Secure testing commits - Feb 2005 - r475 - sarge-checks/CAN

Author: djoume-guest
Date: 2005-02-23 21:28:19 +0100 (Wed, 23 Feb 2005)
New Revision: 475

Modified:
   sarge-checks/CAN/list
Log:
* processed my block


Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list	2005-02-23 20:14:20 UTC (rev 474)
+++ sarge-checks/CAN/list	2005-02-23 20:28:19 UTC (rev 475)
@@ -1,99 +1,98 @@
 CAN-2005-0510 (The daemon for fallback-reboot before 0.995 allows attackers to
cause ...)
-	TODO: check
+	NOTE: not-for-us (fallback-reboot)
 CAN-2005-0509 (Multiple cross-site scripting (XSS) vulnerabilities in the Mono
1.0.5 ...)
-	TODO: check
+	NOTE: default config of Mono not vulnerable
+	NOTE: Mono wont be in Sarge according to
http://wiki.debian.net/?MonoDebianPlan
 CAN-2005-0508 (Unknown vulnerability in Squiggle for Batik before 1.5.1 allows
...)
-	TODO: check
+	NOTE: not-for-us (Squiggle for Batik)
 CAN-2005-0507 (Directory traversal vulnerability in SD Server 4.0.70 and
earlier ...)
-	TODO: check
+	NOTE: not-for-us (SD Server)
 CAN-2005-0506 (The Avaya IP Office Phone Manager, and other products such as
the IP ...)
-	TODO: check
+	NOTE: not-for-us (Avaya)
 CAN-2005-0505 (Unknown vulnerability in Information Resource Manager (IRM)
before ...)
-	TODO: check
+	NOTE: not-for-us (IRM)
 CAN-2005-0504 (Buffer overflow in the MoxaDriverIoctl function for the moxa
serial ...)
-	TODO: check
-begin claimed by djoume
+	TODO: check with kernel team
 CAN-2005-0503 (uim before 0.4.5.1 trusts certain environment variables when
libUIM is ...)
-	TODO: check
+	- uim (unfixed; bug #296632)
 CAN-2005-0502 (Directory traversal vulnerability in Xinkaa 1.0.3 and earlier
allows ...)
-	TODO: check
+	NOTE: not-for-us (Xinkaa)
 CAN-2005-0501 (Buffer overflow in Bontago 1.1 and earlier allows remote
attackers ...)
-	TODO: check
+	NOTE: not-for-us (Bontago)
 CAN-2005-0500 (Internet Explorer 6.0 on Windows XP SP2 allows remote attackers
to ...)
-	TODO: check
+	NOTE: not-for-us (MSIE6)
 CAN-2005-0499 (Gigafast router (aka CompUSA router) with the DNS proxy option
enabled ...)
-	TODO: check
+	NOTE: not-for-us (Gigafast router)
 CAN-2005-0498 (Gigafast router (aka CompUSA router) allows remote attackers to
gain ...)
-	TODO: check
+	NOTE: not-for-us (Gigafast router)
 CAN-2005-0497 (ADP Elite System Max 9000 allows remote authenticated users to
gain ...)
-	TODO: check
+	NOTE: not-for-us (ADP Elite System)
 CAN-2005-0496 (Arkeia Network Backup Client 5.x contains hard-coded credentials
that ...)
-	TODO: check
+	NOTE: not-for-us (Arkeia Network Backup)
 CAN-2005-0495 (Cross-site scripting (XSS) vulnerability in ZeroBoard allows
remote ...)
-	TODO: check
+	NOTE: not-for-us (ZeroBoard)
 CAN-2005-0494 (The RgSecurity form in the HTTP server for the Thomson TCW690
cable ...)
-	TODO: check
+	NOTE: not-for-us (Thomson TCW690 cable modem)
 CAN-2005-0493 (CRLF injection vulnerability in bizmail.cgi in Biz Mail Form
before ...)
-	TODO: check
+	NOTE: not-for-us (Biz Mail From)
 CAN-2005-0492 (Adobe Acrobat Reader 6.0.3 and 7.0.0 allows remote attackers to
cause ...)
-	TODO: check
+	NOTE: not-for-us (Acrobat Reader)
 CAN-2005-0491 (Stack-based buffer overflow in Knox Arkeia Server Backup 5.3.x
allows ...)
-	TODO: check
+	NOTE: not-for-us (Arkeia Server Backup)
 CAN-2005-0490 (Multiple stack-based buffer overflows in libcURL and cURL
7.12.1, and ...)
-	TODO: check
+	- curl 7.12.3-1
 CAN-2005-0489
 	NOTE: reserved
 CAN-2004-1702 (The AuthenticationDialogue function in cfservd for Cfengine
2.0.0 to ...)
-	TODO: check
+	- cfengine2 2.1.8-1
 CAN-2004-1701 (Heap-based buffer overflow in the AuthenticationDialogue
function in ...)
-	TODO: check
+	- cfengine2 2.1.8-1
 CAN-2004-1700 (Cross-site scripting (XSS) vulnerability in SettingsBase.php in
...)
-	TODO: check
+	NOTE: not-for-us (Pinnacle ShowCenter)
 CAN-2004-1699 (SettingsBase.php in Pinnacle ShowCenter 1.51 allows remote
attackers ...)
-	TODO: check
+	NOTE: not-for-us (Pinnacle ShowCenter)
 CAN-2004-1698 (The Base64 function in PopMessenger 1.60 (before 20 Sep 2004)
and ...)
-	TODO: check
+	NOTE: not-for-us (PopMessenger)
 CAN-2004-1697 (The "Forgot your Password" link in Computer
Associates Unicenter ...)
-	TODO: check
+	NOTE: not-for-u (Computer Associates Unicenter Management Portal)
 CAN-2004-1696 (EmuLive Server4 Commerce Edition Build 7560 allows remote
attackers to ...)
-	TODO: check
+	NOTE: not-for-us (EmuLive Server4)
 CAN-2004-1695 (EmuLive Server4 Commerce Edition Build 7560 allows remote
attackers to ...)
-	TODO: check
+	NOTE: not-for-us (EmuLive Server4)
 CAN-2004-1694 (Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four
default ...)
-	TODO: check
+	NOTE: not-for-us (Symantec)
 CAN-2004-1693 (PHP remote code injection vulnerability in Function.php in Mambo
4.5 ...)
-	TODO: check
+	NOTE: not-for-us (Mambo)
 CAN-2004-1692 (Cross-site scripting (XSS) vulnerability in index.php in Mambo
4.5 ...)
-	TODO: check
+	NOTE: not-for-us (Mambo)
 CAN-2004-1691 (The Web Server in DNS4Me 3.0.0.4 allows remote attackers to
cause a ...)
-	TODO: check
+	NOTE: not-for-us (DNS4Me)
 CAN-2004-1690 (Cross-site scripting (XSS) vulnerability in the Web Server in
DNS4Me ...)
-	TODO: check
+	NOTE: not-for-us (DNS4Me)
 CAN-2004-1689 (sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with
root ...)
-	TODO: check
+	- sudo 1.6.8p3-1
 CAN-2004-1688 (Pigeon Server 3.02.0143 and earlier allows remote attackers to
cause a ...)
-	TODO: check
+	NOTE: not-for-us (Pigeon Server)
 CAN-2004-1687 (CRLF injection vulnerability in down.asp for Snitz Forums 2000
3.4.04 ...)
-	TODO: check
+	NOTE: not-for-us (Snitz Forums)
 CAN-2004-1686 (Internet Explorer 6.0 in Windows XP SP2 allows remote attackers
to ...)
-	TODO: check
+	NOTE: not-for-us (MSIE)
 CAN-2004-1685 (SMC routers SMC7004VWBR running firmware 1.00.014 and SMC7008ABR
EU ...)
-	TODO: check
+	NOTE: not-for-us (SMC router)
 CAN-2004-1684 (Zyxel P681 running ZyNOS Vt020225a contains portions of memory
in an ...)
-	TODO: check
+	NOTE: not-for-us (Zyxel)
 CAN-2004-1683 (A race condition in crrtrap for QNX RTP 6.1 allows local users
to gain ...)
-	TODO: check
+	NOTE: not-for-us (crrtrap)
 CAN-2004-1682 (Format string vulnerability in QNX 6.1 FTP client allows remote
...)
-	TODO: check
+	NOTE: not-for-us (QNX FTP)
 CAN-2004-1681 (Multiple buffer overflows in (1) phrelay-cfg, (2) phlocale, (3)
...)
-	TODO: check
+	NOTE: not-for-us (QNX)
 CAN-2004-1680 (application.cgi in the Pingtel Xpressa handset running firmware
...)
-	TODO: check
+	NOTE: not-for-us (Pingtel Xpressa)
 CAN-2004-1679 (Directory traversal vulnerability in TwinFTP 1.0.3 R2 allows
remote ...)
-	TODO: check
+	NOTE: not-for-us (TwinFTP)
 CAN-2004-1678 (Directory traversal vulnerability in pdesk.cgi in PerlDesk
allows ...)
-	TODO: check
-end claimed by djoume
+	NOTE: not-for-us (PerlDesk)
 CAN-2004-1677 (pdesk.cgi in PerlDesk allows remote attackers to gain sensitive
...)
 	NOTE: not-for-us (PerlDesk)
 CAN-2004-1676 (Heap-based buffer overflow in the image sending feature in
Gadu-Gadu ...)