[Secure-testing-commits] r639 - sarge-checks/CAN

Joey Hess joeyh@costa.debian.org
Thu, 24 Mar 2005 21:14:23 +0000


Author: joeyh
Date: 2005-03-24 21:14:20 +0000 (Thu, 24 Mar 2005)
New Revision: 639

Modified:
   sarge-checks/CAN/list
Log:
automatic CAN database update

Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-03-24 18:12:16 UTC (rev 638)
+++ sarge-checks/CAN/list	2005-03-24 21:14:20 UTC (rev 639)
@@ -1,3 +1,70 @@
+CAN-2005-0846 (Multiple cross-site scripting (XSS) vulnerabilities in the email ...)
+	TODO: check
+CAN-2005-0845 (Directory traversal vulnerability in the Webmail interface in ...)
+	TODO: check
+CAN-2005-0844 (Nortel VPN client 5.01 stores the cleartext password in the memory or ...)
+	TODO: check
+CAN-2005-0843 (CRLF injection vulnerability in search.php in Phorum 5.0.14a allows ...)
+	TODO: check
+CAN-2005-0842 (Cross-site scripting (XSS) vulnerability in index.php in Kayako ...)
+	TODO: check
+CAN-2005-0841 (SQL injection vulnerability in (1) people.php, (2) track.php, (3) ...)
+	TODO: check
+CAN-2005-0840
+	NOTE: rejected
+	TODO: check
+CAN-2005-0839 (Linux kernel 2.6 before 2.6.11 does not restrict access to the N_MOUSE ...)
+	TODO: check
+CAN-2005-0838 (Multiple buffer overflows in the XSL parser for IceCast 2.20 may allow ...)
+	TODO: check
+CAN-2005-0837 (IceCast 2.20 allows remote attackers to bypass the XSL parser and ...)
+	TODO: check
+CAN-2005-0836 (Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up ...)
+	TODO: check
+CAN-2005-0835 (The SNMP service in the Belkin 54G (F5D7130) wireless router allows ...)
+	TODO: check
+CAN-2005-0834 (Belkin 54G (F5D7130) wireless router enables SNMP by default in a ...)
+	TODO: check
+CAN-2005-0833 (Belkin 54G (F5D7130) wireless router allows remote attackers to access ...)
+	TODO: check
+CAN-2005-0832 (Cross-site scripting (XSS) vulnerability in PHP-Post before 0.33 ...)
+	TODO: check
+CAN-2005-0831 (PHP-Post allows remote attackers to spoof the names of other users by ...)
+	TODO: check
+CAN-2005-0830 (Multiple buffer overflows in Xzabite DYNDNSUpdate 0.6.15 and earlier, ...)
+	TODO: check
+CAN-2005-0829 (Cross-site scripting (XSS) vulnerability in setuser.php of the ...)
+	TODO: check
+CAN-2005-0828 (highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops ...)
+	TODO: check
+CAN-2005-0827 (Viewcat.php in (1) RUNCMS 1.1A, (2) Ciamos 0.9.2 RC1, e-Xoops 1.05 ...)
+	TODO: check
+CAN-2005-0826 (OllyDbg 1.10 and earlier allows remote attackers to cause a denial of ...)
+	TODO: check
+CAN-2005-0825 (Buffer overflow in LTris before 1.0.10 allows local users to execute ...)
+	TODO: check
+CAN-2005-0824 (The internal_dump function in Mathopd before 1.5p5, and 1.6x before ...)
+	TODO: check
+CAN-2001-1433 (Cherokee web server before 0.2.7 does not properly drop root ...)
+	TODO: check
+CAN-2001-1432 (Directory traversal vulnerability in Cherokee Web Server allows remote ...)
+	TODO: check
+CAN-2001-1431 (Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1 4.1 ...)
+	TODO: check
+CAN-2001-1430 (Cayman 3220-H DSL Router 1.0 ship without a password set, which allows ...)
+	TODO: check
+CAN-2001-1429 (Buffer overflow in mcedit in Midnight Commander 4.5.1 allows local ...)
+	TODO: check
+CAN-2001-1428 (The (1) FTP and (2) Telnet services in Beck GmbH IPC@Chip are shipped ...)
+	TODO: check
+CAN-2001-1427 (Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 ...)
+	TODO: check
+CAN-2001-1426 (Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through ...)
+	TODO: check
+CAN-2001-1425 (The challenge-response authentication of the EXPERT user for Alcatel ...)
+	TODO: check
+CAN-2001-1424 (Alcatel Speed Touch ADSL modem running firmware KHDSAA.108, ...)
+	TODO: check
 CAN-2005-XXXX [Various path disclosure and Cross-Site-Scripting issues in phpsysinfo]
 	- phpsysinfo (unfixed; bug #301118)
 CAN-2005-XXXX [Various /tmp related security issues in cernlib]
@@ -117,7 +184,6 @@
 CAN-2005-0765 (Unknown vulnerability in the JXTA dissector in Ethereal 0.10.9 allows ...)
 	- ethereal 0.10.10-1
 CAN-2005-0764 [Buffer overflow with overly long escape sequences in rxvt-unicode]
-	NOTE: reserved
 	- rxvt-unicode 5.3-1
 CAN-2005-0763
 	NOTE: reserved
@@ -258,16 +324,16 @@
 	- squid 2.5.8
 CAN-2005-0717
 	NOTE: reserved
-CAN-2005-0716
-	NOTE: reserved
-CAN-2005-0715
-	NOTE: reserved
+CAN-2005-0716 (Stack-based buffer overflow in the Core Foundation Library in Mac OS X ...)
+	TODO: check
+CAN-2005-0715 (AFP Server in Mac OS X before 10.3.8 uses insecure permissions for ...)
+	TODO: check
 CAN-2005-0714
 	NOTE: rejected
-CAN-2005-0713
-	NOTE: reserved
-CAN-2005-0712
-	NOTE: reserved
+CAN-2005-0713 (The Bluetooth Setup Assistant for Mac OS X before 10.3.8 can be ...)
+	TODO: check
+CAN-2005-0712 (Mac OS X before 10.3.8 users world-writable permissions for certain ...)
+	TODO: check
 CAN-2005-0711 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable ...)
 	- mysql-dfsg 4.0.24
 	- mysql-dfsg-4.1 4.1.10a
@@ -1624,16 +1690,16 @@
 CAN-2005-0403
 	NOTE: reserved
 CAN-2005-0402 [Arbitrary code execution from Firefox sidebar panel]
+	NOTE: reserved
 	- mozilla-firefox (unfixed; bug #301243)
+CAN-2005-0401 [Drag and drop loading of privileged XUL in Firefox]
 	NOTE: reserved
-CAN-2005-0401 [Drag and drop loading of privileged XUL in Firefox]
 	- mozilla-firefox (unfixed; bug #301243)
-	NOTE: reserved
 CAN-2005-0400
 	NOTE: reserved
 CAN-2005-0399 [GIF heap overflow parsing Netscape extension 2 in Firefox]
+	NOTE: reserved
 	- mozilla-firefox (unfixed; bug #301243)
-	NOTE: reserved
 CAN-2005-0398
 	NOTE: reserved
 	- racoon 1:0.5-5
@@ -1654,7 +1720,7 @@
 CAN-2005-0390
 	NOTE: reserved
 CAN-2005-0389
-	NOTE: reserved
+	NOTE: rejected
 	- lsh-utils 2.0-1
 CAN-2005-0388
 	NOTE: reserved