Secure testing commits - Aug 2005 - r1613 - data/CAN

Author: joeyh
Date: 2005-08-19 19:22:36 +0000 (Fri, 19 Aug 2005)
New Revision: 1613

Modified:
   data/CAN/list
Log:
process & claim

Modified: data/CAN/list
==================================================================---
data/CAN/list	2005-08-19 19:15:30 UTC (rev 1612)
+++ data/CAN/list	2005-08-19 19:22:36 UTC (rev 1613)
@@ -198,46 +198,45 @@
 	NOTE: rejected
 CAN-2005-2577 (Wyse Winterm 1125SE running firmware 4.2.09f or 4.4.061f allows
remote ...)
 	NOTE: not-for-us (Wyse Winterm)
-begin claimed by joeyh
 CAN-2005-2576 (CaLogic 1.22, and possibly earlier versions, allows remote
attackers ...)
-	TODO: check
+	NOTE: not-for-us (CaLogic)
 CAN-2005-2575 (SQL injection vulnerability in u2u.inc.php in XMB Forum 1.9.1
allows ...)
-	TODO: check
+	NOTE: not-for-us (XMB Forum)
 CAN-2005-2574 (xmb.php in XMB Forum 1.9.1 extracts and defines all provided
...)
-	TODO: check
+	NOTE: not-for-us (XMB Forum)
 CAN-2005-2573 (MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before
5.0.7-beta, ...)
-	TODO: check
+	NOTE: windows specific mysel holes
 CAN-2005-2572 (MySQL, when running on Windows, allows remote authenticated
users with ...)
-	TODO: check
+	NOTE: windows specific mysel hole
 CAN-2005-2571 (FunkBoard 0.66CF, and possibly earlier versions, does not
properly ...)
-	TODO: check
+	NOTE: not-for-us (FunkBoard)
 CAN-2005-2570 (FunkBoard 0.66CF, and possibly earlier versions, allows remote
...)
-	TODO: check
+	NOTE: not-for-us (FunkBoard)
 CAN-2005-2569 (Multiple cross-site scripting (XSS) vulnerabilities in FunkBoard
...)
-	TODO: check
+	NOTE: not-for-us (FunkBoard)
 CAN-2005-2568 (Eval injection vulnerability in the template engine for SysCP
1.2.10 ...)
-	TODO: check
+	NOTE: not-for-us (SysCP)
 CAN-2005-2567 (PHP remote file inclusion vulnerability in SysCP 1.2.10 and
earlier ...)
-	TODO: check
+	NOTE: not-for-us (SysCP)
 CAN-2005-2566 (Multiple SQL injection vulnerabilities in Open Bulletin Board
(OpenBB) ...)
-	TODO: check
+	NOTE: not-for-us (OpenBB)
 CAN-2005-2565 (Gravity Board X (GBX) 1.1 allows remote attackers to obtain
sensitive ...)
-	TODO: check
+	NOTE: not-for-us (Gravity Board X (GBX))
 CAN-2005-2564 (Direct static code injection vulnerability in editcss.php in
Gravity ...)
-	TODO: check
+	NOTE: not-for-us (Gravity Board X (GBX))
 CAN-2005-2563 (Multiple cross-site scripting (XSS) vulnerabilities in Gravity
Board X ...)
-	TODO: check
+	NOTE: not-for-us (Gravity Board X (GBX))
 CAN-2005-2562 (SQL injection vulnerability in Gravity Board X (GBX) 1.1 allows
remote ...)
-	TODO: check
+	NOTE: not-for-us (Gravity Board X (GBX))
 CAN-2005-2561 (Multiple SQL injection vulnerabilities in MYFAQ 1.0 allow remote
...)
-	TODO: check
+	NOTE: not-for-us (MYFAQ)
 CAN-2005-2560 (Cross-site scripting (XSS) vulnerability in index.cfm in CFBB
1.1.0 ...)
-	TODO: check
+	NOTE: not-for-us (CFBB)
 CAN-2005-2559 (doping.php in ePing plugin 1.02 and earlier for e107 portal
allows ...)
-	TODO: check
+	NOTE: not-for-us (e107 portal)
 CAN-2005-2558 (Stack-based buffer overflow in the init_syms function in MySQL
4.0 ...)
-	TODO: check
-end claimed by joeyh
+	- mysql-dfsg-4.1 4.1.13 (medium)
+	- mysql-dfsg-5.0 5.0.7beta (medium)
 CAN-2005-2557
 	NOTE: reserved
 	- mantis 0.19.2-4 (low)
@@ -506,6 +505,7 @@
 	TODO: check
 CAN-2005-2524
 	NOTE: reserved
+begin claimed by joeyh
 CAN-2005-2523 (Multiple cross-site scripting (XSS) vulnerabilities in Weblog
Server ...)
 	TODO: check
 CAN-2005-2522 (Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses
URLs ...)
@@ -552,6 +552,7 @@
 	TODO: check
 CAN-2005-2501 (Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2 allows
...)
 	TODO: check
+end claimed by joeyh
 CAN-2005-2500 (Buffer overflow in the xdr_xcode_array2 function in xdr.c in
Linux ...)
 	NOTE: Does not affect 2.6.8 or 2.4.27, fixed in current 2.6.12 kernels
 	- linux-2.6 2.6.12-1 (medium)