[Secure-testing-commits] r355 - in sarge-checks: CAN CVE
Joey Hess
joeyh@costa.debian.org
Sun, 06 Feb 2005 09:14:18 +0100
Author: joeyh
Date: 2005-02-06 09:14:14 +0100 (Sun, 06 Feb 2005)
New Revision: 355
Modified:
sarge-checks/CAN/list
sarge-checks/CVE/list
Log:
automatic CAN database update
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-02-05 22:25:33 UTC (rev 354)
+++ sarge-checks/CAN/list 2005-02-06 08:14:14 UTC (rev 355)
@@ -1,15 +1,141 @@
-CAN-2005-0218
- - clamav 0.81
-CAN-2005-0198
- - uw-imap 7:2002edebian1-6
-CAN-2005-0175
+CAN-2005-0229
NOTE: reserved
+CAN-2005-0228
+ TODO: check
+CAN-2005-0227
+ TODO: check
+CAN-2005-0226
+ TODO: check
+CAN-2005-0225
+ TODO: check
+CAN-2005-0224
+ TODO: check
+CAN-2005-0223
+ TODO: check
+CAN-2005-0222
+ TODO: check
+CAN-2005-0221
+ TODO: check
+CAN-2005-0220
+ TODO: check
+CAN-2005-0219
+ TODO: check
+CAN-2005-0217
+ TODO: check
+CAN-2005-0216
+ TODO: check
+CAN-2005-0215
+ TODO: check
+CAN-2005-0214
+ TODO: check
+CAN-2005-0213
+ TODO: check
+CAN-2005-0212
+ TODO: check
+CAN-2005-0211
{DSA-667-1}
-CAN-2005-0174
+ TODO: check
+CAN-2005-0210
NOTE: reserved
-CAN-2005-0173
+CAN-2005-0209
NOTE: reserved
+CAN-2005-0208
+ NOTE: reserved
+CAN-2005-0207
+ NOTE: reserved
+CAN-2005-0206
+ NOTE: reserved
+CAN-2005-0205
+ NOTE: reserved
+CAN-2005-0204
+ NOTE: reserved
+CAN-2005-0203
+ NOTE: reserved
+CAN-2005-0202
+ NOTE: reserved
+CAN-2005-0201
+ NOTE: reserved
+CAN-2005-0200
+ TODO: check
+CAN-2005-0199
+ TODO: check
+CAN-2005-0197
+ TODO: check
+CAN-2005-0196
+ TODO: check
+CAN-2005-0195
+ TODO: check
+CAN-2005-0194
{DSA-667-1}
+ TODO: check
+CAN-2005-0193
+ TODO: check
+CAN-2005-0192
+ TODO: check
+CAN-2005-0191
+ TODO: check
+CAN-2005-0190
+ TODO: check
+CAN-2005-0189
+ TODO: check
+CAN-2005-0188
+ TODO: check
+CAN-2005-0187
+ TODO: check
+CAN-2005-0186
+ TODO: check
+CAN-2005-0185
+ TODO: check
+CAN-2005-0184
+ TODO: check
+CAN-2005-0183
+ TODO: check
+CAN-2005-0182
+ TODO: check
+CAN-2005-0181
+ NOTE: reserved
+CAN-2005-0180
+ TODO: check
+CAN-2005-0179
+ TODO: check
+CAN-2005-0178
+ NOTE: reserved
+CAN-2005-0177
+ NOTE: reserved
+CAN-2005-0176
+ NOTE: reserved
+CAN-2004-1392
+ TODO: check
+CAN-2004-1391
+ TODO: check
+CAN-2004-1390
+ TODO: check
+CAN-2004-1389
+ TODO: check
+CAN-2004-1388
+ TODO: check
+CAN-2004-1387
+ TODO: check
+CAN-2004-1386
+ TODO: check
+CAN-2004-1385
+ TODO: check
+CAN-2004-1384
+ TODO: check
+CAN-2004-1383
+ TODO: check
+CAN-2004-1382
+ TODO: check
+CAN-2005-0218 (ClamAV 0.80 and earlier allows remote attackers to bypass virus ...)
+ - clamav 0.81
+CAN-2005-0198 (A logic error in the CRAM-MD5 code for the University of Washington ...)
+ - uw-imap 7:2002edebian1-6
+CAN-2005-0175 (Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the ...)
+ {DSA-667-1}
+CAN-2005-0174 (Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the ...)
+ TODO: check
+CAN-2005-0173 (squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated ...)
+ {DSA-667-1}
CAN-2005-0172
NOTE: reserved
CAN-2005-0171
@@ -53,8 +179,7 @@
NOTE: reserved
CAN-2005-0153
NOTE: reserved
-CAN-2005-0152
- NOTE: reserved
+CAN-2005-0152 (PHP remote code injection vulnerability in Squirrelmail 1.2.6 allows ...)
{DSA-662-1}
CAN-2005-0151
NOTE: reserved
@@ -106,8 +231,7 @@
CAN-2004-1380 (Firefox before 1.0 and Mozilla before 1.7.5 allows inactive ...)
- mozilla-firefox 1.0
- mozilla-browser 2:1.7.5
-CAN-2005-0133
- NOTE: reserved
+CAN-2005-0133 (ClamAV 0.80 and earlier allows remote attackers to cause a denial of ...)
- clamav 0.80-0.81rc1-1
CAN-2005-0132
NOTE: reserved
@@ -168,16 +292,14 @@
NOTE: reserved
CAN-2005-0105
NOTE: reserved
-CAN-2005-0104
- NOTE: reserved
+CAN-2005-0104 (Cross-site scripting (XSS) vulnerability in webmail.php in ...)
{DSA-662-1}
-CAN-2005-0103
- NOTE: reserved
+CAN-2005-0103 (PHP remote code injection vulnerability in webmail.php in SquirrelMail ...)
- squirrelmail 2:1.4.4-1
CAN-2005-0102 (Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier ...)
- evolution 2.0.3-1.2
-CAN-2005-0101
- NOTE: reserved
+CAN-2005-0101 (Buffer overflow in the socket_getline function in Newspost 2.1.1 and ...)
+ TODO: check
CAN-2005-0100
NOTE: reserved
CAN-2005-0099
@@ -202,8 +324,7 @@
NOTE: reserved
CAN-2005-0090
NOTE: reserved
-CAN-2005-0089
- NOTE: reserved
+CAN-2005-0089 (The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, ...)
{DSA-666-1}
CAN-2005-0088
NOTE: reserved
@@ -244,8 +365,7 @@
{DSA-658-1}
CAN-2005-0076
NOTE: reserved
-CAN-2005-0075
- NOTE: reserved
+CAN-2005-0075 (prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, ...)
- squirrelmail 2:1.4.4-1
CAN-2005-0074
NOTE: reserved
@@ -410,7 +530,7 @@
NOTE: reserved
CAN-2004-1341
NOTE: reserved
-CAN-2004-1340 (Debian GNU/Linux installs the libpam-radius-auth package with the ...)
+CAN-2004-1340 (Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the ...)
{DSA-659-1}
- libpam-radius-auth 1.3.16-1.1
CAN-2005-0032
@@ -441,21 +561,17 @@
{DSA-641-1}
CAN-2005-0019
NOTE: reserved
-CAN-2005-0018
- NOTE: reserved
+CAN-2005-0018 (The f2 shell script in the f2c package 3.1 allows local users to read ...)
{DSA-661-1}
-CAN-2005-0017
- NOTE: reserved
+CAN-2005-0017 (The f2c translator in the f2c package 3.1 allows local users to read ...)
{DSA-661-1}
CAN-2005-0016 (Buffer overflow in the exported_display function in xatitv in gatos ...)
{DSA-640-1}
CAN-2005-0015 (diatheke.pl in Sword 1.5.7a allows remote attackers to execute ...)
{DSA-650-1}
-CAN-2005-0014
- NOTE: reserved
+CAN-2005-0014 (Buffer overflow in ncplogin in ncpfs before 2.2.6 allows remote ...)
- ncpfs (unfixed; bug #293446)
-CAN-2005-0013
- NOTE: reserved
+CAN-2005-0013 (nwclient.c in ncpfs before 2.2.6 does not drop root privileges before ...)
{DSA-665-1}
- ncpfs (unfixed; bug #293446)
CAN-2005-0012 (Format string vulnerability in the a_Interface_msg function in Dillo ...)
@@ -853,7 +969,7 @@
{DSA-615-1}
CAN-2004-1178
NOTE: reserved
-CAN-2004-1177 (Cross-site scripting vulnerability in the driver script in mailman ...)
+CAN-2004-1177 (Cross-site scripting (XSS) vulnerability in the driver script in ...)
- mailman 2.1.5-5
NOTE: there's also bug #285839, no CAN.
CAN-2004-1176 (Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and ...)
@@ -1085,7 +1201,7 @@
NOTE: fixed in 2.6.8 and 2.4.27
CAN-2004-1071 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to ...)
NOTE: fixed in 2.6.8 and 2.4.27
-CAN-2004-1070 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to ...)
+CAN-2004-1070 (The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) ...)
NOTE: fixed in 2.6.8 and 2.4.27
CAN-2004-1069 (Race condition in SELinux 2.6.x through 2.6.9 allows local users to ...)
NOTE: 2.6 only issue
@@ -1395,7 +1511,7 @@
NOTE: fixed in 2.4.28, 2.6.9
NOTE: check with kernel people
CAN-2004-0948
- NOTE: reserved
+ NOTE: rejected
CAN-2004-0947 (Buffer overflow in unarj before 2.63a-r2 allows remote attackers to ...)
{DSA-652-1}
NOTE: see http://lwn.net/Alerts/110733/
@@ -2380,8 +2496,8 @@
CAN-2004-0492 (Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache ...)
{DSA-525}
- apache 1.3.31-2
-CAN-2004-0491
- NOTE: reserved
+CAN-2004-0491 (The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not ...)
+ TODO: check
CAN-2004-0490 (cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec ...)
NOTE: not-for-us (cPanel is not our cpanel)
CAN-2004-0489 (Argument injection vulnerability in the SSH URI handler for Safari on ...)
@@ -3356,8 +3472,8 @@
{DSA-424}
CAN-2003-1022
{DSA-416}
-CAN-2003-1021
- NOTE: reserved
+CAN-2003-1021 (The scosession program in OpenServer 5.0.6 and 5.0.7 allows local ...)
+ TODO: check
CAN-2003-1020 (The format_send_to_gui function in formats.c for irssi before 0.8.9 ...)
- irssi-text 0.8.9-0.1
CAN-2003-1019
@@ -8273,7 +8389,7 @@
CAN-2000-0016 (Buffer overflow in Internet Anywhere POP3 Mail Server allows remote ...)
CAN-2000-0008 (FTPPro allows local users to read sensitive information, which is ...)
CAN-2000-0005 (HP-UX aserver program allows local users to gain privileges via a ...)
-CAN-1999-1572 (cpio on FreeBSD 2.1.0, and possibly other operating systems, uses a 0 ...)
+CAN-1999-1572 (cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other ...)
{DSA-664-1}
CAN-1999-1571 (Buffer overflow in sar for SCO OpenServer 5.0.0 through 5.0.5 may ...)
CAN-1999-1570 (Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain ...)
Modified: sarge-checks/CVE/list
===================================================================
--- sarge-checks/CVE/list 2005-02-05 22:25:33 UTC (rev 354)
+++ sarge-checks/CVE/list 2005-02-06 08:14:14 UTC (rev 355)
@@ -1212,7 +1212,7 @@
CVE-2002-0658
{DSA-137}
CVE-2002-0653
- NOTE: covered by DSA-135
+ TODO: check
STOP: This is apporixmatly where woody was released.
CVE-2002-0651
CVE-2002-0650