Author: jmm-guest Date: 2005-05-03 10:13:10 +0000 (Tue, 03 May 2005) New Revision: 966 Modified: sarge-checks/CAN/list Log: Lots of not-for-us. squid already fixed long ago. Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-05-03 09:48:05 UTC (rev 965) +++ sarge-checks/CAN/list 2005-05-03 10:13:10 UTC (rev 966) @@ -1,62 +1,61 @@ -begin claimed by jmm CAN-2005-1398 (phpcart.php in PHPCart 3.2 allows remote attackers to change product ...) - TODO: check + NOTE: not-for-us (PHPCart) CAN-2005-1397 (SQL injection vulnerability in search.php for PHP-Calendar before ...) - TODO: check + NOTE: not-for-us (PHPCalender) CAN-2005-1396 (Race condition in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier allows ...) - TODO: check + NOTE: not-for-us (ARPUS Ceterm) CAN-2005-1395 (Buffer overflow in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier may ...) - TODO: check + NOTE: not-for-us (ARPUS Ceterm) CAN-2005-1394 (Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 ...) - TODO: check + NOTE: not-for-us (ArcGIS) CAN-2005-1393 (Multiple buffer overflows in ArcGIS for ESRI ArcInfo Workstation 9.0 ...) - TODO: check + NOTE: not-for-us (ArcGIS) CAN-2005-1392 (The SQL install script in phpMyAdmin 2.6.2 is created with ...) TODO: check CAN-2005-1391 (Buffer overflow in the add_port function in APSIS Pound 1.8.2 and ...) TODO: check CAN-2005-1390 (Squid before 2.5.STABLE7, when using persistent connections, allows ...) - TODO: check + - squid 2.5.8-1 CAN-2005-1389 (HTTP response splitting vulnerability in Squid before 2.5.STABLE7, ...) - TODO: check + - squid 2.5.8-1 CAN-2005-1388 (Cross-site scripting (XSS) vulnerability in SURVIVOR before 0.9.6 ...) - TODO: check + NOTE: not-for-us (SURVIVOR) CAN-2005-1387 (Cocktail 3.5.4 and possibly earlier in Mac OS X passes the ...) - TODO: check + NOTE: not-for-us (Mac OS X) CAN-2005-1386 (PHP-Nuke 7.6 and earlier allows remote attackers to obtain sensitive ...) - TODO: check + NOTE: not-for-us (PHP-Nuke) CAN-2005-1385 (Safari 1.3 allows remote attackers to cause a denial of service ...) - TODO: check + NOTE: not-for-us (Safari) CAN-2005-1384 (Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote ...) - TODO: check + NOTE: not-for-us (phpCoin) CAN-2005-1383 (The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled, ...) - TODO: check + NOTE: not-for-us (Oracle) CAN-2005-1382 (The webcacheadmin module in Oracle Webcache 9i allows remote attackers ...) - TODO: check + NOTE: not-for-us (Oracle) CAN-2005-1381 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle Webcache ...) - TODO: check + NOTE: not-for-us (Oracle) CAN-2005-1380 (Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 ...) - TODO: check + NOTE: not-for-us (BEA Weblogic) CAN-2005-1379 (The LAM runtime environment package (lam-runtime-7.0.6-2mdk) on ...) TODO: check CAN-2005-1378 (SQL injection vulnerability in posting_notes.php in the notes module ...) TODO: check CAN-2005-1377 (Multiple PHP remote code injection vulnerabilities in Claroline 1.5.3 ...) - TODO: check + NOTE: not-for-us (Claroline) CAN-2005-1376 (Multiple directory traversal vulnerabilities in (1) document.php or ...) - TODO: check + NOTE: not-for-us (Claroline) CAN-2005-1375 (Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 ...) - TODO: check + NOTE: not-for-us (Claroline) CAN-2005-1374 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 ...) - TODO: check + NOTE: not-for-us (Claroline) CAN-2005-1373 (Multiple SQL injection vulnerabilities in index.php in Dream4 Koobi ...) - TODO: check + NOTE: not-for-us (Koobi CMS) CAN-2005-1372 (nvstatsmngr.exe process in BakBone NetVault 7.1 does not properly drop ...) - TODO: check + NOTE: not-for-us (NetVault) CAN-2005-1371 (BPFTPServer service in BulletProof FTP Server 2.4.0.31 does not ...) - TODO: check + NOTE: not-for-us (NetVault) CAN-2005-1370 (Unknown vulnerability in Radia Management Agent (RMA) in HP OpenView ...) - TODO: check + NOTE: not-for-us (HO OpenView) CAN-2005-1369 (The (1) it87 and (2) via686a drivers in I2C for Linux 2.6.x before ...) TODO: check CAN-2005-1368 (The key_user_lookup function in security/keys/key.c in Linux kernel ...) @@ -67,7 +66,6 @@ NOTE: reserved CAN-2005-1365 NOTE: reserved -end claimed by jmm CAN-2005-XXXX [Insecure mailbox generation in passwd''s useradd - shadow (unfixed; bug #307259) CAN-2005-XXXX [Insecure tempfile generation in shadow''s vipw]