thr3ads.net - Secure testing commits - [Secure-testing-commits] r545

If this information is useful, please help other people find it:
Share via:
SALVETTI Djoumé
2005-Mar-11 15:54 UTC
[Secure-testing-commits] r545 - sarge-checks/CAN

Author: djoume-guest
Date: 2005-03-11 16:54:56 +0100 (Fri, 11 Mar 2005)
New Revision: 545

Modified:
   sarge-checks/CAN/list
Log:
* processed my block


Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list	2005-03-11 08:14:20 UTC (rev 544)
+++ sarge-checks/CAN/list	2005-03-11 15:54:56 UTC (rev 545)
@@ -116,63 +116,63 @@
 	NOTE: not-for-us (Pabox for PHPNuke not in Debian)
 CAN-2005-0673 (Cross-site scripting (XSS) vulnerability in usercp_register.php
for ...)
 	- phpbb2 (unfixed; bug #298690)
-begin claimed by djoume
 CAN-2005-0672 (Carsten''s 3D Engine (Ca3DE), March 2004 version and
earlier, allows ...)
-	TODO: check
+	NOTE: not-for-us (Ca3DE)
 CAN-2005-0671 (Format string vulnerability in Carsten''s 3D Engine
(Ca3DE), March 2004 ...)
-	TODO: check
+	NOTE: not-for-us (Ca3DE)
 CAN-2005-0670 (Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0
through ...)
-	TODO: check
+	NOTE: not-for-us (phpCOIN)
 CAN-2005-0669 (Multiple SQL injection vulnerabilities in mod.php for phpCOIN
1.2.0 ...)
-	TODO: check
+	NOTE: not-for-us (phpCOIN)
 CAN-2005-0668 (Unknown vulnerability in HTTP Anti Virus Proxy (HAVP) before
0.51 ...)
-	TODO: check
+	NOTE: not-for-us (HAVP)
 CAN-2005-0667 (Buffer overflow in Sylpheed before 1.0.3 and other versions
before ...)
-	TODO: check
+	- sylpheed (unfixed; bug #298173)
 CAN-2005-0666 (Unknown vulnerability in PaX from the September 2003 release to
2.2 ...)
-	TODO: check
+	- kernel-patch-adamantix 1.7
 CAN-2005-0665 (Format string vulnerability in xv before 3.10a allows remote
attackers ...)
-	TODO: check
+	NOTE: not-for-us (XV)
 CAN-2005-0664 (Buffer overflow in the EXIF library (libexif) 0.6.9 does not
properly ...)
-	TODO: check
+	- libexif 0.6.9-5
 CAN-2005-0663 (SQL injection vulnerability in index.php for MercuryBoard 1.1.2
allows ...)
-	TODO: check
+	NOTE: not-for-us (Mercury Board)
 CAN-2005-0662 (Cross-site scripting (XSS) vulnerability in index.php for
MercuryBoard ...)
-	TODO: check
+	NOTE: not-for-us (Mercury Board)
 CAN-2005-0661 (SQL injection vulnerability in the getwbbuserdata function in
...)
-	TODO: check
+	NOTE: not-for-us (Woltlab Burning Board)
 CAN-2005-0660 (Multiple cross-site scripting (XSS) vulnerabilities in D-Forum
1.11 ...)
-	TODO: check
+	NOTE: not-for-us (D-Forum)
 CAN-2005-0659 (phpBB 2.0.13 and earlier allows remote attackers to obtain
sensitive ...)
-	TODO: check
+	NOTE: This is not a security issue as the installation path is known.
 CAN-2005-0658 (SQL injection vulnerability in a third party extension to TYPO3
allows ...)
-	TODO: check
+	NOTE: not-for-us (Typo3)
 CAN-2005-0657 (Directory traversal vulnerability in Computalynx CProxy 3.3.x
and ...)
-	TODO: check
+	NOTE: not-for-us (Computalynx CProxy)
 CAN-2005-0656 (Multiple cross-site scripting (XSS) vulnerabilities in auraCMS
1.5 ...)
-	TODO: check
+	NOTE: not-for-us (auraCMS)
 CAN-2005-0655 (auraCMS 1.5 allows remote attackers to obtain sensitive
information ...)
-	TODO: check
+	NOTE: not-for-us (auraCMS)
 CAN-2005-0654 (gifload.exe in GIMP 2.0.5, 2.2.3, and possibly 2.2.4 allows
remote ...)
-	TODO: check
+	NOTE: I don''t think this is a security issue
+	NOTE: I''ve mailed maintainer -- Djoume
 CAN-2005-0653 (phpMyAdmin 2.6.1 does not properly grant permissions on tables
with an ...)
-	TODO: check
+	- phpmyadmin 3:2.6.1-pl3-1
 CAN-2005-0652 (Unknown vulnerability in HP OpenVMS VAX 7.x and 6.x and OpenVMS
Alpha ...)
-	TODO: check
+	NOTE: not-for-us (OpenVMS)
 CAN-2005-0651 (SQL injection vulnerability in divers.php (incorrectly referred
to as ...)
-	TODO: check
+	NOTE: not-for-us (ProjectBB)
 CAN-2005-0650 (Cross-site scripting (XSS) vulnerability in divers.php
(incorrectly ...)
-	TODO: check
+	NOTE: not-for-us (ProjectBB)
 CAN-2005-0649 (Pixel-Apes SafeHTML before 1.2.1 allows remote attackers to
bypass ...)
-	TODO: check
+	NOTE: not-for-us (Pixel-Apes SafeHTML)
 CAN-2005-0648 (Multiple vulnerabilities in Pixel-Apes SafeHTML before 1.3.0
allow ...)
-	TODO: check
+	NOTE: not-for-us (Pixel-Apes SafeHTML)
 CAN-2005-0647 (admin_setup.php in paNews 2.0.4b allows remote attackers to
inject ...)
-	TODO: check
+	NOTE: not-for-us (paNews)
 CAN-2005-0646 (SQL injection vulnerability in auth.php in paNews 2.0.4b allows
remote ...)
-	TODO: check
+	NOTE: not-for-us (paNews)
 CAN-2005-0645 (Cross-site scripting (XSS) vulnerability in show.inc.php in
cuteNews ...)
-	TODO: check
+	NOTE: not-for-us (CuteNews)
 CAN-2005-0644
 	NOTE: reserved
 CAN-2005-0643
@@ -219,7 +219,6 @@
 	NOTE: not-for-us (Zorum not in Debian)
 CAN-2003-1088 (Cross-site scripting (XSS) vulnerability in index.php for Zorum
3.4 ...)
 	NOTE: not-for-us (Zorum not in Debian)
-end claimed by djoume
 CAN-2005-0626 (Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using
the ...)
 	- squid 2.5.9-2
 CAN-2005-0940
Secure testing commits - Mar 2005 - r545 - sarge-checks/CAN

[Secure-testing-commits] r545 - sarge-checks/CAN
