Author: jmm-guest
Date: 2005-04-26 09:24:20 +0000 (Tue, 26 Apr 2005)
New Revision: 916
Modified:
sarge-checks/CAN/list
Log:
Some not-for-us.
Cleaned up some rejected entries.
Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list 2005-04-26 09:14:21 UTC (rev 915)
+++ sarge-checks/CAN/list 2005-04-26 09:24:20 UTC (rev 916)
@@ -43,9 +43,9 @@
CAN-2005-1248
NOTE: reserved
CAN-2005-1247 (webadmin.exe in Novell Nsure Audit 1.0.1 allows remote attackers
to ...)
- TODO: check
+ NOTE: not-for-us (Novell Nsure Audit)
CAN-2005-1246 (Format string vulnerability in the snmppd_log function in ...)
- TODO: check
+ NOTE: not-for-us (snmppd)
CAN-2005-XXXX [Heap overflow in Imagemagick''s ReadPNMImage()]
- imagemagick (unfixed)
CAN-2005-XXXX [Multiple security problems in Quake 2]
@@ -165,7 +165,7 @@
CAN-2005-1193
NOTE: reserved
CAN-2005-1192 (Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11,
B.11.22, and ...)
- TODO: check
+ NOTE: not-for-us (HP-UX)
CAN-2004-1776 (Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read
and ...)
NOTE: not-for-us (Cisco)
CAN-2004-1775 (Cisco VACM (View-based Access Control MIB) for Catalyst
Operating ...)
@@ -840,7 +840,6 @@
NOTE: not-for-us (PafileDB)
CAN-2005-0951
NOTE: rejected
- NOTE: not-for-us (PafileDB)
CAN-2005-0950 (Directory traversal vulnerability in FastStone 4in1 Browser 1.2
allows ...)
NOTE: not-for-us (FastStone 4in1 Browser)
CAN-2005-0949 (Multiple cross-site scripting (XSS) vulnerabilities in
content.asp in ...)
@@ -1533,7 +1532,6 @@
NOTE: not-for-us (FreeBSD)
CAN-2003-1130
NOTE: rejected
- NOTE: not-for-us (solaris)
CAN-2003-1129 (Buffer overflow in the Yahoo! Audio Conferencing (aka Voice
Chat) ...)
NOTE: not-for-us (Yahoo Audio Conferencing ActiveX control)
CAN-2003-1128 (XMMS.pm in X2 XMMS Remote, as obtained from the vendor server
between ...)
@@ -1722,7 +1720,6 @@
NOTE: reserved
CAN-2005-0683
NOTE: rejected
- NOTE: not applicable to Debian (installation path known anyway)
CAN-2005-0682 (Cross-site scripting (XSS) vulnerability in common.inc in Drupal
...)
- drupal 4.5.2
CAN-2005-0681 (Nokia Symbian 60 allows remote attackers to cause a denial of
service ...)
@@ -2929,7 +2926,6 @@
- axel 1.0b-1
CAN-2005-0389
NOTE: rejected
- - lsh-utils 2.0-1
CAN-2005-0388 [Improper IP number validity checking in remstats permits
arbitrary command execution]
{DSA-704-1}
- remstats 1.0.13a-5
@@ -3555,7 +3551,6 @@
NOTE: not-for-us (CitrusDB)
CAN-2005-0228
NOTE: rejected
- NOTE: apparently dup of CAN-2004-1388
CAN-2005-0227 (PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local
users ...)
{DSA-668-1}
CAN-2005-0226 (Format string vulnerability in the Log_Resolver function in
log.c for ...)
@@ -3845,7 +3840,6 @@
NOTE: reserved
CAN-2005-0122
NOTE: rejected
- NOTE: not-for-us (MacOS X)
CAN-2005-0121 (Multiple buffer overflows in golddig 2.0 and earlier allow local
users ...)
NOTE: not-for-us (golddig)
CAN-2005-0120 (helvis 1.8h2_1 and earlier allows local users to delete
arbitrary ...)
@@ -5122,8 +5116,6 @@
NOTE: not vulnerable according to
http://www.debian.org/security/nonvulns-sarge
CAN-2004-0955
NOTE: rejected
- {DSA-571-1 DSA-570-1}
- NOTE: dup of CAN-2004-0599
CAN-2004-0954
NOTE: rejected
CAN-2004-0953 (Buffer overflow in the C2S module in the open source Jabber 2.x
server ...)
@@ -5344,7 +5336,6 @@
NOTE: not-for-us (MSIE)
CAN-2004-0868
NOTE: rejected
- NOTE: not-for-us (microsoft)
CAN-2004-0867 (Mozilla Firefox 0.9.2 allows web sites to set cookies for ...)
- mozilla-firefox 0.9.3
CAN-2004-0866 (Internet Explorer 6.0 allows web sites to set cookies for ...)