Author: joeyh Date: 2005-04-05 22:42:45 +0000 (Tue, 05 Apr 2005) New Revision: 764 Modified: sarge-checks/CAN/list Log: bts updates Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-04-05 21:46:22 UTC (rev 763) +++ sarge-checks/CAN/list 2005-04-05 22:42:45 UTC (rev 764) @@ -29,7 +29,7 @@ CAN-2005-0954 (Windows Explorer and Internet Explorer in Windows 2000 SP1 allows ...) NOTE: not-for-us (Windows) CAN-2005-0953 (Race condition in bzip2 1.0.2 and earlier allows local users to modify ...) - TODO: check + - bzip2 (unfixed; bug #303300) NOTE: This "vulnerability" is only exploitable under rarest circumstances: A (local) NOTE: attacker would have to exploit the minimal time span between uncompressing NOTE: the file and chmodding it to delete the file and place a hardlink to another @@ -276,7 +276,7 @@ CAN-2005-0871 (calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when ...) NOTE: not-for-us (Topic Calendar phpbb2 plugin) CAN-2005-0870 (Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, ...) - - phpsysinfo (unfixed; bug #301118) + - phpsysinfo 2.3-3 CAN-2005-0869 (phpSysInfo 2.3 allows remote attackers to obtain sensitive information ...) - phpsysinfo (unfixed; bug #301118) CAN-2005-0868 (AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) ...)