Author: jmm-guest Date: 2005-08-16 09:36:03 +0000 (Tue, 16 Aug 2005) New Revision: 1596 Modified: data/CAN/list Log: xmlrpc bugnums new vuln in kernel new vuln in bluez-utils some nfus Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-08-16 09:14:16 UTC (rev 1595) +++ data/CAN/list 2005-08-16 09:36:03 UTC (rev 1596) @@ -1,17 +1,17 @@ CAN-2005-2554 (The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 ...) - TODO: check + NOTE: not-for-us (Network Associated ePolicy Orchestrator Agent) CAN-2005-2553 (The find_target function in ptrace32.c in the Linux kernel 2.4.x ...) - TODO: check + - kernel-source-2.4.27 (unfixed; bug filed; medium) CAN-2005-2552 (Unknown vulnerability in HP ProLiant DL585 servers running Integrated ...) - TODO: check + NOTE: not-for-us (Integrated Light Out in HP servers) CAN-2005-2551 (Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 ...) - TODO: check + NOTE: not-for-us (Novell eDirectory) CAN-2005-2550 (Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows ...) - TODO: check + - evolution (unfixed; bug #322535; high) CAN-2005-2549 (Multiple format string vulnerabilities in Evolution 1.5 through ...) - TODO: check + - evolution (unfixed; bug #322535; high) CAN-2005-2547 (security.c in hcid for BlueZ 2.18 and earlier allows remote attackers ...) - TODO: check + - bluez-utils (unfixed; bug filed; medium) CAN-2005-XXXX [centericq embeds libgadu, which had multiple vulns] NOTE: Will be split once the maintainer has investigated this - centericq (unfixed; bug #323185; medium) @@ -19,8 +19,6 @@ - wordpress (unfixed; bug #323040; medium) CAN-2005-XXXX [phpldapadmin doesn''t fully prevent anonymous access when configured so] - phpldapadmin 0.9.6c-5 (medium) -CAN-2005-XXXX [Multiple format string vulnerabilities in Evolution] - - evolution (unfixed; bug #322535; high) CAN-2005-2546 (Arab Portal 2.0 allows remote attackers to obtain sensitive ...) NOTE: not-for-us (Arab Portal) CAN-2005-2545 (Multiple cross-site scripting (XSS) vulnerabilities in PHPOpenChat ...) @@ -121,9 +119,9 @@ NOTE: reserved CAN-2005-2498 [XMLRPC: Inproper handling of nested tags allows arbitrary code execution] NOTE: reserved - - drupal (unfixed; bug filed; high) - - phpgroupware (unfixed; bug filed; high) - - egroupware (unfixe; bug filed; high) + - drupal (unfixed; bug #323347; high) + - phpgroupware (unfixed; bug #323349; high) + - egroupware (unfixe; bug #323350; high) TODO: phpwiki has disabled the XMLRPC in the last upload, it orphaned as well, should be fixed anyway TODO: check php4 and php5 (I guess both are affected) CAN-2005-2497