[Secure-testing-commits] r1549 - data/CAN

Joey Hess joeyh at costa.debian.org
Wed Aug 10 09:14:19 UTC 2005 

Author: joeyh
Date: 2005-08-10 09:14:15 +0000 (Wed, 10 Aug 2005)
New Revision: 1549

Modified:
   data/CAN/list
Log:
automatic CAN database update

Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-08-09 20:32:06 UTC (rev 1548)
+++ data/CAN/list	2005-08-10 09:14:15 UTC (rev 1549)
@@ -1,3 +1,119 @@
+CAN-2005-2546 (Arab Portal 2.0 allows remote attackers to obtain sensitive ...)
+	TODO: check
+CAN-2005-2545 (Multiple cross-site scripting (XSS) vulnerabilities in PHPOpenChat ...)
+	TODO: check
+CAN-2005-2544 (PHP remote file inclusion vulnerability in config.php in Comdev ...)
+	TODO: check
+CAN-2005-2543 (Directory traversal vulnerability in wce.download.php in Comdev ...)
+	TODO: check
+CAN-2005-2542 (Invision Power Board (IPB) 1.0.3 allows remote attackers to inject ...)
+	TODO: check
+CAN-2005-2541 (Tar 1.15.1 does not properly warn the user when extracting setuid or ...)
+	TODO: check
+CAN-2005-2540 (CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier ...)
+	TODO: check
+CAN-2005-2539 (Multiple cross-site scripting (XSS) vulnerabilities in FlatNuke 2.5.5 ...)
+	TODO: check
+CAN-2005-2538 (FlatNuke 2.5.5 and possibly earlier versions allows remote attackers ...)
+	TODO: check
+CAN-2005-2537 (FlatNuke 2.5.5 and possibly earlier versions allows remote attackers ...)
+	TODO: check
+CAN-2005-2536 (pstotext before 1.8g does not properly use the "-dSAFER" option when ...)
+	TODO: check
+CAN-2005-2535 (Buffer overflow in the Discovery Service in BrightStor ARCserve Backup ...)
+	TODO: check
+CAN-2005-2534
+	NOTE: reserved
+CAN-2005-2533
+	NOTE: reserved
+CAN-2005-2532
+	NOTE: reserved
+CAN-2005-2531
+	NOTE: reserved
+CAN-2005-2530
+	NOTE: reserved
+CAN-2005-2529
+	NOTE: reserved
+CAN-2005-2528
+	NOTE: reserved
+CAN-2005-2527
+	NOTE: reserved
+CAN-2005-2526
+	NOTE: reserved
+CAN-2005-2525
+	NOTE: reserved
+CAN-2005-2524
+	NOTE: reserved
+CAN-2005-2523
+	NOTE: reserved
+CAN-2005-2522
+	NOTE: reserved
+CAN-2005-2521
+	NOTE: reserved
+CAN-2005-2520
+	NOTE: reserved
+CAN-2005-2519
+	NOTE: reserved
+CAN-2005-2518
+	NOTE: reserved
+CAN-2005-2517
+	NOTE: reserved
+CAN-2005-2516
+	NOTE: reserved
+CAN-2005-2515
+	NOTE: reserved
+CAN-2005-2514
+	NOTE: reserved
+CAN-2005-2513
+	NOTE: reserved
+CAN-2005-2512
+	NOTE: reserved
+CAN-2005-2511
+	NOTE: reserved
+CAN-2005-2510
+	NOTE: reserved
+CAN-2005-2509
+	NOTE: reserved
+CAN-2005-2508
+	NOTE: reserved
+CAN-2005-2507
+	NOTE: reserved
+CAN-2005-2506
+	NOTE: reserved
+CAN-2005-2505
+	NOTE: reserved
+CAN-2005-2504
+	NOTE: reserved
+CAN-2005-2503
+	NOTE: reserved
+CAN-2005-2502
+	NOTE: reserved
+CAN-2005-2501
+	NOTE: reserved
+CAN-2005-2500 (Buffer overflow in the xdr_xcode_array2 function in xdr.c in Linux ...)
+	TODO: check
+CAN-2005-2499
+	NOTE: reserved
+CAN-2005-2498
+	NOTE: reserved
+CAN-2005-2497
+	NOTE: reserved
+CAN-2005-2496
+	NOTE: reserved
+CAN-2005-2495
+	NOTE: reserved
+CAN-2005-2494
+	NOTE: reserved
+CAN-2005-2493
+	NOTE: reserved
+CAN-2005-2492
+	NOTE: reserved
+CAN-2005-2491
+	NOTE: reserved
+CAN-2005-2490
+	NOTE: reserved
+CAN-2004-2302 (Race condition in the sysfs_read_file and sysfs_write_file functions ...)
+	TODO: check
 CAN-2005-XXXX [Buffer overflow in Description parsing]
 	- bidwatcher (unfixed; bug #319489; high)
 CAN-2005-XXXX [Does not do escaping in mysql version - both a worrying flaw and stops adduser working]
@@ -336,7 +452,8 @@
 	NOTE: not-for-us (Light Web File Manager)
 CAN-2004-2286 (Integer overflow in the duplication operator in ActivePerl allows ...)
 	NOTE: not-for-us (ActivePerl)
-CAN-2004-2285 (ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, ...)
+CAN-2004-2285
+	NOTE: rejected
 	NOTE: not-for-us (Perl on Windows)
 CAN-2003-1219 (Cross-site scripting (XSS) vulnerability in the tep_href_link function ...)
 	NOTE: not-for-us (osCommerce)
@@ -431,22 +548,22 @@
 	TODO: check gaim and others that embed libgadu in source tree
 CAN-2005-2368 (vim 6.3 before 6.3.082, with modelines enabled, allows attackers to ...)
 	- vim 1:6.3-085+1 (bug #320017; medium)
-CAN-2005-2367
-	NOTE: reserved
-CAN-2005-2366
-	NOTE: reserved
-CAN-2005-2365
-	NOTE: reserved
-CAN-2005-2364
-	NOTE: reserved
-CAN-2005-2363
-	NOTE: reserved
-CAN-2005-2362
-	NOTE: reserved
-CAN-2005-2361
-	NOTE: reserved
-CAN-2005-2360
-	NOTE: reserved
+CAN-2005-2367 (Format string vulnerability in the proto_item_set_text function in ...)
+	TODO: check
+CAN-2005-2366 (Unknown vulnerability in the BER dissector in Ethereal 0.10.11 allows ...)
+	TODO: check
+CAN-2005-2365 (Unknown vulnerability in the SMB dissector in Ethereal 0.9.0 through ...)
+	TODO: check
+CAN-2005-2364 (Unknown vulnerability in the (1) GIOP dissector, (2) WBXML, or (3) ...)
+	TODO: check
+CAN-2005-2363 (Unknown vulnerability in the (1) SMPP dissector, (2) 802.3 dissector, ...)
+	TODO: check
+CAN-2005-2362 (Unknown vulnerability several dissectors in Ethereal 0.9.0 through ...)
+	TODO: check
+CAN-2005-2361 (Unknown vulnerability in the (1) AgentX dissector, (2) PER dissector, ...)
+	TODO: check
+CAN-2005-2360 (Unknown vulnerability in the LDAP dissector in Ethereal 0.8.5 through ...)
+	TODO: check
 CAN-2005-2359 (The AES-XCBC-MAC algorithm in IPsec in FreeBSD 5.3 and 5.4, when used ...)
 	- kfreebsd-5 5.3-1 (medium)
 CAN-2005-2358
@@ -541,7 +658,8 @@
 	NOTE: not-for-us (DG Remote Control Server)
 CAN-2005-2304 (Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 allows remote ...)
 	NOTE: not-for-us (Microsoft)
-CAN-2005-2303 (Unknown vulnerability in the Microsoft Windows kernel allows remote ...)
+CAN-2005-2303
+	NOTE: rejected
 	NOTE: not-for-us (Microsoft)
 CAN-2005-2302 (PowerDNS before 2.9.18, when allowing recursion to a restricted range ...)
 	{DSA-771-1}
@@ -2368,26 +2486,26 @@
 	- ruby1.9 1.9.0+20050623-1 (medium)
 CAN-2005-1991
 	NOTE: reserved
-CAN-2005-1990
-	NOTE: reserved
-CAN-2005-1989
-	NOTE: reserved
-CAN-2005-1988
-	NOTE: reserved
+CAN-2005-1990 (Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a ...)
+	TODO: check
+CAN-2005-1989 (Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows ...)
+	TODO: check
+CAN-2005-1988 (Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows ...)
+	TODO: check
 CAN-2005-1987
 	NOTE: reserved
 CAN-2005-1986
 	NOTE: reserved
 CAN-2005-1985
 	NOTE: reserved
-CAN-2005-1984
-	NOTE: reserved
-CAN-2005-1983
-	NOTE: reserved
-CAN-2005-1982
-	NOTE: reserved
-CAN-2005-1981
-	NOTE: reserved
+CAN-2005-1984 (Buffer overflow in the Print Spooler service (Spoolsv.exe) for ...)
+	TODO: check
+CAN-2005-1983 (Buffer overflow in the Plug and Play (PnP) service for Microsoft ...)
+	TODO: check
+CAN-2005-1982 (Unknown vulnerability in the PKINIT Protocol for Microsoft Windows ...)
+	TODO: check
+CAN-2005-1981 (Unknown vulnerability in Microsoft Windows 2000 Server and Windows ...)
+	TODO: check
 CAN-2005-1980
 	NOTE: reserved
 CAN-2005-1979
@@ -4086,7 +4204,7 @@
 	NOTE: not-for-us
 CAN-2004-2023 (SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4 ...)
 	NOTE: not-for-us
-CAN-2004-2022 (Stack-based buffer overflow in ActivePerl for Win32 5.6.1 and 5.8.0 ...)
+CAN-2004-2022 (ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, ...)
 	NOTE: not-for-us (various perls on Windows)
 CAN-2004-2021 (Directory traversal vulnerability in file_manager.php in osCommerce ...)
 	NOTE: not-for-us (osCommerce)
@@ -5330,8 +5448,8 @@
 	NOTE: not-for-us (Shoutbox)
 CAN-2005-1219 (Buffer overflow in the Microsoft Color Management Module for Windows ...)
 	TODO: check
-CAN-2005-1218
-	NOTE: reserved
+CAN-2005-1218 (The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows ...)
+	TODO: check
 CAN-2005-1217
 	NOTE: reserved
 CAN-2005-1216 (Microsoft ISA Server 2000 allows remote attackers to connect to ...)
@@ -9250,8 +9368,8 @@
 	NOTE: not-for-us (Microsoft)
 CAN-2005-0059 (Buffer overflow in the Message Queuing component of Microsoft Windows ...)
 	NOTE: not-for-us (Microsoft)
-CAN-2005-0058
-	NOTE: reserved
+CAN-2005-0058 (Buffer overflow in the Telephony Application Programming Interface ...)
+	TODO: check
 CAN-2005-0057 (The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 ...)
 	NOTE: not-for-us (Microsoft)
 CAN-2005-0056 (Internet Explorer 5.01, 5.5, and 6 does not properly validate certain ...)

More information about the Secure-testing-commits mailing list