Author: joeyh
Date: 2005-07-21 14:35:55 +0000 (Thu, 21 Jul 2005)
New Revision: 1450
Modified:
data/CAN/list
Log:
write mitre for CAN assignments for holes reported originally to debian
bts
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-07-21 11:08:43 UTC (rev 1449)
+++ data/CAN/list 2005-07-21 14:35:55 UTC (rev 1450)
@@ -1,7 +1,9 @@
CAN-2005-2320 [webcalender: Inproper access control may lead to privilege
escalation]
- webcalender (unfixed; bug #315671; medium)
+ NOTE: CAN request sent to mitre
CAN-2005-XXXX [xsupplicant leaks sensitive password information into logfile]
- xsupplicant (unfixed; bug #317703; medium)
+ NOTE: CAN request sent to mitre
CAN-2005-XXXX [Insecure temp usage in gopher]
- gopher 3.0.8 (low)
CAN-2005-XXXX [fiaif: Package provided cron job updates conf files with access
definitions]
@@ -728,6 +730,7 @@
NOTE: not-for-us (Online-bookmarks)
CAN-2005-XXXX [base-config log should not be world readable]
- base-config 2.68 (low)
+ NOTE: CAN request sent to mitre
CAN-2005-2169 (Directory traversal vulnerability in source.php in Quick &
Dirty ...)
NOTE: not-for-us (PHPSource Printer)
CAN-2005-2168 (delete.php in Plague News System 0.6 and earlier allows remote
...)
@@ -2224,8 +2227,12 @@
- fuse 2.3.0-1
CAN-2005-XXXX [Directory traversal in zoo]
- zoo (unfixed; bug #309594; medium)
+ NOTE: CAN request sent to mitre
CAN-2005-XXXX [Cross Site Scripting in websieve]
- websieve (unfixed; bug #311838; low)
+ NOTE: CAN number requested from mitre
+ NOTE: second half of bug suggets lack of escaping of user data
+ NOTE: could be used to compromise program somehow
CAN-2005-1840 (Directory traversal vulnerability in class.layout_phpcms.php in
phpCMS ...)
NOTE: not-for-us (phpCMS)
CAN-2005-1839 (Multiple SQL injection vulnerabilities in Doug Luxem Liberum
Help Desk ...)
@@ -2509,6 +2516,7 @@
- moodle 1.4.4.dfsg.1-3
CAN-2005-XXXX [Minor DoS condition in mutt due to preditable tempfiles]
- mutt (unfixed; bug #311296; low)
+ NOTE: CAN number assignment requested from mitre
CAN-2005-XXXX [gforge arbitrary code execution through viewFile.php]
NOTE: viewFile.php has been removed along with other files in -26, so
Debian is
NOTE: no longer affected.
@@ -3942,10 +3950,12 @@
- maradns 1.0.27-1
CAN-2005-XXXX [Temp file races in gs-gpl addons scripts]
- gs-gpl (unfixed; bug #291373; low)
+ NOTE: CAN number requested from mitre
CAN-2005-XXXX [Possible SQL injection in freeradius]
- freeradius 1.0.2-4
CAN-2005-XXXX [Insecure temp file handling in Thunderbird]
- mozilla-thunderbird (unfixed; bug #306893; low)
+ NOTE: CAN request sent to mitre
CAN-2005-XXXX [Directory traversal in unzoo]
- unzoo 4.4-4
CAN-2005-XXXX [Logging bypassing through SIGHUP in syslog-ng]
@@ -4008,10 +4018,12 @@
NOTE: have not checked to see which security holes re in it exatly
NOTE: Has been removed from Sarge
- nvu (unfixed; bug #306822)
+ NOTE: CAN number requested from mitre
CAN-2005-XXXX [eskuel: arbitrary file retreiving]
- eskuel 1.0.5-3.1 (low)
CAN-2005-XXXX [eskuel: No authentication at all]
- eskuel (unfixed; bug #163653; low)
+ NOTE: CAN number requested from mitre
CAN-2005-XXXX [Buffer overflow in elog's header buffer]
- elog 2.5.7+r1558-3
CAN-2005-XXXX [Unspeficied security issue in ipsec-tool's single DES support]
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
