thr3ads.net - Secure testing commits - [Secure-testing-commits] r1913

If this information is useful, please help other people find it:
Share via:

Joey Hess

2005-Sep-11 20:06 UTC

[Secure-testing-commits] r1913 - data/CAN

Author: joeyh
Date: 2005-09-11 20:05:34 +0000 (Sun, 11 Sep 2005)
New Revision: 1913

Modified:
   data/CAN/list
Log:
processed a few (jmm, sorry for the poaching, didn''t notice your claim
in
time)


Modified: data/CAN/list
==================================================================---
data/CAN/list	2005-09-11 18:34:13 UTC (rev 1912)
+++ data/CAN/list	2005-09-11 20:05:34 UTC (rev 1913)
@@ -124,7 +124,7 @@
 	NOTE: not-for-us (man2web)
 CAN-2005-2811 (Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and
earlier, ...)
 	NOTE: This looks like a Portage-specific configuration flaw to mee, but please
double-check
-	TODO: double-check, whether this is Gentoo specific
+	NOTE: double-checked
 CAN-2005-2810 (Multiple stack-based buffer overflows in urban before 1.5.3
allow ...)
 	NOTE: not-for-us (urban game)
 CAN-2005-2809 (silc daemon (silcd.c) in Secure Internet Live Conferencing
(SILC) 1.0 ...)
@@ -200,13 +200,13 @@
 CAN-2005-2773 (HP OpenView Network Node Manager 6.2 through 7.50 allows remote
...)
 	NOTE: not-for-us (HP OpenView)
 CAN-2005-2772 (Multiple stack-based buffer overflows in University of Minnesota
...)
-	TODO: check
+	- gopher (unfixed; bug #327722; high)
 CAN-2005-2771 (WRQ Reflection for Secure IT Windows Server 6.0 (formerly known
as ...)
 	NOTE: not-for-us (Reflection for Secure IT)
 CAN-2005-2770 (WRQ Reflection for Secure IT Windows Server 6.0 (formerly known
as ...)
 	NOTE: not-for-us (Reflection for Secure IT)
 CAN-2005-2769 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and
...)
-	TODO: check
+	- sqwebmail (unfixed; bug #327727; medium)
 CAN-2005-2768 (Heap-based buffer overflow in the Sophos Antivirus Library, as
used by ...)
 	TODO: check
 CAN-2005-2767 (Buffer overflow in LeapFTP allows remote attackers to execute
...)
@@ -282,7 +282,8 @@
 CAN-2005-2733 (upload_img_cgi.php in Simple PHP Blog (SPHPBlog) does not
properly ...)
 	NOTE: not-for-us (Simple PHP Blog)
 CAN-2005-2732 (AWStats 6.4, and possibly earlier versions, allows remote
attackers to ...)
-	TODO: check
+	NOTE: path disclosure, so not very important on debian systems
+	- awstats (unfixed; bug #327729; low)
 CAN-2005-2731 (Directory traversal vulnerability in Astaro Security Linux 6.0,
when ...)
 	NOTE: not-for-us (Astato specific)
 CAN-2005-2730 (The HTTP proxy in Astaro Security Linux 6.0 allows remote
attackers to ...)

Secure testing commits - Sep 2005 - r1913 - data/CAN

[Secure-testing-commits] r1913 - data/CAN