Author: micah
Date: 2005-07-23 16:14:35 +0000 (Sat, 23 Jul 2005)
New Revision: 1459
Modified:
data/CAN/list
Log:
Checking in my CANs
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-07-23 14:52:44 UTC (rev 1458)
+++ data/CAN/list 2005-07-23 16:14:35 UTC (rev 1459)
@@ -77,10 +77,8 @@
NOTE: not-for-us (Microsoft)
CAN-2002-2080 (Floositek FTGate PRO 1.05 allows remote attackers to cause a
denial of ...)
NOTE: not-for-us (FTGate)
-begin claimed by micah
CAN-2002-2079 (mosix-protocol-stack in Multicomputer Operating System for UnIX
...)
- TODO: check
-end claimed by micah
+ - kernel-patch-openmosix (unfixed; bug #319621; low)
CAN-2002-2078 (Heap-based buffer overflow in Floositek (1) FTGate Pro 1.05 and
(2) ...)
NOTE: not-for-us (FTGate)
CAN-2002-2077 (The DCOM client in Windows 2000 before SP3 does not properly
clear ...)
@@ -2064,9 +2062,9 @@
NOTE: reserved
CAN-2005-1918
NOTE: reserved
-begin claimed by micah
CAN-2005-1917 (kpopper 1.0 and earlier allows local users to create and
overwrite ...)
- TODO: check
+ NOTE: not-for-us (kpopper)
+ NOTE: there is a kpopper in kerberos4kth-servers, but this is not the same one
CAN-2005-1916 (linki.py in ekg 2005-06-05 and earlier allows local users to
overwrite ...)
- ekg 1:1.5+20050712+1.6rc2-1 (low)
CAN-2005-1915
@@ -2190,7 +2188,7 @@
CAN-2005-1860
NOTE: reserved
CAN-2005-1859 (Unknown vulnerability in arshell in the Array Service (arrayd)
for SGI ...)
- TODO: check
+ NOTE: not-for-us (arshell)
CAN-2005-1857
NOTE: reserved
CAN-2005-1856
@@ -2234,7 +2232,7 @@
CAN-2005-1842
NOTE: reserved
CAN-2005-1841 (The control for Adobe Reader 5.0.9 and 5.0.10 on Linux, Solaris,
...)
- TODO: check
+ NOTE: not-for-us (acroread)
CAN-2005-1858 (FUSE 2.x before 2.3.0 does not properly clear previously used
memory ...)
{DSA-744-1}
- fuse 2.3.0-1
@@ -2394,7 +2392,7 @@
{DSA-756-1}
- squirrelmail 2:1.4.4-6 (bug #314374; medium)
CAN-2005-1768 (Race condition in the ia32 compatibility code for the execve
system ...)
- TODO: check
+ NOTE: kernel-source-2.4.27 (bug #xxxx; medium)
CAN-2005-1767
NOTE: reserved
CAN-2005-1766 (Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5
...)
@@ -2419,8 +2417,10 @@
CAN-2005-1760 (sysreport 1.3.15 and earlier includes contents of the up2date
file in ...)
NOTE: not-for-us (sysreport)
CAN-2005-1759 (Race condition in shtool 2.0.1 and earlier allows local users to
...)
- TODO: check
-end claimed by micah
+ - shtool 2.0.1-2 (low)
+ - mysql-ocaml 1.0.3-6 (low)
+ - php4 (unfixed; low)
+ NOTE: the patch applied to NMU #311206 fixes both CAN-2005-1759 and
CAN-2005-1751
CAN-2005-1758 (Buffer overflow in the IMAP command continuation function in
Novell ...)
NOTE: not-for-us (Novell)
CAN-2005-1757 (Buffer overflow in the Modweb agent for Novell NetMail 3.52
before ...)
@@ -2431,7 +2431,7 @@
- shtool 2.0.1-2 (low)
- mysql-ocaml 1.0.3-6 (low)
- php4 (unfixed; low)
- NOTE: This might be -1759, it''s not obvious from the PHP release
notes
+ NOTE: the patch applied to NMU #311206 fixes both CAN-2005-1759 and
CAN-2005-1751
CAN-2004-2136 (dm-crypt on Linux kernel 2.6.x, when used on certain file
systems ...)
NOTE: This looks like a minor issue, the paper is from Feb 2004, check whether
this still applies
TODO: check, whether this still applies
@@ -2983,7 +2983,7 @@
CAN-2005-1582 (Cross-site scripting (XSS) vulnerability in index.php for 1Two
News ...)
NOTE: not-for-us (1Two News)
CAN-2005-1581 (Cross-site scripting (XSS) vulnerability in Bug Report 1.0
allows ...)
- NOTE: not-for-us (bug_list.php
+ NOTE: not-for-us (bug_list.php)
CAN-2005-1580 (users.ini.php in BoastMachine 3.0 does not properly restrict the
types ...)
NOTE: not-for-us (BoastMachine)
CAN-2005-1579 (Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote
attackers to ...)