thr3ads.net - Secure testing commits - [Secure-testing-commits] r2329

If this information is useful, please help other people find it:
Share via:

Moritz Muehlenhoff

2005-Oct-06 12:54 UTC

[Secure-testing-commits] r2329 - data/CAN

Author: jmm-guest
Date: 2005-10-06 12:53:37 +0000 (Thu, 06 Oct 2005)
New Revision: 2329

Modified:
   data/CAN/list
Log:
new issues in cfengine, processed block, claim new


Modified: data/CAN/list
==================================================================---
data/CAN/list	2005-10-06 12:45:06 UTC (rev 2328)
+++ data/CAN/list	2005-10-06 12:53:37 UTC (rev 2329)
@@ -79,30 +79,31 @@
 	NOT-FOR-US: Trillian
 CAN-2005-3140 (Procom NetFORCE 800 4.02 M10 Build 20 and possibly other
versions ...)
 	NOT-FOR-US: Procom NetFORCE
-begin claimed by jmm
 CAN-2005-3137 (The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5
allow ...)
-	TODO: check
+	{DSA-836, DSA-837}
+	- cfengine <unfixed> (bug filed)
+	- cfengine2 <unfixed> (bug filed)
 CAN-2005-3136 (Directory traversal vulnerability in Virtools Web Player
3.0.0.100 and ...)
-	TODO: check
+	NOT-FOR-US: Virtools Web Player
 CAN-2005-3135 (Buffer overflow in Virtools Web Player 3.0.0.100 and earlier
allows ...)
 	NOT-FOR-US: Virtools Web Player
 CAN-2005-3134 (Citrix Metaframe Presentation Server 3.0 and 4.0 allows remote
...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CAN-2005-3133 (Multiple directory traversal vulnerabilities in MERAK Mail
Server ...)
-	TODO: check
+	NOT-FOR-US: MERAK Mail Server
 CAN-2005-3132 (MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and
possibly ...)
-	TODO: check
+	NOT-FOR-US: MERAK Mail Server
 CAN-2005-3131 (Multiple cross-site scripting (XSS) vulnerabilities in MERAK
Mail ...)
-	TODO: check
+	NOT-FOR-US: MERAK Mail Server
 CAN-2005-3130 (SQL injection vulnerability in lucidCMS 1.0.11 allows remote
attackers ...)
-	TODO: check
+	NOT-FOR-US: lucidCMS
 CAN-2005-3129 (Cross-site request forgery (CSRF) vulnerability in Serendipity
0.8.4 ...)
-	TODO: check
+	- serendipity <itp> (bug #312413)
 CAN-2005-3128 (Cross-site scripting (XSS) vulnerability in add.php in Address
Add ...)
-	TODO: check
+	NOT-FOR-US: Address Add Plugin for Squirrelmail
 CAN-2005-3127 (Cross-site scripting (XSS) vulnerability in index.php in
lucidCMS ...)
-	TODO: check
-end claimed by jmm
+	NOT-FOR-US: lucidCMS
+begin claimed by jmm
 CAN-2005-3126
 	NOTE: reserved
 CAN-2005-3125
@@ -147,6 +148,7 @@
 	TODO: check
 CAN-2005-3105 (The mrpotect code (mprotect.c) in Linux 2.6 on Itanium IA64
Montecito ...)
 	TODO: check
+end claimed by jmm
 CAN-2005-XXXX [horde3 maintainer scripts don''t set sufficiently strict
permissions on config files]
 	- horde3 <unfixed> (bug #332289)
 CAN-2005-XXXX [horde3 permits arbitrary command execution before being finally
configured]

Secure testing commits - Oct 2005 - r2329 - data/CAN

[Secure-testing-commits] r2329 - data/CAN