Author: jmm-guest Date: 2005-08-08 09:52:49 +0000 (Mon, 08 Aug 2005) New Revision: 1537 Modified: data/CAN/list Log: new minor unzip toctou issue netpbm CANified lots of nfus Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-08-08 09:36:18 UTC (rev 1536) +++ data/CAN/list 2005-08-08 09:52:49 UTC (rev 1537) @@ -1,42 +1,41 @@ -begin claimed by jmm CAN-2005-2489 (Web Content Management News System allows remote attackers to create ...) - TODO: check + NOTE: not-for-us (Web Content Management News System) CAN-2005-2488 (Cross-site scripting (XSS) vulnerability in Web Content Management ...) - TODO: check + NOTE: not-for-us (Web Content Management News System) CAN-2005-2487 (Unknown vulnerability in Sun McData switches and directors 4300, 4500, ...) - TODO: check + NOTE: not-for-us (Sun switches) CAN-2005-2486 (SQL injection vulnerability in mod_forum/read_message.php in ...) - TODO: check + NOTE: not-for-us (PortailPHP) CAN-2005-2485 (Cross-site scripting (XSS) vulnerability in the Helpdesk in Logicampus ...) - TODO: check + NOTE: not-for-us (Logicampus) CAN-2005-2484 (Buffer overflow in the rdb_query function for Denora IRC Stats 1.0 ...) - TODO: check + NOTE: not-for-us (Denora IRC stats) CAN-2005-2483 (Direct dynamic code evaluation vulnerability in Karrigell before 2.1.8 ...) - TODO: check + NOTE: not-for-us (Karrigell) CAN-2005-2482 (The StateToOptions function in msfweb in Metasploit Framework 2.4 and ...) - TODO: check + NOTE: not-for-us (Metasploit Framework) CAN-2005-2481 (ColdFusion Fusebox 4.1.0 allows remote attackers to obtain sensitive ...) - TODO: check + NOTE: not-for-us (Fusebox) CAN-2005-2480 (Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 ...) - TODO: check + NOTE: not-for-us (Fusebox) CAN-2005-2479 (Quick ''n Easy FTP Server 3.0 allows remote attackers to cause a denial ...) - TODO: check + NOTE: not-for-us (Quick ''n Easy FTP Server) CAN-2005-2478 (SQL injection vulnerability in SilverNews 2.0.3 allows remote ...) - TODO: check + NOTE: not-for-us (Silvernews) CAN-2005-2477 (shop_display_products.php in Naxtor Shopping Cart 1.0 allows remote ...) - TODO: check + NOTE: not-for-us (Naxtor Shopping Cart) CAN-2005-2476 (Cross-site scripting (XSS) vulnerability in lost_passowrd.php in Naxtor ...) - TODO: check + NOTE: not-for-us (Naxtor Shopping Cart) CAN-2005-2475 (Race condition in Unzip 5.52 allows local users to modify permissions ...) - TODO: check + - unzip (unfixed; bug filed; low) CAN-2005-2474 (ChurchInfo allows remote attackers to execute obtain sensitive ...) - TODO: check + NOTE: not-for-us (ChurchInfo) CAN-2005-2473 (Multiple SQL injection vulnerabilities in ChurchInfo allow remote ...) - TODO: check + NOTE: not-for-us (ChurchInfo) CAN-2005-2472 (Multiple buffer overflows in BusinessMail 4.60.00 allow remote ...) - TODO: check + NOTE: not-for-us (BusinessMail) CAN-2005-2471 (pstopnm in netpbm does not properly use the "-dSAFER" option when ...) - TODO: check + - netpbm (unfixed; bug #319757; low) CAN-2005-2470 NOTE: reserved CAN-2005-2469 @@ -46,20 +45,19 @@ CAN-2005-2458 NOTE: reserved CAN-2004-2301 (Eudora before 6.1.1 allows remote attackers to cause a denial of ...) - TODO: check + NOTE: not-for-us (Eudora) CAN-2004-2300 (Buffer overflow in snmpd in ucd-snmp 4.2.6 and earlier, when installed ...) - TODO: check + NOTE: snmpd is neither setuid nor setgid in Debian CAN-2004-2299 (Buffer overflow in Omnicron OmniHTTPd 3.0a and earlier allows remote ...) - TODO: check + NOTE: not-for-us (Omnicron) CAN-2004-2298 (Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 ...) - TODO: check + NOTE: not-for-us (Novell Internet Messaging System) CAN-2002-2122 (Pointsec before 1.2 for PalmOS stores a user''s PIN number in memory in ...) - TODO: check + NOTE: not-for-us (Pointsec) CAN-2002-2121 (SurfControl SuperScout Email filter for SMTP 3.5.1 allows remote ...) - TODO: check + NOTE: not-for-us (SurfControl) CAN-2002-2120 (Multiple buffer overflows in QNX RTOS 4.25 may allow attackers to ...) - TODO: check -end claimed by jmm + NOTE: not-for-us (QNX) CAN-2002-2119 (Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which ...) TODO: check CAN-2002-2118 (Buffer overflow in Blue World Lasso Web Data Engine 3.6.5 allows ...) @@ -429,7 +427,7 @@ CAN-2005-2347 NOTE: reserved CAN-2005-2346 (Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers ...) - TODO: check + NOTE: not-for-us (Novell) CAN-2005-2345 NOTE: reserved CAN-2005-2344 @@ -725,8 +723,6 @@ - netdiag 0.7-7.1 (bug #206905; low) CAN-2005-XXXX [Integer overflow in ffmpeg''s MPEG encoding] - ffmpeg (unfixed; bug #320150; medium) -CAN-2005-XXXX [netpbm: arbitrary postscript code execution] - - netpbm (unfixed; bug #319757; low) CAN-2005-XXXX [Further minor security issues in phpbb] NOTE: Maintainers already preparing packages of 2.0.17 - phpbb2 (unfixed; low)