[Secure-testing-commits] r281 - sarge-checks/CAN

Tue, 18 Jan 2005 21:14:26 +0100

Author: joeyh
Date: 2005-01-18 21:14:23 +0100 (Tue, 18 Jan 2005)
New Revision: 281

Modified:
   sarge-checks/CAN/list
Log:
automatic CAN database update

Modified: sarge-checks/CAN/list
===================================================================

--- sarge-checks/CAN/list	2005-01-18 08:14:25 UTC (rev 280)
+++ sarge-checks/CAN/list	2005-01-18 20:14:23 UTC (rev 281)
@@ -1,3 +1,173 @@
+CAN-2005-0080
+	TODO: check
+CAN-2005-0079
+	NOTE: reserved
+CAN-2005-0078
+	NOTE: reserved
+CAN-2005-0077
+	NOTE: reserved
+CAN-2005-0076
+	NOTE: reserved
+CAN-2005-0075
+	NOTE: reserved
+CAN-2005-0074
+	NOTE: reserved
+CAN-2005-0073
+	NOTE: reserved
+CAN-2005-0072
+	NOTE: reserved
+CAN-2005-0071
+	NOTE: reserved
+CAN-2005-0070
+	NOTE: reserved
+CAN-2005-0069
+	NOTE: reserved
+CAN-2005-0068
+	TODO: check
+CAN-2005-0067
+	TODO: check
+CAN-2005-0066
+	TODO: check
+CAN-2005-0065
+	TODO: check
+CAN-2005-0064
+	NOTE: reserved
+CAN-2005-0063
+	NOTE: reserved
+CAN-2005-0062
+	NOTE: reserved
+CAN-2005-0061
+	NOTE: reserved
+CAN-2005-0060
+	NOTE: reserved
+CAN-2005-0059
+	NOTE: reserved
+CAN-2005-0058
+	NOTE: reserved
+CAN-2005-0057
+	NOTE: reserved
+CAN-2005-0056
+	NOTE: reserved
+CAN-2005-0055
+	NOTE: reserved
+CAN-2005-0054
+	NOTE: reserved
+CAN-2005-0053
+	NOTE: reserved
+CAN-2005-0052
+	NOTE: reserved
+CAN-2005-0051
+	NOTE: reserved
+CAN-2005-0050
+	NOTE: reserved
+CAN-2005-0049
+	NOTE: reserved
+CAN-2005-0048
+	NOTE: reserved
+CAN-2005-0047
+	NOTE: reserved
+CAN-2005-0046
+	NOTE: reserved
+CAN-2005-0045
+	NOTE: reserved
+CAN-2005-0044
+	NOTE: reserved
+CAN-2005-0043
+	TODO: check
+CAN-2005-0042
+	NOTE: reserved
+CAN-2005-0041
+	NOTE: reserved
+CAN-2005-0040
+	NOTE: reserved
+CAN-2005-0039
+	NOTE: reserved
+CAN-2005-0038
+	NOTE: reserved
+CAN-2005-0037
+	NOTE: reserved
+CAN-2005-0036
+	NOTE: reserved
+CAN-2005-0035
+	NOTE: reserved
+CAN-2005-0034
+	NOTE: reserved
+CAN-2005-0033
+	NOTE: reserved
+CAN-2004-1376
+	TODO: check
+CAN-2004-1375
+	TODO: check
+CAN-2004-1374
+	TODO: check
+CAN-2004-1373
+	TODO: check
+CAN-2004-1372
+	TODO: check
+CAN-2004-1371
+	TODO: check
+CAN-2004-1370
+	TODO: check
+CAN-2004-1369
+	TODO: check
+CAN-2004-1368
+	TODO: check
+CAN-2004-1367
+	TODO: check
+CAN-2004-1366
+	TODO: check
+CAN-2004-1365
+	TODO: check
+CAN-2004-1364
+	TODO: check
+CAN-2004-1363
+	TODO: check
+CAN-2004-1362
+	TODO: check
+CAN-2004-1361
+	TODO: check
+CAN-2004-1360
+	TODO: check
+CAN-2004-1359
+	TODO: check
+CAN-2004-1358
+	TODO: check
+CAN-2004-1357
+	TODO: check
+CAN-2004-1356
+	TODO: check
+CAN-2004-1355
+	TODO: check
+CAN-2004-1354
+	TODO: check
+CAN-2004-1353
+	TODO: check
+CAN-2004-1352
+	TODO: check
+CAN-2004-1351
+	TODO: check
+CAN-2004-1350
+	TODO: check
+CAN-2004-1349
+	TODO: check
+CAN-2004-1348
+	TODO: check
+CAN-2004-1347
+	TODO: check
+CAN-2004-1346
+	TODO: check
+CAN-2004-1345
+	TODO: check
+CAN-2004-1344
+	NOTE: reserved
+CAN-2004-1343
+	NOTE: reserved
+CAN-2004-1342
+	NOTE: reserved
+CAN-2004-1341
+	NOTE: reserved
+CAN-2004-1340
+	NOTE: reserved
 CAN-2005-0032
 	NOTE: reserved
 CAN-2005-0031
@@ -40,8 +210,7 @@
 	NOTE: reserved
 CAN-2005-0013
 	NOTE: reserved
-CAN-2005-0012
-	NOTE: reserved
+CAN-2005-0012 (Format string vulnerability in the a_Interface_msg function in Dillo ...)
 	- dillo 0.8.3-1
 CAN-2005-0011
 	NOTE: reserved
@@ -61,10 +230,9 @@
 	NOTE: reserved
 CAN-2005-0003
 	NOTE: reserved
-CAN-2005-0002
-	NOTE: reserved
-CAN-2005-0001
-	NOTE: reserved
+CAN-2005-0002 (poppassd_pam 1.0 and earlier, when changing a user password, does not ...)
+	TODO: check
+CAN-2005-0001 (Race condition in the page fault handler (fault.c) for Linux kernel ...)
 	NOTE: bug in i386 SMP page fault handler, local root (bugtraq)
 	TODO: check with kernel team
 CAN-2004-1339 (SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and ...)
@@ -140,8 +308,8 @@
 	TODO: other packages containing libtiff code may be vulnerable (kfax?)
 CAN-2004-1307
 	NOTE: reserved
-CAN-2004-1306
-	NOTE: reserved
+CAN-2004-1306 (Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 ...)
+	TODO: check
 CAN-2004-1305 (The Windows Animated Cursor (ANI) in Windows NT, Windows 2000 through ...)
 	NOTE: not-for-us (Microsoft)
 CAN-2004-1304 (Stack-based buffer overflow in the ELF header parsing code in file ...)
@@ -399,12 +567,10 @@
 	NOTE: reserved
 CAN-2004-1184
 	NOTE: reserved
-CAN-2004-1183
-	NOTE: reserved
+CAN-2004-1183 (Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier ...)
 	{DSA-626-1}
 	- libtiff-tools 3.6.1-5
-CAN-2004-1182
-	NOTE: reserved
+CAN-2004-1182 (hfaxd in HylaFAX before 4.2.1, when installed with a &quot;weak&quot; ...)
 	{DSA-634-1}
 CAN-2004-1181
 	NOTE: reserved
@@ -416,8 +582,7 @@
 	{DSA-615-1}
 CAN-2004-1178
 	NOTE: reserved
-CAN-2004-1177
-	NOTE: reserved
+CAN-2004-1177 (Cross-site scripting vulnerability in the driver script in mailman ...)
 	- mailman 2.1.5-5
 	NOTE: there's also bug #285839, no CAN.
 CAN-2004-1176
@@ -496,8 +661,7 @@
 CAN-2004-1144 (Unknown vulnerability in the 32bit emulation code in Linux 2.4 on ...)
 	NOTE: amd64 specific
 	TODO: check with kernel team
-CAN-2004-1143
-	NOTE: reserved
+CAN-2004-1143 (The password generation in mailman before 2.1.5 generates only 5 ...)
 	- mailman 2.1.5-5
 CAN-2004-1142 (Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a ...)
 	- ethereal 0.10.8
@@ -710,8 +874,8 @@
 	- sudo 1.6.8p3-1
 CAN-2004-1050 (Heap-based buffer overflow in Internet Explorer 6 allows remote ...)
 	NOTE: not-for-us (Microsoft)
-CAN-2004-1049
-	NOTE: reserved
+CAN-2004-1049 (Integer overflow in the LoadImage API of the USER32 Lib for Microsoft ...)
+	TODO: check
 CAN-2004-1048
 	NOTE: reserved
 CAN-2004-1047
@@ -730,8 +894,8 @@
 	NOTE: reserved
 CAN-2004-1040
 	NOTE: reserved
-CAN-2004-1039
-	NOTE: reserved
+CAN-2004-1039 (The NFS mountd service on SCO UnixWare 7.1.1, 7.1.3, 7.1.4, and 7.0.1, ...)
+	TODO: check
 CAN-2004-1038 (A design error in the IEEE1394 specification allows attackers with ...)
 	NOTE: not-for-us (IEEE1394 specification bug, physical security)
 CAN-2004-1037 (The search function in TWiki 20030201 allows remote attackers to ...)
@@ -755,7 +919,7 @@
 	NOTE: not-for-us (Sun JRE)
 CAN-2004-1028 (Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, ...)
 	NOTE: not-for-us (AIX)
-CAN-2004-1027 (The -x command line option in unarj allows remote attackers to ...)
+CAN-2004-1027 (Directory traversal vulnerability in the -x command line option in ...)
 	NOTE: sarge's unarj is from a different code base, probably not vulnerable
 CAN-2004-1026 (Multiple integer overflows in the image handler for imlib 1.9.14 and ...)
 	{DSA-628-1 DSA-618-1}
@@ -828,8 +992,7 @@
 CAN-2004-1001 (Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, ...)
 	{DSA-585-1}
 	- shadow 1:4.0.3-30.3
-CAN-2004-1000
-	NOTE: reserved
+CAN-2004-1000 (lintian 1.23 and earlier removes the working directory even if it was ...)
 	{DSA-630-1}
 	- lintian 1.23.6
 CAN-2004-0999 (zgv 5.5.3 allows remote attackers to cause a denial of service ...)
@@ -852,8 +1015,8 @@
 	{DSA-604-1}
 CAN-2004-0992 (Format string vulnerability in the -a option (daemon mode) in ...)
 	NOTE: not-for-us (Proxytunnel)
-CAN-2004-0991
-	NOTE: reserved
+CAN-2004-0991 (Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to ...)
+	TODO: check
 CAN-2004-0990 (Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and ...)
 	{DSA-602-1 DSA-601-1 DSA-591-1 DSA-589-1}
 	- libgd2 2.0.30-1
@@ -1091,8 +1254,8 @@
 	NOTE: not-for-us (Microsoft)
 CAN-2004-0898
 	NOTE: reserved
-CAN-2004-0897
-	NOTE: reserved
+CAN-2004-0897 (The Indexing Service for Microsoft Windows XP and Server 2003 does not ...)
+	TODO: check
 CAN-2004-0896
 	NOTE: reserved
 CAN-2004-0895
@@ -1645,8 +1808,8 @@
 	{DSA-529}
 CAN-2004-0639 (Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail ...)
 	{DSA-535}
-CAN-2004-0638
-	NOTE: reserved
+CAN-2004-0638 (Buffer overflow in the KSDWRTB function in the dbms_system package ...)
+	TODO: check
 CAN-2004-0637
 	NOTE: reserved
 CAN-2004-0636 (Buffer overflow in the goaway function in the aim:goaway URI handler ...)
@@ -1807,11 +1970,9 @@
 	{DSA-555-1}
 CAN-2004-0562
 	NOTE: reserved
-CAN-2004-0561
-	NOTE: reserved
+CAN-2004-0561 (Format string vulnerability in the log routine for gopher daemon ...)
 	{DSA-638-1}
-CAN-2004-0560
-	NOTE: reserved
+CAN-2004-0560 (Integer overflow in gopher daemon (gopherd) 3.0.3 allows remote ...)
 	{DSA-638-1}
 CAN-2004-0559 (The maketemp.pl script in Usermin 1.070 and 1.080 allows local users ...)
 	{DSA-544-1}
@@ -4924,8 +5085,7 @@
 CAN-2003-0015
 	{DSA-233}
 	- cvs 1.11.2-5.1
-CAN-2003-0014
-	NOTE: reserved
+CAN-2003-0014 (bmv 1.2 and earlier allows local users to overwrite arbitrary files ...)
 	{DSA-633-1}
 CAN-2003-0013
 	{DSA-230}



