[Secure-testing-commits] r298 - sarge-checks/CAN

Joey Hess joeyh@costa.debian.org
Thu, 20 Jan 2005 09:14:19 +0100 

Author: joeyh
Date: 2005-01-20 09:14:16 +0100 (Thu, 20 Jan 2005)
New Revision: 298

Modified:
   sarge-checks/CAN/list
Log:
automatic CAN database update

Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-01-20 02:12:47 UTC (rev 297)
+++ sarge-checks/CAN/list	2005-01-20 08:14:16 UTC (rev 298)
@@ -1,3 +1,9 @@
+CAN-2005-0124
+	TODO: check
+CAN-2005-0123
+	NOTE: reserved
+CAN-2005-0122
+	TODO: check
 CAN-2005-0121 (Multiple buffer overflows in golddig 2.0 and earlier allow local users ...)
 	NOTE: not-for-us (golddig)
 CAN-2005-0120 (helvis 1.8h2_1 and earlier allows local users to delete arbitrary ...)
@@ -76,16 +82,16 @@
 	NOTE: reserved
 CAN-2005-0083
 	NOTE: reserved
-CAN-2005-0082
-	NOTE: reserved
-CAN-2005-0081
-	NOTE: reserved
+CAN-2005-0082 (The sapdbwa_GetUserData function in MySQL MaxDB 7.5.0.0, and other ...)
+	TODO: check
+CAN-2005-0081 (MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote ...)
+	TODO: check
 CAN-2004-1379 (Heap-based buffer overflow in the DVD subpicture decoder in xine ...)
 	- xine-lib 1-rc7-1
 CAN-2004-1378 (The expat XML parser code, as used in the open source Jabber (jabberd) ...)
 	- jabber 1.4.3-3
 	NOTE: not-for-us (jadc2s)
-CAN-2004-1377 (The (1) fixps.in and (2) psmandup.in scripts in a2ps before 4.13 allow ...)
+CAN-2004-1377 (The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) ...)
 	- a2ps (unfixed; bug #286387)
 	- a2ps (unfixed; bug #286385)
 	NOTE: wrote for clarification of how it's exploitable
@@ -292,7 +298,7 @@
 	NOTE: reserved
 CAN-2005-0022 (Buffer overflow in the spa_base64_to_bits function in Exim before ...)
 	- exim4 4.34-10
-CAN-2005-0021 (Buffer overflow in the host_aton function in Exim before 4.43 may ...)
+CAN-2005-0021 (Multiple buffer overflows in Exim before 4.43 may allow attackers to ...)
 	{DSA-637-1 DSA-635-1}
 CAN-2005-0020
 	NOTE: reserved
@@ -329,13 +335,12 @@
 CAN-2005-0005 (Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and ...)
 	{DSA-646-1}
 	- imagemagick 6:6.0.6.2-2.1
-CAN-2005-0004
-	NOTE: reserved
+CAN-2005-0004 (The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before ...)
 	{DSA-647-1}
 	- mysql-dfsg-4.1 4.1.8a-6
 	- mysql-dfsg 4.0.23-3
-CAN-2005-0003
-	NOTE: reserved
+CAN-2005-0003 (The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit ...)
+	TODO: check
 CAN-2005-0002 (poppassd_pam 1.0 and earlier, when changing a user password, does not ...)
 	NOTE: not-for-us (poppassd_pam)
 CAN-2005-0001 (Race condition in the page fault handler (fault.c) for Linux kernel ...)
@@ -559,12 +564,11 @@
 	NOTE: reserved
 CAN-2004-1238
 	NOTE: reserved
-CAN-2004-1237
-	NOTE: reserved
+CAN-2004-1237 (Unknown vulnerability in the system call filtering code in the audit ...)
+	TODO: check
 CAN-2004-1236 (Buffer overflow in the LDAP component for Netscape Directory Server ...)
 	NOTE: not-for-us (Netscape Directory Server on HP-UX)
-CAN-2004-1235
-	NOTE: reserved
+CAN-2004-1235 (Race condition in the (1) load_elf_library and (2) binfmt_aout ...)
 	- kernel-source-2.6.8 2.6.8-12
 	- kernel-image-2.6.8-2-386
 	- kernel-source-2.4.27 2.4.27-8
@@ -1546,8 +1550,8 @@
 CAN-2004-0813 (Unknown vulnerability in the SG_IO functionality in ide-cd allows ...)
 	NOTE: ide-cd SG_IO vulnerability
 	NOTE: fixed in recent 2.6 and 2.4 kernels
-CAN-2004-0812
-	NOTE: reserved
+CAN-2004-0812 (Unknown vulnerability in the Linux kernel before 2.4.23, on the AMD ...)
+	TODO: check
 CAN-2004-0811 (Unknown vulnerability in Apache 2.0.51 prevents "the merging of the ...)
 	- apache2 2.0.52
 CAN-2004-0810 (Buffer overflow in Netopia Timbuktu 7.0.3 allows remote attackers to ...)