Author: jmm-guest Date: 2005-10-06 09:59:06 +0000 (Thu, 06 Oct 2005) New Revision: 2325 Modified: data/CAN/list Log: new mediawiki issues new minor blender issue new polipo issue uim CANified lots of nfus readjust claimed blocked Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-10-06 09:36:41 UTC (rev 2324) +++ data/CAN/list 2005-10-06 09:59:06 UTC (rev 2325) @@ -1,62 +1,62 @@ -begin claimed by jmm CAN-2005-3177 (CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, ...) - TODO: check + NOT-FOR-US: Microsoft CAN-2005-3176 (Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record ...) - TODO: check + NOT-FOR-US: Microsoft CAN-2005-3175 (Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local ...) - TODO: check + NOT-FOR-US: Microsoft CAN-2005-3174 (Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to ...) - TODO: check + NOT-FOR-US: Microsoft CAN-2005-3173 (Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply ...) - TODO: check + NOT-FOR-US: Microsoft CAN-2005-3172 (The WideCharToMultiByte function in Microsoft Windows 2000 before ...) - TODO: check + NOT-FOR-US: Microsoft CAN-2005-3171 (Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID ...) - TODO: check + NOT-FOR-US: Microsoft CAN-2005-3170 (The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for ...) - TODO: check + NOT-FOR-US: Microsoft CAN-2005-3169 (Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit ...) - TODO: check + NOT-FOR-US: Microsoft CAN-2005-3168 (The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 ...) - TODO: check + NOT-FOR-US: Microsoft CAN-2005-3167 (Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not ...) - TODO: check + - mediawiki <unfixed> (bug filed; medium) CAN-2005-3166 (Unspecified vulnerability in "edit submission handling" for MediaWiki ...) - TODO: check + - mediawiki <unfixed> (bug filed; unknown) CAN-2005-3165 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki ...) - TODO: check + - mediawiki 1.4.9 CAN-2005-3164 (Hitachi Cosminexus Application Server has unknown impact and attack ...) - TODO: check + NOT-FOR-US: Hitachi Cosminexus Application Server CAN-2005-3163 (Unspecified vulnerability in Polipo 0.9.8 and earlier allows attackers ...) - TODO: check + - polipo <unfixed> (bug filed; medium) CAN-2005-3162 (Multiple SQL injection vulnerabilities in PHP-Fusion 6.00.109 allow ...) - TODO: check + NOT-FOR-US: PHP-Fusion CAN-2005-3161 (SQL injection vulnerability in PHP-Fusion before 6.00.110 allows ...) - TODO: check + NOT-FOR-US: PHP-Fusion CAN-2005-3160 (Multiple SQL injection vulnerabilities in photogallery.php in ...) - TODO: check + NOT-FOR-US: PHP-Fusion CAN-2005-3159 (SQL injection vulnerability in messages.php in PHP-Fusion allows ...) - TODO: check + NOT-FOR-US: PHP-Fusion CAN-2005-3158 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.106 and ...) - TODO: check + NOT-FOR-US: PHP-Fusion CAN-2005-3157 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 ...) - TODO: check + NOT-FOR-US: PHP-Fusion CAN-2005-3156 (Directory traversal vulnerability in printfaq.php in EasyGuppy (Guppy ...) - TODO: check + NOT-FOR-US: EasyGuppy CAN-2005-3155 (Buffer overflow in the W3C logging for MailEnable Enterprise 1.1 and ...) - TODO: check + NOT-FOR-US: MailEnable Enterprise CAN-2005-3154 (Format string vulnerability in the logging funtionality in BitDefender ...) - TODO: check + NOT-FOR-US: Bitdefender Antivirus CAN-2005-3153 (login.php in MyBloggie 2.1.3 beta allows remote attackers to bypass a ...) - TODO: check + NOT-FOR-US: MyBloggie CAN-2005-3152 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 ...) - TODO: check + NOT-FOR-US: CubeCart CAN-2005-3151 (Buffer overflow in blenderplay in Blender Player 2.37a allows ...) - TODO: check + - blender <unfixed> +begin claimed by jmm CAN-2005-3150 (Format string vulnerability in the Log_Flush function in Weex 2.6.1.5, ...) TODO: check CAN-2005-3149 (Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly ...) - TODO: check + - uim <unfixed> (bug #331620; medium) CAN-2005-3148 (StoreBackup before 1.19 in SUSE Linux does not properly set the uid ...) TODO: check CAN-2005-3147 (StoreBackup before 1.19 in SUSE Linux creates the backup root with ...) @@ -68,16 +68,15 @@ CAN-2005-3144 (httpAdapter.c in sblim-sfcb before 0.9.2 allows remote attackers to ...) TODO: check CAN-2005-3143 (Unspecified vulnerability in the Mailbox Server for 4D WebStar before ...) - TODO: check + NOT-FOR-US: Mailbox Server for 4D WebStar CAN-2005-3142 (Heap-based buffer overflow in Kaspersky Antivirus (KAV) 5.0 and ...) - TODO: check + NOT-FOR-US: Kaspersky Antivirus CAN-2005-3141 (Cerulean Studios Trillian 3.0 allows remote attackers to cause a ...) - TODO: check + NOT-FOR-US: Trillian CAN-2005-3140 (Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions ...) TODO: check CAN-2005-3137 (The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow ...) TODO: check -end claimed by jmm CAN-2005-3136 (Directory traversal vulnerability in Virtools Web Player 3.0.0.100 and ...) TODO: check CAN-2005-3135 (Buffer overflow in Virtools Web Player 3.0.0.100 and earlier allows ...) @@ -98,6 +97,7 @@ TODO: check CAN-2005-3127 (Cross-site scripting (XSS) vulnerability in index.php in lucidCMS ...) TODO: check +end claimed by jmm CAN-2005-3126 NOTE: reserved CAN-2005-3125 @@ -149,8 +149,6 @@ CAN-2005-XXXX [Minor local DoS as libldap] - openldap <unfixed> (bug #253838; low) TODO: Check, whether openldap2.2 is affected as well -CAN-2005-XXXX [Local privilege escalation in uim] - - uim <unfixed> (bug #331620; medium) CAN-2005-XXXX [Insecure bounds checking in mpack''s content parser] - mpack 1.6-1 (bug #216566) CAN-2005-XXXX [coreutils ignore umask when using -m in mkdir, mkfifo and mknod]