Secure testing commits - Aug 2005 - r1612 - data/CAN

Author: joeyh
Date: 2005-08-19 19:15:30 +0000 (Fri, 19 Aug 2005)
New Revision: 1612

Modified:
   data/CAN/list
Log:
process & claim

Modified: data/CAN/list
==================================================================---
data/CAN/list	2005-08-19 18:59:51 UTC (rev 1611)
+++ data/CAN/list	2005-08-19 19:15:30 UTC (rev 1612)
@@ -84,36 +84,34 @@
 	NOTE: not-for-us (Ipswitch IMail)
 CAN-2004-2400 (WinFTP Server 1.6 stores username and password credentials in
...)
 	NOTE: not-for-us (WinFTP Server)
-begin claimed by joeyh
 CAN-2004-2399 (Secure Computing Corporation Sidewinder G2 6.1.0.01 allows
remote ...)
-	TODO: check
+	NOTE: not-for-us (Sidewinder)
 CAN-2004-2398 (Netenberg Fantastico De Luxe 2.8 uses database file names that
contain ...)
-	TODO: check
+	NOTE: not-for-us (Netenberg Fantastico De Luxe)
 CAN-2004-2397 (The web-based Management Console in Blue Coat Security Gateway
OS 3.0 ...)
-	TODO: check
+	NOTE: not-for-us (Blue Coat)
 CAN-2004-2396 (passwd 0.68 does not check the return code for the pam_start
function, ...)
-	TODO: check
+	NOTE: shadow is a different code base, and does not have this problem
 CAN-2004-2395 (Memory leak in passwd 0.68 allows local users to cause a denial
of ...)
-	TODO: check
+	NOTE: shadow is a different code base, and does not have this problem
 CAN-2004-2394 (Off-by-one error in passwd 0.68 and earlier, when using the
--stdin ...)
-	TODO: check
+	NOTE: shadow is a different code base, and does not have this problem
 CAN-2004-2393 (Java Secure Socket Extension (JSSE) 1.0.3 through 1.0.3_2 does
not ...)
-	TODO: check
+	NOTE: not-for-us (Sun JSSE)
 CAN-2004-2392 (libuser 0.51.7, as used in Mandrake Linux 9.1 through 10.0 and
...)
-	TODO: check
+	NOTE: not-for-us (libuser)
 CAN-2004-2391 (Jabber Gadu-Gadu Transport (a.k.a. jabber-gg-transport) 2.0.x
before ...)
-	TODO: check
+	NOTE: not-for-us (jabber-gg-transport)
 CAN-2004-2390 (The roster import functionality in Jabber Gadu-Gadu Transport
...)
-	TODO: check
+	NOTE: not-for-us (jabber-gg-transport)
 CAN-2004-2389 (Unknown vulnerability in Jabber Gadu-Gadu Transport ...)
-	TODO: check
+	NOTE: not-for-us (jabber-gg-transport)
 CAN-2003-1231 (Cross-site scripting (XSS) vulnerability in index.php in
ECW-Shop 5.5 ...)
-	TODO: check
+	NOTE: not-for-us (ECW-Shop)
 CAN-2003-1230 (The implementation of SYN cookies (syncookies) in FreeBSD 4.5
through ...)
-	TODO: check
+	NOTE: old freebsd
 CAN-2003-1229 (X509TrustManager in (1) Java Secure Socket Extension (JSSE) in
SDK and ...)
-	TODO: check
-end claimed by joeyh
+	NOTE: not-for-us (Sun JSSE and JRE)
 CAN-2005-2617 (The syscall32_setup_pages function in syscall32.c for Linux
kernel ...)
 	TODO: check with kernel team (pinged on irc)
 	NOTE: amd64 specific DOS
@@ -200,6 +198,7 @@
 	NOTE: rejected
 CAN-2005-2577 (Wyse Winterm 1125SE running firmware 4.2.09f or 4.4.061f allows
remote ...)
 	NOTE: not-for-us (Wyse Winterm)
+begin claimed by joeyh
 CAN-2005-2576 (CaLogic 1.22, and possibly earlier versions, allows remote
attackers ...)
 	TODO: check
 CAN-2005-2575 (SQL injection vulnerability in u2u.inc.php in XMB Forum 1.9.1
allows ...)
@@ -238,6 +237,7 @@
 	TODO: check
 CAN-2005-2558 (Stack-based buffer overflow in the init_syms function in MySQL
4.0 ...)
 	TODO: check
+end claimed by joeyh
 CAN-2005-2557
 	NOTE: reserved
 	- mantis 0.19.2-4 (low)