thr3ads.net - Secure testing commits - [Secure-testing-commits] r2232

If this information is useful, please help other people find it:
Share via:

Moritz Muehlenhoff

2005-Sep-29 16:27 UTC

[Secure-testing-commits] r2232 - data/CAN

Author: jmm-guest
Date: 2005-09-29 16:27:18 +0000 (Thu, 29 Sep 2005)
New Revision: 2232

Modified:
   data/CAN/list
Log:
more bugnums


Modified: data/CAN/list
==================================================================---
data/CAN/list	2005-09-29 16:09:35 UTC (rev 2231)
+++ data/CAN/list	2005-09-29 16:27:18 UTC (rev 2232)
@@ -1,3 +1,5 @@
+CAN-2005-XXXX [Heap overflow in libosip URI parsing]
+	- libosip 2.0.9-1 (bug #308737)
 CAN-2005-XXXX [rkhunter: Insecure temporary file]
 	- rkhunter 1.2.7-14 (bug #330627; medium)
 CAN-2005-XXXX [fprobe-ng: Insecure default hash]
@@ -2135,7 +2137,7 @@
 	NOT-FOR-US: First Post
 CAN-2005-2411 (Cross-Site Request Forgery (CSRF) vulnerability in tDiary 2.1.1,
and ...)
 	{DSA-808-1}
-	- tdiary 2.0.2-1 (medium)
+	- tdiary 2.0.2-1 (bug #319315; medium)
 CAN-2005-2410 (Format string vulnerability in the nm_info_handler function in
Network ...)
 	NOT-FOR-US: Network Manager
 CAN-2005-2409 (Format string vulnerability in util.c in nbsmtp 0.99 and
earlier, ...)
@@ -2830,7 +2832,7 @@
 CAN-2002-2011 (Cross-site scripting (XSS) vulnerability in the fom CGI program
...)
 	NOT-FOR-US: faqomatic
 CAN-2002-2010 (Cross-site scripting (XSS) vulnerability in htsearch.cgi in
htdig ...)
-	NOT-FOR-US: faqomatic
+	TODO: Check this, htdig is in the archive
 CAN-2002-2009 (Apache Tomcat 4.0.1 allows remote attackers to obtain the web
root ...)
 	NOT-FOR-US: Tomcat
 CAN-2002-2008 (Apache Tomcat 4.0.3 for Windows allows remote attackers to
obtain the ...)
@@ -4954,7 +4956,7 @@
 	NOTE: Cryptographic attack on AES, cannot be fixed
 CAN-2005-1796 (Format string vulnerability in the curses_msg function in the
Ncurses ...)
 	{DSA-749-1}
-	- ettercap 1:0.7.1-1.1
+	- ettercap 1:0.7.1-1.1 (bug #311615)
 CAN-2005-1795 (The filecopy function in misc.c in Clam AntiVirus (ClamAV)
before ...)
 	NOT-FOR-US: ClamAV on Mac OS X
 CAN-2005-1794 (Microsoft Terminal Server using Remote Desktop Protocol (RDP)
5.2 ...)
@@ -5174,7 +5176,7 @@
 	NOTE: no longer affected.
 	- gforge 3.1-26
 CAN-2005-XXXX [osh buffer overflow]
-	- osh 1.7-13
+	- osh 1.7-13 (bug #311369)
 CAN-2005-XXXX [xile buffer overrun in terminal code]
 	- zile 2.0.4-2
 CAN-2005-1750 (SQL injection vulnerability in login.asp in ezdwc NewsletterEz
3.0 ...)
@@ -9485,7 +9487,7 @@
 CAN-2004-1654 (SQL injection vulnerability in the calendar module in phpWebsite
...)
 	NOT-FOR-US: phpWebsite
 CAN-2004-1653 (The default configuration for OpenSSH enables
AllowTcpForwarding, ...)
-	NOT-FOR-US: Documented SSH protocol behaviour, cannot be fixed
+	- ssh <not-affected> (Documented SSH protocol behaviour, cannot be
"fixed")
 	NOTE: See bug #296547 for details
 CAN-2004-1652 (phpScheduleIt 1.0.0 RC1 does not clear administrative privileges
if ...)
 	NOT-FOR-US: phpScheduleIt

Secure testing commits - Sep 2005 - r2232 - data/CAN

[Secure-testing-commits] r2232 - data/CAN