Moritz Muehlenhoff
2005-May-25 11:03 UTC
[Secure-testing-commits] r1149 - sarge-checks/CAN
Author: jmm-guest Date: 2005-05-25 11:03:25 +0000 (Wed, 25 May 2005) New Revision: 1149 Modified: sarge-checks/CAN/list Log: processed block picasm and wordpress CANified claim new block Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-05-25 09:40:10 UTC (rev 1148) +++ sarge-checks/CAN/list 2005-05-25 11:03:25 UTC (rev 1149) @@ -93,31 +93,31 @@ - gdb (unfixed) CAN-2005-1704 (Integer overflow in the BFD library for gdb before 6.3 allows ...) - gdb (unfixed; bug #308624) -begin claimed by jmm CAN-2005-1703 (Warrior Kings: Battles 1.23 and earlier allows remote attackers to ...) - TODO: check + NOTE: not-for-us (Warrior Kings: Battles) CAN-2005-1702 (Format string vulnerability in Warrior Kings: Battles 1.23 and earlier ...) - TODO: check + NOTE: not-for-us (Warrior Kings: Battles) CAN-2005-1701 (SQL injection vulnerability in PortailPHP 1.3 allows remote attackers ...) - TODO: check + NOTE: not-for-us (PortailPHP) CAN-2005-1700 (SQL injection vulnerability in pnadmin.php in the Xanthia module in ...) - TODO: check + NOTE: not-for-us (PostNuke) CAN-2005-1699 (Directory traversal vulnerability in pnadminapi.php in the Xanthia ...) - TODO: check + NOTE: not-for-us (PostNuke) CAN-2005-1698 (PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain ...) - TODO: check + NOTE: not-for-us (PostNuke) CAN-2005-1697 (The RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allows remote ...) - TODO: check + NOTE: not-for-us (PostNuke) CAN-2005-1696 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.750 ...) - TODO: check + NOTE: not-for-us (PostNuke) CAN-2005-1695 (Multiple cross-site scripting (XSS) vulnerabilities in the RSS module ...) - TODO: check + NOTE: not-for-us (PostNuke) CAN-2005-1694 (Multiple SQL injection vulnerabilities in Xanthia.php in the Xanthia ...) - TODO: check + NOTE: not-for-us (PostNuke) CAN-2005-1693 (Integer overflow in Computer Associates Vet Antivirus library, as used ...) - TODO: check + NOTE: not-for-us (CA Antivirus) CAN-2005-1692 (Format string vulnerability in gxine 0.41 through 0.44 allows remote ...) - TODO: check + NOTE: Not in sarge due to RC bugs + - gxine (unfixed) CAN-2005-1691 NOTE: reserved CAN-2005-1690 @@ -125,92 +125,95 @@ CAN-2005-1689 NOTE: reserved CAN-2005-1688 (Wordpress 1.5 and earlier allow remote attackers to obtain sensitive ...) - TODO: check + NOTE: Removed from Sarge due to intransparent handling of security issues by upstream + - wordpress 1.5.1-1 CAN-2005-1687 (SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and ...) - TODO: check + NOTE: Removed from Sarge due to intransparent handling of security issues by upstream + - wordpress 1.5.1-1 CAN-2005-1686 (Format string vulnerability in gedit 2.10.2 may allow attackers to ...) - TODO: check + TODO: Affects experimental, check whether 2.8 from Sarge/sid is affected as well + - gedit (unfixed) CAN-2005-1685 (episodex guestbook allows remote attackers to bypass authentication ...) - TODO: check + NOTE: not-for-us (episodex) CAN-2005-1684 (Cross-site scripting (XSS) vulnerability in default.asp for episodex ...) - TODO: check + NOTE: not-for-us (episodex) CAN-2005-1683 (Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2005-1682 (JavaMail API, as used by Solstice Internet Mail Server POP3 2.0, does ...) - TODO: check + NOTE: not-for-us (Solstice Internet Mail Server) CAN-2005-1681 (PHP remote code injection vulnerability in common.php in phpATM 1.21, ...) - TODO: check + NOTE: not-for-us (phpATM) CAN-2005-1680 (D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when ...) - TODO: check + NOTE: not-for-us (D-Link hardware) CAN-2005-1679 (Stack-based buffer overflow in the error directive in picasm 1.12b and ...) - TODO: check + - picasm 1.12c-1 CAN-2005-1678 (Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, ...) - TODO: check + NOTE: not-for-us (Groove) CAN-2005-1677 (Unknown vulnerability in Groove Virtual Office before 3.1 build 2338, ...) - TODO: check + NOTE: not-for-us (Groove) CAN-2005-1676 (Multiple cross-site scripting (XSS) vulnerabilities in Groove Mobile ...) - TODO: check + NOTE: not-for-us (Groove) CAN-2005-1675 (Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, ...) - TODO: check + NOTE: not-for-us (Groove) CAN-2005-1674 (Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live ...) - TODO: check + NOTE: not-for-us (Help Center Live) CAN-2005-1673 (Multiple SQL injection vulnerabilities in Help Center Live allow ...) - TODO: check + NOTE: not-for-us (Help Center Live) CAN-2005-1672 (Multiple cross-site scripting (XSS) vulnerabilities in Help Center ...) - TODO: check + NOTE: not-for-us (Help Center Live) CAN-2005-1671 (The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be ...) - TODO: check + NOTE: not-for-us (Yahoo Messenger) CAN-2005-1670 (Unknown vulnerability in Extreme BlackDiamond 10808 and 8800 switches ...) - TODO: check + NOTE: not-for-us (Extreme BlackDiamond hardware) CAN-2005-1669 NOTE: reserved CAN-2005-1668 (YusASP Web Asset Manager 1.0 allows remote attackers to gain ...) - TODO: check + NOTE: not-for-us (YusASP Web Asset Manager) CAN-2005-1667 (DataTrac Activity Console 1.1 allows remote attackers to cause a ...) - TODO: check + NOTE: not-for-us (DataTrac Activity Console) CAN-2005-1666 (Multiple buffer overflows in Orenosv HTTP/FTP Server 0.8.1 allow ...) - TODO: check + NOTE: not-for-us (Orenosv) CAN-2005-1665 (The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2005-1664 (The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2005-1663 (Jeuce Personal Web Server 2.13 allows remote attackers to cause a ...) - TODO: check + NOTE: not-for-us (Jeuce Personal Web Server) CAN-2005-1662 (Directory traversal vulnerability in Jeuce Personal Web Server 2.13 ...) - TODO: check + NOTE: not-for-us (Jeuce Personal Web Server) CAN-2005-1661 (Jeuce Personal Webserver 2.13 allows remote attackers to cause a ...) - TODO: check + NOTE: not-for-us (Jeuce Personal Web Server) CAN-2005-1660 (HTMLJunction EZGuestbook stores the guestbook.mdb file under the web ...) - TODO: check + NOTE: not-for-us (EZGuestbook) CAN-2005-1659 (Cross-site scripting (XSS) vulnerability in filemanager.cpp in ...) - TODO: check + NOTE: not-for-us (MyServer) CAN-2005-1658 (Directory traversal vulnerability in filemanager.cpp in MyServer 0.8 ...) - TODO: check + NOTE: not-for-us (MyServer) CAN-2005-1657 (Multiple directory traversal vulnerabilities in Mercur Messaging 2005 ...) - TODO: check + NOTE: not-for-us (Mercur Messaging) CAN-2005-1656 (Mercur Messaging 2005 SP2 allows remote attackers to read the source ...) - TODO: check + NOTE: not-for-us (Mercur Messaging) CAN-2005-1655 (AOL Instant Messenger 5.5.x and earlier allows remote attackers to ...) - TODO: check + NOTE: not-for-us (AOL Instant Messenger) CAN-2005-1654 (Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers ...) - TODO: check + NOTE: not-for-us (Hosting Controller) CAN-2004-2093 (Buffer overflow in the open_socket_out function in socket.c for rsync ...) - TODO: check + - rsync 2.6.1-1 CAN-2004-2092 (eTrust InoculateIT for Linux 6.0 uses insecure permissions for ...) - TODO: check + NOTE: not-for-us (InoculateIT) CAN-2004-2091 (Microsoft Baseline Security Analyzer (MBSA) 1.2 does not correctly ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2004-2090 (Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2004-2089 (Matrix FTP Server allows remote attackers to cause a denial of service ...) - TODO: check + NOTE: not-for-us (Matrix FTP Server) CAN-2004-2088 (Sophos Anti-Virus 3.78 allows remote attackers to bypass virus ...) - TODO: check + NOTE: not-for-us (Sophos) CAN-2004-2087 (Unknown vulnerability in SandSurfer before 1.7.0 allows remote ...) - TODO: check + NOTE: not-for-us (SandSurfer) CAN-2004-2086 (Stack-based buffer overflow in results.stm for Sambar Server before ...) - TODO: check -end claimed by jmm + NOTE: not-for-us (Sambar) +begin claimed by jmm CAN-2004-2085 (Multiple cross-site scripting (XSS) vulnerabilities in Brad Fears ...) TODO: check CAN-2004-2084 (Cross-site scripting (XSS) vulnerability in search.php in JShop ...) @@ -271,14 +274,13 @@ TODO: check CAN-2000-1224 (Caucho Technology Resin 1.2 and possibly earlier allows remote ...) TODO: check +end claimed by jmm CAN-2005-XXXX [Two DoS condition in ekg] - ekg 1:1.5+20050411-3 CAN-2005-XXXX [lcrash affected by libbfd integer overflows] - lcrash 7.0.0.pre.cvs.20050322-3 CAN-2005-XXXX [Multiple security problems in lbreakout2] - lbreakout2 2.5.2-2 -CAN-2005-XXXX [Buffer overflows in picasm''s code for generating error messages] - - picasm 1.12c-1 CAN-2005-XXXX [mailutils multiple vulnerabilities] - mailutils 1:0.6.1-3 CAN-2005-1653 (Cross-site scripting (XSS) vulnerability in message.htm for Woppoware ...) @@ -588,9 +590,6 @@ CAN-2005-XXXX [unrar: opens /tmp/debug_unrar.txt] NOTE: Source package has been renamed from unrar to unrar-free - unrar-free 1:0.0.1-2 -CAN-2005-XXXX [wordpress: unknown security hole] - NOTE: Removed from Sarge due to intransparent handling of security issues by upstream - - wordpress 1.5.1-1 CAN-2005-1512 (The Admin panel in PwsPHP 1.2.2 does not properly verify uploaded ...) NOTE: not-for-us (PwsPHP) CAN-2005-1511 (PwsPHP 1.2.2 allows remote attackers to bypass authentication and post ...)