Author: joeyh Date: 2005-03-03 22:04:33 +0100 (Thu, 03 Mar 2005) New Revision: 517 Modified: sarge-checks/CAN/list Log: processed some and claimed some others Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-03-03 08:14:17 UTC (rev 516) +++ sarge-checks/CAN/list 2005-03-03 21:04:33 UTC (rev 517) @@ -1,20 +1,20 @@ CAN-2005-0940 NOTE: rejected - TODO: check CAN-2005-0625 (reportbug 3.2 includes settings from .reportbugrc in bug reports, ...) - TODO: check + - reportbug 3.8 CAN-2005-0624 (reportbug before 2.62 creates the .reportbugrc configuration file with ...) - TODO: check + - reportbug 3.8 CAN-2005-0623 (Buffer overflow in RaidenHTTPD 1.1.32, and possibly other versions ...) - TODO: check + NOTE: not-for-us (RaidenHTTPD) CAN-2005-0622 (RaidenHTTPD 1.1.32, and possibly other versions before 1.1.34, allows ...) - TODO: check + NOTE: not-for-us (RaidenHTTPD) CAN-2005-0621 (Scrapland 1.0 and earlier allows remote attackers to cause a denial of ...) - TODO: check + NOTE: not-for-us (Scrapland) CAN-2005-0620 (Einstein 1.0 stores credit card information in plaintext in the ...) - TODO: check + NOTE: not-for-us (Einstein) CAN-2005-0619 (Einstein 1.0.1 stores sensitive information such as usernames and ...) - TODO: check + NOTE: not-for-us (Einstein) +begin claimed by joeyh CAN-2005-0618 (The SMTP binding function in Symantec Firewall/VPN Appliance 200/200R ...) TODO: check CAN-2005-0617 (SQL injection vulnerability in dl-search.php in PostNuke 0.750 and ...) @@ -164,6 +164,7 @@ NOTE: reserved CAN-2005-0548 NOTE: reserved +end claimed by joeyh begin claimed by djoume CAN-2004-1753 (The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, ...) TODO: check @@ -913,7 +914,7 @@ CAN-2004-1489 (Opera 7.54 and earlier does not properly limit an applet''s access to ...) NOTE: not-for-us (Opera) CAN-2005-0455 (Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed ...) - TODO: check + NOTE: not-for-us (Real) CAN-2005-0454 (Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and earlier ...) NOTE: not-for-us (DCP-Portal) CAN-2005-0453 (The buffer_urldecode function in Lighttpd 1.3.7 and earlier does not ...) @@ -1035,6 +1036,7 @@ NOTE: reserved CAN-2005-0397 NOTE: reserved + - imagemagick 6:6.0.6.2-2.2 CAN-2005-0396 NOTE: reserved CAN-2005-0395 @@ -1708,7 +1710,7 @@ CAN-2005-0209 NOTE: reserved CAN-2005-0208 (The HTML parsing functions in Gaim before 1.1.4 allow remote attackers ...) - TODO: check + - gaim 1:1.1.4 CAN-2005-0207 NOTE: reserved CAN-2005-0206 (The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 ...) @@ -4357,9 +4359,9 @@ CAN-2004-0430 (Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and ...) NOTE: not-for-us (MacOS) CAN-2004-0429 (Unknown vulnerability related to "the handling of large requests" in ...) - TODO: check + NOTE: not-for-us (RAdmin for Mac OS X) CAN-2004-0428 (Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS ...) - TODO: check + NOTE: not-for-us (Mac OS X)) CAN-2004-0427 (The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before ...) NOTE: fixed after 2.6.6/2.4.26 kernel CAN-2004-0426 (rsync before 2.6.1 does not properly sanitize paths when running a ...)