Author: jmm-guest Date: 2005-09-22 21:54:46 +0000 (Thu, 22 Sep 2005) New Revision: 2111 Modified: data/CAN/list Log: CANified bacula and ncompress the remaining ones are nfus Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-09-22 21:33:28 UTC (rev 2110) +++ data/CAN/list 2005-09-22 21:54:46 UTC (rev 2111) @@ -62,53 +62,52 @@ NOTE: not-for-us (Ensim webppliance) CAN-2005-3013 (Buffer overflow in YaST for SuSE Linux 9.3 allows local users to ...) NOTE: not-for-us (YaST) -begin claimed by jmm CAN-2005-3012 (The MasterDataCD::createImage function in masterdatacd.cpp for ...) - TODO: check + NOTE: not-for-us (SimpleCDR-X) CAN-2005-3011 (texindex in texinfo 4.7 and earlier allows local users to overwrite ...) - TODO: check + - texinfo (unfixed; bug #328265; low) CAN-2005-3010 (Direct static code injection vulnerability in the flood protection ...) - TODO: check + NOTE: not-for-us (CuteNews) CAN-2005-3009 (Cross-site scripting (XSS) vulnerability in CuteNews allows remote ...) - TODO: check + NOTE: not-for-us (CuteNews) CAN-2005-3008 (Tofu 0.2 allows remote attackers to execute arbitrary Python code via ...) - TODO: check + NOTE: not-for-us (Tofu) + TODO: Please double-check, there''s a twisted, soya and other stuff, it''s all a wild mix CAN-2005-3007 (Opera before 8.50 allows remote attackers to spoof the content type of ...) - TODO: check + NOTE: not-for-us (Opera) CAN-2005-3006 (The mail client in Opera before 8.50 opens attached files from the ...) - TODO: check + NOTE: not-for-us (Opera) CAN-2005-3005 (Helpdesk Software Hesk allows remote attackers to bypass ...) - TODO: check + NOTE: not-for-us (Helpdesk Software Hesk) CAN-2005-3004 (SQL injection vulnerability in Interakt MX Shop 3.2.0 allows remote ...) - TODO: check + NOTE: not-for-us (Interakt MX Shop) CAN-2005-3003 (SQL injection vulnerability in index.php in NooTopList 1.0.0 release ...) - TODO: check + NOTE: not-for-us (NooTopList) CAN-2005-3002 (Multi-Computer Control System (MCCS) 1.0 allows remote attackers to ...) - TODO: check + NOTE: not-for-us (Multi-Computer Control System) CAN-2005-3001 (Unspecified vulnerability in the "tl" driver in Solaris 10 allows ...) - TODO: check + NOTE: not-for-us (Solaris) CAN-2005-3000 (Multiple cross-site scripting (XSS) vulnerabilities in viewers/txt.php ...) - TODO: check + NOTE: not-for-us (PHP Advanced Transfer Manager) CAN-2005-2999 (PHP Advanced Transfer Manager 1.30 allows remote attackers to obtain ...) - TODO: check + NOTE: not-for-us (PHP Advanced Transfer Manager) CAN-2005-2998 (PHP Advanced Transfer Manager 1.30 has a default password for the ...) - TODO: check + NOTE: not-for-us (PHP Advanced Transfer Manager) CAN-2005-2997 (Multiple directory traversal vulnerabilities in PHP Advanced Transfer ...) - TODO: check + NOTE: not-for-us (PHP Advanced Transfer Manager) CAN-2005-2996 (Multiple heap-based and stack-based buffer overflows in certain DCOM ...) - TODO: check + NOTE: not-for-us (VERITAS storage solutions) CAN-2005-2995 (bacula 1.36.3 and earlier allows local users to modify or read ...) - TODO: check + - bacula (bug #329271; low) CAN-2005-2994 (Unspecified vulnerability in the web client for IBM Rational ...) - TODO: check + NOTE: not-for-us (IBM Rational ClearQuest) CAN-2005-2993 (Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64 UNIX ...) - TODO: check + NOTE: not-for-us (HP Tru64) CAN-2005-2991 (ncompress 4.2.4 and earlier allows local users to overwrite arbitrary ...) - TODO: check + - ncompress (unfixed; bug #329052; unimportant) CAN-2005-2992 [Another arc tempfile issue] NOTE: reserved - arc 5.21m-1 (low) -end claimed by jmm CAN-2005-XXXX [Firefox passes URLs with backticks from external programs to the shell] - mozilla-firefox not-affected (Debian ships a non-vulnerable wrapper script) - mozilla-thunderbird (unfixed; bug #329667; high) @@ -116,8 +115,6 @@ - ruby1.6 1.6.8-13 (medium) - ruby1.8 1.8.3-1 (medium) - ruby1.9 1.9.0+20050921-1 (medium) -CAN-2005-XXXX [Insecure temp files in bacula] - - bacula (bug #329271; low) CAN-2005-XXXX [freeradius buffer overflows and SQL injection] - freeradius 1.0.5-1 (medium) CAN-2005-2990 (AuthInfo.java in LineContol Java Client (jlc) before 0.8.1 stores ...) @@ -338,8 +335,6 @@ NOTE: not-for-us (Advansysperu Software USB Lock Auto-Protect) CAN-2005-2945 (arc 5.21j and earlier create temporary files with world-readable ...) - arc 5.21m-1 (bug #329053; low) -CAN-2005-XXXX [insecure temporary file handling in ncompress] - - ncompress (unfixed; bug #329052; unimportant) CAN-2005-2917 [DoS vulnerability in squid''s NMTL auth code] NOTE: reserved - squid 2.5.10-6 (unknown)