[Secure-testing-commits] r356 - in sarge-checks: CAN CVE DSA
Joey Hess
joeyh@costa.debian.org
Sun, 06 Feb 2005 20:56:06 +0100
Author: joeyh
Date: 2005-02-06 20:56:01 +0100 (Sun, 06 Feb 2005)
New Revision: 356
Modified:
sarge-checks/CAN/list
sarge-checks/CVE/list
sarge-checks/DSA/list
Log:
mass update
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-02-06 08:14:14 UTC (rev 355)
+++ sarge-checks/CAN/list 2005-02-06 19:56:01 UTC (rev 356)
@@ -1,40 +1,41 @@
CAN-2005-0229
NOTE: reserved
CAN-2005-0228
- TODO: check
+ - gpsd 2.7-4
+ NOTE: apparently dup of CAN-2004-1388
CAN-2005-0227
- TODO: check
+ {DSA-668-1}
CAN-2005-0226
- TODO: check
+ NOTE: not-for-us (ngIRCd)
CAN-2005-0225
- TODO: check
+ NOTE: partially fixed already
+ - firehol (unfixed; bug #293900)
CAN-2005-0224
- TODO: check
+ NOTE: not-for-us (HP-UX)
CAN-2005-0223
- TODO: check
+ NOTE: not-for-us (Java SDK and RTE for Tru64 UNIX)
CAN-2005-0222
- TODO: check
+ - gallery 1.4.4-pl5-1
CAN-2005-0221
- TODO: check
+ - gallery 1.4.4-pl5-1
CAN-2005-0220
- TODO: check
+ - gallery 1.4.4-pl5-1
CAN-2005-0219
- TODO: check
+ - gallery 1.4.4-pl5-1
CAN-2005-0217
- TODO: check
+ NOTE: not-for-us (Invision Community Blog )
CAN-2005-0216
- TODO: check
+ NOTE: not-for-us (Woltlab Burning Board Lite)
CAN-2005-0215
- TODO: check
+ NOTE: not-for-us (Mozilla 1.6 for Windows)
CAN-2005-0214
- TODO: check
+ NOTE: not-for-us (SPHPBlog)
CAN-2005-0213
- TODO: check
+ NOTE: not-for-us (WinHKI)
CAN-2005-0212
- TODO: check
+ NOTE: not-for-us (The Amp II engine as used by Gore: Ultimate Soldier)
CAN-2005-0211
{DSA-667-1}
- TODO: check
CAN-2005-0210
NOTE: reserved
CAN-2005-0209
@@ -56,48 +57,47 @@
CAN-2005-0201
NOTE: reserved
CAN-2005-0200
- TODO: check
+ NOTE: not-for-us (TikiWiki)
CAN-2005-0199
- TODO: check
+ NOTE: not-for-us (ngIRCd)
CAN-2005-0197
- TODO: check
+ NOTE: not-for-us (Cisco)
CAN-2005-0196
- TODO: check
+ NOTE: not-for-us (Cisco)
CAN-2005-0195
- TODO: check
+ NOTE: not-for-us (Cisco)
CAN-2005-0194
{DSA-667-1}
- TODO: check
CAN-2005-0193
- TODO: check
+ NOTE: not-for-us (mRouter in iSync in OS X)
CAN-2005-0192
- TODO: check
+ NOTE: not-for-us (RealPlayer)
CAN-2005-0191
- TODO: check
+ NOTE: not-for-us (RealPlayer)
CAN-2005-0190
- TODO: check
+ NOTE: not-for-us (RealPlayer)
CAN-2005-0189
- TODO: check
+ NOTE: not-for-us (RealPlayer)
CAN-2005-0188
- TODO: check
+ NOTE: not-for-us (AtHoc toolbar)
CAN-2005-0187
- TODO: check
+ NOTE: not-for-us (AtHoc toolbar)
CAN-2005-0186
- TODO: check
+ NOTE: not-for-us (CIsco)
CAN-2005-0185
- TODO: check
+ NOTE: not-for-us (NodeManager Professional)
CAN-2005-0184
TODO: check
CAN-2005-0183
TODO: check
CAN-2005-0182
- TODO: check
+ NOTE: not-for-us (mod_dosevasive module for apache)
CAN-2005-0181
NOTE: reserved
CAN-2005-0180
- TODO: check
+ TODO: check with kernel team
CAN-2005-0179
- TODO: check
+ TODO: check with kernel team
CAN-2005-0178
NOTE: reserved
CAN-2005-0177
@@ -105,27 +105,27 @@
CAN-2005-0176
NOTE: reserved
CAN-2004-1392
- TODO: check
+ TODO: check (asked vorlon if we've vulnerable)
CAN-2004-1391
- TODO: check
+ NOTE: not-for-us (PPPoE daemon (PPPoEd) in QNX RTP)
CAN-2004-1390
- TODO: check
+ NOTE: not-for-us (PPPoE daemon (PPPoEd) in QNX RTP)
CAN-2004-1389
- TODO: check
+ NOTE: not-for-us (Veritas NetBackup Administrative Assistant)
CAN-2004-1388
- TODO: check
+ - gpsd 2.7-4
CAN-2004-1387
- TODO: check
+ - apache 1.3.33-3
CAN-2004-1386
- TODO: check
+ NOTE: not-for-us (TikiWiki)
CAN-2004-1385
- TODO: check
+ - phpgroupware (unfixed; bug filed)
CAN-2004-1384
- TODO: check
+ - phpgroupware (unfixed; bug filed)
CAN-2004-1383
- TODO: check
+ - phpgroupware (unfixed; bug filed)
CAN-2004-1382
- TODO: check
+ - 2.3.2.ds1-19
CAN-2005-0218 (ClamAV 0.80 and earlier allows remote attackers to bypass virus ...)
- clamav 0.81
CAN-2005-0198 (A logic error in the CRAM-MD5 code for the University of Washington ...)
@@ -133,7 +133,7 @@
CAN-2005-0175 (Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the ...)
{DSA-667-1}
CAN-2005-0174 (Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the ...)
- TODO: check
+ - squid (unfixed; bug filed)
CAN-2005-0173 (squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated ...)
{DSA-667-1}
CAN-2005-0172
@@ -299,7 +299,7 @@
CAN-2005-0102 (Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier ...)
- evolution 2.0.3-1.2
CAN-2005-0101 (Buffer overflow in the socket_getline function in Newspost 2.1.1 and ...)
- TODO: check
+ - newspost 2.1.1-2
CAN-2005-0100
NOTE: reserved
CAN-2005-0099
@@ -1555,7 +1555,7 @@
CAN-2004-0930 (The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other ...)
- samba 3.0.8-1
CAN-2004-0929 (Heap-based buffer overflow in the OJPEGVSetField function in ...)
- - tiff3g (unfixed; bug #283544)
+ NOTE: tiff3g was removed from debian
CAN-2004-0928
NOTE: reserved
CAN-2004-0927 (ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example ...)
@@ -2497,7 +2497,7 @@
{DSA-525}
- apache 1.3.31-2
CAN-2004-0491 (The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not ...)
- TODO: check
+ NOTE: appears redhat specific
CAN-2004-0490 (cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec ...)
NOTE: not-for-us (cPanel is not our cpanel)
CAN-2004-0489 (Argument injection vulnerability in the SSH URI handler for Safari on ...)
@@ -3473,7 +3473,7 @@
CAN-2003-1022
{DSA-416}
CAN-2003-1021 (The scosession program in OpenServer 5.0.6 and 5.0.7 allows local ...)
- TODO: check
+ NOTE: not-for-us (SCO)
CAN-2003-1020 (The format_send_to_gui function in formats.c for irssi before 0.8.9 ...)
- irssi-text 0.8.9-0.1
CAN-2003-1019
Modified: sarge-checks/CVE/list
===================================================================
--- sarge-checks/CVE/list 2005-02-06 08:14:14 UTC (rev 355)
+++ sarge-checks/CVE/list 2005-02-06 19:56:01 UTC (rev 356)
@@ -1212,7 +1212,7 @@
CVE-2002-0658
{DSA-137}
CVE-2002-0653
- TODO: check
+ NOTE: covered by DSA 135
STOP: This is apporixmatly where woody was released.
CVE-2002-0651
CVE-2002-0650
Modified: sarge-checks/DSA/list
===================================================================
--- sarge-checks/DSA/list 2005-02-06 08:14:14 UTC (rev 355)
+++ sarge-checks/DSA/list 2005-02-06 19:56:01 UTC (rev 356)
@@ -1,5 +1,5 @@
-[04 Feb 2005] DSA-667-1 postgresql - privilege escalation
- NOTE: no CAN given
+[04 Feb 2005] DSA-668-1 postgresql - privilege escalation
+ {CAN-2005-0227}
- postgresql 7.4.7-1
NOTE: not fixed in testing at time of DSA
[04 Feb 2005] DSA-667-1 squid - several