Author: joeyh Date: 2005-06-23 23:18:07 +0000 (Thu, 23 Jun 2005) New Revision: 1270 Modified: data/CAN/list Log: add a few bug numbers and urgencies Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-06-23 21:14:21 UTC (rev 1269) +++ data/CAN/list 2005-06-23 23:18:07 UTC (rev 1270) @@ -1,7 +1,7 @@ CAN-2005-XXXX Multiple XSS and input validation errors in cacti - cacti 0.8.6e-1 (high) CAN-2005-XXXX [Buffer overflow in Asterisk''s command parser] - - asterisk (unfixed; bug pending) + - asterisk (unfixed; bug #315532; high) CAN-2005-2044 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 ...) NOTE: not-for-us (ATutor) CAN-2005-2043 (Directory traversal vulnerability in XAMPP before 1.4.14 allows remote ...) @@ -14,7 +14,7 @@ TODO: Check telnetd from netkit, krb4, krb5, as they all seem to be derived from the same BSD code base - heimdal (unfixed; bug #315065; medium) CAN-2005-2039 (Unknown vulnerability in "various plugins" for NanoBlogger 3.2.1 and ...) - - nanoblogger (unfixed; bug pending) + - nanoblogger (unfixed; bug #315492; medium) CAN-2005-2038 (Fortibus CMS 4.0.0 allows remote attackers to modify information of ...) NOTE: not-for-us (Fortibus CMS) CAN-2005-2037 (Multiple SQL injection vulnerabilities in Fortibus CMS 4.0.0 allow ...) @@ -78,7 +78,7 @@ CAN-2005-2009 (Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow ...) NOTE: not-for-us (Ublog Reload) CAN-2005-2008 (Yaws Webserver 1.55 and earlier allows remote attackers to obtain the ...) - - yaws 1.56-1 + - yaws 1.56-1 (low) CAN-2005-2007 (Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier ...) - trac 0.8.4-1 CAN-2005-2006 (JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain ...) @@ -2485,7 +2485,7 @@ NOTE: not-for-us (Leafnode2 development branch) CAN-2005-XXXX [Missing input validation in xtradius] NOTE: not shipped in deb - - xtradius 1.2.1-beta2-2 + - xtradius 1.2.1-beta2-2 (low) CAN-2005-XXXX [fai tempfile vulnerability] - fai 2.8.2 CAN-2005-XXXX [nvu uses old version of mozilla]