[Secure-testing-commits] r1077 - sarge-checks/CAN
Joey Hess
joeyh@costa.debian.org
Mon, 16 May 2005 23:50:15 +0000
Author: joeyh
Date: 2005-05-16 23:50:12 +0000 (Mon, 16 May 2005)
New Revision: 1077
Modified:
sarge-checks/CAN/list
Log:
finished processing today's CANs
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-05-16 23:37:16 UTC (rev 1076)
+++ sarge-checks/CAN/list 2005-05-16 23:50:12 UTC (rev 1077)
@@ -69,30 +69,30 @@
NOTE: not-for-us (Gamespy cd-key validation system)
CAN-2005-1555 (Cross-site scripting (XSS) vulnerability in the JRun Web Server in ...)
NOTE: not-for-us (JRun)
-begin claimed by joeyh
CAN-2005-1554 (SQL injection vulnerability in view_user.php in WowBB 1.6, 1.61, and ...)
- TODO: check
+ NOTE: not-for-us (WowBB)
CAN-2005-1553 (GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0 uses a ...)
- TODO: check
+ NOTE: not-for-us (GeoVision Digital Video Surveillance System)
CAN-2005-1552 (GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0, when ...)
- TODO: check
+ NOTE: not-for-us (GeoVision Digital Video Surveillance System)
CAN-2005-1551 (Sophos Anti-Virus 3.93 does not check downloaded files for viruses ...)
- TODO: check
+ NOTE: not-for-us (Sophos Anti-Virus)
CAN-2005-1550 (easymsgb.pl in Easy Message Board allows remote attackers to execute ...)
- TODO: check
+ NOTE: not-for-us (easy message board)
CAN-2005-1549 (Directory traversal vulnerability in easymsgb.pl in Easy Message Board ...)
- TODO: check
+ NOTE: not-for-us (easy message board)
CAN-2005-1548 (SQL injection vulnerability in index.php in Advanced Guestbook 2.3.1 ...)
- TODO: check
+ NOTE: not-for-us (Advanced Guestbook)
CAN-2005-1547 (Heap-based buffer overflow in the demo version of Bakbone Netvault, ...)
- TODO: check
+ NOTE: not-for-us (Bakbone Netvault)
CAN-2005-1546 (Buffer overflow in the PE parser in HT Editor before 0.8.0 allows ...)
- TODO: check
+ NOTE: not-for-us (HT Editor)
CAN-2005-1545 (Integer overflow in the ELF parser in HT Editor before 0.8.0 allows ...)
- TODO: check
+ NOTE: not-for-us (HT Editor)
CAN-2005-1544 (Stack-based buffer overflow in libTIFF before 1.53 allows remote ...)
- TODO: check
-end claimed by joeyh
+ NOTE: CVE info about vulnerable version number is bogus
+ - tiff 3.7.2-1
+ TODO: what about tiff3g?
CAN-2005-1543
NOTE: reserved
CAN-2005-1542
@@ -116,9 +116,11 @@
CAN-2005-1533
NOTE: reserved
CAN-2005-1532 (Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly ...)
- TODO: check
+ - mozilla-firefox 1.0.4
+ - mozilla-browser 2:1.7.8
CAN-2005-1531 (Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly ...)
- TODO: check
+ - mozilla-firefox 1.0.4
+ - mozilla-browser 2:1.7.8
CAN-2005-1530
NOTE: reserved
CAN-2005-1529
@@ -142,11 +144,11 @@
CAN-2005-1520
NOTE: reserved
CAN-2005-1519 (Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered ...)
- TODO: check
+ - squid 2.5.9-9
CAN-2005-1518 (Unknown vulnerability in Solaris 7 through 9, when using Federated ...)
- TODO: check
+ NOTE: not-for-us (Solaris)
CAN-2005-1517 (Unknown vulnerability in Cisco Firewall Services Module (FWSM) 2.3.1 ...)
- TODO: check
+ NOTE: not-for-us (Cisco)
CAN-2005-XXXX [Buffer overflow in libotr]
- libotr 2.0.2-1
CAN-2005-XXXX [vpnc: config file path security hole]
@@ -154,8 +156,6 @@
- vpnc 0.3.2+SVN20050326-2
CAN-2005-XXXX [DoS security problem in gnutls]
- gnutls (unfixed; bug #309111)
-CAN-2005-XXXX [DNS response spoofing in Squid]
- - squid 2.5.9-9
CAN-2005-XXXX [Several buffer overflows in termpkg]
NOTE: Not in Sarge
- termpkg 3.3-2
@@ -163,8 +163,6 @@
- binutils (unfixed; bug #308625)
CAN-2005-XXXX [Integer overflow in gdb's ELF parsing]
- gdb (unfixed; bug #308624)
-CAN-2005-XXXX [Buffer overflow in libtiff's BitsPerSample parsing]
- - tiff 3.7.2-1
CAN-2005-XXXX [Multiple vulnerabilities in HT editor]
- ht 0.8.0-2
CAN-2005-XXXX [unrar: opens /tmp/debug_unrar.txt