[Secure-testing-commits] r358 - in sarge-checks: CAN CVE
Joey Hess
joeyh@costa.debian.org
Sun, 06 Feb 2005 21:14:19 +0100
Author: joeyh
Date: 2005-02-06 21:14:16 +0100 (Sun, 06 Feb 2005)
New Revision: 358
Modified:
sarge-checks/CAN/list
sarge-checks/CVE/list
Log:
automatic CAN database update
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-02-06 20:00:15 UTC (rev 357)
+++ sarge-checks/CAN/list 2005-02-06 20:14:16 UTC (rev 358)
@@ -1,40 +1,40 @@
CAN-2005-0229
NOTE: reserved
-CAN-2005-0228
+CAN-2005-0228 (Format string vulnerability in the gpsd_report function for BerliOS ...)
- gpsd 2.7-4
NOTE: apparently dup of CAN-2004-1388
-CAN-2005-0227
+CAN-2005-0227 (PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local users ...)
{DSA-668-1}
-CAN-2005-0226
+CAN-2005-0226 (Format string vulnerability in the Log_Resolver function in log.c for ...)
NOTE: not-for-us (ngIRCd)
-CAN-2005-0225
+CAN-2005-0225 (firehol.sh in FireHOL before 1.224 creates temporary files with ...)
NOTE: partially fixed already
- firehol (unfixed; bug #293900)
-CAN-2005-0224
+CAN-2005-0224 (Unknown vulnerability in HP-UX B.11.04 running Virtualvault 4.5 ...)
NOTE: not-for-us (HP-UX)
-CAN-2005-0223
+CAN-2005-0223 (The Software Development Kit (SDK) and Run Time Environment (RTE) ...)
NOTE: not-for-us (Java SDK and RTE for Tru64 UNIX)
-CAN-2005-0222
+CAN-2005-0222 (main.php in Gallery 2.0 Alpha allows remote attackers to gain ...)
- gallery 1.4.4-pl5-1
-CAN-2005-0221
+CAN-2005-0221 (Cross-site scripting (XSS) vulnerability in login.php in Gallery 2.0 ...)
- gallery 1.4.4-pl5-1
-CAN-2005-0220
+CAN-2005-0220 (Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 ...)
- gallery 1.4.4-pl5-1
-CAN-2005-0219
+CAN-2005-0219 (Multiple cross-site scripting (XSS) vulnerabilities in Gallery ...)
- gallery 1.4.4-pl5-1
-CAN-2005-0217
+CAN-2005-0217 (SQL injection vulnerability in index.php in Invision Community Blog ...)
NOTE: not-for-us (Invision Community Blog )
-CAN-2005-0216
+CAN-2005-0216 (Cross-site scripting (XSS) vulnerability in formmail.php in Woltlab ...)
NOTE: not-for-us (Woltlab Burning Board Lite)
-CAN-2005-0215
+CAN-2005-0215 (Mozilla 1.6 and possibly other versions allows remote attackers to ...)
NOTE: not-for-us (Mozilla 1.6 for Windows)
-CAN-2005-0214
+CAN-2005-0214 (Directory traversal vulnerability in Simple PHP Blog (SPHPBlog) 0.3.7c ...)
NOTE: not-for-us (SPHPBlog)
-CAN-2005-0213
+CAN-2005-0213 (Directory traversal vulnerability in WinHKI 1.4d allows remote ...)
NOTE: not-for-us (WinHKI)
-CAN-2005-0212
+CAN-2005-0212 (The Amp II engine as used by Gore: Ultimate Soldier 1.50 and earlier ...)
NOTE: not-for-us (The Amp II engine as used by Gore: Ultimate Soldier)
-CAN-2005-0211
+CAN-2005-0211 (Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows ...)
{DSA-667-1}
CAN-2005-0210
NOTE: reserved
@@ -56,47 +56,47 @@
NOTE: reserved
CAN-2005-0201
NOTE: reserved
-CAN-2005-0200
+CAN-2005-0200 (TikiWiki before 1.8.5 does not properly validate files that have been ...)
NOTE: not-for-us (TikiWiki)
-CAN-2005-0199
+CAN-2005-0199 (Integer underflow in the Lists_MakeMask() function in lists.c in ...)
NOTE: not-for-us (ngIRCd)
-CAN-2005-0197
+CAN-2005-0197 (Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol ...)
NOTE: not-for-us (Cisco)
-CAN-2005-0196
+CAN-2005-0196 (Cisco IOS 12.0 through 12.3YL, with BGP enabled and running the bgp ...)
NOTE: not-for-us (Cisco)
-CAN-2005-0195
+CAN-2005-0195 (Cisco IOS 12.0S through 12.3YH allows remote attackers to cause a ...)
NOTE: not-for-us (Cisco)
-CAN-2005-0194
+CAN-2005-0194 (Squid 2.5, when processing the configuration file, parses empty Access ...)
{DSA-667-1}
-CAN-2005-0193
+CAN-2005-0193 (Buffer overflow in the (1) -v and (2) -a switches in mRouter in iSync ...)
NOTE: not-for-us (mRouter in iSync in OS X)
-CAN-2005-0192
+CAN-2005-0192 (Directory traversal vulnerability in the parsing of Skin file names in ...)
NOTE: not-for-us (RealPlayer)
-CAN-2005-0191
+CAN-2005-0191 (Off-by-one buffer overflow in the processing of tags in Real Metadata ...)
NOTE: not-for-us (RealPlayer)
-CAN-2005-0190
+CAN-2005-0190 (Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and ...)
NOTE: not-for-us (RealPlayer)
-CAN-2005-0189
+CAN-2005-0189 (Stack-based buffer overflow in the HandleAction function in RealPlayer ...)
NOTE: not-for-us (RealPlayer)
-CAN-2005-0188
+CAN-2005-0188 (Format string vulnerability in the SetBaseURL function in AtHoc ...)
NOTE: not-for-us (AtHoc toolbar)
-CAN-2005-0187
+CAN-2005-0187 (Stack-based buffer overflow in the SetSkin function in AtHoc toolbar ...)
NOTE: not-for-us (AtHoc toolbar)
-CAN-2005-0186
+CAN-2005-0186 (Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS ...)
NOTE: not-for-us (CIsco)
-CAN-2005-0185
+CAN-2005-0185 (Stack-based buffer overflow in NodeManager Professional 2.00 allows ...)
NOTE: not-for-us (NodeManager Professional)
-CAN-2005-0184
+CAN-2005-0184 (Directory traversal vulnerability in ftpfile in the Vacation plugin ...)
TODO: check
-CAN-2005-0183
+CAN-2005-0183 (ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail ...)
TODO: check
-CAN-2005-0182
+CAN-2005-0182 (The mod_dosevasive module 1.9 and earlier for Apache creates temporary ...)
NOTE: not-for-us (mod_dosevasive module for apache)
CAN-2005-0181
NOTE: reserved
-CAN-2005-0180
+CAN-2005-0180 (Multiple integer signedness errors in the sg_scsi_ioctl function in ...)
TODO: check with kernel team
-CAN-2005-0179
+CAN-2005-0179 (Linux kernel 2.4.x and 2.6.x allows local users to cause a denial of ...)
TODO: check with kernel team
CAN-2005-0178
NOTE: reserved
@@ -104,27 +104,27 @@
NOTE: reserved
CAN-2005-0176
NOTE: reserved
-CAN-2004-1392
+CAN-2004-1392 (PHP 4.0 with cURL functions allows remote attackers to bypass the ...)
TODO: check (asked vorlon if we've vulnerable)
-CAN-2004-1391
+CAN-2004-1391 (Untrusted execution path vulnerability in the PPPoE daemon (PPPoEd) in ...)
NOTE: not-for-us (PPPoE daemon (PPPoEd) in QNX RTP)
-CAN-2004-1390
+CAN-2004-1390 (Multiple buffer overflows in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 ...)
NOTE: not-for-us (PPPoE daemon (PPPoEd) in QNX RTP)
-CAN-2004-1389
+CAN-2004-1389 (Unknown vulnerability in the Veritas NetBackup Administrative ...)
NOTE: not-for-us (Veritas NetBackup Administrative Assistant)
-CAN-2004-1388
+CAN-2004-1388 (Format string vulnerability in the gpsd_report funciton in gpsd 1.9.0 ...)
- gpsd 2.7-4
-CAN-2004-1387
+CAN-2004-1387 (The check_forensic script in apache-utils package 1.3.31 allows local ...)
- apache 1.3.33-3
-CAN-2004-1386
+CAN-2004-1386 (TikiWiki before 1.8.4.1 does not properly verify uploaded images, ...)
NOTE: not-for-us (TikiWiki)
-CAN-2004-1385
+CAN-2004-1385 (phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain ...)
- phpgroupware (unfixed; bug #293906)
-CAN-2004-1384
+CAN-2004-1384 (Multiple cross-site scripting (XSS) vulnerabilities in phpGroupWare ...)
- phpgroupware (unfixed; bug #293906)
-CAN-2004-1383
+CAN-2004-1383 (Multiple SQL injection vulnerabilities in phpGroupWare 0.9.16.003 and ...)
- phpgroupware (unfixed; bug #293906)
-CAN-2004-1382
+CAN-2004-1382 (The glibcbug script in glibc 2.3.4 and earlier allows local users to ...)
- 2.3.2.ds1-19
CAN-2005-0218 (ClamAV 0.80 and earlier allows remote attackers to bypass virus ...)
- clamav 0.81
Modified: sarge-checks/CVE/list
===================================================================
--- sarge-checks/CVE/list 2005-02-06 20:00:15 UTC (rev 357)
+++ sarge-checks/CVE/list 2005-02-06 20:14:16 UTC (rev 358)
@@ -1212,7 +1212,7 @@
CVE-2002-0658
{DSA-137}
CVE-2002-0653
- NOTE: covered by DSA 135
+ TODO: check
STOP: This is apporixmatly where woody was released.
CVE-2002-0651
CVE-2002-0650