Author: jmm-guest Date: 2005-03-25 12:10:22 +0000 (Fri, 25 Mar 2005) New Revision: 649 Modified: sarge-checks/CAN/list Log: ltris has been CANified. mathopd is vulnerable. Further entries marked unaffected. Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-03-25 11:55:07 UTC (rev 648) +++ sarge-checks/CAN/list 2005-03-25 12:10:22 UTC (rev 649) @@ -43,21 +43,21 @@ CAN-2005-0826 (OllyDbg 1.10 and earlier allows remote attackers to cause a denial of ...) NOTE: not-for-us (OllyDbg MS Windows debugger) CAN-2005-0825 (Buffer overflow in LTris before 1.0.10 allows local users to execute ...) - TODO: check + - ltris 1.0.6-1.1 CAN-2005-0824 (The internal_dump function in Mathopd before 1.5p5, and 1.6x before ...) - TODO: check + - mathopd (unfixed; bug pending) CAN-2001-1433 (Cherokee web server before 0.2.7 does not properly drop root ...) - TODO: check + NOTE: not-for-us (Cherokee not in Debian) CAN-2001-1432 (Directory traversal vulnerability in Cherokee Web Server allows remote ...) - TODO: check + NOTE: not-for-us (Cherokee not in Debian) CAN-2001-1431 (Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1 4.1 ...) - TODO: check + NOTE: not-for-us (Nokia Firewall appliances) CAN-2001-1430 (Cayman 3220-H DSL Router 1.0 ship without a password set, which allows ...) NOTE: not-for-us (Cayman DSL router) CAN-2001-1429 (Buffer overflow in mcedit in Midnight Commander 4.5.1 allows local ...) TODO: check CAN-2001-1428 (The (1) FTP and (2) Telnet services in Beck GmbH IPC@Chip are shipped ...) - TODO: check + NOTE: not-for-us (IPC@CHIP Embedded web server) CAN-2001-1427 (Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 ...) NOTE: not-for-us (ColdFusion) CAN-2001-1426 (Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through ...) @@ -70,8 +70,6 @@ - phpsysinfo (unfixed; bug #301118) CAN-2005-XXXX [Various /tmp related security issues in cernlib] - cernlib 2004.11.04-3 -CAN-2005-XXXX [Buffer overflow in overly long highscore entries in ltris] - - ltris 1.0.6-1.1 CAN-2005-0823 (ThePoolClub (1) iPool and (2) iSnooker 1.6.81 and earlier stores ...) NOTE: not-for-us (iSnooker) CAN-2005-0822 (Citrix Metaframe Password Manager 2.5 and earlier stores a password in ...)