[Secure-testing-commits] r1639 - data/CAN

Joey Hess joeyh at costa.debian.org
Wed Aug 24 21:14:22 UTC 2005 

Author: joeyh
Date: 2005-08-24 21:14:18 +0000 (Wed, 24 Aug 2005)
New Revision: 1639

Modified:
   data/CAN/list
Log:
automatic CAN database update

Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-08-24 20:57:08 UTC (rev 1638)
+++ data/CAN/list	2005-08-24 21:14:18 UTC (rev 1639)
@@ -1,3 +1,64 @@
+CAN-2005-2684 (nquser.php in Virtual Edge Netquery 3.11 allows remote attackers to ...)
+	TODO: check
+CAN-2005-2683 (SQL injection vulnerability in include.php in PHPKit 1.6.1 allow ...)
+	TODO: check
+CAN-2005-2682 (aspell_setup.php in the SpellChecker plugin in DTLink AreaEdit before ...)
+	TODO: check
+CAN-2005-2681 (Unspecified vulnerability in the command line processing (CLI) logic ...)
+	TODO: check
+CAN-2005-2680 (Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when ...)
+	TODO: check
+CAN-2005-2679 (Buffer overflow in Sysinternals Process Explorer 9.23, and other ...)
+	TODO: check
+CAN-2005-2678 (Microsoft IIS 5.1 and 6 allows remote attackers to spoof the ...)
+	TODO: check
+CAN-2005-2677 (ACNews stores the database in a file under the web document root with ...)
+	TODO: check
+CAN-2005-2676 (Cross-site scripting (XSS) vulnerability in displayimage.php in ...)
+	TODO: check
+CAN-2005-2675 (** DISPUTED ** Note: the vendor has disputed this issue. ...)
+	TODO: check
+CAN-2005-2674 (** DISPUTED ** Note: the vendor has disputed this issue. ...)
+	TODO: check
+CAN-2005-2673 (SQL injection vulnerability in modcp.php in WoltLab Burning Board ...)
+	TODO: check
+CAN-2005-2671
+	NOTE: rejected
+	TODO: check
+CAN-2005-2670 (Directory traversal vulnerability in HAURI Anti-Virus products ...)
+	TODO: check
+CAN-2005-2669 (Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 ...)
+	TODO: check
+CAN-2005-2668 (Multiple buffer overflows in Computer Associates (CA) Message Queuing ...)
+	TODO: check
+CAN-2005-2667 (Unknown vulnerability in Computer Associates (CA) Message Queuing (CAM ...)
+	TODO: check
+CAN-2005-2666 (SSH, as implemented in OpenSSH before 4.0 and possibly other ...)
+	TODO: check
+CAN-2005-2665 (Stack-based buffer overflow in expires.c in Elm 2.5 PL5 through PL7, ...)
+	TODO: check
+CAN-2005-2664 (Whisper 32 1.16, and possibly earlier versions, stores passwords in ...)
+	TODO: check
+CAN-2005-2663
+	NOTE: reserved
+CAN-2005-2662
+	NOTE: reserved
+CAN-2005-2661
+	NOTE: reserved
+CAN-2005-2660
+	NOTE: reserved
+CAN-2005-2659
+	NOTE: reserved
+CAN-2005-2658
+	NOTE: reserved
+CAN-2005-2657
+	NOTE: reserved
+CAN-2005-2656
+	NOTE: reserved
+CAN-2005-2655
+	NOTE: reserved
+CAN-2005-2654
+	NOTE: reserved
 CAN-2005-XXXX [cplay - still unsafe temporary file handling vulnerable to symlink attacks]
 	- cplay (unfixed; bug #324913; low)
 CAN-2005-XXXX [$servers[$i]['disable_anon_bind'] = true doesn't prevent anonymous to access ldap directory]
@@ -2,3 +63,3 @@
 	- phpldapadmin 0.9.6c-5 (bug #322423; low)
-CAN-2005-2672 [lm-sensors: Insecure tempfile usage in pwmconfig]
+CAN-2005-2672 (pwmconfig in LM_sensors before 2.9.1 creates temporary files ...)
 	- lm-sensors 1:2.9.1-7 (bug #324193; medium)
@@ -504,6 +565,7 @@
 CAN-2004-2344 (Unknown vulnerability in the ASN.1/H.323/H.225 stack of VocalTec ...)
 	NOTE: not-for-us (VocalTec)
 CAN-2004-2343 (** DISPUTED ** ...)
+	TODO: check
 CAN-2004-2342 (ChatterBox 2.0 allows remote attackers to cause a denial of service ...)
 	NOTE: not-for-us (ChatterBox)
 CAN-2004-2341 (PHP file include injection vulnerability in isearch.inc.php for ...)
@@ -617,6 +679,7 @@
 CAN-2005-2551 (Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 ...)
 	NOTE: not-for-us (Novell eDirectory)
 CAN-2005-2547 (security.c in hcid for BlueZ 2.18 and earlier allows remote attackers ...)
+	{DSA-782-1}
 	- bluez-utils 2.19-1 (bug #323365; medium)
 CAN-2005-XXXX [centericq embeds libgadu, which had multiple vulns]
 	NOTE: Will be split once the maintainer has investigated this
@@ -719,8 +782,8 @@
 CAN-2005-2500 (Buffer overflow in the xdr_xcode_array2 function in xdr.c in Linux ...)
 	NOTE: Does not affect 2.6.8 or 2.4.27, fixed in current 2.6.12 kernels
 	- linux-2.6 2.6.12-1 (medium)
-CAN-2005-2499
-	NOTE: reserved
+CAN-2005-2499 (slocate before 2.7 does not properly process very long paths, which ...)
+	TODO: check
 CAN-2005-2498 (Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR ...)
 	- drupal (unfixed; bug #323347; high)
 	- phpgroupware (unfixed; bug #323349; high)
@@ -740,8 +803,7 @@
 	NOTE: reserved
 CAN-2005-2492
 	NOTE: reserved
-CAN-2005-2491 [PCRE Heap Overflow May Let Users Execute Arbitrary Code]
-	NOTE: reserved
+CAN-2005-2491 (Integer overflow in pcre_compile.c in Perl Compatible Regular ...)
 	- pcre3 (unfixed; bug #324531; medium)
 CAN-2005-2490
 	NOTE: reserved
@@ -822,13 +884,11 @@
 	NOTE: not-for-us (Adobe)
 CAN-2005-2469
 	NOTE: reserved
-CAN-2005-2459 [kernel zlib vulnerability]
-	NOTE: reserved
+CAN-2005-2459 (The huft_build function in inflate.c in the zlib routines in the Linux ...)
 	NOTE: 2.6.8 will be handled in DSA, 2.6.8 will soon be removed from sid
 	- linux-2.6 2.6.12-3 (bug #323173)
 	- kernel-source-2.4.27 2.4.27-11 (medium)
-CAN-2005-2458 [kernel zlib vulnerability]
-	NOTE: reserved
+CAN-2005-2458 (inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 ...)
 	NOTE: 2.6.8 will be handled in DSA, 2.6.8 will soon be removed from sid
 	- linux-2.6 2.6.12-3 (bug #323173; medium)
 	- kernel-source-2.4.27 2.4.27-11 (medium)
@@ -972,8 +1032,8 @@
 	- hiki 0.8.3-1
 CAN-2005-XXXX [Crypto weakness in Tor's handshaking process]
 	- tor 0.1.0.14-1 (medium)
-CAN-2005-2457
-	NOTE: reserved
+CAN-2005-2457 (The driver for compressed ISO file systems (zisofs) in the Linux ...)
+	TODO: check
 CAN-2005-2456 (Array index overflow in the xfrm_sk_policy_insert function in ...)
 	NOTE: Will also be fixed in DSAs for 2.4.27 and 2.6.8
 	- linux-2.6 2.6.12-2 (bug #321401; medium)
@@ -1196,7 +1256,7 @@
 	- gaim 1:1.4.0-5 (low)
 CAN-2005-2369 (Multiple integer signedness errors in libgadu, as used in ekg before ...)
 	TODO: check gaim and others that embed libgadu in source tree
-CAN-2005-2368 (vim 6.3 before 6.3.082, with modelines enabled, allows attackers to ...)
+CAN-2005-2368 (vim 6.3 before 6.3.082, with modelines enabled, allows external ...)
 	- vim 1:6.3-085+1 (bug #320017; medium)
 CAN-2005-2367 (Format string vulnerability in the proto_item_set_text function in ...)
 	- ethereal 0.10.12 (medium)
@@ -1554,12 +1614,12 @@
 CAN-2005-2271 (iCab 2.9.8 does not clearly associate a Javascript dialog box with the ...)
 	NOTE: not-for-us (iCab)
 CAN-2005-2270 (Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone ...)
-	{DSA-779-1}
+	{DSA-781-1 DSA-779-1}
 	- mozilla-firefox 1.0.5-1 (high)
 	- mozilla 2:1.7.10-1 (high)
 	- mozilla-thunderbird 1.0.6-1 (high)
 CAN-2005-2269 (Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does ...)
-	{DSA-779-1}
+	{DSA-781-1 DSA-779-1}
 	- mozilla-firefox 1.0.5-1 (high)
 	- mozilla 2:1.7.10-1 (medium)
 	- mozilla-thunderbird 1.0.6-1 (medium)
@@ -1571,12 +1631,12 @@
 	{DSA-779-1}
 	- mozilla-firefox 1.0.5-1 (medium)
 CAN-2005-2266 (Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to ...)
-	{DSA-779-1}
+	{DSA-781-1 DSA-779-1}
 	- mozilla-firefox 1.0.5-1 (medium)
 	- mozilla 2:1.7.10-1 (medium)
 	- mozilla-thunderbird 1.0.6-1 (low)
 CAN-2005-2265 (Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 ...)
-	{DSA-779-1}
+	{DSA-781-1 DSA-779-1}
 	- mozilla-firefox 1.0.5-1 (high)
 	- mozilla 2:1.7.10-1 (medium)
 	- mozilla-thunderbird 1.0.6-1 (medium)
@@ -1591,7 +1651,7 @@
 	{DSA-779-1}
 	- mozilla-firefox 1.0.5-1 (medium)
 CAN-2005-2261 (Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, ...)
-	{DSA-779-1}
+	{DSA-781-1 DSA-779-1}
 	- mozilla-firefox 1.0.5-1 (medium)
 	- mozilla 2:1.7.10-1 (medium)
 	- mozilla-thunderbird 1.0.6-1 (medium)
@@ -2429,12 +2489,10 @@
 	TODO: check
 CAN-2005-2100
 	NOTE: reserved
-CAN-2005-2099 [kernel 2.6 keyring related DoS]
-	NOTE: reserved
+CAN-2005-2099 (The Linux kernel before 2.6.12.5 does not properly destroy a keyring ...)
 	NOTE: 2.6.8 and 2.4.27 not affected
 	- linux-2.6 2.6.12-3 (unfixed; bug #323039; medium)
-CAN-2005-2098 [kernel 2.6 keyring related DoS]
-	NOTE: reserved
+CAN-2005-2098 (The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before ...)
 	NOTE: 2.6.8 and 2.4.27 not affected
 	- linux-2.6 2.6.12-3 (unfixed; bug #323039; medium)
 CAN-2005-2097 (xpdf and kpdf do not properly validate the "loca" table in PDF files, ...)
@@ -3045,7 +3103,7 @@
 	NOTE: not-for-us (XAMPP)
 CAN-2005-2042 (Cross-site scripting (XSS) vulnerability in ajax-spell before 1.8 ...)
 	NOTE: not-for-us (ajax-spell)
-CAN-2005-2041 (Buffer overflow in addschup in ViRobot 2.0 allows remote attackers to ...)
+CAN-2005-2041 (Buffer overflow in addschup in HAURI ViRobot 2.0, and possibly other ...)
 	NOTE: not-for-us (ViRobot)
 CAN-2005-2040 (Multiple buffer overflows in the getterminaltype function in telnetd ...)
 	{DSA-758-1}
@@ -4423,6 +4481,7 @@
 CAN-2005-1637 (Multiple SQL injection vulnerabilities in NPDS 4.8 and 5.0 allow ...)
 	NOTE: not-for-us (NPDS)
 CAN-2005-1636 (mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 ...)
+	{DSA-783-1}
 	- mysql-dfsg 4.0.12-2
 CAN-2005-1635 (JGS-XA JGS-Portal 3.0.2 and earlier allows remote attackers to obtain ...)
 	NOTE: not-for-us (JGS-Portal)
@@ -4650,6 +4709,7 @@
 CAN-2005-1533
 	NOTE: reserved
 CAN-2005-1532 (Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly ...)
+	{DSA-781-1}
 	- mozilla-firefox 1.0.4
 	- mozilla-browser 2:1.7.8
 	- mozilla-thunderbird 1.0.6-1 (high)
@@ -6389,10 +6449,12 @@
 CAN-2005-1161 (Multiple SQL injection vulnerabilities in OneWorldStore allow remote ...)
 	NOTE: not-for-us (OneWorldStore)
 CAN-2005-1160 (The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla ...)
+	{DSA-781-1}
 	- mozilla-firefox 1.0.3-1
 	- mozilla 1.7.7-1
 	- mozilla-thunderbird 1.0.6-1 (high)
 CAN-2005-1159 (The native implementations of InstallTrigger and other functions in ...)
+	{DSA-781-1}
 	- mozilla-firefox 1.0.3-1
 	- mozilla 1.7.7-1
 	- mozilla-thunderbird 1.0.6-1 (medium)
@@ -6777,6 +6839,7 @@
 CAN-2005-0990 (unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite ...)
 	- sharutils 4.2.1-13
 CAN-2005-0989 (The find_replen function in jsstr.c in the the Javascript engine for ...)
+	{DSA-781-1}
 	- mozilla 1.7.7-1
 	- mozilla-firefox 1.0.2-3
 	- mozilla-thunderbird 1.0.6-1 (medium)
@@ -12836,7 +12899,7 @@
 	NOTE: apparently the security team thinks this is a minor issue; nevertheless,
 	NOTE: the bug is still open, so they should close it if it really is neglectible.
 	NOTE: not listed in usual format since I'm tired of looking at it in the report -- JEH
-CAN-2004-0174 (Apache before 2.0.49, when using multiple listening sockets on certain ...)
+CAN-2004-0174 (Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using ...)
 	- apache 1.3.29.0.2-5
 CAN-2004-0172 (Heap-based buffer overflow in the search_for_command function of ...)
 	NOTE: not-for-us (ltrace; Debian (and no other distribution) installs this SUID root)

More information about the Secure-testing-commits mailing list