Author: neilm Date: 2005-09-10 15:12:00 +0000 (Sat, 10 Sep 2005) New Revision: 1901 Modified: data/CAN/list Log: Patches for syntax etc. (Thanks to Florian Weimer <fw@deneb.enyo.de>) Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-09-10 14:53:32 UTC (rev 1900) +++ data/CAN/list 2005-09-10 15:12:00 UTC (rev 1901) @@ -1611,7 +1611,7 @@ CAN-2005-2404 (SQL injection vulnerability in sendcard.php in Sendcard 3.2.3 allows ...) NOTE: not-for-us (Sendcard) CAN-2005-2403 (The login protocol in RealChat 3.5.1b does not use authentication, ...) - NPTE: not-for-us (RealChat) + NOTE: not-for-us (RealChat) CAN-2005-2402 (Cross-site scripting (XSS) vulnerability in search.php in ...) NOTE: not-for-us (PHPSiteSearch) CAN-2005-2401 (PHP-Fusion allows remote attackers to inject arbitrary Cascading Style ...) @@ -2152,7 +2152,7 @@ CAN-2002-2060 (Buffer overflow in Links 2.0 pre4 allows remote attackers to crash ...) - links2 2.1pre16-2 (low) CAN-2002-2059 (BIOS D845BG, D845HV, D845PT and D845WN on Intel motherboards does not ...) - NOTE; not-for-us (Intel) + NOTE: not-for-us (Intel) CAN-2002-2058 (TeeKai Tracking Online 1.0 uses weak encryption of web usage ...) NOTE: not-for-us (TeeKai) CAN-2002-2057 (TeeKai Forum 1.2 uses weak encryption of web usage statistics in ...) @@ -4439,7 +4439,7 @@ - kernel-source-2.4.27 2.4.27-11 (medium) CAN-2005-1767 (Unknown vulnerability in the Linux kernel 2.6.x and 2.4.x allows local ...) NOTE: linux-2.6 not affected (already fixed) - - kernel-source 2.4.27 2.4.27-11 (unknown) + - kernel-source-2.4.27 2.4.27-11 (unknown) CAN-2005-1766 (Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 ...) NOTE: not-for-us (RealPlayer) CAN-2005-1765 (syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, ...) @@ -4565,8 +4565,8 @@ CAN-2004-2098 (Cross-site scripting (XSS) vulnerability in the banner engine (TBE) ...) NOTE: not-for-us (Banner engine) CAN-2004-2097 (Multiple scripts on SuSE Linux 9.0 allow local users to overwrite ...) - DONE: check these packages, whether they create tempfiles with the current PID: - DONE: fvwm, fvwm-gnome, x-base-clients, lvm10 + TODO: check these packages, whether they create tempfiles with the current PID: + NOTE: DONE: fvwm, fvwm-gnome, x-base-clients, lvm10 NOTE: fvwm: uses mktemp NOTE: fvwm-gnome: same as fvwm NOTE: x-base-clients: x11perfcomp uses mkdir atomically @@ -6019,7 +6019,7 @@ NOTE: not-for-us (Apple) CAN-2005-1471 (Heap-based buffer overflow in RSA SecurID Web Agent 5, 5.2, and 5.3 ...) NOTE: not-for-us (RSA SecurID Web Agent) -CAn-2005-XXXX [race condition with a buffered temp file] +CAN-2005-XXXX [race condition with a buffered temp file] NOTE: no bug ever filed for this one - pysvn 1.1.2-3 CAN-2005-XXXX [mailutils: sql injection vulnerability in sql authentication module] @@ -11933,7 +11933,7 @@ - star 1.5a46 CAN-2004-0849 (Integer overflow in the asn_decode_string() function defined in asn1.c ...) NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge - HELP: which radius daemon in debian is "GNU Radius" (if any)? + TODO: which radius daemon in debian is "GNU Radius" (if any)? CAN-2004-0848 (Buffer overflow in Microsoft Office XP allows remote attackers to ...) NOTE: not-for-us (microsoft) CAN-2004-0847 (The Microsoft .NET forms authentication capability for ASP.NET allows ...) @@ -12371,7 +12371,7 @@ NOTE: not-for-us (BEA WebLogic Server and WebLogic Express) CAN-2004-0651 (Unknown vulnerability in Sun Java Runtime Environment (JRE) 1.4.2 ...) NOTE: JRE is not in Debian, assuming the various wrappers handle - NOTE the new version. Not worrying about upgrades. + NOTE: the new version. Not worrying about upgrades. CAN-2004-0650 (UploadServlet in Cisco Collaboration Server (CCS) running ServletExec ...) NOTE: not-for-us (Cisco) CAN-2004-0649 (Buffer overflow in write_packet in control.c for l2tpd may allow ...) @@ -14739,7 +14739,7 @@ CAN-2003-0512 (Cisco IOS 12.2 and earlier generates a "% Login invalid" message ...) NOTE: not-for-us (Cisco) CAN-2003-0511 (The web server for Cisco Aironet AP1x00 Series Wireless devices ...) - NOTE not-for-us (Cisco Aironet AP1x00 Series Wireless devices) + NOTE: not-for-us (Cisco Aironet AP1x00 Series Wireless devices) CAN-2003-0510 (Format string vulnerability in ezbounce 1.0 through 1.50 allows remote ...) NOTE: not-for-us (ezbounce) CAN-2003-0509 (SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier ...)