[Secure-testing-commits] r2457 - data/CAN

Joey Hess joeyh at costa.debian.org
Wed Oct 19 21:14:22 UTC 2005 

Author: joeyh
Date: 2005-10-19 21:14:18 +0000 (Wed, 19 Oct 2005)
New Revision: 2457

Modified:
   data/CAN/list
Log:
automatic update

Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-10-19 20:42:23 UTC (rev 2456)
+++ data/CAN/list	2005-10-19 21:14:18 UTC (rev 2457)
@@ -1,3 +1,9 @@
+CAN-2005-3256 (The key selection dialogue in Enigmail before 0.92.1 can incorrectly ...)
+	TODO: check
+CAN-2005-3253
+	RESERVED
+CAN-2005-3252 (Stack-based buffer overflow in the Back Orifice (BO) preprocessor for ...)
+	TODO: check
 CAN-2005-XXXX [buffer overflow in snort's bo preprocessor]
 	- snort <not-affected> (Vulnerable code was introduced later)
 	NOTE: See bug #334606
@@ -27,7 +33,7 @@
 	RESERVED
 CAN-2005-3238 (Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket Option ...)
 	NOT-FOR-US: Solaris
-CAN-2005-3257 [local root via loadkeys]
+CAN-2005-3257 (The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12 allows local ...)
 	- linux-2.6 <unfixed> (bug #334113; medium)
 	- kernel-source-2.4.27 <unfixed> (medium)
 CAN-2005-3237 (Cross-site scripting (XSS) vulnerability in Cyphor 0.19 allows remote ...)
@@ -743,8 +749,7 @@
 	NOT-FOR-US: phpoutsourcing Noah's classifieds
 CAN-2005-2979 (SQL injection vulnerability in index.php in phpoutsourcing Noah's ...)
 	NOT-FOR-US: phpoutsourcing Noah's classifieds
-CAN-2005-2978 [Buffer overflow in netpbm's pnmtopng]
-	RESERVED
+CAN-2005-2978 (pnmtopng in netpbm before 10.25, when using the -trans option, uses ...)
 	- netpbm-free 2:10.0-10
 CAN-2005-2977
 	RESERVED
@@ -764,8 +769,7 @@
 	- koffice 1:1.3.5-5 (bug #333497; medium)
 CAN-2005-2970
 	RESERVED
-CAN-2005-2969 [openssl: Potential SSL2 fallback]
-	RESERVED
+CAN-2005-2969 (The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and ...)
 	- openssl 0.9.8-3 (bug #333500; low)
 	- openssl097 0.9.7g-5 (bug #333500; low)
 	- openssl094 <removed>
@@ -2479,9 +2483,9 @@
 	- fftw3 3.0.1-12 (low; bug #321566)
 CAN-2005-XXXX [clamav-getfile: Insecure use of temporary files]
 	- clamav-getfiles 0.5-1 (bug #321446; medium)
-CAN-2005-3254 [cgiwrap: Minimum UID does not include all system users]
+CAN-2005-3254 (The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect ...)
 	- cgiwrap 3.9-3.1 (bug #316881; low)
-CAN-2005-3255 [cgiwrap: CGIs can be used to disclose system information]
+CAN-2005-3255 (The (1) cgiwrap and (2) php-cgiwrap packages before 3.9 in Debian ...)
 	- cgiwrap 3.9-3.1 (bug #316901; low)
 CAN-2004-2162 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow ...)
 	- tutos 1.1.20031017-2.1 (bug #318633; medium)

More information about the Secure-testing-commits mailing list