Author: joeyh Date: 2004-12-23 20:15:47 -0700 (Thu, 23 Dec 2004) New Revision: 213 Modified: sarge-checks/CAN/list Log: updates from bts Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2004-12-24 02:39:32 UTC (rev 212) +++ sarge-checks/CAN/list 2004-12-24 03:15:47 UTC (rev 213) @@ -62,7 +62,7 @@ CAN-2004-1285 (Buffer overflow in the get_header function in asf_mmst_streaming.c for ...) NOTE: not-for-us (mplayer) CAN-2004-1284 (Buffer overflow in the find_next_file function in playlist.c for ...) - - mpg123 (unfixed; bug filed) + - mpg123 (unfixed; bug #287043) CAN-2004-1283 (Buffer overflow in the Mesh::type method in mesh.c for the mview ...) NOTE: not-for-us (mview) CAN-2004-1282 (Buffer overflow in the strexpand function in string.c for LinPopUp ...) @@ -226,7 +226,7 @@ CAN-2004-1204 (FluxBox 0.9.10 and earlier versions allows local users to cause a ...) NOTE: at best a local DOS by the user running fluxbox. NOTE: Where''s the security hole? - - fluxbox (unfixed; bug filed) + - fluxbox (unfixed; bug #287016) CAN-2004-1203 (parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug ...) NOTE: not-for-us (phpCMS) CAN-2004-1202 (Cross-site scripting (XSS) vulnerability in parser.php in phpCMS 1.2.1 ...) @@ -611,7 +611,6 @@ NOTE: fixed in patches for CAN-2004-1026 CAN-2004-1024 NOTE: reserved - - fluxbox (unfixed; bug #287016) CAN-2004-1023 (Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and ...) NOTE: not-for-us (Kerio) CAN-2004-1022 (Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and ...) @@ -807,7 +806,7 @@ NOTE: see http://lwn.net/Alerts/110733/ NOTE: sarge''s unarj is from a different code base, probably not vulnerable CAN-2004-0946 (rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit ...) - - nfs-utils (unfixed; bug filed) + - nfs-utils (unfixed; bug #287053) CAN-2004-0945 NOTE: reserved CAN-2004-0944