[Secure-testing-commits] r516 - sarge-checks/CAN
Joey Hess
joeyh@costa.debian.org
Thu, 03 Mar 2005 09:14:20 +0100
Author: joeyh
Date: 2005-03-03 09:14:17 +0100 (Thu, 03 Mar 2005)
New Revision: 516
Modified:
sarge-checks/CAN/list
Log:
automatic CAN database update
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-03-02 23:08:45 UTC (rev 515)
+++ sarge-checks/CAN/list 2005-03-03 08:14:17 UTC (rev 516)
@@ -1,3 +1,68 @@
+CAN-2005-0940
+ NOTE: rejected
+ TODO: check
+CAN-2005-0625 (reportbug 3.2 includes settings from .reportbugrc in bug reports, ...)
+ TODO: check
+CAN-2005-0624 (reportbug before 2.62 creates the .reportbugrc configuration file with ...)
+ TODO: check
+CAN-2005-0623 (Buffer overflow in RaidenHTTPD 1.1.32, and possibly other versions ...)
+ TODO: check
+CAN-2005-0622 (RaidenHTTPD 1.1.32, and possibly other versions before 1.1.34, allows ...)
+ TODO: check
+CAN-2005-0621 (Scrapland 1.0 and earlier allows remote attackers to cause a denial of ...)
+ TODO: check
+CAN-2005-0620 (Einstein 1.0 stores credit card information in plaintext in the ...)
+ TODO: check
+CAN-2005-0619 (Einstein 1.0.1 stores sensitive information such as usernames and ...)
+ TODO: check
+CAN-2005-0618 (The SMTP binding function in Symantec Firewall/VPN Appliance 200/200R ...)
+ TODO: check
+CAN-2005-0617 (SQL injection vulnerability in dl-search.php in PostNuke 0.750 and ...)
+ TODO: check
+CAN-2005-0616 (Multiple cross-site scripting (XSS) vulnerabilities in the Download ...)
+ TODO: check
+CAN-2005-0615 (Multiple SQL injection vulnerabilities in (1) index.php, (2) ...)
+ TODO: check
+CAN-2005-0614 (sessions.php in phpBB 2.0.12 and earlier allows remote attackers to ...)
+ TODO: check
+CAN-2005-0613 (Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, ...)
+ TODO: check
+CAN-2005-0612 (Cisco IP/VC Videoconferencing System 3510, 3520, 3525 and 3530 contain ...)
+ TODO: check
+CAN-2005-0611 (Heap-based buffer overflow in RealNetworks RealPlayer 10.5 ...)
+ TODO: check
+CAN-2005-0610
+ NOTE: reserved
+CAN-2005-0609
+ NOTE: reserved
+CAN-2005-0608 (Heap-based buffer overflow in server.cpp for WebMod 0.47 allows remote ...)
+ TODO: check
+CAN-2005-0607 (CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the ...)
+ TODO: check
+CAN-2005-0606 (Cross-site scripting (XSS) vulnerability in settings.inc.php for ...)
+ TODO: check
+CAN-2005-0605
+ NOTE: reserved
+CAN-2005-0604 (lnss.exe in GFI Languard Network Security Scanner 5.0 stores the ...)
+ TODO: check
+CAN-2005-0603 (viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to ...)
+ TODO: check
+CAN-2005-0602 (Unzip 5.51 and earlier does not properly warn the user when extracting ...)
+ TODO: check
+CAN-2005-0601 (Cisco devices running Application and Content Networking System (ACNS) ...)
+ TODO: check
+CAN-2005-0600 (Cisco devices running Application and Content Networking System (ACNS) ...)
+ TODO: check
+CAN-2005-0599 (Cisco devices running Application and Content Networking System (ACNS) ...)
+ TODO: check
+CAN-2005-0598 (The RealServer RealSubscriber on Cisco devices running Application and ...)
+ TODO: check
+CAN-2005-0597 (Cisco devices running Application and Content Networking System (ACNS) ...)
+ TODO: check
+CAN-2005-0596 (PHP 4 (PHP4) allows attackers to cause a denial of service (daemon ...)
+ TODO: check
+CAN-2005-0595 (Buffer overflow in ext.dll in BadBlue 2.55 allows remote attackers ...)
+ TODO: check
CAN-2005-0594
NOTE: reserved
CAN-2005-0593 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers ...)
@@ -6,7 +71,7 @@
CAN-2005-0592 (Heap-based buffer overflow in the UTF8ToNewUnicode function for ...)
- mozilla-firefox 1.0.1
- mozilla-browser (unfixed; bug #297619)
-CAN-2005-0591 (Firefox before 1.0.1 allows remote attackers to spoof the security and ...)
+CAN-2005-0591 (Firefox before 1.0.1 allows remote attackers to spoof the (1) security ...)
- mozilla-firefox 1.0.1
CAN-2005-0590 (The installation confirmation dialog in Firefox before 1.0.1, ...)
- mozilla-firefox 1.0.1
@@ -26,12 +91,12 @@
CAN-2005-0584 (Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the ...)
- mozilla-firefox 1.0.1
- mozilla-browser (unfixed; bug #297620)
-CAN-2005-0583
- NOTE: reserved
-CAN-2005-0582
- NOTE: reserved
-CAN-2005-0581
- NOTE: reserved
+CAN-2005-0583 (Directory traversal vulnerability in Computer Associates (CA) License ...)
+ TODO: check
+CAN-2005-0582 (Buffer overflow in Computer Associates (CA) License Client 0.1.0.15 ...)
+ TODO: check
+CAN-2005-0581 (Multiple buffer overflows in Computer Associates (CA) License Client ...)
+ TODO: check
CAN-2005-0580 (cmd5checkpw, when running setuid, does not properly drop privileges ...)
NOTE: not-for-us (cmd5checkpw)
CAN-2005-0579 (nxagent in FreeNX before 0.2.8 does not properly handle when the ...)
@@ -353,7 +418,7 @@
NOTE: not-for-us (Pinnacle ShowCenter)
CAN-2004-1698 (The Base64 function in PopMessenger 1.60 (before 20 Sep 2004) and ...)
NOTE: not-for-us (PopMessenger)
-CAN-2004-1697 (The "Forgot your Password" link in Computer Associates Unicenter ...)
+CAN-2004-1697 (The "Forgot your Password" link in Computer Associates (CA) Unicenter ...)
NOTE: not-for-u (Computer Associates Unicenter Management Portal)
CAN-2004-1696 (EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to ...)
NOTE: not-for-us (EmuLive Server4)
@@ -847,8 +912,8 @@
NOTE: not-for-us (Opera)
CAN-2004-1489 (Opera 7.54 and earlier does not properly limit an applet's access to ...)
NOTE: not-for-us (Opera)
-CAN-2005-0455
- NOTE: reserved
+CAN-2005-0455 (Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed ...)
+ TODO: check
CAN-2005-0454 (Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and earlier ...)
NOTE: not-for-us (DCP-Portal)
CAN-2005-0453 (The buffer_urldecode function in Lighttpd 1.3.7 and earlier does not ...)
@@ -1021,7 +1086,7 @@
NOTE: not-for-us (sgallery)
CAN-2005-0374 (Cross-site scripting (XSS) vulnerability in Bitboard 2.5 and earlier ...)
NOTE: not-for-us (bitboard)
-CAN-2005-0373 (Buffer overflow in digestmda5.c in Cyrus-SASL before 2.1.18-r1 allows ...)
+CAN-2005-0373 (Buffer overflow in digestmd5.c 1.170 (also referred to as ...)
NOTE: had to extract gentoo ebuild from rsync.gentoo.org to get details
NOTE: see cyrus-sasl-2.1.18-cvs-1.172.patch in there
NOTE: cyrus-sasl2 already has patch applied
@@ -1642,8 +1707,8 @@
NOTE: reserved
CAN-2005-0209
NOTE: reserved
-CAN-2005-0208
- NOTE: reserved
+CAN-2005-0208 (The HTML parsing functions in Gaim before 1.1.4 allow remote attackers ...)
+ TODO: check
CAN-2005-0207
NOTE: reserved
CAN-2005-0206 (The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 ...)
@@ -4291,10 +4356,10 @@
NOTE: not-for-us (Apple QuickTime)
CAN-2004-0430 (Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and ...)
NOTE: not-for-us (MacOS)
-CAN-2004-0429
- NOTE: reserved
-CAN-2004-0428
- NOTE: reserved
+CAN-2004-0429 (Unknown vulnerability related to "the handling of large requests" in ...)
+ TODO: check
+CAN-2004-0428 (Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS ...)
+ TODO: check
CAN-2004-0427 (The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before ...)
NOTE: fixed after 2.6.6/2.4.26 kernel
CAN-2004-0426 (rsync before 2.6.1 does not properly sanitize paths when running a ...)