thr3ads.net - Secure testing commits - [Secure-testing-commits] r1410

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2005-Jul-17 05:15 UTC
[Secure-testing-commits] r1410 - data/CAN

Author: jmm-guest
Date: 2005-07-16 17:15:25 +0000 (Sat, 16 Jul 2005)
New Revision: 1410

Modified:
   data/CAN/list
Log:
several not-for-us
xmlstarlet already fixed
multiple new issues in tutos


Modified: data/CAN/list
==================================================================---
data/CAN/list	2005-07-16 10:47:02 UTC (rev 1409)
+++ data/CAN/list	2005-07-16 17:15:25 UTC (rev 1410)
@@ -196,7 +196,6 @@
 	NOTE: not-for-us (AliveSites)
 CAN-2004-2210 (Multiple cross-site scripting (XSS) vulnerabilities in
Express-Web ...)
 	NOTE: not-for-us (Express-Web)
-begin claimed by jmm
 CAN-2004-2209 (SQL injection vulnerability in Ideal Science IdealBB 1.4.9
through ...)
 	NOTE: not-for-us (IdealBB)
 CAN-2004-2208 (CRLF injection vulnerability in Ideal Science IdealBB 1.4.9
through ...)
@@ -271,7 +270,6 @@
 	NOTE: not-for-us (Microsoft)
 CAN-2004-2175 (Multiple SQL injection vulnerabilities in ReviewPost PHP Pro
allow ...)
 	NOTE: not-for-us (ReviewPost)
-end claimed by jmm
 CAN-2004-2174 (Cross-site scripting (XSS) vulnerability in Custva.asp in
EarlyImpact ...)
 	NOTE: not-for-us (EarlyImpact)
 CAN-2004-2173 (SQL injection vulnerability in advSearch_h.asp in EarlyImpact
...)
@@ -297,21 +295,23 @@
 CAN-2004-2163 (login_radius on OpenBSD 3.2, 3.5, and possibly other versions
does not ...)
 	NOTE: not-for-us (OpenBSD)
 CAN-2004-2162 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1
allow ...)
-	TODO: check
+	- tutos (unfixed; bug filed; medium)
 CAN-2004-2161 (SQL injection vulnerability in file_overview.php in TUTOS 1.1
allows ...)
-	TODO: check
+	- tutos (unfixed; bug filed; medium)
 CAN-2004-2160 (Format string vulnerability in xml_elem.c for XMLStarlet Command
Line ...)
-	TODO: check
+	- xmlstarlet 1.0.0-1
 CAN-2004-2159 (Multiple buffer overflows in XMLStarlet Command Line XML Toolkit
0.9.3 ...)
-	TODO: check
+	- xmlstarlet 1.0.0-1
 CAN-2004-2158 (SQL injection vulnerability in Serendipity 0.7-beta1 allows
remote ...)
-	TODO: check
+	NOTE: Not yet in Debian, but there''s an ITP pending.
+	TODO: Track #312413
 CAN-2004-2157 (Cross-site scripting (XSS) vulnerability in Comment.php in
Serendipity ...)
-	TODO: check
+	NOTE: Not yet in Debian, but there''s an ITP pending.
+	TODO: Track #312413
 CAN-2004-2156 (Multiple unknown vulnerabilities in Online Recruitment Agency
1.0 have ...)
-	TODO: check
+	NOTE: not-for-us (Online Recruitment Agency)
 CAN-2004-2155 (Online-bookmarks before 0.4.6 allows remote attackers to bypass
its ...)
-	TODO: check
+	NOTE: not-for-us (Online-bookmarks)
 CAN-2005-XXXX [base-config log should not be world readable]
 	- base-config 2.68 (low)
 CAN-2005-2169 (Directory traversal vulnerability in source.php in Quick
&amp; Dirty ...)
@@ -356,7 +356,7 @@
 	NOTE: currently too busy 
 	- courier (unfixed; low)
 CAN-2005-2150 (Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4
does ...)
-	TODO: check
+	NOTE: not-for-us (Microsoft)
 CAN-2005-2149 (config.php in Cacti 0.8.6e and earlier allows remote attackers
to set ...)
 	- cacti 0.8.6f-1 (high)
 CAN-2005-2148 (Cacti 0.8.6e and earlier does not perform proper input
validation to ...)
Secure testing commits - Jul 2005 - r1410 - data/CAN

[Secure-testing-commits] r1410 - data/CAN
