thr3ads.net - Secure testing commits - [Secure-testing-commits] r977

If this information is useful, please help other people find it:
Share via:

Joey Hess

2005-May-04 01:38 UTC

[Secure-testing-commits] r977 - sarge-checks/CAN

Author: joeyh
Date: 2005-05-04 01:38:12 +0000 (Wed, 04 May 2005)
New Revision: 977

Modified:
   sarge-checks/CAN/list
Log:
updates


Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list	2005-05-03 23:08:12 UTC (rev 976)
+++ sarge-checks/CAN/list	2005-05-04 01:38:12 UTC (rev 977)
@@ -186,7 +186,7 @@
 CAN-2005-1309 (Cross-site scripting (XSS) vulnerability in bBlog 0.7.4 allows
remote ...)
 	NOTE: not-for-us (bBlog)
 CAN-2005-1308 (SqWebMail allows remote attackers to inject arbitrary web script
or ...)
-	TODO: check
+	- sqwebmail (unfixed; bug #307575)
 CAN-2005-1307
 	NOTE: reserved
 CAN-2005-1306
@@ -252,7 +252,7 @@
 CAN-2005-1276
 	NOTE: reserved
 CAN-2005-1275 (Heap-based buffer overflow in the ReadPNMImage function in pnm.c
for ...)
-	- imagemagick (unfixed; bug #306424)
+	- imagemagick 6:6.0.6.2-2.3
 CAN-2005-1274 (Stack-based buffer overflow in the getIfHeader function in the
WebDAV ...)
 	- maxdb-7.5.00 7.5.00.26-1
 CAN-2005-1273
@@ -458,7 +458,9 @@
 CAN-2001-1468 (PHP remote code injection vulnerability in checklogin.php in
...)
 	NOTE: not-for-us (phpSecurePages)
 CAN-2001-1467 (mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through
7.0, ...)
-	TODO: check
+	NOTE: in expect 5.42.1, mkpasswd does not seed by pid; doesn''t seem
+	NOTE: to seed at all; my tests indicate it generates no dups in
+	NOTE: some 100000 passwords.
 CAN-2001-1466 (Buffer overflow in VanDyke SecureCRT before 3.4.2, when using
the ...)
 	NOTE: not-for-us (VanDyke SecureCRT)
 CAN-2001-1465 (SurfControl SuperScout only filters packets containing both an
HTTP ...)
@@ -2703,7 +2705,7 @@
 CAN-2004-1618 (Vypress Tonecast 1.3 and earlier allows remote attackers to
cause a ...)
 	NOTE: not-for-us (Tonecast)
 CAN-2004-1617 (Lynx allows remote attackers to cause a denial of service
(infinite ...)
-	TODO: This is fixed in lynx-cur, maybe a fix can be extracted from there
+	NOTE: This is fixed in lynx-cur, maybe a fix can be extracted from there
 	- lynx (unfixed; bug #296340)
 CAN-2004-1616 (Links allows remote attackers to cause a denial of service
(memory ...)
 	- links 0.99+1.00pre12-1

Secure testing commits - May 2005 - r977 - sarge-checks/CAN

[Secure-testing-commits] r977 - sarge-checks/CAN