[Secure-testing-commits] r1328 - data/CAN

Mon, 04 Jul 2005 03:11:04 -0700 

Author: jmm-guest
Date: 2005-07-04 10:09:43 +0000 (Mon, 04 Jul 2005)
New Revision: 1328

Modified:
   data/CAN/list
Log:
some house-keeping on older bugs


Modified: data/CAN/list
===================================================================
--- data/CAN/list       2005-07-03 13:45:06 UTC (rev 1327)
+++ data/CAN/list       2005-07-04 10:09:43 UTC (rev 1328)
@@ -239,7 +239,11 @@
 CAN-2002-1955 (Iomega NAS A300U uses cleartext LANMAN authentication when 
mounting ...)
        NOTE: not-for-us (Iomega hardware issue)
 CAN-2002-1954 (Cross-site scripting (XSS) vulnerability in the phpinfo 
function in ...)
-       TODO: check
+       NOTE: According to http://bugs.php.net/bug.php?id=19881 this only 
affects a
+       NOTE: php function that displays the PHP logo and version information. 
In the bug
+       NOTE: log the developers seem unwilling to fix this, as it only affects 
a debug
+       NOTE: function.
+       TODO: check, whether the mentioned XSS still affects current PHP 
versions in Debian
 CAN-2002-1953 (Heap-based buffer overflow in the goim handler of AOL Instant 
...)
        NOTE: not-for-us (AIM)
 CAN-2002-1952 (phpRank 1.8 does not properly check the return codes for MySQL 
...)
@@ -1176,7 +1180,7 @@
 CAN-2005-1913 [Kernel changelog for 2.6.12.1: Clean up subthread exec]
        NOTE: reserved
        TODO: Check 2.6.8
-       - kernel-source-2.6.11 (unfixed)
+       - kernel-source-2.6.11 2.6.11-6 (normal)
 CAN-2005-1912
        NOTE: reserved
 CAN-2005-1911 (The fetchnews NNTP client in leafnode 1.11.2 and earlier can 
hang ...)
@@ -1493,7 +1497,7 @@
 CAN-2005-1761 [Kernel changelog for 2.6.12.1: ia64 ptrace + sigrestore_context]
        NOTE: reserved
        TODO: Check 2.6.8
-       - kernel-source-2.6.11 (unfixed)
+       - kernel-source-2.6.11 2.6.11-6 (normal)
 CAN-2005-1760 (sysreport 1.3.15 and earlier includes contents of the up2date 
file in ...)
        NOTE: not-for-us (sysreport)
 CAN-2005-1759 (Race condition in shtool 2.0.1 and earlier allows local users 
to ...)
@@ -4863,11 +4867,11 @@
 CAN-2005-0774 (SQL injection vulnerability in member.php and possibly other 
scripts ...)
        NOTE: not-for-us (PhotoPost)
 CAN-2005-0773 (Stack-based buffer overflow in VERITAS Backup Exec Remote Agent 
9.0 ...)
-       TODO: check
+       NOTE: not-for-us (VERITAS Backup Exec)
 CAN-2005-0772 (VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and 
9.0.4019 ...)
        NOTE: not-for-us (VERITAS Backup Exec)
 CAN-2005-0771 (VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for 
Windows ...)
-       TODO: check
+       NOTE: not-for-us (VERITAS Backup Exec)
 CAN-2005-0770 (Format string vulnerability in DataRescue Interactive 
Disassembler and ...)
        NOTE: not-for-us (IDA Pro)
 CAN-2005-0768 (Buffer overflow in the administration web server for GoodTech 
Telnet ...)
@@ -6511,7 +6515,7 @@
 CAN-2005-0361
        NOTE: reserved
 CAN-2005-0360 (The Microsoft Log Sink Class ActiveX control in pkmcore.dll is 
marked ...)
-       TODO: check
+       NOTE: not-for-us (Microsoft)
 CAN-2005-0359
        NOTE: reserved
 CAN-2005-0358


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to