Author: joeyh Date: 2005-04-14 21:41:15 +0000 (Thu, 14 Apr 2005) New Revision: 824 Modified: sarge-checks/CAN/list Log: done claim Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-04-14 21:23:12 UTC (rev 823) +++ sarge-checks/CAN/list 2005-04-14 21:41:15 UTC (rev 824) @@ -1,21 +1,20 @@ -begin claimed by joeyh CAN-2005-1106 (PictureViewer in QuickTime for Windows 6.5.2 allows remote attackers ...) - TODO: check + NOTE: not-for-us (Windows) CAN-2005-1105 (Directory traversal vulnerability in the MimeBodyPart.getFileName ...) - TODO: check + NOTE: api vulnerablity + - libgnumail-java (unfixed; bug filed) CAN-2005-1104 (Multiple cross-site scripting (XSS) vulnerabilities in Centra 7 ...) - TODO: check + NOTE: not-for-us (Centra) CAN-2005-1103 (Sygate Security Agent (SSA) in Sygate Secure Enterprise 3.5 through ...) - TODO: check + NOTE: not-for-us (Sygate Secure Enterprise) CAN-2005-1102 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - TODO: check + - wordpress (unfixed; bug #304468) CAN-2005-1101 (Multiple buffer overflows in Lotus Domino Server 6.0.5 and 6.5.4 allow ...) - TODO: check + NOTE: not-for-us (Lotus Domino Server) CAN-2005-1100 (Format string vulnerability in the ErrorLog function in cnf.c in ...) - TODO: check + - postfix-gld 1.5-1 CAN-2005-1099 (Multiple buffer overflows in the HandleChild function in server.c in ...) - TODO: check -end claimed by joeyh + - postfix-gld 1.5-1 CAN-2005-1098 (GetDataBack for NTFS 2.31 stores the username and license key in ...) NOTE: not-for-us (GetDataBack for NTFS (Windows)) CAN-2005-1097 (Rebrand P2P Share Spy 2.2 stores the user password in plaintext in the ...) @@ -197,10 +196,6 @@ NOTE: Reported by NGSS and fixed in 4.3.11, but they decided not to reveal the NOTE: details before July 12th. The security fixes are accompanied by dozens of NOTE: non-security bugfixes, so it''s not obvious from the diff either. -CAN-2005-XXXX [Wordpress XSS and HTML injection vulnerabilities - - wordpress (unfixed; bug #304468) -CAN-2005-XXXX [Multiple security issues in postfix-gld leading to possible remote root access] - - postfix-gld 1.5-1 CAN-2005-XXXX [Variable function calls in Smarty allow bypassing security settings] - smarty 2.6.9-1 CAN-2005-XXXX [Possible problem with insecure usage of sscanf in obexftp client]