thr3ads.net - Secure testing commits - [Secure-testing-commits] r2117

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2005-Sep-23 01:07 UTC
[Secure-testing-commits] r2117 - data/CAN

Author: jmm-guest
Date: 2005-09-23 01:07:14 +0000 (Fri, 23 Sep 2005)
New Revision: 2117

Modified:
   data/CAN/list
Log:
house-keeping


Modified: data/CAN/list
==================================================================---
data/CAN/list	2005-09-23 00:57:01 UTC (rev 2116)
+++ data/CAN/list	2005-09-23 01:07:14 UTC (rev 2117)
@@ -4015,7 +4015,7 @@
 CAN-2005-2021 (Cross-site scripting (XSS) vulnerability in cPanel 9.1 and
earlier ...)
 	NOTE: not-for-us (cPanel)
 CAN-2005-2020 (Directory traversal vulnerability in the web server for 3Com
Network ...)
-	TODO: check
+	NOTE: not-for-us (3com Network Supervisor)
 CAN-2005-2019 (ipfw in FreeBSD 5.4, when running on Symmetric Multi-Processor
(SMP) ...)
 	NOTE: not-for-us (FreeBSD ipfw)
 CAN-2005-2018
@@ -4539,7 +4539,7 @@
 	{DSA-760-1 DTSA-4-1}
 	- ekg 1:1.5+20050712+1.6rc2-1 (low)
 CAN-2005-1915 (The log4sh_readProperties function in log4sh 1.2.5 and earlier
allows ...)
-	TODO: check
+	NOTE: not-for-us (log4sh)
 CAN-2005-1914 (CenterICQ 4.20.0 and earlier creates temporary files with
predictable ...)
 	{DSA-754-1 DTSA-2-1}
 	- centericq 4.20.0-7 (medium)
@@ -5001,8 +5001,6 @@
 CAN-2004-2098 (Cross-site scripting (XSS) vulnerability in the banner engine
(TBE) ...)
 	NOTE: not-for-us (Banner engine)
 CAN-2004-2097 (Multiple scripts on SuSE Linux 9.0 allow local users to
overwrite ...)
-	TODO: check these packages, whether they create tempfiles with the current
PID:
-	NOTE: DONE: fvwm, fvwm-gnome, x-base-clients, lvm10
 	NOTE: fvwm: uses mktemp
 	NOTE: fvwm-gnome: same as fvwm
 	NOTE: x-base-clients: x11perfcomp uses mkdir atomically
@@ -9789,7 +9787,6 @@
 	NOTE:
http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1e01441051dda3bb01c455b6e20bce6d00563d82"
 	- kernel-source-2.6.8 (unfixed; bug #295949; high)
 	- linux-2.6 not-affected 
-	TODO: verify if it''s fixed in linux-2.6
 CAN-2005-0448 (Race condition in the rmtree function in File::Path.pm in Perl
before ...)
 	{DSA-696-1}
 	- perl 5.8.4-7
@@ -9892,7 +9889,7 @@
 	NOTE: On woody, kmail is part of kdenetwork, but there is no GnuPG
 	NOTE: support, so this issue is not very important.
 CAN-2005-0403 (init_dev in tty_io.c in the Red Hat backport of NPTL to Red Hat
...)
-	TODO: check
+	- glibc not-affected (Specific to the NPTL backport for RHEL 3)
 CAN-2005-0402 (Firefox before 1.0.2 allows remote attackers to execute
arbitrary code ...)
 	- mozilla-firefox 1.0.2-1
 CAN-2005-0401 (FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently
address all ...)
@@ -9990,11 +9987,11 @@
 CAN-2005-0360 (The Microsoft Log Sink Class ActiveX control in pkmcore.dll is
marked ...)
 	NOTE: not-for-us (Microsoft)
 CAN-2005-0359 (The Legato PortMapper in EMC Legato NetWorker, Sun Solstice
Backup 6.0 ...)
-	TODO: check
+	NOTE: not-for-us (EMC Legato)
 CAN-2005-0358 (EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge
...)
-	TODO: check
+ 	NOTE: not-for-us (EMC Legato)
 CAN-2005-0357 (EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and
StorEdge ...)
-	TODO: check
+ 	NOTE: not-for-us (EMC Legato)
 CAN-2005-0356 (Multiple TCP implementations with Protection Against Wrapped
Sequence ...)
 	NOTE: linux is not vulnerable, see #310804
 	- kfreebsd5-source 5.3-15 (medium) 
@@ -10799,9 +10796,9 @@
 CAN-2005-0140 (Buffer overflow in PeID allows attackers to execute arbitrary
code via ...)
 	NOTE: not-for-us (PeID)
 CAN-2005-0139 (Unknown vulnerability in rpc.mountd in SGI IRIX 6.5.25, 6.5.26,
and ...)
-	TODO: check
+	NOTE: not-for-us (Irix)
 CAN-2005-0138 (rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and 6.5.27 does not
correctly ...)
-	TODO: check
+	NOTE: not-for-us (Irix)
 CAN-2005-0137 (Linux kernel 2.6 on Itanium (ia64) architectures allows local
users to ...)
 	NOTE: Does not affect 2.6 based kernels in Debian
 	- kernel-source-2.4.27 2.4.27-10
@@ -12137,9 +12134,9 @@
 CAN-2004-0953 (Buffer overflow in the C2S module in the open source Jabber 2.x
server ...)
 	NOTE: jabber version 2 is vulnerable, we have an older version that seems not
 CAN-2004-0952 (HP-UX B.11.00 through B.11.23, when running Ignite-UX and using
the ...)
-	TODO: check
+	NOTE: not-for-us (HP-UX)
 CAN-2004-0951 (The make_recovery command for the TFTP server in HP Ignite-UX
before ...)
-	TODO: check
+	NOTE: not-for-us (HP-UX)
 CAN-2004-0950 (NetOp Host before 7.65 build 2004278 allows remote attackers to
obtain ...)
 	NOTE: not-for-us (NetOp Host)
 CAN-2004-0949 (The smb_recv_trans2 function call in the samba filesystem
(smbfs) in ...)
@@ -13151,7 +13148,7 @@
 CAN-2004-0499
 	NOTE: reserved
 CAN-2004-0498 (The H.323 protocol agent in StoneSoft firewall engine 2.2.8 and
...)
-	TODO: check
+	NOTE: not-for-us (StoneSoft firewall engine)
 CAN-2004-0497 (Unknown vulnerability in Linux kernel 2.x may allow local users
to ...)
 	NOTE: linux kernel fchown hole, fixed in all current kernels
 CAN-2004-0496 (Multiple unknown vulnerabilities in Linux kernel 2.6 allow local
users ...)
@@ -13331,8 +13328,7 @@
 	{DSA-519}
 	- cvs 1:1.12.9-1
 CAN-2004-0415 (Linux kernel does not properly convert 64-bit file offset
pointers to ...)
-	NOTE: fixed in 2.4.27-rc6
-	TODO: does this mean we are ok?
+	NOTE: fixed in 2.4.27-rc6, so fixed in kernel-source-2.4.27
 CAN-2004-0414 (CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not
...)
 	{DSA-517}
 	- cvs 1:1.12.9-1
Secure testing commits - Sep 2005 - r2117 - data/CAN

[Secure-testing-commits] r2117 - data/CAN
