Author: jmm-guest Date: 2005-07-04 10:09:43 +0000 (Mon, 04 Jul 2005) New Revision: 1328 Modified: data/CAN/list Log: some house-keeping on older bugs Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-07-03 13:45:06 UTC (rev 1327) +++ data/CAN/list 2005-07-04 10:09:43 UTC (rev 1328) @@ -239,7 +239,11 @@ CAN-2002-1955 (Iomega NAS A300U uses cleartext LANMAN authentication when mounting ...) NOTE: not-for-us (Iomega hardware issue) CAN-2002-1954 (Cross-site scripting (XSS) vulnerability in the phpinfo function in ...) - TODO: check + NOTE: According to http://bugs.php.net/bug.php?id=19881 this only affects a + NOTE: php function that displays the PHP logo and version information. In the bug + NOTE: log the developers seem unwilling to fix this, as it only affects a debug + NOTE: function. + TODO: check, whether the mentioned XSS still affects current PHP versions in Debian CAN-2002-1953 (Heap-based buffer overflow in the goim handler of AOL Instant ...) NOTE: not-for-us (AIM) CAN-2002-1952 (phpRank 1.8 does not properly check the return codes for MySQL ...) @@ -1176,7 +1180,7 @@ CAN-2005-1913 [Kernel changelog for 2.6.12.1: Clean up subthread exec] NOTE: reserved TODO: Check 2.6.8 - - kernel-source-2.6.11 (unfixed) + - kernel-source-2.6.11 2.6.11-6 (normal) CAN-2005-1912 NOTE: reserved CAN-2005-1911 (The fetchnews NNTP client in leafnode 1.11.2 and earlier can hang ...) @@ -1493,7 +1497,7 @@ CAN-2005-1761 [Kernel changelog for 2.6.12.1: ia64 ptrace + sigrestore_context] NOTE: reserved TODO: Check 2.6.8 - - kernel-source-2.6.11 (unfixed) + - kernel-source-2.6.11 2.6.11-6 (normal) CAN-2005-1760 (sysreport 1.3.15 and earlier includes contents of the up2date file in ...) NOTE: not-for-us (sysreport) CAN-2005-1759 (Race condition in shtool 2.0.1 and earlier allows local users to ...) @@ -4863,11 +4867,11 @@ CAN-2005-0774 (SQL injection vulnerability in member.php and possibly other scripts ...) NOTE: not-for-us (PhotoPost) CAN-2005-0773 (Stack-based buffer overflow in VERITAS Backup Exec Remote Agent 9.0 ...) - TODO: check + NOTE: not-for-us (VERITAS Backup Exec) CAN-2005-0772 (VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and 9.0.4019 ...) NOTE: not-for-us (VERITAS Backup Exec) CAN-2005-0771 (VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for Windows ...) - TODO: check + NOTE: not-for-us (VERITAS Backup Exec) CAN-2005-0770 (Format string vulnerability in DataRescue Interactive Disassembler and ...) NOTE: not-for-us (IDA Pro) CAN-2005-0768 (Buffer overflow in the administration web server for GoodTech Telnet ...) @@ -6511,7 +6515,7 @@ CAN-2005-0361 NOTE: reserved CAN-2005-0360 (The Microsoft Log Sink Class ActiveX control in pkmcore.dll is marked ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2005-0359 NOTE: reserved CAN-2005-0358