[Secure-testing-commits] r1526 - data/CAN

[Joey Hess]

Author: joeyh
Date: 2005-08-05 09:14:13 +0000 (Fri, 05 Aug 2005)
New Revision: 1526

Modified:
   data/CAN/list
Log:
automatic CAN database update

Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-08-04 18:58:55 UTC (rev 1525)
+++ data/CAN/list	2005-08-05 09:14:13 UTC (rev 1526)
@@ -1,3 +1,137 @@
+CAN-2005-2457
+	NOTE: reserved
+CAN-2005-2456 (Array index overflow in the xfrm_sk_policy_insert function in ...)
+	TODO: check
+CAN-2005-2455 (Greasemonkey before 0.3.5 allows remote web servers to (1) read ...)
+	TODO: check
+CAN-2005-2454
+	NOTE: reserved
+CAN-2005-2453 (Cross-site scripting (XSS) vulnerability in NetworkActiv Web Server ...)
+	TODO: check
+CAN-2005-2452 (libtiff 4.0 allows remote attackers to cause a denial of service ...)
+	TODO: check
+CAN-2005-2451 (Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, ...)
+	TODO: check
+CAN-2005-2450 (Multipl integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file ...)
+	TODO: check
+CAN-2005-2449 (Race condition in sandbox before 1.2.11 allows local users to create ...)
+	TODO: check
+CAN-2005-2448 (Multiple "endianness errors" in libgadu in ekg before 1.6rc2 allow ...)
+	TODO: check
+CAN-2005-2447
+	NOTE: rejected
+	TODO: check
+CAN-2005-2446
+	NOTE: rejected
+	TODO: check
+CAN-2005-2445 (SQL injection vulnerability in viewPrd.asp in Product Cart 2.6 allows ...)
+	TODO: check
+CAN-2005-2444 (Trillian Pro 3.1 build 121, when checking Yahoo e-mail, stores the ...)
+	TODO: check
+CAN-2005-2443 (Kshout 2.x and 3.x stores settings.dat under the web document root ...)
+	TODO: check
+CAN-2005-2442 (Cross-Application Scripting (XAS) vulnerability in SPI Dynamics ...)
+	TODO: check
+CAN-2005-2441 (Multiple cross-site scripting (XSS) vulnerabilities in VBzoom allow ...)
+	TODO: check
+CAN-2005-2440 (SQL injection vulnerability in login.asp in Thomson Web Skill Vantage ...)
+	TODO: check
+CAN-2005-2439 (SQL injection vulnerability in UseBB 0.5.1 and earlier, when ...)
+	TODO: check
+CAN-2005-2438 (Cross-site scripting (XSS) vulnerability in UseBB 0.5.1 and earlier ...)
+	TODO: check
+CAN-2005-2436 (browse.php in Website Baker Project allows remote attackers to obtain ...)
+	TODO: check
+CAN-2005-2435 (Cross-site scripting (XSS) vulnerability in browse.php in Website ...)
+	TODO: check
+CAN-2005-2434 (Linksys WRT54G router uses the same private key and certificate for ...)
+	TODO: check
+CAN-2005-2433 (PhpList allows remote attackers to obtain sensitive information via a ...)
+	TODO: check
+CAN-2005-2432 (SQL injection vulnerability in PhpList allows remote attackers to ...)
+	TODO: check
+CAN-2005-2431 (The (1) lost password and (2) account pending features in GForge 4.5 ...)
+	TODO: check
+CAN-2005-2430 (Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 ...)
+	TODO: check
+CAN-2005-2429 (Firefox, when opening Microsoft Word documents, does not properly set ...)
+	TODO: check
+CAN-2005-2428 (Lotus Domino R5 and R6 WebMail stores data in hidden form fields in ...)
+	TODO: check
+CAN-2005-2427 (Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ ...)
+	TODO: check
+CAN-2005-2426 (FTPshell Server 3.38 allows remote authenticated users to cause a ...)
+	TODO: check
+CAN-2005-2425 (Stack-based buffer overflow in Ares FileShare 1.1 allows remote ...)
+	TODO: check
+CAN-2005-2424 (The management interface for Siemens SANTIS 50 running firmware ...)
+	TODO: check
+CAN-2005-2423 (Beehive Forum allows remote attackers to obtain sensitive information ...)
+	TODO: check
+CAN-2005-2422 (Cross-site scripting (XSS) vulnerability in index.php in Beehive Forum ...)
+	TODO: check
+CAN-2005-2421 (Multiple SQL injection vulnerabilities in index.php and other pages in ...)
+	TODO: check
+CAN-2005-2420 (flsearch.pl in FtpLocate 2.02 allows remote attackers to execute ...)
+	TODO: check
+CAN-2005-2419 (B-FOCuS Router 312+ allows remote attackers to bypass authentication ...)
+	TODO: check
+CAN-2005-2418 (Realchat 3.5.1b allows remote attackers to gain privileges by ...)
+	TODO: check
+CAN-2005-2417 (Contrexx before 1.0.5 allows remote attackers to obtain sensitive ...)
+	TODO: check
+CAN-2005-2416 (Multiple cross-site scripting (XSS) vulnerabilities in Contrexx before ...)
+	TODO: check
+CAN-2005-2415 (Multiple SQL injection vulnerabilities in Contrexx before 1.0.5 allow ...)
+	TODO: check
+CAN-2005-2414 (Race condition in the xpcom library, as used by web browsers such as ...)
+	TODO: check
+CAN-2005-2413 (PHP remote file inclusion vulnerability in apa_phpinclude.inc.php in ...)
+	TODO: check
+CAN-2005-2412 (PHP remote file inclusion vulnerability in block.php in PHP FirstPost ...)
+	TODO: check
+CAN-2005-2411 (Cross-Site Request Forgery (CSRF) vulnerability in tDiary 2.1.1, and ...)
+	TODO: check
+CAN-2005-2410 (Format string vulnerability in the nm_info_handler function in Network ...)
+	TODO: check
+CAN-2005-2409 (Format string vulnerability in util.c in nbsmtp 0.99 and earlier, ...)
+	TODO: check
+CAN-2005-2408
+	NOTE: reserved
+CAN-2005-2407 (Unknown vulnerability in Opera 8.01 allows attackers to perform "link ...)
+	TODO: check
+CAN-2005-2406 (Opera 8.01 allows remote attackers to conduct cross-site scripting ...)
+	TODO: check
+CAN-2005-2405 (Opera 8.01, when the "Arial Unicode MS" font (ARIALUNI.TTF) is ...)
+	TODO: check
+CAN-2004-2297 (The Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to ...)
+	TODO: check
+CAN-2004-2296 (The preview_review function in the Reviews module in PHP-Nuke 6.0 to ...)
+	TODO: check
+CAN-2004-2295 (SQL injection vulnerability in modules.php in PHP-Nuke 6.0 to 7.3 ...)
+	TODO: check
+CAN-2004-2294 (Canonicalize-before-filter error in the send_review function in the ...)
+	TODO: check
+CAN-2004-2293 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to ...)
+	TODO: check
+CAN-2004-2292 (Buffer overflow in Alt-N MDaemon 7.0.1 allows remote attackers to ...)
+	TODO: check
+CAN-2004-2291 (Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote ...)
+	TODO: check
+CAN-2004-2290 (Microsoft Windows XP Explorer allows attackers to execute arbitrary ...)
+	TODO: check
+CAN-2004-2289 (Microsoft Windows XP Explorer allows local users to execute arbitrary ...)
+	TODO: check
+CAN-2004-2288 (Cross-site scripting (XSS) vulnerability in index.php in Jelsoft ...)
+	TODO: check
+CAN-2004-2287 (Directory traversal vulnerability in explorer.php in DSM Light Web ...)
+	TODO: check
+CAN-2004-2286 (Integer overflow in the duplication operator in ActivePerl allows ...)
+	TODO: check
+CAN-2004-2285 (ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, ...)
+	TODO: check
+CAN-2003-1219 (Cross-site scripting (XSS) vulnerability in the tep_href_link function ...)
+	TODO: check
 CAN-2005-XXXX [DoS against rsync in embedded zlib copy]
 	NOTE: This is distinct from CAN-2005-2096, please see rsync's 2.6.6 announcement
 	NOTE: It refers to one the the two vaguely described fixes from zlib 1.2.3
@@ -68,7 +202,7 @@
 	NOTE: not-for-us (Oracle Reports)
 CAN-2005-2378 (Oracle Reports allows remote attackers to read arbitrary files via an ...)
 	NOTE: not-for-us (Oracle Reports)
-CAN-2005-2377 (nss_ldap in Mandrake Corporate Server and Mandrake 10.0 (crond and ...)
+CAN-2005-2377 (nss_ldap 181 to versions before 213, as used in Mandrake Corporate ...)
 	NOTE: appears to be Mandrake specfic
 CAN-2005-2376 (Buffer overflow in Race Driver 1.20 and earlier allows remote ...)
 	NOTE: not-for-us (Race Driver)
@@ -107,8 +241,8 @@
 	NOTE: reserved
 CAN-2005-2360
 	NOTE: reserved
-CAN-2005-2359
-	NOTE: reserved
+CAN-2005-2359 (The AES-XCBC-MAC algorithm in IPsec in FreeBSD 5.3 and 5.4, when used ...)
+	TODO: check
 CAN-2005-2358
 	NOTE: reserved
 CAN-2005-2357
@@ -118,8 +252,8 @@
 	NOTE: see CAN-2005-2356
 CAN-2005-2347
 	NOTE: reserved
-CAN-2005-2346
-	NOTE: reserved
+CAN-2005-2346 (Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers ...)
+	TODO: check
 CAN-2005-2345
 	NOTE: reserved
 CAN-2005-2344
@@ -245,7 +379,7 @@
 	NOTE: not-for-us (WebEOC)
 CAN-2005-2283 (WebEOC before 6.0.2 does not properly restrict the size of an uploaded ...)
 	NOTE: not-for-us (WebEOC)
-CAN-2005-2282 (Multiple cross-site scripting (XSS) vulnerabilities in WebEOC 6.0.2 ...)
+CAN-2005-2282 (Multiple cross-site scripting (XSS) vulnerabilities in WebEOC before ...)
 	NOTE: not-for-us (WebEOC)
 CAN-2005-2281 (WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which ...)
 	NOTE: not-for-us (WebEOC)
@@ -434,7 +568,7 @@
 CAN-2005-2320 (WebCalendar before 1.0.0 does not properly restrict access to ...)
 	{DSA-766-1}
 	- webcalender (unfixed; bug #315671; medium)
-CAN-2005-2437 [xsupplicant leaks sensitive password information into logfile]
+CAN-2005-2437 (Website Baker Project does not properly verify the file extensions of ...)
 	- xsupplicant 1.0.1-5
 CAN-2005-XXXX [fiaif: Package provided cron job updates conf files with access definitions]
 	NOTE: This doesn't look like a real security issue as cron.daily should only be
@@ -1243,8 +1377,8 @@
 	NOTE: not-for-us (NetBSD)
 CAN-2005-2133 (The log4sh_readProperties function in log4sh allows local users to ...)
 	NOTE: not-for-us (log4sh)
-CAN-2005-2132
-	NOTE: reserved
+CAN-2005-2132 (RPC portmapper (rpcbind) in SCO UnixWare 7.1.1 m5, 7.1.3 mp5, and ...)
+	TODO: check
 CAN-2005-2131
 	NOTE: reserved
 CAN-2005-2130
@@ -2625,8 +2759,7 @@
 CAN-2005-1854
 	NOTE: reserved
 	{DSA-772-1}
-CAN-2005-1853 [Insecure temp usage in gopher]
-	NOTE: reserved
+CAN-2005-1853 (gopher.c in the Gopher client 3.0.5 does not properly create temporary ...)
 	{DSA-770-1}
 	- gopher 3.0.8 (low)
 CAN-2005-1852 (Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 ...)
@@ -11270,7 +11403,7 @@
 	- racoon 0.3.1-3
 CAN-2004-0402 (Buffer overflow in xpcd-svga in xpcd before 2.08, and possibly other ...)
 	{DSA-508}
-CAN-2004-0401 (Vulnerability in libtasn1 0.1.x before 0.1.2, and 0.2.x before 0.2.7, ...)
+CAN-2004-0401 (Unknown vulnerability in libtasn1 0.1.x before 0.1.2, and 0.2.x before ...)
 	- libtasn1 0.1.2-2
 CAN-2004-0400 (Stack-based buffer overflow in Exim 4 before 4.33, when the ...)
 	{DSA-502 DSA-501}