Secure testing commits - Jun 2005 - r1293 - data/CAN

Author: jmm-guest
Date: 2005-06-28 09:38:56 +0000 (Tue, 28 Jun 2005)
New Revision: 1293

Modified:
   data/CAN/list
Log:
CANified cacti, some nfu


Modified: data/CAN/list
==================================================================---
data/CAN/list	2005-06-28 09:26:22 UTC (rev 1292)
+++ data/CAN/list	2005-06-28 09:38:56 UTC (rev 1293)
@@ -24,8 +24,6 @@
 	- clamav 0.86.1-1 (medium)
 CAN-2005-XXXX [clamav-milter timeout DoS]
 	- clamav 0.86-1 (medium)
-CAN-2005-XXXX Multiple XSS and input validation errors in cacti
-	- cacti 0.8.6e-1 (high)
 CAN-2005-XXXX [Buffer overflow in Asterisk''s command parser]
 	- asterisk (unfixed; bug #315532; high)
 CAN-2005-2044 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor
1.4.3 ...)
@@ -898,7 +896,7 @@
 CAN-2005-1767
 	NOTE: reserved
 CAN-2005-1766 (Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5
...)
-	TODO: check
+	NOTE: not-for-us (RealPlayer)
 CAN-2005-1765 [Unspecified DoS vulnerability on amd64]
 	NOTE: reserved
 	- kernel-source-2.6.8 (unfixed; unknown)
@@ -1590,11 +1588,11 @@
 CAN-2005-1527
 	NOTE: reserved
 CAN-2005-1526 (PHP file inclusion vulnerability in config_settings.php in Cacti
...)
-	TODO: check
+	- cacti 0.8.6e-1 (high)
 CAN-2005-1525 (SQL injection vulnerability in config_settings.php for Cacti
before ...)
-	TODO: check
+	- cacti 0.8.6e-1 (high)
 CAN-2005-1524 (PHP file inclusion vulnerability in top_graph_header.php in
Cacti ...)
-	TODO: check
+	- cacti 0.8.6e-1 (high)
 CAN-2005-1523 (Format string vulnerability in imap4d server in GNU Mailutils
0.5 and ...)
 	{DSA-732-1}
 	- mailutils 1:0.6.1-3
@@ -2966,7 +2964,7 @@
 CAN-2005-1251
 	NOTE: reserved
 CAN-2005-1250 (SQL injection vulnerability in the logon screen of the web front
end ...)
-	TODO: check
+	NOTE: not-for-us (IpSwitch)
 CAN-2005-1249 (The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite
(ICS) ...)
 	NOTE: not-for-us (IMail)
 CAN-2005-1248 (Buffer overflow in Apple iTunes before 4.8 allows remote
attackers to ...)
@@ -4284,7 +4282,7 @@
 CAN-2005-0773
 	NOTE: reserved
 CAN-2005-0772 (NDMLSRVR.DLL in VERITAS Backup Exec 10.0, 10.0 SP1, and possibly
...)
-	TODO: check
+	NOTE: not-for-us (VERITAS Backup Exec)
 CAN-2005-0771
 	NOTE: reserved
 CAN-2005-0770 (Format string vulnerability in DataRescue Interactive
Disassembler and ...)