thr3ads.net - Secure testing commits - [Secure-testing-commits] r2140

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2005-Sep-23 22:51 UTC
[Secure-testing-commits] r2140 - data/CAN

Author: jmm-guest
Date: 2005-09-23 22:51:00 +0000 (Fri, 23 Sep 2005)
New Revision: 2140

Modified:
   data/CAN/list
Log:
Track our open ITPs with  <itp>


Modified: data/CAN/list
==================================================================---
data/CAN/list	2005-09-23 22:36:40 UTC (rev 2139)
+++ data/CAN/list	2005-09-23 22:51:00 UTC (rev 2140)
@@ -938,18 +938,15 @@
 CAN-2005-2637 (Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and
earlier ...)
 	NOTE: not-for-us (PHPFreeNews not in Debian)
 CAN-2005-2636 (SQL injection vulnerability in lib-view-direct.inc.php in
phpAdsNew ...)
-	NOTE: not-for-us (phpAdsNew and phpPgAds not in Debian)
-	NOTE: sent info to ITP #226636 (phpAdsNew)
+        - phpadsnew <itp> (bug #226636)
 CAN-2005-2635 (Multiple directory traversal vulnerabilities in phpAdsNew and
phpPgAds ...)
-	NOTE: not-for-us (phpAdsNew and phpPgAds not in Debian)
-	NOTE: sent info to ITP #226636 (phpAdsNew)
+        - phpadsnew <itp> (bug #226636)
 CAN-2005-2634 (Buffer overflow in the Log-SCR function in the &quot;Log to
Screen&quot; feature ...)
 	NOTE: not-for-us (WinFTP Server)
 CAN-2005-2633 (Multiple PHP file inclusion vulnerabilities in (1) admin_o.php,
(2) ...)
 	NOTE: not-for-us (PHPTB Topic Board not in Debian)
 CAN-2005-2632 (SQL injection vulnerability in login_admin_mediabox404.php in
...)
-	NOTE: not-for-us (mediabox404 not in Debian)
-	NOTE: sent info to ITP #294397
+        - mediabox404 <itp> (bug #294397)
 CAN-2005-2631 (Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and
3.5.0 to ...)
 	NOTE: not-for-us (Cisco)
 CAN-2005-2630
@@ -2044,8 +2041,7 @@
 CAN-2005-2397 (Cross-site scripting (XSS) vulnerability in guestbook.php in
phpBook ...)
 	NOTE: not-for-us (phpBook)
 CAN-2005-2396 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and
...)
-	NOTE: see ITP#276057 and #217571
-	TODO: track ITPs/work with mediawiki team (alioth)
+        - mediawiki <itp> (bug #276057)
 CAN-2005-2395 (Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge
with the ...)
 	- mozilla-firefox <unfixed> (bug #320539; medium)
 	- mozilla <unfixed> (bug #320538; medium)
@@ -2910,7 +2906,7 @@
 	{DSA-762-1}
 	- affix 2.1.2-2 (medium)
 CAN-2005-2249 (Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown
impact ...)
-	TODO: track ITP#289487
+        - jinzora <itp> (bug #289487)
 CAN-2005-2248 (Directory traversal vulnerability in DownloadProtect before
1.0.3 ...)
 	NOTE: not-for-us (DownloadProtect)
 CAN-2005-2247 (Multiple unknown vulnerabilities in Moodle before 1.5.1 have
unknown ...)
@@ -3128,14 +3124,11 @@
 CAN-2004-2188 (Cross-site scripting (XSS) vulnerability in DMXReady Site
Chassis ...)
 	NOTE: not-for-us (DMXReady)
 CAN-2004-2187 (Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related
to ...)
-	NOTE: fixed in 1.3.6
-	NOTE: ITP#217571
+        - mediawiki <itp> (bug #276057)
 CAN-2004-2186 (SQL injection vulnerability in MediaWiki 1.3.5 allows remote
attackers ...)
-	NOTE: fixed in 1.3.6
-	NOTE: ITP#217571
+        - mediawiki <itp> (bug #276057)
 CAN-2004-2185 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki
1.3.5 ...)
-	NOTE: fixed in 1.3.6
-	NOTE: ITP#217571
+        - mediawiki <itp> (bug #276057)
 CAN-2004-2184 (Directory traversal vulnerability in Digicraft Yak! server 2.0
through ...)
 	NOTE: not-for-us (Digicraft Yak!)
 CAN-2004-2183 (Unknown vulnerability in WeHelpBUS 0.1 allows remote attackers
to ...)
@@ -3185,11 +3178,9 @@
 CAN-2004-2159 (Multiple buffer overflows in XMLStarlet Command Line XML Toolkit
0.9.3 ...)
 	- xmlstarlet 1.0.0-1
 CAN-2004-2158 (SQL injection vulnerability in Serendipity 0.7-beta1 allows
remote ...)
-	NOTE: Not yet in Debian, but there''s an ITP pending.
-	TODO: Track #312413
+        - serendipity <itp> (bug #312413)
 CAN-2004-2157 (Cross-site scripting (XSS) vulnerability in Comment.php in
Serendipity ...)
-	NOTE: Not yet in Debian, but there''s an ITP pending.
-	TODO: Track #312413
+        - serendipity <itp> (bug #312413)
 CAN-2004-2156 (Multiple unknown vulnerabilities in Online Recruitment Agency
1.0 have ...)
 	NOTE: not-for-us (Online Recruitment Agency)
 CAN-2004-2155 (Online-bookmarks before 0.4.6 allows remote attackers to bypass
its ...)
@@ -3436,8 +3427,7 @@
 CAN-2004-2153 (Multiple unknown vulnerabilities in Real Estate Management
Software ...)
 	NOTE: not-for-us (Real Estate Management Software)
 CAN-2004-2152 (Cross-site scripting (XSS) vulnerability in
''raw'' page output mode for ...)
-	NOTE: not-for-us (Mediawiki not yet in Debian)
-	TODO: track ITP: #217571, check CAN-2005-1245, CAN-2005-0536, CAN-2005-0535,
CAN-2005-0534, CAN-2004-1405
+        - mediawiki <itp> (bug #276057)
 CAN-2004-2151 (Chatman 1.1.1 RCL and earlier allows remote attackers to cause a
...)
 	NOTE: not-for-us (Chatman)
 CAN-2004-2150 (Nettica Corporation INTELLIPEER Email Server 1.01 displays
different ...)
@@ -3902,7 +3892,7 @@
 CAN-2002-1803 (Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows
remote ...)
 	NOTE: not-for-us (PHP-Nuke)
 CAN-2002-1802 (Cross-site scripting (XSS) vulnerability in Xoops 1.0 RC3 allows
...)
-	NOTE: not-for-us (track ITP#207640)
+        - xoops <itp> (bug #207640)
 CAN-2002-1801 (ImageFolio 2.23 through 2.27 allows remote attackers to obtain
...)
 	NOTE: not-for-us (ImageFolio)
 CAN-2002-1800 (phpRank 1.8 stores the administrative password in plaintext on
the ...)
@@ -4515,14 +4505,11 @@
 	- clamav 0.86.1-1 (low)
 CAN-2005-1921 (Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier
(aka ...)
 	{DSA-789-1 DSA-746-1 DSA-747-1 DSA-745-1 DTSA-15-1}
-	NOTE: ITP #312413 - submitter contacted, she has already addressed this
-	NOTE: This will probably be re-organized by the CVE editor, but lets keep it
for now,
-	NOTE: as it''s the same issue
+        - serendipity <itp> (bug #312413)
 	- drupal 4.5.4-1 (high; bug #316362)
 	- phpgroupware 0.9.16.006-1 (high)
 	- egroupware 1.0.0.007-3.dfsg-1 (high)
 	- phpwiki 1.3.7-4 (high)
-	NOTE: ewiki does not seem vulnerable (no eval, different code base)
 	- php4 4.3.10-16etch1 (high; bug #316447)
 	NOTE: horde3 is not affected by this issue, they ship different XMLRPC code
 CAN-2005-1920 (The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x
through ...)
@@ -4596,7 +4583,7 @@
 CAN-2005-1889 (Unknown vulnerability in Sun ONE Application Server 6.5 SP1 ...)
 	NOTE: not-for-us (Sun ONE)
 CAN-2005-1888 (Cross-site scripting (XSS) vulnerability in MediaWiki before
1.4.5 ...)
-	NOTE: not-for-us (MediaWiki not yet in Debian)
+        - mediawiki <itp> (bug #276057)
 CAN-2005-1887 (Unknown vulnerability in the Sun Solaris C library (libc and
...)
 	NOTE: not-for-us (Solaris)
 CAN-2005-1886 (Cross-site scripting (XSS) vulnerability in view.php in YaPiG
0.92b, ...)
@@ -7001,8 +6988,7 @@
 	- quake2 <unfixed> (bug #280573; low)
 	NOTE: CVE id requested from mitre
 CAN-2005-1245 (Cross-site scripting (XSS) vulnerability in MediaWiki before
1.4.2, ...)
-	NOTE: not-for-us (MediaWiki)
-	NOTE: see CAN-2005-1888
+        - mediawiki <itp> (bug #276057)
 CAN-2005-1244 (Directory traversal vulnerability in the third party tool from
NetIQ, ...)
 	NOTE: not-for-us (AS/400 FTP server addon)
 CAN-2005-1243 (Directory traversal vulnerability in the third party tool from
...)
@@ -9129,14 +9115,11 @@
 CAN-2005-0537 (Multiple SQL injection vulnerabilities in page.php for iGeneric
(iG) ...)
 	NOTE: not-for-us (iGeneric (iG) Shop)
 CAN-2005-0536 (Directory traversal vulnerability in MediaWiki 1.3.x before
1.3.11 and ...)
-	NOTE: not-for-us (MediaWiki not yet in Debian)
-	NOTE: see CAN-2005-1888
+        - mediawiki <itp> (bug #276057)
 CAN-2005-0535 (Cross-site request forgery (CSRF) vulnerability in MediaWiki
1.3.x ...)
-	NOTE: not-for-us (MediaWiki not yet in Debian)
-	NOTE: see CAN-2005-1888
+        - mediawiki <itp> (bug #276057)
 CAN-2005-0534 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki
1.3.x ...)
-	NOTE: not-for-us (MediaWiki not yet in Debian)
-	NOTE: see CAN-2005-1888
+        - mediawiki <itp> (bug #276057)
 CAN-2005-0533 (Heap-based buffer overflow in Trend Micro AntiVirus Library
VSAPI ...)
 	NOTE: not-for-us (Trend Micro AntiVirus)
 CAN-2005-0532 (The reiserfs_copy_from_user_to_file_region function in
reiserfs/file.c ...)
@@ -10181,8 +10164,7 @@
 CAN-2004-1406 (SQL injection vulnerability in ikonboard.cgi in Ikonboard 3.1.0
...)
 	NOTE: not-for-us (Ikonboard)
 CAN-2004-1405 (MediaWiki 1.3.8 and earlier, when used with Apache mod_mime,
does not ...)
-	NOTE: not-for-us (MediaWiki not yet in Debian)
-	NOTE: see CAN-2005-1888
+        - mediawiki <itp> (bug #276057)
 CAN-2004-1404 (Attachment Mod 2.3.10 module for phpBB, when used with Apache
...)
 	NOTE: not-for-us (Attachment Mod for phpBB)
 CAN-2004-1403 (PHP remote code injection vulnerability in index.php in GNUBoard
3.39 ...)
Secure testing commits - Sep 2005 - r2140 - data/CAN

[Secure-testing-commits] r2140 - data/CAN
