Author: joeyh
Date: 2005-04-19 17:30:23 +0000 (Tue, 19 Apr 2005)
New Revision: 863
Modified:
sarge-checks/CAN/list
Log:
various updates
Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list 2005-04-19 15:18:22 UTC (rev 862)
+++ sarge-checks/CAN/list 2005-04-19 17:30:23 UTC (rev 863)
@@ -5,9 +5,9 @@
CAN-2005-1172 (Cross-site scripting (XSS) vulnerability in init.inc.php in
Coppermine ...)
NOTE: not-for-us (Coppermine Photo Gallery)
CAN-2005-1171 (Cross-site scripting (XSS) vulnerability in datenbank module for
phpBB ...)
- TODO: check, whether this is part of standard phpBB or an addon
+ NOTE: not-for-us (moddb phpbb2 add-on)
CAN-2005-1170 (SQL injection vulnerability in datenbank module for phpBB allows
...)
- TODO: check, whether this is part of standard phpBB or an addon
+ NOTE: not-for-us (moddb phpbb2 add-on)
CAN-2005-1169 (Mafia Blog .4 BETA does not properly protect the admin
directory, ...)
NOTE: not-for-us (Mafia Blog)
CAN-2005-1168 (DiagCollectionControl.dll in Musicmatch 10.00.2047 and earlier
allows ...)
@@ -126,7 +126,7 @@
CAN-2005-1117 (PHP remote code injection vulnerability in index.php in ...)
NOTE: not-for-us (All4WWW Homepage creator)
CAN-2005-1116 (Cross-site scripting (XSS) vulnerability in the Calendar module
for ...)
- TODO: check whether this is part of standard phpbb or an addon
+ NOTE: not-for-us (phpbb2 calendar addon)
CAN-2005-1115 (Multiple cross-site scripting (XSS) vulnerabilities in Photo
Album ...)
NOTE: not-for-us (Photo Album)
CAN-2005-1114 (Multiple SQL injection vulnerabilities in album_search.php in
Photo ...)
@@ -136,7 +136,7 @@
CAN-2005-1112 (IBM WebSphere Application Server 6.0 and earlier, when sharing
the ...)
NOTE: not-for-us (IBM Websphere)
CAN-2005-1111 (Race condition in cpio 2.6 and earlier allows local users to
modify ...)
- TODO: check
+ - cpio (unfixed; bug filed)
CAN-2005-1110 (Stack-based buffer overflow in the RespondeHTTPPendiente
function in ...)
NOTE: not-for-us (Sumus web server)
CAN-2005-1109 (The filtering of URLs in JunkBuster before 2.0.2-r3 allows
remote ...)
@@ -1659,9 +1659,9 @@
CAN-2005-0555 (Buffer overflow in the Content Advisor in Microsoft Internet
Explorer ...)
NOTE: not-for-us (MSIE)
CAN-2005-0554 (Buffer overflow in the URL processor of Microsoft Internet
Explorer ...)
- TODO: not-for-us (MSIE)
+ NOTE: not-for-us (MSIE)
CAN-2005-0553 (Race condition in the memory management routines in the DHTML
object ...)
- TODO: not-for-us (MSIE)
+ NOTE: not-for-us (MSIE)
CAN-2005-0552
NOTE: reserved
CAN-2005-0551 (Stack-based buffer overflow in WINSRV.DLL in the Client Server
Runtime ...)
@@ -7010,7 +7010,7 @@
CAN-2003-0901 (Buffer overflow in to_ascii for PostgreSQL 7.2.x, and 7.3.x
before ...)
{DSA-397}
CAN-2003-0900 (Perl 5.8.1 on Fedora Core does not properly initialize the
random ...)
- TODO: check
+ - perl 5.8.2
CAN-2003-0899 (Buffer overflow in defang in libhttpd.c for thttpd 2.21 to
2.23b1 ...)
{DSA-396}
CAN-2003-0898 (IBM DB2 7.2 before FixPak 10a, and earlier versions including
7.1, ...)
@@ -7245,7 +7245,7 @@
CAN-2003-0792 (Fetchmail 6.2.4 and earlier does not properly allocate memory
for long ...)
- fetchmail 6.2.5
CAN-2003-0791 (The Script.prototype.freeze/thaw functionality in Mozilla 1.4
and ...)
- TODO: check
+ - mozilla-browser 2:1.5
CAN-2003-0790
NOTE: rejected
CAN-2003-0789 (mod_cgid in Apache before 2.0.48, when using a threaded MPM,
does not ...)
@@ -7253,9 +7253,9 @@
CAN-2003-0788 (Unknown vulnerability in the Internet Printing Protocol (IPP)
...)
- cupsys 1.1.19
CAN-2003-0787 (The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1
interprets ...)
- -ssh 1:3.7.1p2
+ - ssh 1:3.7.1p2
CAN-2003-0786 (The SSH1 PAM challenge response authentication in OpenSSH 3.7.1
and ...)
- -ssh 1:3.7.1p2
+ - ssh 1:3.7.1p2
CAN-2003-0785 (ipmasq before 3.5.12, in certain configurations, may forward
packets ...)
{DSA-389}
CAN-2003-0784 (Format string vulnerability in tsm for the bos.rte.security
fileset on ...)
@@ -7539,7 +7539,7 @@
CAN-2003-0645 (man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled
DEFINE ...)
{DSA-364}
CAN-2003-0644 (Kdbg 1.1.0 through 1.2.8 does not check permissions of the
.kdbgrc ...)
- TODO: check
+ - kdbg 1.2.9-1
CAN-2003-0643 (Integer signedness error in the Linux Socket Filter
implementation ...)
{DSA-358}
NOTE: fixed in 2.4.22-pre10 (Introduced in 2.4.3-pre3)