[Secure-testing-commits] r904 - sarge-checks/CAN
Joey Hess
joeyh@costa.debian.org
Mon, 25 Apr 2005 09:14:31 +0000
Author: joeyh
Date: 2005-04-25 09:14:28 +0000 (Mon, 25 Apr 2005)
New Revision: 904
Modified:
sarge-checks/CAN/list
Log:
automatic CAN database update
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-04-24 14:25:11 UTC (rev 903)
+++ sarge-checks/CAN/list 2005-04-25 09:14:28 UTC (rev 904)
@@ -1,3 +1,87 @@
+CAN-2005-1245 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, ...)
+ TODO: check
+CAN-2005-1244 (Directory traversal vulnerability in the third party tool from NetIQ, ...)
+ TODO: check
+CAN-2005-1243 (Directory traversal vulnerability in the third party tool from ...)
+ TODO: check
+CAN-2005-1242 (Directory traversal vulnerability in the third party tool from Bsafe, ...)
+ TODO: check
+CAN-2005-1241 (Directory traversal vulnerability in the third party tool from ...)
+ TODO: check
+CAN-2005-1240 (Directory traversal vulnerability in the third party tool from ...)
+ TODO: check
+CAN-2005-1239 (Directory traversal vulnerability in the third party tool from ...)
+ TODO: check
+CAN-2005-1238 (By design, the built-in FTP server for iSeries AS/400 systems does not ...)
+ TODO: check
+CAN-2005-1237 (SQL injection vulnerability in news.php in FlexPHPNews 0.0.3 allows ...)
+ TODO: check
+CAN-2005-1236 (Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and ...)
+ TODO: check
+CAN-2005-1235 (auction_my_auctions.php in phpbb-Auction 1.2m and earlier allows ...)
+ TODO: check
+CAN-2005-1234 (Multiple SQL injection vulnerabilities in phpbb-Auction allow remote ...)
+ TODO: check
+CAN-2005-1233 (Cross-site scripting (XSS) vulnerability in index.php in PHP Labs ...)
+ TODO: check
+CAN-2005-1232 (Buffer overflow in Sun Java System Web Proxy Server (aka Sun ONE Proxy ...)
+ TODO: check
+CAN-2005-1231 (Cross-site scripting (XSS) vulnerability in the NewTerm function in ...)
+ TODO: check
+CAN-2005-1230 (Directory traversal vulnerability in Yawcam 0.2.5 allows remote ...)
+ TODO: check
+CAN-2005-1229 (Directory traversal vulnerability in cpio 2.6 and earlier allows ...)
+ TODO: check
+CAN-2005-1228 (Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through ...)
+ TODO: check
+CAN-2005-1227 (Cross-site scripting (XSS) vulnerability in PHProjekt 4.2 and earlier ...)
+ TODO: check
+CAN-2005-1226 (Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which ...)
+ TODO: check
+CAN-2005-1225 (SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows ...)
+ TODO: check
+CAN-2005-1224 (Multiple SQL injection vulnerabilities in DUportal Pro 3.4 allow ...)
+ TODO: check
+CAN-2005-1223 (Multiple SQL injection vulnerabilities in Ocean12 Calendar manager ...)
+ TODO: check
+CAN-2005-1222 (cat_for_gen.php in Annuaire Netref 4.2 allows remote attackers to ...)
+ TODO: check
+CAN-2005-1221 (SQL injection vulnerability in login.asp for Ecommerce-Carts EcommPro ...)
+ TODO: check
+CAN-2005-1220 (Shoutbox SCRIPT 3.0.2 and earlier allows remote attackers to obtain ...)
+ TODO: check
+CAN-2005-1219
+ NOTE: reserved
+CAN-2005-1218
+ NOTE: reserved
+CAN-2005-1217
+ NOTE: reserved
+CAN-2005-1216
+ NOTE: reserved
+CAN-2005-1215
+ NOTE: reserved
+CAN-2005-1214
+ NOTE: reserved
+CAN-2005-1213
+ NOTE: reserved
+CAN-2005-1212
+ NOTE: reserved
+CAN-2005-1211
+ NOTE: reserved
+CAN-2005-1210
+ NOTE: reserved
+CAN-2005-1209
+ NOTE: reserved
+CAN-2005-1208
+ NOTE: reserved
+CAN-2005-1207
+ NOTE: reserved
+CAN-2005-1206
+ NOTE: reserved
+CAN-2005-1205
+ NOTE: reserved
+CAN-2002-1657 (PostgreSQL uses the username for a salt when generating passwords, ...)
+ TODO: check
CAN-2005-XXXX [libpam-ssh: Inproper caching of pwd data with potential security implications]
- libpam-ssh 1.91.0-9
CAN-2005-1204 (Desktop Rover 3.0, and possibly earlier versions, allows remote ...)
@@ -6,7 +90,7 @@
- egroupware 1.0.0.007-2.dfsg-1
CAN-2005-1202 (Multiple cross-site scripting (XSS) vulnerabilities in eGroupware ...)
- egroupware 1.0.0.007-2.dfsg-1
-CAN-2005-1201 (Multiple directory traversal vulnerabilities in AZBB before 1.0.08 ...)
+CAN-2005-1201 (Multiple directory traversal vulnerabilities in AZ Bulletin board ...)
NOTE: not-for-us (AZbb)
CAN-2005-1200 (PHP remote code injection vulnerability in main_index.php in AZ ...)
NOTE: not-for-us (AZbb)
@@ -294,7 +378,7 @@
NOTE: not-for-us (Serendipity)
CAN-2005-1133 (The POP3 server in IBM iSeries AS/400 returns different error messages ...)
NOTE: not-for-us (AS/400 system software)
-CAN-2005-1132 (LG U8120 modile phone allows remote attackers to cause a denial of ...)
+CAN-2005-1132 (LG U8120 mobile phone allows remote attackers to cause a denial of ...)
NOTE: not-for-us (LG mobile phone)
CAN-2005-1131 (Unknown vulnerability in Veritas i3 Focalpoint Server 7.1 and earlier ...)
NOTE: not-for-us (Veritas Focalpoint Server)
@@ -645,8 +729,8 @@
- kernel-source-2.6.8 2.6.8-16
CAN-2005-0976 (AppleWebKit (WebCore and WebKit), as used in multiple products such as ...)
NOTE: not-for-us (Apple)
-CAN-2005-0975
- NOTE: reserved
+CAN-2005-0975 (Integer signedness error in the parse_machfile function in the mach-o ...)
+ TODO: check
CAN-2005-0974
NOTE: reserved
CAN-2005-0973
@@ -655,8 +739,8 @@
NOTE: reserved
CAN-2005-0971
NOTE: reserved
-CAN-2005-0970
- NOTE: reserved
+CAN-2005-0970 (Mac OS X 10.3.9 and earlier allows users to install, create, and ...)
+ TODO: check
CAN-2005-0969
NOTE: reserved
CAN-2005-0968 (Computer Associates (CA) eTrust Intrusion Detection 3.0 allows remote ...)
@@ -1256,7 +1340,6 @@
CAN-2005-0755 (Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player ...)
TODO: check
CAN-2005-0754 [Untrusted code execution in Kommander]
- NOTE: reserved
- kdewebdev (unfixed; bug #305833)
CAN-2005-0753 [Buffer overflow and several memory access problems in CVS]
- cvs (unfixed; bug #305254)
@@ -3667,13 +3750,12 @@
NOTE: reserved
CAN-2005-0138
NOTE: reserved
-CAN-2005-0137
- NOTE: reserved
+CAN-2005-0137 (Linux kernel 2.6 on Itanium (ia64) architectures allows local users to ...)
+ TODO: check
CAN-2005-0136
NOTE: reserved
- kernel-source-2.6.8 2.6.8-14
-CAN-2005-0135
- NOTE: reserved
+CAN-2005-0135 (The unw_unwind_to_user function in unwind.c on Itanium (ia64) ...)
- kernel-source-2.6.8 2.6.8-14
CAN-2005-0134
NOTE: reserved
@@ -3706,7 +3788,8 @@
NOTE: 2.6.8 apparently ok
CAN-2005-0123
NOTE: reserved
-CAN-2005-0122 (Integer signedness error in the parse_machfile function in the mach-o ...)
+CAN-2005-0122
+ NOTE: rejected
NOTE: not-for-us (MacOS X)
CAN-2005-0121 (Multiple buffer overflows in golddig 2.0 and earlier allow local users ...)
NOTE: not-for-us (golddig)