Author: jmm-guest
Date: 2005-09-08 09:53:19 +0000 (Thu, 08 Sep 2005)
New Revision: 1846
Modified:
data/CAN/list
Log:
new courier/webmail xss
new frox issue already fixed
several not-for-us
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-09-08 08:39:04 UTC (rev 1845)
+++ data/CAN/list 2005-09-08 09:53:19 UTC (rev 1846)
@@ -1,14 +1,13 @@
-claimed by jmm
CAN-2005-2840 (Multiple unknown vulnerabilities in MAXdev MD-Pro 1.0.72 and
earlier ...)
- TODO: check
+ NOTE: not-for-us (MAXdev)
CAN-2005-2839 (Multiple cross-site scripting (XSS) vulnerabilities in MAXdev
MD-Pro ...)
- TODO: check
+ NOTE: not-for-us (MAXdev)
CAN-2005-2838 (SQL injection vulnerability in login.php in myBloggie 2.1.3-beta
and ...)
- TODO: check
+ NOTE: not-for-us (myBloggie)
CAN-2005-2837 (Multiple eval injection vulnerabilities in PlainBlack Software
WebGUI ...)
- TODO: check
+ NOTE: not-for-us (WebGUI)
CAN-2005-2836 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum
5.0.17a ...)
- TODO: check
+ NOTE: not-for-us (Phorum)
CAN-2005-2835
NOTE: reserved
CAN-2005-2834
@@ -40,40 +39,40 @@
CAN-2005-2821
NOTE: reserved
CAN-2005-2820 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4
allows ...)
- TODO: check
+ - courier (unfixed; bug #327181; medium)
CAN-2005-2819 (Unknown vulnerability in DownFile 1.3 allows remote attackers to
...)
- TODO: check
+ NOTE: not-for-us (DownFile)
CAN-2005-2818 (Cross-site scripting (XSS) vulnerability in DownFile 1.3 allows
remote ...)
- TODO: check
+ NOTE: not-for-us (DownFile)
CAN-2005-2817 (Simple Machines Forum (SMF) 1-0-5 and earlier supports the use
of URLs ...)
- TODO: check
+ NOTE: not-for-us (Simple Machines Forum)
CAN-2005-2816 (Cross-site scripting (XSS) vulnerability in Greymatter allows
remote ...)
- TODO: check
+ NOTE: not-for-us (Greymatter)
CAN-2005-2815 (print.php in FlatNuke 2.5.6 allows remote attackers to obtain
...)
- TODO: check
+ NOTE: not-for-us (FlatNuke)
CAN-2005-2814 (Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.6
allows ...)
- TODO: check
+ NOTE: not-for-us (FlatNuke)
CAN-2005-2813 (Directory traversal vulnerability in FlatNuke 2.5.6 and possibly
...)
- TODO: check
+ NOTE: not-for-us (FlatNuke)
CAN-2005-2812 (man2web allows remote attackers to execute arbitrary commands
via -P ...)
- TODO: check
+ NOTE: not-for-us (man2web)
CAN-2005-2811 (Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and
earlier, ...)
- TODO: check
+ NOTE: This looks like a Portage-specific configuration flaw to mee, but please
double-check
+ TODO: double-check, whether this is Gentoo specific
CAN-2005-2810 (Multiple stack-based buffer overflows in urban before 1.5.3
allow ...)
- TODO: check
+ NOTE: not-for-us (urban game)
CAN-2005-2809 (silc daemon (silcd.c) in Secure Internet Live Conferencing
(SILC) 1.0 ...)
- TODO: check
+ NOTE: not-for-us (silc daemon)
CAN-2005-2808 (frox 0.7.16 and 0.7.17 does not properly parse certain Deny
ACLs, ...)
- TODO: check
+ - frox 0.7.18-1 (medium)
CAN-2005-2807 (frox 0.7.18, when running setuid root, does not properly drop
...)
- TODO: check
+ NOTE: not-affected (does not run setuid root in the Debian package)
CAN-2005-2806 (client.cpp in BNBT EasyTracker 7.7r3.2004.10.27 and earlier
allows ...)
- TODO: check
+ NOTE: not-for-us (BNBT EasyTracker)
CAN-2005-2805 (forum_post.php in e107 0.6 allows remote attackers to post to
...)
- TODO: check
+ NOTE: not-for-us (e107)
CAN-2005-2804
NOTE: reserved
-end claimed by jmm
CAN-2005-2803 (Cross-site scripting (XSS) vulnerability in Hiki 0.8.1 to 0.8.2
allows ...)
TODO: check
CAN-2005-2800 (Memory leak in the seq_file implemenetation in the SCSI procfs
...)
@@ -326,7 +325,7 @@
{DSA-796-1}
- affix 2.1.2-3 (bug #325444; medium)
CAN-2005-XXXX [Insecure tempfile usage in tleds]
- - tleds 1.05beta10-9 (bug# 276789; low)
+ - tleds 1.05beta10-9 (bug #276789; low)
CAN-2005-2693 (cvsbug in CVS 1.12.12 and earlier creates temporary files
insecurely, ...)
{DSA-802-1}
NOTE: cvs: not shipped in binary package