Author: jmm-guest Date: 2005-05-04 09:32:48 +0000 (Wed, 04 May 2005) New Revision: 983 Modified: sarge-checks/CAN/list Log: openwebmail has been removed from sid Lots of not-for-us claim new Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-05-04 09:23:22 UTC (rev 982) +++ sarge-checks/CAN/list 2005-05-04 09:32:48 UTC (rev 983) @@ -1,53 +1,52 @@ CAN-2005-XXXX [Unspeficied security issue in ipsec-tool''s single DES support] - ipsec-tools 0.5.2-1 -begin claimed by jmm CAN-2005-1452 (Serendipity before 0.8 allows Chief users to "hide plugins installed ...) - TODO: check + NOTE: not-for-us (Serendipity) CAN-2005-1451 (The media manager in Serendipity before 0.8 allows remote attackers to ...) - TODO: check + NOTE: not-for-us (Serendipity) CAN-2005-1450 (Unknown vulnerability in "the function used to validate path-names for ...) - TODO: check + NOTE: not-for-us (Serendipity) CAN-2005-1449 (Unknown vulnerability in serendipity_config_local.inc.php for ...) - TODO: check + NOTE: not-for-us (Serendipity) CAN-2005-1448 (Cross-site scripting (XSS) vulnerability in the BBCode plugin for ...) - TODO: check + NOTE: not-for-us (Serendipity) CAN-2005-1447 (PHP remote code injection vulnerability in main.php in SitePanel 2.6.1 ...) - TODO: check + NOTE: not-for-us (SitePanel) CAN-2005-1446 (SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to ...) - TODO: check + NOTE: not-for-us (SitePanel) CAN-2005-1445 (Multiple directory traversal vulnerabilities in SitePanel 2.6.1 and ...) - TODO: check + NOTE: not-for-us (SitePanel) CAN-2005-1444 (Multiple cross-site scripting (XSS) vulnerabilities in SitePanel 2.6.1 ...) - TODO: check + NOTE: not-for-us (SitePanel) CAN-2005-1443 (Multiple cross-site scripting (XSS) vulnerabilities in index.php for ...) - TODO: check + NOTE: not-for-us (Invision Power Board) CAN-2005-1442 (Buffer overflow in the Lotus Notes client for Domino 6.5 before 6.5.4 ...) - TODO: check + NOTE: not-for-us (Lotus Domino) CAN-2005-1441 (Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and ...) - TODO: check + NOTE: not-for-us (Lotus Domino) CAN-2005-1440 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop ...) - TODO: check + NOTE: not-for-us (ViArt Shop) CAN-2005-1439 (Directory traversal vulnerability in attachments.php in osTicket ...) - TODO: check + NOTE: not-for-us (osTicket) CAN-2005-1438 (PHP remote code injection vulnerability in main.php in osTicket allows ...) - TODO: check + NOTE: not-for-us (osTicket) CAN-2005-1437 (Multiple SQL injection vulnerabilities in osTicket allow remote ...) - TODO: check + NOTE: not-for-us (osTicket) CAN-2005-1436 (Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow ...) - TODO: check + NOTE: not-for-us (osTicket) CAN-2005-1435 (Open WebMail (OWM) before 2.51 20050430 allows remote authenticated ...) - TODO: check + NOTE: Was once part of Debian, but has been removed CAN-2005-1434 (Multiple unknown vulnerabilities in OpenView Network Node Manager (OV ...) - TODO: check + NOTE: not-for-us (HP OpenView) CAN-2005-1433 (Multiple unknown vulnjerabilities HP OpenView Event Correlation ...) - TODO: check + NOTE: not-for-us (HP OpenView) CAN-2005-1432 NOTE: reserved CAN-2005-1431 (The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before ...) TODO: check CAN-2005-1430 (Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo ...) - TODO: check -end claimed by jmm + NOTE: not-for-us (Mac OS X) +begin claimed by jmm CAN-2005-1429 (SQL injection vulnerability in login.asp in WWWguestbook 1.1 allows ...) TODO: check CAN-2005-1428 (edit_image.asp in Uapplication Uphotogallery allows remote attackers ...) @@ -114,6 +113,7 @@ TODO: check CAN-2004-1777 (A "range check error" in Skype for Windows before 0.98.0.28 allows ...) TODO: check +end claimed by jmm CAN-2005-1398 (phpcart.php in PHPCart 3.2 allows remote attackers to change product ...) NOTE: not-for-us (PHPCart) CAN-2005-1397 (SQL injection vulnerability in search.php for PHP-Calendar before ...) @@ -174,7 +174,7 @@ CAN-2005-1371 (BPFTPServer service in BulletProof FTP Server 2.4.0.31 does not ...) NOTE: not-for-us (NetVault) CAN-2005-1370 (Unknown vulnerability in Radia Management Agent (RMA) in HP OpenView ...) - NOTE: not-for-us (HO OpenView) + NOTE: not-for-us (HP OpenView) CAN-2005-1369 (The (1) it87 and (2) via686a drivers in I2C for Linux 2.6.x before ...) - kernel-source-2.6.8 (unfixed; bug #307552) CAN-2005-1368 (The key_user_lookup function in security/keys/key.c in Linux kernel ...) @@ -1184,8 +1184,7 @@ CAN-2005-0967 (Gaim 1.2.0 allows remote attackers to cause a denial of service ...) - gaim 1.2.1-1 CAN-2005-XXXX [Insecure tempfile handling in openwebmail CGI scripts] - NOTE: Not in testing, only sid; scheduled for removal, see bug# below for tracking - - openwebmail (unfixed; bug #301561) + NOTE: Was once part of Debian, but has been removed CAN-2005-0966 gaim my be crashed remotely - gaim 1:1.2.1-1 CAN-2005-0965 gaim my be crashed remotely