Author: joeyh Date: 2005-03-01 21:14:23 +0100 (Tue, 01 Mar 2005) New Revision: 509 Modified: sarge-checks/CAN/list Log: more mozilla stuff, and other TODOs that fell thru the cracks Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-03-01 20:03:12 UTC (rev 508) +++ sarge-checks/CAN/list 2005-03-01 20:14:23 UTC (rev 509) @@ -228,7 +228,7 @@ CAN-2005-0539 (Unknown vulnerability in IBM Hardware Management Console (HMC) before ...) NOTE: not-for-us (IBM) CAN-2005-0538 (Directory traversal vulnerability in (1) GinpPictureServlet.java and ...) - TODO: check + NOTE: not-for-us (ginp) CAN-2005-0537 (Multiple SQL injection vulnerabilities in page.php for iGeneric (iG) ...) NOTE: not-for-us (iGeneric (iG) Shop) CAN-2005-0536 (Directory traversal vulnerability in MediaWiki 1.3.x before 1.3.11 and ...) @@ -267,7 +267,9 @@ CAN-2005-0528 NOTE: reserved CAN-2005-0527 (Firefox 1.0 allows remote attackers to execute arbitrary code via ...) - TODO: check + - mozilla-firefox 1.0.1 + NOTE: didn''t other with YA mozilla-browser bug, it has enough for 1.7.6 already.. + - mozilla-browser 2:1.7.6 CAN-2005-0526 (Multiple cross-site scripting (XSS) vulnerabilities in PBLang 4.65 ...) NOTE: not-for-us (PBLang) CAN-2005-0525 @@ -1469,7 +1471,9 @@ CAN-2005-0256 (The wu_fnmatch function in wu_fnmatch.c for wu-fptd 2.6.1 and 2.6.2 ...) - wu-ftpd 2.6.2-19 CAN-2005-0255 (String handling functions in Mozilla 1.7.3 and Firefox 1.0, such as ...) - TODO: check + - mozilla-firefox 1.0.1 + NOTE: didn''t other with YA mozilla-browser bug, it has enough for 1.7.6 already.. + - mozilla-browser 2:1.7.6 CAN-2005-0254 (BibORB 1.3.2, and possibly earlier versions, does not properly enforce ...) NOTE: not-for-us (BibORB) CAN-2005-0253 (Directory traversal vulnerability in index.php for BibORB 1.3.2, and ...) @@ -1654,7 +1658,7 @@ CAN-2005-0206 (The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 ...) TODO: check CAN-2005-0205 (KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain ...) - TODO: check + - kppp 4:3.1.6 CAN-2005-0204 (Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T ...) NOTE: according to the CAN it is fixed in 2.6.10, but NOTE: looking at the source it is not so clear, noting this @@ -3174,9 +3178,9 @@ CAN-2004-0946 (rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit ...) NOTE: does not apply per maintainer CAN-2004-0945 (The web management interface for Mitel 3300 Integrated Communications ...) - TODO: check + NOTE: not-for-us (Mitel 3300 Integrated Communications Platform) CAN-2004-0944 (The web management interface for Mitel 3300 Integrated Communications ...) - TODO: check + NOTE: not-for-us (Mitel 3300 Integrated Communications Platform) CAN-2004-0943 NOTE: reserved CAN-2004-0942 (Apache webserver 2.0.52 and earlier allows remote attackers to cause a ...)