[Secure-testing-commits] r1787 - data/CAN

Fri Sep 2 21:14:21 UTC 2005

Author: joeyh
Date: 2005-09-02 21:14:17 +0000 (Fri, 02 Sep 2005)
New Revision: 1787

Modified:
   data/CAN/list
Log:
automatic CAN database update

Modified: data/CAN/list
===================================================================

--- data/CAN/list	2005-09-02 14:03:45 UTC (rev 1786)
+++ data/CAN/list	2005-09-02 21:14:17 UTC (rev 1787)
@@ -21,8 +21,10 @@
 	NOTE: Fix in -8 had problems
 	- polygen 1.0.6-9 (low)
 CAN-2005-2761 [Various XSS in phpgroupware's phpgwapi]
+	{DSA-798-1}
 	- phpgroupware 0.9.16.008-1 (unknown)
 CAN-2005-2716 [Insecure usage of popen() in Affix]
+	{DSA-796-1}
 	- affix 2.1.2-3 (bug #325444; medium)
 CAN-2005-XXXX [Insecure tempfile usage in tleds]
 	- tleds 1.05beta10-9 (bug# 276789; low)
@@ -107,6 +109,7 @@
 	NOTE: reserved
 CAN-2005-2656
 	NOTE: reserved
+	{DSA-794-1}
 CAN-2005-2655 [Privilege escalation due to insufficient privilege drop in maildrop's lockmail]
 	NOTE: reserved
 	{DSA-791-1 DTSA-11-1}
@@ -432,6 +435,7 @@
 CAN-2005-2601 (SQL injection vulnerability in MidiCart allows remote attackers to ...)
 	NOTE: not-fur-us (MidiCart)
 CAN-2005-2600 (FUDForum 2.6.15 with &quot;Tree View&quot; enabled allows remote attackers to ...)
+	{DSA-798-1}
 	- egroupware-fudforum (unfixed; bug #323928; medium)
 	- phpgroupware 0.9.16.008-1 (bug #323929; medium)
 CAN-2005-2599 (Hummingbird FTP for Connectivity 10.0 uses weak encryption (trivial ...)
@@ -838,7 +842,7 @@
 CAN-2005-2499 (slocate before 2.7 does not properly process very long paths, which ...)
 	- slocate (unfixed; bug #324951; low)
 CAN-2005-2498 (Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR ...)
-	{DSA-789-1}
+	{DSA-798-1 DSA-789-1}
 	- drupal 4.5.5-1 (bug #323347; high)
 	- phpgroupware 0.9.16.008-1 (unfixed; bug #323349; high)
 	- egroupware 1.0.0.009.dfsg-1 (bug #323350; high)
@@ -858,7 +862,7 @@
 CAN-2005-2492
 	NOTE: reserved
 CAN-2005-2491 (Integer overflow in pcre_compile.c in Perl Compatible Regular ...)
-	{DTSA-10-1}
+	{DSA-800-1 DTSA-10-1}
 	- pcre3 6.3-0.1etch1 (bug #324531; medium)
 	TODO: gnumeric seems to embed a copy of PCRE, check
 	- python2.1 2.1.3dfsg-3 (medium)
@@ -1274,6 +1278,7 @@
 CAN-2005-2391 (Unknown vulnerability in 3Com OfficeConnect Wireless 11g Access Point ...)
 	NOTE: not-for-us (3Com OfficeConnect Wireless 11g AP)
 CAN-2005-2390 (Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 ...)
+	{DSA-795-1}
 	- proftpd 1.2.10-20 (low)
 	NOTE: ftpshut fixed in -19, SQLShowInfo in -20
 CAN-2005-2389 (NDMP server in Veritas NetBackup 5.1 allows attackers to cause a ...)
@@ -2555,7 +2560,7 @@
 	{DTSA-5-1}
 	- gaim 1:1.4.0-5 (medium)
 CAN-2005-2101 (langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in ...)
-        - kdeedu 4:3.4.2-1 (low)
+	- kdeedu 4:3.4.2-1 (low)
 CAN-2005-2100
 	NOTE: reserved
 CAN-2005-2099 (The Linux kernel before 2.6.12.5 does not properly destroy a keyring ...)
@@ -2574,7 +2579,7 @@
 	- cupsys (unfixed; bug #324464; low)
 	- poppler 0.4.0-1 (low)
 CAN-2005-2096 (Buffer overflow in zlib 1.2 and later versions allows remote attackers ...)
-	{DSA-740-1}
+	{DSA-797-1 DSA-740-1}
 	NOTE: Several packages ship embedded copies of zlib, there are a lot probably more
 	NOTE: Florian Weimer is doing a comprehensive audit using clamav
 	NOTE: to search for static zlib signatures in binaries in Debian
@@ -3893,7 +3898,7 @@
 	{DSA-760-1 DTSA-4-1}
 	- ekg 1:1.5+20050712+1.6rc2-1 (low)
 CAN-2005-1849 (inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of ...)
-	{DSA-763-1}
+	{DSA-797-1 DSA-763-1}
 	NOTE: This is only contrib code not built in the binary packages AFAIK
 	- zlib 1:1.2.3-1 (low)
 CAN-2005-1848 (The dhcpcd DHCP client before 1.3.22 allows remote attackers to cause ...)


