[Secure-testing-commits] r854 - sarge-checks/CAN

Joey Hess joeyh@costa.debian.org
Tue, 19 Apr 2005 09:14:23 +0000 

Author: joeyh
Date: 2005-04-19 09:14:20 +0000 (Tue, 19 Apr 2005)
New Revision: 854

Modified:
   sarge-checks/CAN/list
Log:
automatic CAN database update

Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-04-18 21:45:57 UTC (rev 853)
+++ sarge-checks/CAN/list	2005-04-19 09:14:20 UTC (rev 854)
@@ -1,3 +1,49 @@
+CAN-2005-1173 (Buffer overflow in PMSoftware Simple Web Server 1.0 allows remote ...)
+	TODO: check
+CAN-2005-1172 (Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine ...)
+	TODO: check
+CAN-2005-1171 (Cross-site scripting (XSS) vulnerability in datenbank module for phpBB ...)
+	TODO: check
+CAN-2005-1170 (SQL injection vulnerability in datenbank module for phpBB allows ...)
+	TODO: check
+CAN-2005-1169 (Mafia Blog .4 BETA does not properly protect the admin directory, ...)
+	TODO: check
+CAN-2005-1168 (DiagCollectionControl.dll in Musicmatch 10.00.2047 and earlier allows ...)
+	TODO: check
+CAN-2005-1167 (Musicmatch 10.00.2047 and earlier store log files in the Program Files ...)
+	TODO: check
+CAN-2005-1166 (The DNTUS26 process in Dameware NT Utilities and the DWRCS process in ...)
+	TODO: check
+CAN-2005-1165 (Yager 5.24 and earlier allows remote attackers to cause a denial of ...)
+	TODO: check
+CAN-2005-1164 (Yager 5.24 and earlier allows remote attackers to cause a denial of ...)
+	TODO: check
+CAN-2005-1163 (Multiple buffer overflows in Yager 5.24 and earlier allow remote ...)
+	TODO: check
+CAN-2005-1162 (Multiple cross-site scripting (XSS) vulnerabilities in OneWorldStore ...)
+	TODO: check
+CAN-2005-1161 (Multiple SQL injection vulnerabilities in OneWorldStore allow remote ...)
+	TODO: check
+CAN-2005-1160 (The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla ...)
+	TODO: check
+CAN-2005-1159 (The native implementations of InstallTrigger and other functions in ...)
+	TODO: check
+CAN-2005-1158 (Multiple "missing security checks" in Firefox before 1.0.3 allow ...)
+	TODO: check
+CAN-2005-1157 (Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote ...)
+	TODO: check
+CAN-2005-1156 (Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote ...)
+	TODO: check
+CAN-2005-1155 (The favicon functionality in Firefox before 1.0.3 and Mozilla Suite ...)
+	TODO: check
+CAN-2005-1154 (Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote ...)
+	TODO: check
+CAN-2005-1153 (Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a ...)
+	TODO: check
+CAN-2005-1152
+	NOTE: reserved
+CAN-2005-1151
+	NOTE: reserved
 CAN-2005-1150 (Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and ...)
 	NOTE: not-for-us (Sun Java)
 CAN-2005-1149 (SQL injection vulnerability in admin/login.asp in aspclick.it ACNews ...)
@@ -90,8 +136,8 @@
 CAN-2005-1108 (The ij_untrusted_url function in JunkBuster 2.0.2-r2, with ...)
 	NOTE: only part of Woody, has been removed from Sarge and sid
 	NOTE: not-for-us (Junkbuster)
-CAN-2005-1107
-	NOTE: reserved
+CAN-2005-1107 (McAfee Internet Security Suite 2005 uses insecure default ACLs for ...)
+	TODO: check
 CAN-2005-XXXX [Multiple further vulnerabilities in Mozilla/Firefox beside CAN-2005-0989]
 	NOTE: Mozilla suite is not affected by all of these issues
 	- mozilla-firefox 1.0.3-1
@@ -383,8 +429,8 @@
 	NOTE: not-for-us (IVT BlueSoleil)
 CAN-2005-0977 (The shmem_nopage function in shmem.c for the tmpfs driver in Linux ...)
 	- kernel-source-2.6.8 2.6.8-16
-CAN-2005-0976
-	NOTE: reserved
+CAN-2005-0976 (AppleWebKit (WebCore and WebKit), as used in multiple products such as ...)
+	TODO: check
 CAN-2005-0975
 	NOTE: reserved
 CAN-2005-0974
@@ -1000,7 +1046,6 @@
 	NOTE: reserved
 	- cvs (unfixed; bug filed)
 CAN-2005-0752 [PLUGINSPAGE privileged javascript execution in Firefox] 
-	NOTE: reserved
 	- mozilla-firefox 1.0.3-1
 CAN-2005-0751
 	NOTE: reserved
@@ -3512,7 +3557,7 @@
 	{DSA-651-1}
 	- squid 2.5.7-4
 CAN-2005-0093
-	NOTE: reserved
+	NOTE: rejected
 CAN-2005-0092 (Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB ...)
 	NOTE: apparently specific to redhat hugemem kernel
 CAN-2005-0091 (Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB ...)
@@ -4019,17 +4064,17 @@
 CAN-2004-1244 (Windows Media Player 9 allows remote attackers to execute arbitrary ...)
 	NOTE: not-for-us (Microsoft)
 CAN-2004-1243
-	NOTE: reserved
+	NOTE: rejected
 CAN-2004-1242
-	NOTE: reserved
+	NOTE: rejected
 CAN-2004-1241
-	NOTE: reserved
+	NOTE: rejected
 CAN-2004-1240
-	NOTE: reserved
+	NOTE: rejected
 CAN-2004-1239
-	NOTE: reserved
+	NOTE: rejected
 CAN-2004-1238
-	NOTE: reserved
+	NOTE: rejected
 CAN-2004-1237 (Unknown vulnerability in the system call filtering code in the audit ...)
 	NOTE: apparently redhat specific
 CAN-2004-1236 (Buffer overflow in the LDAP component for Netscape Directory Server ...)