Secure testing commits - Feb 2005 - r360 - sarge-checks/CAN

Author: joeyh
Date: 2005-02-07 01:24:01 +0100 (Mon, 07 Feb 2005)
New Revision: 360

Modified:
   sarge-checks/CAN/list
Log:
bug updates


Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list	2005-02-06 22:49:40 UTC (rev 359)
+++ sarge-checks/CAN/list	2005-02-07 00:24:01 UTC (rev 360)
@@ -105,7 +105,7 @@
 CAN-2005-0176
 	NOTE: reserved
 CAN-2004-1392 (PHP 4.0 with cURL functions allows remote attackers to bypass
the ...)
-	TODO: check (asked vorlon if we''ve vulnerable)
+	TODO: check
 CAN-2004-1391 (Untrusted execution path vulnerability in the PPPoE daemon
(PPPoEd) in ...)
 	NOTE: not-for-us (PPPoE daemon (PPPoEd) in QNX RTP)
 CAN-2004-1390 (Multiple buffer overflows in the PPPoE daemon (PPPoEd) in QNX
RTP 6.1 ...)
@@ -119,11 +119,11 @@
 CAN-2004-1386 (TikiWiki before 1.8.4.1 does not properly verify uploaded
images, ...)
 	NOTE: not-for-us (TikiWiki)
 CAN-2004-1385 (phpGroupWare 0.9.16.003 and earlier allows remote attackers to
gain ...)
-	- phpgroupware (unfixed; bug #293906)
+	- phpgroupware 0.9.16.005-1
 CAN-2004-1384 (Multiple cross-site scripting (XSS) vulnerabilities in
phpGroupWare ...)
-	- phpgroupware (unfixed; bug #293906)
+	- phpgroupware 0.9.16.005-1
 CAN-2004-1383 (Multiple SQL injection vulnerabilities in phpGroupWare
0.9.16.003 and ...)
-	- phpgroupware (unfixed; bug #293906)
+	- phpgroupware 0.9.16.005-1
 CAN-2004-1382 (The glibcbug script in glibc 2.3.4 and earlier allows local
users to ...)
 	- 2.3.2.ds1-19
 CAN-2005-0218 (ClamAV 0.80 and earlier allows remote attackers to bypass virus
...)
@@ -2133,7 +2133,7 @@
 	NOTE: not-for-us (Lotus)
 CAN-2004-0667 (Rule Set Based Access Control (RSBAC) 1.2.2 through 1.2.3 allows
...)
 	NOTE: kernel-patch-adamantix contain the RSBAC patch v1.2.2 and is vulnerable.
-	- kernel-patch-adamantix (unfixed, buf filed)
+	- kernel-patch-adamantix (unfixed, bug #293940)
 CAN-2004-0666 (Off-by-one error in the POP3_readmsg function in popclient 3.0b6
...)
 	NOTE: not-for-us (popclient not in Debian)
 CAN-2004-0665 (csFAQ.cgi in csFAQ allows remote attackers to gain sensitive
...)