[Secure-testing-commits] r1502 - data/CAN

Sat, 30 Jul 2005 08:24:49 -0700 

Author: joeyh
Date: 2005-07-30 15:24:19 +0000 (Sat, 30 Jul 2005)
New Revision: 1502

Modified:
   data/CAN/list
Log:
new vpopmail holes
fetchmail fix didn't apply
claimed block


Modified: data/CAN/list
===================================================================
--- data/CAN/list       2005-07-30 13:56:12 UTC (rev 1501)
+++ data/CAN/list       2005-07-30 15:24:19 UTC (rev 1502)
@@ -336,9 +336,12 @@
 CAN-2004-2240 (Multiple SQL injection vulnerabilities in Phorum 5.0.11 and 
earlier ...)
        NOTE: not-for-us (Phorum)
 CAN-2004-2239 (Buffer overflow in vsybase.c in vpopmail 5.4.2 and earlier 
might allow ...)
-       TODO: check
+       - vpopmail (unfixed; bug filed; low)
+CAN-2005-XXXX [SQL injecton vulnerabilities in vpopmail prior to 5.4.6]
+       NOTE: see 
http://archives.neohapsis.com/archives/bugtraq/2004-08/0286.html
+       - vpopmail (unfixed; bug filed; high)
 CAN-2004-2238 (** DISPUTED ** ...)
-       TODO: check
+       NOTE: format string vuln in vpopmail doesn't seem to be real
 CAN-2004-2237 (Unknown vulnerability in Moodle before 1.3.4 has unknown impact 
and ...)
        - moodle 1.4-1
 CAN-2004-2236 (Unknown vulnerability in Moodle before 1.3.3 has unknown impact 
and ...)
@@ -411,7 +414,8 @@
 CAN-2005-XXXX [tdiary cross-site request forgeries]
        - tdiary 2.0.2-1 (medium)
 CAN-2005-2335 (Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 
allows ...)
-       - fetchmail 6.2.5-15 (medium)
+       NOTE: previous fix broken
+       - fetchmail (unfixed; bug #320357; medium)
 CAN-2005-2320 (WebCalendar before 1.0.0 does not properly restrict access to 
...)
        {DSA-766-1}
        - webcalender (unfixed; bug #315671; medium)
@@ -737,6 +741,7 @@
        NOTE: not-for-us (Macromedia JRun)
 CAN-2001-1543 (Axis network camera 2120, 2110, 2100, 200+ and 200 contains a 
default ...)
        NOTE: not-for-us (Axis network camera)
+begin claimed by joeyh
 CAN-2001-1542 (NAI WebShield SMTP 4.5 and possibly 4.5 MR1a does not filter 
...)
        TODO: check
 CAN-2001-1541 (Buffer overflow in Unix-to-Unix Copy Protocol (UUCP) in BSDI 
BSD/OS ...)
@@ -829,6 +834,7 @@
        TODO: check
 CAN-2000-1228 (Phorum 3.0.7 allows remote attackers to change the 
administrator ...)
        TODO: check
+end claimed by joeyh
 CAN-2005-2259 (The dispallclosed2 function in dispallclosed.pl for multiple 
USANet ...)
        NOTE: not-for-us (USANet)
 CAN-2005-2258 (PHP remote file inclusion vulnerability in photolist.inc.php in 
Squito ...)


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to