[Secure-testing-commits] r1241 - in data: . CAN

Mon, 20 Jun 2005 03:12:53 +0000

Author: joeyh
Date: 2005-06-20 03:12:50 +0000 (Mon, 20 Jun 2005)
New Revision: 1241

Modified:
   data/CAN/list
   data/updatelist
Log:
replace [] with CAN info once it becomes available


Modified: data/CAN/list
===================================================================

--- data/CAN/list	2005-06-19 01:05:32 UTC (rev 1240)
+++ data/CAN/list	2005-06-20 03:12:50 UTC (rev 1241)
@@ -86,7 +86,7 @@
 	NOTE: not-for-us (Microsoft)
 CAN-2005-1933 (Dashboard in Apple Mac OS X Tiger 10.4 allows attackers to execute ...)
 	NOTE: not-for-us (Apple)
-CAN-2005-1934 [Unspecified gaim DoS vulnerability]
+CAN-2005-1934 (Gaim before 1.3.1 allows remote attackers to cause a denial of service ...)
 	- gaim 1:1.3.1-1
 CAN-2005-XXXX [Multiple buffer and integer overflows in strace]
 	NOTE: For full details download the sources and see the changelog entry
@@ -277,7 +277,7 @@
 	NOTE: reserved
 CAN-2005-1841
 	NOTE: reserved
-CAN-2005-1858 [Information leak in fuse due to insufficient clearing of memory]
+CAN-2005-1858 (FUSE 2.x before 2.3.0 does not properly clear previously used memory ...)
 	- fuse 2.3.0-1
 CAN-2005-XXXX [Directory traversal in zoo]
 	- zoo (unfixed; bug #309594)
@@ -442,7 +442,7 @@
 CAN-2005-1764 [Unspecified DoS vulnerability on amd64]
 	NOTE: reserved
 	- kernel-source-2.6.8 (unfixed)
-CAN-2005-1763 [Unprivileged write into kernel memory on amd64]
+CAN-2005-1763 (Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures ...)
 	- kernel-source-2.6.8 (unfixed)
 CAN-2005-1762 [Unspecified DoS vulnerability on amd64]
 	NOTE: reserved
@@ -993,7 +993,7 @@
 	- clamav 0.85.1-1
 CAN-2005-XXXX [libxpm4: new s_popen() function is insecure garbage]
 	- libxpm4 4.3.0.dfsg.1-14
-CAN-2005-1589 [Local privilege escalation in the Linux kernel's pktcdvd ioctl]
+CAN-2005-1589 (The pkt_ioctl function in the pktcdvd block device ioctl handler ...)
 	NOTE: According to Horms from kernel team 2.6.8 not affected
 	- kernel-source-2.6.11 2.6.11-5
 CAN-2005-1588 (SQL injection vulnerability in index.php for Quick.cart 0.3.0 allows ...)
@@ -1131,16 +1131,16 @@
 	NOTE: reserved
 CAN-2005-1524
 	NOTE: reserved
-CAN-2005-1523 [GNU Mailutils 0.6 imap4d Format String Vulnerability]
+CAN-2005-1523 (Format string vulnerability in imap4d server in GNU Mailutils 0.5 and ...)
 	{DSA-732-1}
 	- mailutils 1:0.6.1-3
-CAN-2005-1522 [GNU Mailutils 0.6 imap4d FETCH Command Resource Consumption DoS Vulnerability]
+CAN-2005-1522 (The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions ...)
 	{DSA-732-1}
 	- mailutils 1:0.6.1-3
-CAN-2005-1521 [GNU Mailutils 0.6 imap4d fetch_io Heap overflow Vulnerability]
+CAN-2005-1521 (Integer overflow in the fetch_io function of the imap4d server in GNU ...)
 	{DSA-732-1}
 	- mailutils 1:0.6.1-3
-CAN-2005-1520 [GNU Mailutils 0.6 mail header_get_field_name() Buffer Overflow Vulnerability]
+CAN-2005-1520 (Buffer overflow in the header_get_field_name function in header.c for ...)
 	{DSA-732-1}
 	- mailutils 1:0.6.1-3
 CAN-2005-1519 (Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered ...)
@@ -2456,7 +2456,7 @@
 	- apache 1.3.31-1
 CAN-2005-XXXX [Unspecified buffer overflow in Convert::UUlib perl module]
 	- libconvert-uulib-perl 1.0.5.1-1
-CAN-2005-1269 [Unspecified gaim DoS vulnerability]
+CAN-2005-1269 (Gaim before 1.3.1 allows remote attackers to cause a denial of service ...)
 	- gaim 1:1.3.1-1
 CAN-2005-1268
 	NOTE: reserved
@@ -2466,13 +2466,13 @@
 CAN-2005-1266
 	NOTE: reserved
 	- spamassassin (unfixed; bug #314447)
-CAN-2005-1265 [Invalid range checking for mmap() in the Linux kernel]
+CAN-2005-1265 (The mmap function in the Linux Kernel 2.6.10 can be used to create ...)
 	- kernel-source-2.6.8 (unfixed)
-CAN-2005-1264 [Local privilege escalation in the Linux kernel's raw ioctl]
+CAN-2005-1264 (Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong ...)
 	- kernel-source-2.6.8 2.6.8-15sarge1
 	- kernel-source-2.6.8 2.6.8-16
 	- kernel-source-2.6.11 2.6.11-5
-CAN-2005-1263 [Linux kernel ELF core dump privilege escalation]
+CAN-2005-1263 (The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to ...)
 	- kernel-source-2.6.11 2.6.11 2.6.11-4
 	- kernel-source-2.6.8 2.6.8-16
 	- kernel-source-2.4.27 2.4.27-10
@@ -2856,10 +2856,10 @@
 CAN-2005-1153 (Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a ...)
 	- mozilla-firefox 1.0.3-1
 	- mozilla 1.7.7-1
-CAN-2005-1152 [Qpopper can be forced to create group or world writable files]
+CAN-2005-1152 (popauth.c in qpopper 4.0.5 and earlier does not properly set the ...)
 	{DSA-728-1}
 	- qpopper 4.0.5-4sarge1
-CAN-2005-1151 [Insufficient privilege drop in qpopper]
+CAN-2005-1151 (qpopper 4.0.5 and earlier does not properly drop privileges before ...)
 	{DSA-728-1}
 	- qpopper 4.0.5-4sarge1
 CAN-2005-1150 (Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and ...)
@@ -3269,9 +3269,9 @@
 	- gaim 1.2.1-1
 CAN-2005-XXXX [Insecure tempfile handling in openwebmail CGI scripts]
 	NOTE: Was once part of Debian, but has been removed
-CAN-2005-0966 gaim my be crashed remotely
+CAN-2005-0966 (The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, ...)
 	- gaim 1:1.2.1-1
-CAN-2005-0965 gaim my be crashed remotely
+CAN-2005-0965 (The gaim_markup_strip_html function in Gaim 1.2.0, and possibly ...)
 	- gaim 1:1.2.1-1
 CAN-2005-0964 (Unknown vulnerability in Kerio Personal Firewall 4.1.2 and earlier ...)
 	NOTE: not-for-us (Kerio firewall)
@@ -3326,7 +3326,7 @@
 	NOTE: not-for-us (Cisco Hardware issue)
 CAN-2005-0942 (The XP Server process (xp_server) in Sybase Adaptive Server Enterprise ...)
 	NOTE: not-for-us (Sybase ASE)
-CAN-2005-0941 [OpenOffice.org heap possible overflow in DOC parsing]
+CAN-2005-0941 (The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 ...)
 	- openoffice.org 1.1.3-9
 CAN-2005-0939
 	NOTE: reserved
@@ -3835,21 +3835,21 @@
 	- ethereal 0.10.10-1
 CAN-2005-0765 (Unknown vulnerability in the JXTA dissector in Ethereal 0.10.9 allows ...)
 	- ethereal 0.10.10-1
-CAN-2005-0764 [Buffer overflow with overly long escape sequences in rxvt-unicode]
+CAN-2005-0764 (Buffer overflow in command.C for rxvt-unicode before 5.3 allows remote ...)
 	- rxvt-unicode 5.3-1
 CAN-2005-0763 (Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier may ...)
 	{DSA-698-1}
-CAN-2005-0762 [imagemagick SGI heap overflow allows arbitrary code execution]
+CAN-2005-0762 (Heap-based buffer overflow in the SGI parser in ImageMagick before 6.0 ...)
 	{DSA-702-1}
 	- imagemagick 5:6.0.0-1
 	NOTE: Does only affect imagemagick releases prior to 6
-CAN-2005-0761 [imagemagick crafted PSD DoS]
+CAN-2005-0761 (Unknown vulnerability in ImageMagick before 6.1.8 allows remote ...)
 	- imagemagick 5:6.0.2.5
-CAN-2005-0760 [imagemagick malformed TIFF crash DoS]
+CAN-2005-0760 (The TIFF decoder in ImageMagick before 6.0 allows remote attackers to ...)
 	{DSA-702-1}
 	- imagemagick 5:6.0.0-1
 	NOTE: Does only affect imagemagick releases prior to 6
-CAN-2005-0759 [imagemagick invalid TIFF tag DoS]
+CAN-2005-0759 (ImageMagick before 6.0 allows remote attackers to cause a denial of ...)
 	{DSA-702-1}
 	- imagemagick 5:6.0.0-1
 	NOTE: Does only affect imagemagick releases prior to 6
@@ -3858,23 +3858,23 @@
 	- gzip 1.3.5-10
 CAN-2005-0757 (The xattr file system code, as backported in Red Hat Enterprise Linux ...)
 	- kernel-source-2.4.27 (unfixed; bug #311164)
-CAN-2005-0756 [DoS through insufficient validation of addresses for ptrace() on amd64]
+CAN-2005-0756 (ptrace 2.6.8.1 does not properly verify addresses on the amd64 ...)
 	- kernel-source-2.6.8 (unfixed)
 	- kernel-source-2.6.11 2.6.11-7
 CAN-2005-0755 (Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player ...)
 	- helix-player 1.0.4-1
-CAN-2005-0754 [Untrusted code execution in Kommander]
+CAN-2005-0754 (Kommander in KDE 3.2 through KDE 3.4.0 executes data files without ...)
 	- kdewebdev 3.3.2-6
-CAN-2005-0753 [Buffer overflow and several memory access problems in CVS]
+CAN-2005-0753 (Buffer overflow in CVS before 1.11.20 allows remote attackers to ...)
 	- cvs 1.12.9-13
-CAN-2005-0752 [PLUGINSPAGE privileged javascript execution in Firefox] 
+CAN-2005-0752 (The Plugin Finder Service (PFS) in Firefox before 1.0.3 allows remote ...)
 	- mozilla-firefox 1.0.3-1
 CAN-2005-0751
 	NOTE: rejected
-CAN-2005-0750 [Linux kernel af_bluetooth range check flaw; possibly local root]
+CAN-2005-0750 (The bluez_sock_create function in the Bluetooth stack for Linux kernel ...)
 	- kernel-source-2.4.27-10
 	- kernel-source-2.6.8 2.6.8-16
-CAN-2005-0749 [Linux kernel DoS vulnerability in elf_load_library()]
+CAN-2005-0749 (The load_elf_library in the Linux kernel before 2.6.11.6 allows local ...)
 	- kernel-source-2.6.8 2.6.8-16
 	- kernel-source-2.4.27 2.4.27-10
 CAN-2003-1131 (PHP remote code injection vulnerability in index.php in ...)
@@ -4650,11 +4650,11 @@
 	- mozilla 2:1.7.6
 CAN-2005-0526 (Multiple cross-site scripting (XSS) vulnerabilities in PBLang 4.65 ...)
 	NOTE: not-for-us (PBLang)
-CAN-2005-0525 [PHP DoS vulnerability in JPEG header parsing]
+CAN-2005-0525 (The php_next_marker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 ...)
 	{DSA-729-1 DSA-708-1}
 	- php4 4:4.3.10-10
 	- php3 3.0.18-31
-CAN-2005-0524 [PHP DoS vulnerability in IFF header parsing]
+CAN-2005-0524 (The php_handle_iff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 ...)
 	NOTE: php3 not affected
 	- php4 4:4.3.10-10
 CAN-2005-0523 (Format string vulnerability in ProZilla 1.3.7.3 and earlier allows ...)
@@ -5364,7 +5364,7 @@
 	- imagemagick (unfixed; bug #298051)
 CAN-2005-0405
 	NOTE: reserved
-CAN-2005-0404 [information leak in kmail]
+CAN-2005-0404 (KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email ...)
 	NOTE: see http://mail.kde.org/pipermail/kmail-devel/2005-February/015490.html
 	NOTE: see http://bugs.kde.org/show_bug.cgi?id=96020
 	NOTE: see http://www.securiteam.com/unixfocus/5GP0B0AFFE.html
@@ -5373,15 +5373,15 @@
 	- kmail (unfixed; bug #305601)
 CAN-2005-0403
 	NOTE: reserved
-CAN-2005-0402 [Arbitrary code execution from Firefox sidebar panel]
+CAN-2005-0402 (Firefox before 1.0.2 allows remote attackers to execute arbitrary code ...)
 	- mozilla-firefox 1.0.2-1
-CAN-2005-0401 [Drag and drop loading of privileged XUL in Firefox]
+CAN-2005-0401 (FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all ...)
 	- mozilla-firefox 1.0.2-1
 	- mozilla-thunderbird 1.0.2-1
-CAN-2005-0400 [ext2 mkdir() directory entry random kernel memory leak]
+CAN-2005-0400 (The ext2_make_empty function call in the Linux kernel before 2.6.11.6 ...)
 	- kernel-source-2.4.27 2.4.27-10
 	- kernel-source-2.6.8 2.6.8-16
-CAN-2005-0399 [GIF heap overflow parsing Netscape extension 2 in Mozilla]
+CAN-2005-0399 (Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, ...)
 	- mozilla-firefox 1.0.2-1
 	- mozilla-thunderbird 1.0.2-1
 CAN-2005-0398 (The KAME racoon daemon in ipsec-tools before 0.5 allows remote ...)
@@ -5402,15 +5402,15 @@
 	{DSA-725-1}
 CAN-2005-0391 (geneweb 4.10 and earlier does not properly check file permissions and ...)
 	{DSA-712-1}
-CAN-2005-0390 [axel buffer overflow in HTTP redirection handling in conn.c]
+CAN-2005-0390 (Buffer overflow in the HTTP redirection capability in conn.c for Axel ...)
 	{DSA-706-1}
 	- axel 1.0b-1
 CAN-2005-0389
 	NOTE: rejected
-CAN-2005-0388 [Improper IP number validity checking in remstats permits arbitrary command execution]
+CAN-2005-0388 (Unknown vulnerability in the remoteping service in remstats 1.0.13 and ...)
 	{DSA-704-1}
 	- remstats 1.0.13a-5
-CAN-2005-0387 [Symlink attack in unix-status-server.pl of remstats]
+CAN-2005-0387 (remstats 1.0.13 and earlier, when processing uptime data, allows local ...)
 	{DSA-704-1}
 	- remstats 1.0.13a-5
 CAN-2005-0386 (Cross-site scripting (XSS) vulnerability in network.cgi in mailreader ...)
@@ -6599,10 +6599,10 @@
 	NOTE: not-for-us (Sun StorEdge Enterprise Storage Manager)
 CAN-2004-1344
 	NOTE: reserved
-CAN-2004-1343 [DoS vulnerability in repouid CVS addon patch]
+CAN-2004-1343 (CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when ...)
 	{DSA-715-1}
 	- 1.12.9-11
-CAN-2004-1342 [Password bypassing in the repouid CVS addon patch]
+CAN-2004-1342 (CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid ...)
 	{DSA-715-1}
 	- 1.12.9-11
 CAN-2004-1341 (Cross-site scripting (XSS) vulnerability in info2www before 1.2.2.9 ...)
@@ -10757,7 +10757,7 @@
 	NOTE: fixed in linux 2.4.21
 CAN-2003-0466 (Off-by-one error in the fb_realpath() function, as derived from the ...)
 	{DSA-357}
-CAN-2003-0465 strncpy in kernel does not pad with zeroes
+CAN-2003-0465 (The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the ...)
 	NOTE: generic .c version fixed in 2.6.x but not in 2.4.x
 	NOTE: arch specific asm versions: 
 	NOTE: x86 is not affected

Modified: data/updatelist
===================================================================
--- data/updatelist	2005-06-19 01:05:32 UTC (rev 1240)
+++ data/updatelist	2005-06-20 03:12:50 UTC (rev 1241)
@@ -93,7 +93,11 @@
 		my $desc=$2;
 		docan($can) if $can;
 		$can=$1;
-		$cans{$can}{description}=$desc if length $desc && $desc !~ /^\(.*\)$/;
+		if (length $desc && $desc !~ /^\(.*\)$/ &&
+		    (! exists $cans{$can}{description} ||
+		     ! length $cans{$can}{description})) {
+			$cans{$can}{description}=$desc;
+		}
 	}
 	elsif (/^\s+NOTE:\s*(reserved|rejected)\s*$/) {
 		# skip it



