[Secure-testing-commits] r1291 - data/CAN

Joey Hess joeyh@costa.debian.org
Tue, 28 Jun 2005 09:14:31 +0000 

Author: joeyh
Date: 2005-06-28 09:14:28 +0000 (Tue, 28 Jun 2005)
New Revision: 1291

Modified:
   data/CAN/list
Log:
automatic CAN database update

Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-06-28 08:03:56 UTC (rev 1290)
+++ data/CAN/list	2005-06-28 09:14:28 UTC (rev 1291)
@@ -1,3 +1,21 @@
+CAN-2005-2053 (Just another flat file (JAF) CMS before 3.0 Final allows remote ...)
+	TODO: check
+CAN-2005-2052 (Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 ...)
+	TODO: check
+CAN-2005-2051 (Buffer overflow in the Backup Exec Web Administration Console (BEWAC) ...)
+	TODO: check
+CAN-2005-2050 (Unknown vulnerability in Tor before 0.1.0.10 allows remote attackers ...)
+	TODO: check
+CAN-2005-2049 (Multiple SQL injection vulnerabilities in DUware DUclassmate 1.2 allow ...)
+	TODO: check
+CAN-2005-2048 (Multiple SQL injection vulnerabilities in DUware DUforum 3.1 allow ...)
+	TODO: check
+CAN-2005-2047 (Multiple SQL injection vulnerabilities in DUware DUpaypal Pro 3.0 ...)
+	TODO: check
+CAN-2005-2046 (Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and ...)
+	TODO: check
+CAN-2005-2045 (Multiple SQL injection vulnerabilities in DUware DUportal PRO 3.4.3 ...)
+	TODO: check
 CAN-2005-XXXX [Insecure handling of tempfile for burning the backup in backup-manager]
 	- backup-manager 0.5.8-2 (low)
 CAN-2005-XXXX [clamav libmspack decompressor DoS]
@@ -879,8 +897,8 @@
 	NOTE: reserved
 CAN-2005-1767
 	NOTE: reserved
-CAN-2005-1766
-	NOTE: reserved
+CAN-2005-1766 (Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 ...)
+	TODO: check
 CAN-2005-1765 [Unspecified DoS vulnerability on amd64]
 	NOTE: reserved
 	- kernel-source-2.6.8 (unfixed; unknown)
@@ -898,8 +916,8 @@
 	- kernel-source-2.6.11 (unfixed)
 CAN-2005-1760 (sysreport 1.3.15 and earlier includes contents of the up2date file in ...)
 	NOTE: not-for-us (sysreport)
-CAN-2005-1759
-	NOTE: reserved
+CAN-2005-1759 (Race condition in shtool 2.0.1 and earlier allows local users to ...)
+	TODO: check
 CAN-2005-1758 (Buffer overflow in the IMAP command continuation function in Novell ...)
 	NOTE: not-for-us (Novell)
 CAN-2005-1757 (Buffer overflow in the Modweb agent for Novell NetMail 3.52 before ...)
@@ -1571,12 +1589,12 @@
 	NOTE: reserved
 CAN-2005-1527
 	NOTE: reserved
-CAN-2005-1526
-	NOTE: reserved
-CAN-2005-1525
-	NOTE: reserved
-CAN-2005-1524
-	NOTE: reserved
+CAN-2005-1526 (PHP file inclusion vulnerability in config_settings.php in Cacti ...)
+	TODO: check
+CAN-2005-1525 (SQL injection vulnerability in config_settings.php for Cacti before ...)
+	TODO: check
+CAN-2005-1524 (PHP file inclusion vulnerability in top_graph_header.php in Cacti ...)
+	TODO: check
 CAN-2005-1523 (Format string vulnerability in imap4d server in GNU Mailutils 0.5 and ...)
 	{DSA-732-1}
 	- mailutils 1:0.6.1-3
@@ -2717,7 +2735,7 @@
 	NOTE: not-for-us (text.cgi)
 CAN-2005-1357 (text.cgi script allows remote attackers to read arbitrary files via a ...)
 	NOTE: not-for-us (text.cgi)
-CAN-2005-1356 (Cross-site scripting (XSS) vulnerability in includer.cgi script allows ...)
+CAN-2005-1356 (Cross-site scripting (XSS) vulnerability in includer.cgi script in The ...)
 	NOTE: not-for-us (includer.cgi)
 CAN-2005-1355 (includer.cgi in The Includer allows remote attackers to read arbitrary ...)
 	NOTE: not-for-us (includer.cgi)
@@ -2882,7 +2900,7 @@
 CAN-2005-1278 (The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 ...)
 	- tcpdump 3.8.3-4
 CAN-2005-1277
-	NOTE: reserved
+	NOTE: rejected
 CAN-2005-1276
 	NOTE: reserved
 CAN-2005-1275 (Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ...)
@@ -2908,8 +2926,7 @@
 	NOTE: reserved
 CAN-2005-1267 (The bgp_update_print function in tcpdump 3.x does not properly handle ...)
 	- tcpdump 3.9.0.cvs.20050614-1 (medium)
-CAN-2005-1266
-	NOTE: reserved
+CAN-2005-1266 (Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to ...)
 	- spamassassin (unfixed; bug #314447; medium)
 CAN-2005-1265 (The mmap function in the Linux Kernel 2.6.10 can be used to create ...)
 	- kernel-source-2.6.8 (unfixed; medium)
@@ -2948,8 +2965,8 @@
 	NOTE: not-for-us (IMail)
 CAN-2005-1251
 	NOTE: reserved
-CAN-2005-1250
-	NOTE: reserved
+CAN-2005-1250 (SQL injection vulnerability in the logon screen of the web front end ...)
+	TODO: check
 CAN-2005-1249 (The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) ...)
 	NOTE: not-for-us (IMail)
 CAN-2005-1248 (Buffer overflow in Apple iTunes before 4.8 allows remote attackers to ...)
@@ -3004,7 +3021,7 @@
 	NOTE: not-for-us (Coppermine Photo Gallery)
 CAN-2005-1225 (SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows ...)
 	NOTE: not-for-us (Coppermine Photo Gallery)
-CAN-2005-1224 (Multiple SQL injection vulnerabilities in DUportal Pro 3.4 allow ...)
+CAN-2005-1224 (Multiple SQL injection vulnerabilities in DUware DUportal Pro 3.4 ...)
 	NOTE: not-for-us (DUPortal)
 CAN-2005-1223 (Multiple SQL injection vulnerabilities in Ocean12 Calendar manager ...)
 	NOTE: not-for-us (Ocean12 Calender manager)
@@ -4266,8 +4283,8 @@
 	NOTE: not-for-us (PhotoPost)
 CAN-2005-0773
 	NOTE: reserved
-CAN-2005-0772
-	NOTE: reserved
+CAN-2005-0772 (NDMLSRVR.DLL in VERITAS Backup Exec 10.0, 10.0 SP1, and possibly ...)
+	TODO: check
 CAN-2005-0771
 	NOTE: reserved
 CAN-2005-0770 (Format string vulnerability in DataRescue Interactive Disassembler and ...)