[Secure-testing-commits] r1334 - data/CAN
Joey Hess
joeyh@costa.debian.org
Wed, 06 Jul 2005 09:14:16 +0000
Author: joeyh
Date: 2005-07-06 09:14:13 +0000 (Wed, 06 Jul 2005)
New Revision: 1334
Modified:
data/CAN/list
Log:
automatic CAN database update
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-07-06 07:51:42 UTC (rev 1333)
+++ data/CAN/list 2005-07-06 09:14:13 UTC (rev 1334)
@@ -1,3 +1,65 @@
+CAN-2005-2146 (SSH Tectia Server 4.3.1 and earlier, and SSH Secure Shell for Windows ...)
+ TODO: check
+CAN-2005-2145 (The kernel driver in Prevx Pro 2005 1.0 does not verify the source of ...)
+ TODO: check
+CAN-2005-2144 (Prevx Pro 2005 1.0 allows local users to bypass file protection and ...)
+ TODO: check
+CAN-2005-2143 (Microsoft Front Page allows attackers to cause a denial of service ...)
+ TODO: check
+CAN-2005-2142 (Directory traversal vulnerability in Golden FTP Server 2.60 allows ...)
+ TODO: check
+CAN-2005-2141 (TCP Chat 1.0 allows remote attackers to cause a denial of service ...)
+ TODO: check
+CAN-2005-2140 (Directory traversal vulnerability in default.asp for FSboard 2.0 ...)
+ TODO: check
+CAN-2005-2139 (PHP remote file inclusion vulnerability in user_check.php for Pavsta ...)
+ TODO: check
+CAN-2005-2138 (Cross-site scripting (XSS) vulnerability in index.php in Comdev ...)
+ TODO: check
+CAN-2005-2137 (Unknown vulnerability in NateOn Messenger 3.0 allows remote attackers ...)
+ TODO: check
+CAN-2005-2136 (DSX Raritan Console Servers DSX16, DSX32, DSX4, DSX8, and DSXA-48 set ...)
+ TODO: check
+CAN-2005-2135 (SQL injection vulnerability in verify.asp in EtoShop Dynamic Biz ...)
+ TODO: check
+CAN-2005-2134 (The (1) clcs and (2) emuxki drivers in NetBSD 1.6 through 2.0.2 allow ...)
+ TODO: check
+CAN-2005-2133 (The log4sh_readProperties function in log4sh allows local users to ...)
+ TODO: check
+CAN-2005-2132
+ NOTE: reserved
+CAN-2005-2131
+ NOTE: reserved
+CAN-2005-2130
+ NOTE: reserved
+CAN-2005-2129
+ NOTE: reserved
+CAN-2005-2128
+ NOTE: reserved
+CAN-2005-2127
+ NOTE: reserved
+CAN-2005-2126
+ NOTE: reserved
+CAN-2005-2125
+ NOTE: reserved
+CAN-2005-2124
+ NOTE: reserved
+CAN-2005-2123
+ NOTE: reserved
+CAN-2005-2122
+ NOTE: reserved
+CAN-2005-2121
+ NOTE: reserved
+CAN-2005-2120
+ NOTE: reserved
+CAN-2005-2119
+ NOTE: reserved
+CAN-2005-2118
+ NOTE: reserved
+CAN-2005-2117
+ NOTE: reserved
+CAN-2004-2154 (CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as ...)
+ TODO: check
CAN-2005-XXXX [Insecure tempfile generation in ekg]
- ekg (unfixed; bug filed; medium)
CAN-2005-XXXX [Missing input sanitization due in phpwiki's xmlrpc code allow execution of arb. php code]
@@ -63,7 +125,7 @@
TODO: check
CAN-2005-2089 (Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web ...)
NOTE: not-for-us (Microsoft)
-CAN-2005-2088 (Apache 2.0.45 and 1.3.29 allows remote attackers to poison the web ...)
+CAN-2005-2088 (Apache 2.0.45 and 1.3.29, when acting as an HTTP proxy, allows remote ...)
- apache (unfixed; bug #316173; medium)
CAN-2005-2087 (Internet Explorer 6.0.2900.2180 on Windows XP allows remote attackers ...)
NOTE: not-for-us (Microsoft)
@@ -142,8 +204,9 @@
CAN-2005-2071 (traceroute in Sun Solaris 10 on x86 systems allows local users to ...)
NOTE: not-for-us (Solaris)
CAN-2005-2070 (The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used ...)
+ {DSA-737-1}
- clamav 0.86-1 (medium)
-CAN-2005-2069 (pam_ldap and OpenLDAP, when connecting to a slave using TLS, does not ...)
+CAN-2005-2069 (pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a ...)
- openldap2.2 2.2.26-3 (medium)
- openldap2 2.1.30-11 (medium)
CAN-2005-2068 (FreeBSD 4.x through 4.11 and 5.x through 5.4 allows remote attackers ...)
@@ -171,6 +234,7 @@
CAN-2005-2057 (Multiple cross-site scripting (XSS) vulnerabilities in Infopop ...)
NOTE: not-for-us (Infopop UBB.Threads)
CAN-2005-2056 (The Quantum archive decompressor in Clam AntiVirus (ClamAV) before ...)
+ {DSA-737-1}
- clamav 0.86.1-1 (medium)
CAN-2005-2055 (RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and RealOne ...)
NOTE: not-for-us (RealPlayer)
@@ -525,7 +589,7 @@
TODO: check
CAN-2002-1817 (Unknown vulnerability in Veritas Cluster Server (VCS) 1.2 for ...)
TODO: check
-CAN-2002-1816 (Buffer overflow in the sock_gets function in ATPhttpd 0.4b and earlier ...)
+CAN-2002-1816 (Off-by-one buffer overflow in the sock_gets function in sockhelp.c for ...)
TODO: check
CAN-2002-1815 (Directory traversal vulnerability in source.php and source.cgi in ...)
TODO: check
@@ -660,6 +724,7 @@
CAN-2005-2025 (Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to ...)
NOTE: not-for-us (Cisco)
CAN-2005-2024 (Vipul Razor Agents (razor-agents) before 2.70 allows remote attackers ...)
+ {DSA-738-1}
NOTE: varying and apparently innacurate info about what versions fix it
- razor 2.720-1 (low)
CAN-2005-2023 (Unknown vulnerability in gpg2 on SUSE Linux 9.3, when using S/MIME ...)
@@ -1163,8 +1228,10 @@
CAN-2005-1924
NOTE: reserved
CAN-2005-1923 (The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, ...)
+ {DSA-737-1}
- clamav (unfixed; bug #316401; medium)
CAN-2005-1922 (The MS-Expand file handling in Clam AntiVirus (ClamAV) before 0.86 ...)
+ {DSA-737-1}
- clamav 0.86.1-1
CAN-2005-1921 (PEAR XML_RPC 1.3.0 and earlier, as used in products such as WordPress, ...)
TODO: Track ITP #312413
@@ -1174,8 +1241,8 @@
NOTE: reserved
CAN-2005-1918
NOTE: reserved
-CAN-2005-1917
- NOTE: reserved
+CAN-2005-1917 (kpopper 1.0 and earlier allows local users to create and overwrite ...)
+ TODO: check
CAN-2005-1916
NOTE: reserved
CAN-2005-1915
@@ -1964,8 +2031,8 @@
NOTE: The 1.x version in Sarge and sid is not vulnerable
CAN-2005-1626 (Multiple buffer overflows in handlers.c for Pico Server (pServ) before ...)
NOTE: not-for-us (Pico Server)
-CAN-2005-1625
- NOTE: reserved
+CAN-2005-1625 (Stack-based buffer overflow in the UnixAppOpenFilePerform function in ...)
+ TODO: check
CAN-2005-1624
NOTE: reserved
CAN-2005-1623
@@ -3841,7 +3908,7 @@
NOTE: not-for-us (mvnForum)
CAN-2005-1182 (Unknown vulnerability in Incoming Remote Command (iSeries Access for ...)
NOTE: not-for-us (iSeries OS)
-CAN-2005-1181 (PHP remote code injection vulnerability in loader.php for Ariadne CMS ...)
+CAN-2005-1181 (** DISPUTED ** ...)
NOTE: not-for-us (Ariadne CMS)
CAN-2005-1180 (HTTP Response Splitting vulnerability in the Surveys module in ...)
NOTE: not-for-us (PHP-Nuke)
@@ -14011,7 +14078,7 @@
CAN-2002-0588 (PVote before 1.9 does not authenticate users for restricted ...)
CAN-2002-0587 (Buffer overflow in Ns_PdLog function for the external database driver ...)
CAN-2002-0586 (Format string vulnerability in Ns_PdLog function for the external ...)
-CAN-2002-0585 (Vulnerability in ndd for HP-UX 11.11 with certain TRANSPORT patches ...)
+CAN-2002-0585 (Unknown vulnerability in ndd for HP-UX 11.11 with certain TRANSPORT patches ...)
CAN-2002-0584 (WorkforceROI Xpede 4.1 allows remote attackers to read user timesheets ...)
CAN-2002-0583 (WorkforceROI Xpede 4.1 uses a small random namespace (5 alphanumeric ...)
CAN-2002-0582 (WorkforceROI Xpede 4.1 stores temporary expense claim reports in a ...)
@@ -14749,14 +14816,14 @@
CAN-2001-0847 (Lotus Domino Web Server 5.x allows remote attackers to gain sensitive ...)
CAN-2001-0845 (Vulnerability in DECwindows Motif Server on OpenVMS VAX or Alpha 6.2 ...)
CAN-2001-0844 (Vulnerability in (1) Book of guests and (2) Post it! allows remote ...)
-CAN-2001-0842 (Directory traversal vulnerability in Search.cgi in LB5000 LB5000II ...)
+CAN-2001-0842 (Directory traversal vulnerability in Search.cgi in Leoboard LB5000 ...)
CAN-2001-0841 (Directory traversal vulnerability in Search.cgi in Ikonboard ib219 and ...)
CAN-2001-0840 (Buffer overflow in Compaq Insight Manager XE 2.1b and earlier allows ...)
CAN-2001-0839 (ibillpm.pl in iBill password management system generates weak ...)
CAN-2001-0838 (Format string vulnerability in Network Solutions Rwhoisd 1.5.x allows ...)
CAN-2001-0835 (Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly ...)
CAN-2001-0832 (Vulnerability in Oracle 8.0.x through 9.0.1 on Unix allows local users ...)
-CAN-2001-0831 (Vulnerability in Oracle Label Security in Oracle 8.1.7 and 9.0.1, when ...)
+CAN-2001-0831 (Unknown vulnerability in Oracle Label Security in Oracle 8.1.7 and ...)
CAN-2001-0829 (A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a ...)
CAN-2001-0827 (Cerberus FTP server 1.0 - 1.5 allows remote attackers to cause a ...)
CAN-2001-0826 (Buffer overflows in CesarFTPD 0.98b allows remote attackers to execute ...)
@@ -15201,7 +15268,7 @@
CAN-2000-1197 (POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and ...)
CAN-2000-1194 (Argosoft FRP server 1.0 allows remote attackers to cause a denial of ...)
CAN-2000-1192 (Buffer overflow in BTT Software SNMP Trap Watcher 1.16 allows remote ...)
-CAN-2000-1191 (htsearch program in htDig 3.2 beta, 3.1.5, and earlier allows remote ...)
+CAN-2000-1191 (htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows ...)
CAN-2000-1188 (Directory traversal vulnerability in Quikstore shopping cart program ...)
CAN-2000-1186 (Buffer overflow in phf CGI program allows remote attackers to execute ...)
CAN-2000-1185 (The telnet proxy in RideWay PN proxy server allows remote attackers to ...)