Author: joeyh Date: 2005-07-21 14:35:55 +0000 (Thu, 21 Jul 2005) New Revision: 1450 Modified: data/CAN/list Log: write mitre for CAN assignments for holes reported originally to debian bts Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-07-21 11:08:43 UTC (rev 1449) +++ data/CAN/list 2005-07-21 14:35:55 UTC (rev 1450) @@ -1,7 +1,9 @@ CAN-2005-2320 [webcalender: Inproper access control may lead to privilege escalation] - webcalender (unfixed; bug #315671; medium) + NOTE: CAN request sent to mitre CAN-2005-XXXX [xsupplicant leaks sensitive password information into logfile] - xsupplicant (unfixed; bug #317703; medium) + NOTE: CAN request sent to mitre CAN-2005-XXXX [Insecure temp usage in gopher] - gopher 3.0.8 (low) CAN-2005-XXXX [fiaif: Package provided cron job updates conf files with access definitions] @@ -728,6 +730,7 @@ NOTE: not-for-us (Online-bookmarks) CAN-2005-XXXX [base-config log should not be world readable] - base-config 2.68 (low) + NOTE: CAN request sent to mitre CAN-2005-2169 (Directory traversal vulnerability in source.php in Quick & Dirty ...) NOTE: not-for-us (PHPSource Printer) CAN-2005-2168 (delete.php in Plague News System 0.6 and earlier allows remote ...) @@ -2224,8 +2227,12 @@ - fuse 2.3.0-1 CAN-2005-XXXX [Directory traversal in zoo] - zoo (unfixed; bug #309594; medium) + NOTE: CAN request sent to mitre CAN-2005-XXXX [Cross Site Scripting in websieve] - websieve (unfixed; bug #311838; low) + NOTE: CAN number requested from mitre + NOTE: second half of bug suggets lack of escaping of user data + NOTE: could be used to compromise program somehow CAN-2005-1840 (Directory traversal vulnerability in class.layout_phpcms.php in phpCMS ...) NOTE: not-for-us (phpCMS) CAN-2005-1839 (Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk ...) @@ -2509,6 +2516,7 @@ - moodle 1.4.4.dfsg.1-3 CAN-2005-XXXX [Minor DoS condition in mutt due to preditable tempfiles] - mutt (unfixed; bug #311296; low) + NOTE: CAN number assignment requested from mitre CAN-2005-XXXX [gforge arbitrary code execution through viewFile.php] NOTE: viewFile.php has been removed along with other files in -26, so Debian is NOTE: no longer affected. @@ -3942,10 +3950,12 @@ - maradns 1.0.27-1 CAN-2005-XXXX [Temp file races in gs-gpl addons scripts] - gs-gpl (unfixed; bug #291373; low) + NOTE: CAN number requested from mitre CAN-2005-XXXX [Possible SQL injection in freeradius] - freeradius 1.0.2-4 CAN-2005-XXXX [Insecure temp file handling in Thunderbird] - mozilla-thunderbird (unfixed; bug #306893; low) + NOTE: CAN request sent to mitre CAN-2005-XXXX [Directory traversal in unzoo] - unzoo 4.4-4 CAN-2005-XXXX [Logging bypassing through SIGHUP in syslog-ng] @@ -4008,10 +4018,12 @@ NOTE: have not checked to see which security holes re in it exatly NOTE: Has been removed from Sarge - nvu (unfixed; bug #306822) + NOTE: CAN number requested from mitre CAN-2005-XXXX [eskuel: arbitrary file retreiving] - eskuel 1.0.5-3.1 (low) CAN-2005-XXXX [eskuel: No authentication at all] - eskuel (unfixed; bug #163653; low) + NOTE: CAN number requested from mitre CAN-2005-XXXX [Buffer overflow in elog''s header buffer] - elog 2.5.7+r1558-3 CAN-2005-XXXX [Unspeficied security issue in ipsec-tool''s single DES support]