not-for-us (Microsoft
+ NOTE: not-for-us (Microsoft)
CAN-2003-1105 (Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0
SP1 ...)
NOTE: not-for-us (MSIE)
CAN-2003-1104 (Buffer overflow in IBM Tivoli Firewall Toolbox (TFST) 1.2
allows ...)
@@ -8141,7 +8142,7 @@
CAN-2002-1599 (DansGuardian before 2.4.5-1 allows remote attackers to bypass
content ...)
- dansguardian 2.4.5-1
CAN-2002-1598 (Buffer overflows in Computer Associates MLink (CA-MLink) 6.5
and ...)
- NOTE: not-for-us (Computer Associates MLink
+ NOTE: not-for-us (Computer Associates MLink)
CAN-2002-1597 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote
...)
NOTE: not-for-us (Cisco)
CAN-2002-1596 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote
...)
@@ -8690,11 +8691,14 @@
CAN-2005-0537 (Multiple SQL injection vulnerabilities in page.php for iGeneric
(iG) ...)
NOTE: not-for-us (iGeneric (iG) Shop)
CAN-2005-0536 (Directory traversal vulnerability in MediaWiki 1.3.x before
1.3.11 and ...)
- NOTE: not-for-us (MediaWiki not yet in Debian), see CAN-2005-1888
+ NOTE: not-for-us (MediaWiki not yet in Debian)
+ NOTE: see CAN-2005-1888
CAN-2005-0535 (Cross-site request forgery (CSRF) vulnerability in MediaWiki
1.3.x ...)
- NOTE: not-for-us (MediaWiki not yet in Debian), see CAN-2005-1888
+ NOTE: not-for-us (MediaWiki not yet in Debian)
+ NOTE: see CAN-2005-1888
CAN-2005-0534 (Multiple cross-site scripting (XSS) vulnerabilities in
MediaWiki 1.3.x ...)
- NOTE: not-for-us: (MediaWiki not yet in Debian), see CAN-2005-1888
+ NOTE: not-for-us (MediaWiki not yet in Debian)
+ NOTE: see CAN-2005-1888
CAN-2005-0533 (Heap-based buffer overflow in Trend Micro AntiVirus Library
VSAPI ...)
NOTE: not-for-us (Trend Micro AntiVirus)
CAN-2005-0532 (The reiserfs_copy_from_user_to_file_region function in
reiserfs/file.c ...)
@@ -8812,7 +8816,7 @@
CAN-2004-1698 (The Base64 function in PopMessenger 1.60 (before 20 Sep 2004)
and ...)
NOTE: not-for-us (PopMessenger)
CAN-2004-1697 (The "Forgot your Password" link in Computer
Associates (CA) Unicenter ...)
- NOTE: not-for-u (Computer Associates Unicenter Management Portal)
+ NOTE: not-for-us (Computer Associates Unicenter Management Portal)
CAN-2004-1696 (EmuLive Server4 Commerce Edition Build 7560 allows remote
attackers to ...)
NOTE: not-for-us (EmuLive Server4)
CAN-2004-1695 (EmuLive Server4 Commerce Edition Build 7560 allows remote
attackers to ...)
@@ -9731,7 +9735,8 @@
CAN-2004-1406 (SQL injection vulnerability in ikonboard.cgi in Ikonboard 3.1.0
...)
NOTE: not-for-us (Ikonboard)
CAN-2004-1405 (MediaWiki 1.3.8 and earlier, when used with Apache mod_mime,
does not ...)
- NOTE: not-for-us (MediaWiki), see CAN-2005-1888
+ NOTE: not-for-us (MediaWiki not yet in Debian)
+ NOTE: see CAN-2005-1888
CAN-2004-1404 (Attachment Mod 2.3.10 module for phpBB, when used with Apache
...)
NOTE: not-for-us (Attachment Mod for phpBB)
CAN-2004-1403 (PHP remote code injection vulnerability in index.php in
GNUBoard 3.39 ...)
@@ -10929,7 +10934,7 @@
{DSA-644-1}
- chbg 1.5-4
CAN-2004-1263 (changepassword.cgi in ChangePassword 0.8, when installed
setuid, ...)
- NOTE: not-for-us (ChangePassword):w
+ NOTE: not-for-us (ChangePassword)
CAN-2004-1262 (Buffer overflow in the bsb_open_header function in libbsb for
bsb2ppm ...)
NOTE: not-for-us (bsb2ppm)
CAN-2004-1261 (Multiple buffer overflows in the preparse function in asp2php
0.76.23 ...)
@@ -14443,7 +14448,7 @@
CAN-2003-0652 (Buffer overflow in xtokkaetama allows local users to gain
privileges ...)
{DSA-367}
CAN-2003-0651 (Buffer overflow in the mylo_log logging function for mod_mylo
0.2.1 ...)
- NOTE: not-for-us (mod_mylo for apache) not in debian
+ NOTE: not-for-us (mod_mylo for apache)
CAN-2003-0650 (Directory traversal vulnerability in GSAPAK.EXE for GameSpy
Arcade, ...)
NOTE: not-for-us (gamespy)
CAN-2003-0649 (Buffer overflow in xpcd-svga for xpcd 2.08 and earlier allows
local ...)
@@ -16765,7 +16770,7 @@
CAN-2002-0854 (Buffer overflows in ISDN Point to Point Protocol (PPP) daemon
(ipppd) ...)
NOTE: not-for-us (SuSE specific)
CAN-2002-0852 (Buffer overflows in Cisco Virtual Private Network (VPN) Client
3.5.4 ...)
- NOTE: not-for-us Cisco
+ NOTE: not-for-us (Cisco)
CAN-2002-0849 (Linux-iSCSI iSCSI implementation installs the iscsi.conf file
with ...)
NOTE: not-for-us (iSCSI not in Debian)
CAN-2002-0843 (Buffer overflows in the ApacheBench benchmark support program
(ab.c) ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
