Author: djoume-guest Date: 2005-03-10 17:29:56 +0100 (Thu, 10 Mar 2005) New Revision: 539 Modified: sarge-checks/CAN/list Log: * processed a part of my block Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-03-09 22:51:05 UTC (rev 538) +++ sarge-checks/CAN/list 2005-03-10 16:29:56 UTC (rev 539) @@ -123,43 +123,47 @@ CAN-2005-0643 NOTE: reserved CAN-2005-0642 (SQL injection vulnerability in the Query Designer for Computer ...) - TODO: check + NOTE: not-for-us (Computer Associates UAM) CAN-2005-0641 (Cross-site scripting (XSS) vulnerability in the Reporter for Computer ...) - TODO: check + NOTE: not-for-us (Computer Associates UAM) CAN-2005-0640 (Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not ...) - TODO: check + NOTE: not-for-us (Computer Associates UAM) CAN-2005-0639 (Multiple vulnerabilities in xli before 1.17 may allow remote attackers ...) - TODO: check + - xli (unfixed; bug #298039) + NOTE: I think xloadimage might be also vulnerable, I have mailed + NOTE: Tavis Ormandy about this. -- Djoume CAN-2005-0638 (xloadimage before 4.1-r2, and xli before 1.17, allows attackers to ...) - TODO: check + - xli (unfixed; bug #298039) + - xloadimage (unfixed; bug filed) CAN-2005-0637 (The copy functions in locore.s in OpenBSD 3.5 and 3.6 may allow ...) - TODO: check + NOTE: not-for-us (OpenBSD) CAN-2005-0636 (Format string vulnerability in Foxmail Server 2.0 allows remote ...) - TODO: check + NOTE: not-for-us (Foxmail) CAN-2005-0635 (Buffer overflow in Foxmail Server 2.0 allows remote attackers to ...) - TODO: check + NOTE: not-for-us (Foxmail) CAN-2005-0634 (Buffer overflow in Golden FTP Server 1.92 allows remote attackers to ...) - TODO: check + NOTE: not-for-us (Golden FTP Server) CAN-2005-0633 (Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to ...) - TODO: check + NOTE: not-for-us (Trillian) CAN-2005-0632 (PHP remote code injection vulnerability in auth.php in PHPNews 1.2.4 ...) - TODO: check + NOTE: not-for-us (PHPNews) CAN-2005-0631 (delpm.php in PBLang 4.63 allows remote authenticated users to delete ...) - TODO: check + NOTE: not-for-us (PBLang) CAN-2005-0630 (sendpm.php in PBLang 4.63 allows remote authenticated users to read ...) - TODO: check + NOTE: not-for-us (PBLang) CAN-2005-0629 (Multiple cross-site scripting (XSS) vulnerabilities in profile.php in ...) - TODO: check + NOTE: not-for-us (427BB) CAN-2005-0628 (Multiple cross-site scripting (XSS) vulnerabilities in Forumwa 1.0 ...) - TODO: check + NOTE: not-for-us (Forumwa) CAN-2005-0627 (Qt before 3.3.4 searches the BUILD_PREFIX directory, which could be ...) - TODO: check + NOTE: We are not vulnerable to this since RPATH has been disable in QT3 ever since + NOTE: Martin Loschwitz maintain it. CAN-2004-1754 (The DNS proxy (DNSd) for multiple Symantec Gateway Security products ...) - TODO: check + NOTE: not-for-us (Symantec DNSd) CAN-2003-1089 (index.php for Zorum 3.4 allows remote attackers to determine the full ...) - TODO: check + NOTE: not-for-us (Zorum not in Debian) CAN-2003-1088 (Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 ...) - TODO: check + NOTE: not-for-us (Zorum not in Debian) end claimed by djoume CAN-2005-0626 (Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the ...) - squid 2.5.9-2