Secure testing commits - May 2005 - r949 - sarge-checks/CAN

Author: jmm-guest
Date: 2005-05-01 12:39:18 +0000 (Sun, 01 May 2005)
New Revision: 949

Modified:
   sarge-checks/CAN/list
Log:
Lots of bugnums.
squid ACL misparsing has been fixed.


Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list	2005-05-01 12:15:44 UTC (rev 948)
+++ sarge-checks/CAN/list	2005-05-01 12:39:18 UTC (rev 949)
@@ -37,7 +37,7 @@
 CAN-2005-1346 (Multiple Symantec AntiVirus products, including Norton AntiVirus
2005 ...)
 	NOTE: not-for-us (Symantec)
 CAN-2005-1345 (Squid 2.5.STABLE9 and earlier does not trigger a fatal error
when it ...)
-	- squid (unfixed; bug #307132)
+	- squid 2.5.9-7
 CAN-2005-1344 (Buffer overflow in htdigest in Apache 2.0.52 may allow attackers
to ...)
 	- apache2 (unfixed; bug #307134)
 CAN-2005-1343
@@ -83,7 +83,7 @@
 CAN-2005-1323 (Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows
remote ...)
 	NOTE: not-for-us (NetTerm)
 CAN-2005-1322 (Cross-site scripting (XSS) vulnerability in Horde Nag Task List
...)
-	- nag (unfixed; bug filed)
+	- nag (unfixed; bug #307180)
 CAN-2005-1321 (Cross-site scripting (XSS) vulnerability in Horde Vacation
module ...)
 	- sork-vacation (unfixed; bug filed)
 CAN-2005-1320 (Cross-site scripting (XSS) vulnerability in Horde Mnemo Note
Manager ...)
@@ -92,16 +92,16 @@
 CAN-2005-1319 (Cross-site scripting (XSS) vulnerability in Horde IMP Webmail
client ...)
 	TODO: check whether this applies to imp4 as well, which is in Debian, imp 3 is
not
 CAN-2005-1318 (Cross-site scripting (XSS) vulnerability in Horde Forwards
E-Mail ...)
-	- sork-forwards (unfixed; bug filed)
+	- sork-forwards (unfixed; bug #307175)
 CAN-2005-1317 (Cross-site scripting (XSS) vulnerability in Horde Chora module
before ...)
 	NOTE: not-for-us (Hord Chora module)
 CAN-2005-1316 (Cross-site scripting (XSS) vulnerability in Horde Accounts
module ...)
-	- sork-accounts (unfixed; bug filed)
+	- sork-accounts (unfixed; bug #307178)
 CAN-2005-1315 (Cross-site scripting (XSS) vulnerability in Horde Turba module
before ...)
 	NOTE: Asked maintainer whether turba2 is affected as well
-	- turba (unfixed; bug filed)
+	- turba (unfixed; bug #307179)
 CAN-2005-1314 (Cross-site scripting (XSS) vulnerability in Horde Kronolith
module ...)
-	- kronolith (unfixed; bug pending)
+	- kronolith (unfixed; bug #307170)
 CAN-2005-1313 (Cross-site scripting (XSS) vulnerability in Horde Passwd module
before ...)
 	- sork-passwd 2.2.2-1
 CAN-2005-1312 (PHP remote code injection vulnerability in Yappa-NG before 2.3.2
...)
@@ -141,7 +141,7 @@
 CAN-2005-1295 (include.cgi script allows remote attackers to read arbitrary
files via ...)
 	NOTE: not-for-us (include.cgi)
 CAN-2005-1294 (The affix_sock_register in the Affix Bluetooth Protocol Stack
for ...)
-	- affix-kernel (unfixed; bug pending)
+	- affix-kernel (unfixed; bug #307167)
 CAN-2005-1293 (Multiple SQL injection vulnerabilities in default.asp in
StorePortal ...)
 	NOTE: not-for-us (StorePortal)
 CAN-2005-1292 (Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ
ASP ...)
@@ -778,9 +778,9 @@
 CAN-2005-1064 (The copy_symlink function in rsnapshot 1.2.0 and 1.1.x before
1.1.7 ...)
 	- rsnapshot 1.2.1-1 
 CAN-2005-1063 (The administration protocol for Kerio WinRoute Firewall 6.x up
to ...)
-	TODO: check
+	NOTE: not-for-us (Kerio)
 CAN-2005-1062 (The administration protocol for Kerio WinRoute Firewall 6.x up
to ...)
-	TODO: check
+	NOTE: not-for-us (Kerio)
 CAN-2005-1061 (The secure script in LogWatch before 2.6-2 allows attackers to
prevent ...)
 	TODO: check
 CAN-2005-1060 (Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in
...)