[Secure-testing-commits] r1528 - data/CAN

Moritz Muehlenhoff jmm-guest at costa.debian.org
Fri Aug 5 09:44:08 UTC 2005


Author: jmm-guest
Date: 2005-08-05 09:44:05 +0000 (Fri, 05 Aug 2005)
New Revision: 1528

Modified:
   data/CAN/list
Log:
new kernel vuln
tiff does only affect Woody
ekg dos already fixed
tdiary already fixed
clamav CANified


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-08-05 09:20:37 UTC (rev 1527)
+++ data/CAN/list	2005-08-05 09:44:05 UTC (rev 1528)
@@ -4,112 +4,110 @@
 	- tor 0.1.0.13-1 (medium)
 CAN-2005-2457
 	NOTE: reserved
-begin claimed by jmm
 CAN-2005-2456 (Array index overflow in the xfrm_sk_policy_insert function in ...)
-	TODO: check
+	- linux-2.6 (unfixed; bug filed; medium)
 CAN-2005-2455 (Greasemonkey before 0.3.5 allows remote web servers to (1) read ...)
-	TODO: check
+	NOTE: not-for-us (Greasemonkey)
 CAN-2005-2454
 	NOTE: reserved
 CAN-2005-2453 (Cross-site scripting (XSS) vulnerability in NetworkActiv Web Server ...)
-	TODO: check
+	NOTE: not-for-us (NetworkActiv Web Server)
 CAN-2005-2452 (libtiff 4.0 allows remote attackers to cause a denial of service ...)
-	TODO: check
+	NOTE: CVE description is broken, this only affects 3.6, it's been fixed in 3.7
+	- tiff 3.7.0-1
 CAN-2005-2451 (Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, ...)
-	TODO: check
+	NOTE: not-for-us (IOS)
 CAN-2005-2450 (Multipl integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file ...)
-	TODO: check
+	- clamav 0.86.2-1 (medium)
 CAN-2005-2449 (Race condition in sandbox before 1.2.11 allows local users to create ...)
-	TODO: check
+	NOTE: not-for-us (sandbox)
 CAN-2005-2448 (Multiple "endianness errors" in libgadu in ekg before 1.6rc2 allow ...)
-	TODO: check
+	- ekg 1:1.5+20050718+1.6rc3-1 (low)
 CAN-2005-2447
 	NOTE: rejected
-	TODO: check
 CAN-2005-2446
 	NOTE: rejected
-	TODO: check
 CAN-2005-2445 (SQL injection vulnerability in viewPrd.asp in Product Cart 2.6 allows ...)
-	TODO: check
+	NOTE: not-for-us (Product Cart)
 CAN-2005-2444 (Trillian Pro 3.1 build 121, when checking Yahoo e-mail, stores the ...)
-	TODO: check
+	NOTE: not-for-us (Trillian)
 CAN-2005-2443 (Kshout 2.x and 3.x stores settings.dat under the web document root ...)
-	TODO: check
+	NOTE: not-for-us (KShout)
 CAN-2005-2442 (Cross-Application Scripting (XAS) vulnerability in SPI Dynamics ...)
-	TODO: check
+	NOTE: not-for-us (SPI Dynamics Web Inspect)
 CAN-2005-2441 (Multiple cross-site scripting (XSS) vulnerabilities in VBzoom allow ...)
-	TODO: check
+	NOTE: not-for-us (VBzoom)
 CAN-2005-2440 (SQL injection vulnerability in login.asp in Thomson Web Skill Vantage ...)
-	TODO: check
+	NOTE: not-for-us (Thomson Web Skill Vantage Manager)
 CAN-2005-2439 (SQL injection vulnerability in UseBB 0.5.1 and earlier, when ...)
-	TODO: check
+	NOTE: not-for-us (UseBB)
 CAN-2005-2438 (Cross-site scripting (XSS) vulnerability in UseBB 0.5.1 and earlier ...)
-	TODO: check
+	NOTE: not-for-us (UseBB)
 CAN-2005-2436 (browse.php in Website Baker Project allows remote attackers to obtain ...)
-	TODO: check
+	NOTE: not-for-us (Website Baker)
 CAN-2005-2435 (Cross-site scripting (XSS) vulnerability in browse.php in Website ...)
-	TODO: check
+	NOTE: not-for-us (Website Baker)
 CAN-2005-2434 (Linksys WRT54G router uses the same private key and certificate for ...)
-	TODO: check
+	NOTE: not-for-us (Linksys hardware)
 CAN-2005-2433 (PhpList allows remote attackers to obtain sensitive information via a ...)
-	TODO: check
+	NOTE: not-for-us (PhpList)
 CAN-2005-2432 (SQL injection vulnerability in PhpList allows remote attackers to ...)
-	TODO: check
+	NOTE: not-for-us (PhpList)
 CAN-2005-2431 (The (1) lost password and (2) account pending features in GForge 4.5 ...)
-	TODO: check
+	TODO: check, whether these apply to 3.1 as well
 CAN-2005-2430 (Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 ...)
-	TODO: check
+	TODO: check, whether these apply to 3.1 as well
 CAN-2005-2429 (Firefox, when opening Microsoft Word documents, does not properly set ...)
-	TODO: check
+	NOTE: not-for-us (Firefox on Windows)
 CAN-2005-2428 (Lotus Domino R5 and R6 WebMail stores data in hidden form fields in ...)
-	TODO: check
+	NOTE: not-for-us (Lotus Domino)
 CAN-2005-2427 (Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ ...)
-	TODO: check
+	NOTE: not-for-us (CartWIZ)
 CAN-2005-2426 (FTPshell Server 3.38 allows remote authenticated users to cause a ...)
-	TODO: check
+	NOTE: not-for-us (FTPshell Server)
 CAN-2005-2425 (Stack-based buffer overflow in Ares FileShare 1.1 allows remote ...)
-	TODO: check
+	NOTE: not-for-us (Ares FileShare)
 CAN-2005-2424 (The management interface for Siemens SANTIS 50 running firmware ...)
-	TODO: check
+	NOTE: not-for-us (Siemens hardware)
 CAN-2005-2423 (Beehive Forum allows remote attackers to obtain sensitive information ...)
-	TODO: check
+	NOTE: not-for-us (Beehive)
 CAN-2005-2422 (Cross-site scripting (XSS) vulnerability in index.php in Beehive Forum ...)
-	TODO: check
+	NOTE: not-for-us (Beehive)
 CAN-2005-2421 (Multiple SQL injection vulnerabilities in index.php and other pages in ...)
-	TODO: check
+	NOTE: not-for-us (Beehive)
 CAN-2005-2420 (flsearch.pl in FtpLocate 2.02 allows remote attackers to execute ...)
-	TODO: check
+	NOTE: not-for-us (FtpLocate)
 CAN-2005-2419 (B-FOCuS Router 312+ allows remote attackers to bypass authentication ...)
-	TODO: check
+	NOTE: not-for-us (hardware issue)
 CAN-2005-2418 (Realchat 3.5.1b allows remote attackers to gain privileges by ...)
-	TODO: check
+	NOTE: not-for-us (Realchat)
 CAN-2005-2417 (Contrexx before 1.0.5 allows remote attackers to obtain sensitive ...)
-	TODO: check
+	NOTE: not-for-us (Contrexx)
 CAN-2005-2416 (Multiple cross-site scripting (XSS) vulnerabilities in Contrexx before ...)
-	TODO: check
+	NOTE: not-for-us (Contrexx)
 CAN-2005-2415 (Multiple SQL injection vulnerabilities in Contrexx before 1.0.5 allow ...)
-	TODO: check
+	NOTE: not-for-us (Contrexx)
 CAN-2005-2414 (Race condition in the xpcom library, as used by web browsers such as ...)
+	NOTE: This is pretty obscure
 	TODO: check
 CAN-2005-2413 (PHP remote file inclusion vulnerability in apa_phpinclude.inc.php in ...)
-	TODO: check
+	NOTE: not-for-us (Atomic Photo Album)
 CAN-2005-2412 (PHP remote file inclusion vulnerability in block.php in PHP FirstPost ...)
-	TODO: check
+	NOTE: not-for-us (First Post)
 CAN-2005-2411 (Cross-Site Request Forgery (CSRF) vulnerability in tDiary 2.1.1, and ...)
-	TODO: check
+	- tdiary 2.0.2-1 (medium)
 CAN-2005-2410 (Format string vulnerability in the nm_info_handler function in Network ...)
-	TODO: check
+	NOTE: not-for-us (Network Manager)
 CAN-2005-2409 (Format string vulnerability in util.c in nbsmtp 0.99 and earlier, ...)
-	TODO: check
+	NOTE: not-for-us (nbsmtp)
 CAN-2005-2408
 	NOTE: reserved
 CAN-2005-2407 (Unknown vulnerability in Opera 8.01 allows attackers to perform "link ...)
-	TODO: check
+	NOTE: not-for-us (Opera)
 CAN-2005-2406 (Opera 8.01 allows remote attackers to conduct cross-site scripting ...)
-	TODO: check
+	NOTE: not-for-us (Opera)
 CAN-2005-2405 (Opera 8.01, when the "Arial Unicode MS" font (ARIALUNI.TTF) is ...)
-	TODO: check
-end claimed by jmm
+	NOTE: not-for-us (Opera)
 CAN-2004-2297 (The Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to ...)
 	TODO: check
 CAN-2004-2296 (The preview_review function in the Reviews module in PHP-Nuke 6.0 to ...)
@@ -555,8 +553,6 @@
 	- netdiag 0.7-7.1 (bug #206905; low)
 CAN-2005-XXXX [Integer overflow in ffmpeg's MPEG encoding]
 	- ffmpeg (unfixed; bug #320150; medium)
-CAN-2005-XXXX [Multiple integer overflows in clamav]
-	- clamav 0.86.2-1 (medium)
 CAN-2005-XXXX [netpbm: arbitrary postscript code execution]
 	- netpbm (unfixed; bug #319757; low)
 CAN-2005-XXXX [Further minor security issues in phpbb]




More information about the Secure-testing-commits mailing list