[Secure-testing-commits] r1788 - data/CAN

Joey Hess joeyh at costa.debian.org
Sat Sep 3 09:14:18 UTC 2005 

Author: joeyh
Date: 2005-09-03 09:14:14 +0000 (Sat, 03 Sep 2005)
New Revision: 1788

Modified:
   data/CAN/list
Log:
automatic CAN database update

Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-09-02 21:14:17 UTC (rev 1787)
+++ data/CAN/list	2005-09-03 09:14:14 UTC (rev 1788)
@@ -1,3 +1,150 @@
+CAN-2005-2766 (Symantec AntiVirus Corporate Edition 9.0.1.x and 9.0.4.x, and possibly ...)
+	TODO: check
+CAN-2005-2765 (The user interface in the Windows Firewall does not properly display ...)
+	TODO: check
+CAN-2005-2764
+	NOTE: reserved
+CAN-2005-2763
+	NOTE: reserved
+CAN-2005-2762
+	NOTE: reserved
+CAN-2005-2760
+	NOTE: reserved
+CAN-2005-2759
+	NOTE: reserved
+CAN-2005-2758
+	NOTE: reserved
+CAN-2005-2757
+	NOTE: reserved
+CAN-2005-2756
+	NOTE: reserved
+CAN-2005-2755
+	NOTE: reserved
+CAN-2005-2754
+	NOTE: reserved
+CAN-2005-2753
+	NOTE: reserved
+CAN-2005-2752
+	NOTE: reserved
+CAN-2005-2751
+	NOTE: reserved
+CAN-2005-2750
+	NOTE: reserved
+CAN-2005-2749
+	NOTE: reserved
+CAN-2005-2748
+	NOTE: reserved
+CAN-2005-2747
+	NOTE: reserved
+CAN-2005-2746
+	NOTE: reserved
+CAN-2005-2745
+	NOTE: reserved
+CAN-2005-2744
+	NOTE: reserved
+CAN-2005-2743
+	NOTE: reserved
+CAN-2005-2742
+	NOTE: reserved
+CAN-2005-2741
+	NOTE: reserved
+CAN-2005-2740
+	NOTE: reserved
+CAN-2005-2739
+	NOTE: reserved
+CAN-2005-2738
+	NOTE: reserved
+CAN-2005-2737 (Cross-site scripting (XSS) vulnerability in PhotoPost PHP Pro 5.1 ...)
+	TODO: check
+CAN-2005-2736 (Cross-site scripting (XSS) vulnerability in YaPig 0.95 and earlier ...)
+	TODO: check
+CAN-2005-2735 (Cross-site scripting (XSS) vulnerability in phpGraphy 0.9.9a and ...)
+	TODO: check
+CAN-2005-2734 (Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and ...)
+	TODO: check
+CAN-2005-2733 (upload_img_cgi.php in Simple PHP Blog (SPHPBlog) does not properly ...)
+	TODO: check
+CAN-2005-2732 (AWStats 6.4, and possibly earlier versions, allows remote attackers to ...)
+	TODO: check
+CAN-2005-2731 (Directory traversal vulnerability in Astaro Security Linux 6.0, when ...)
+	TODO: check
+CAN-2005-2730 (The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to ...)
+	TODO: check
+CAN-2005-2729 (The HTTP proxy in Astaro Security Linux 6.0 does not properly filter ...)
+	TODO: check
+CAN-2005-2728 (The byte-range filter in Apache 2.0 before 2.0.54 allows remote ...)
+	TODO: check
+CAN-2005-2727 (Home Ftp Server 1.0.7 stores sensitive user information and server ...)
+	TODO: check
+CAN-2005-2726 (Directory traversal vulnerability in Home Ftp Server 1.0.7 allows ...)
+	TODO: check
+CAN-2005-2725 (The inputtrap utility in QNX RTOS 6.1.0, 6.3, and possibly earlier ...)
+	TODO: check
+CAN-2005-2723 (SQL injection vulnerability in auth.php in PaFileDB 3.1, when ...)
+	TODO: check
+CAN-2005-2722 (Foojan PHP Weblog allows remote attackers to obtain sensitive ...)
+	TODO: check
+CAN-2005-2721 (Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php ...)
+	TODO: check
+CAN-2005-2720 (Stack-based buffer overflow in the ACE archive decompression library ...)
+	TODO: check
+CAN-2005-2719 (Ventrilo 2.1.2 through 2.3.0 allows remote attackers to cause a denial ...)
+	TODO: check
+CAN-2005-2718 (Buffer overflow in ad_pcm.c in MPlayer 1.0pre7 and earlier allows ...)
+	TODO: check
+CAN-2005-2717 (PHP remote file inclusion vulnerability in WebCalendar before 1.0.1 ...)
+	{DSA-799-1}
+	TODO: check
+CAN-2005-2715
+	NOTE: reserved
+CAN-2005-2714
+	NOTE: reserved
+CAN-2005-2713
+	NOTE: reserved
+CAN-2005-2712
+	NOTE: reserved
+CAN-2005-2711
+	NOTE: reserved
+CAN-2005-2710
+	NOTE: reserved
+CAN-2005-2709
+	NOTE: reserved
+CAN-2005-2708
+	NOTE: reserved
+CAN-2005-2707
+	NOTE: reserved
+CAN-2005-2706
+	NOTE: reserved
+CAN-2005-2705
+	NOTE: reserved
+CAN-2005-2704
+	NOTE: reserved
+CAN-2005-2703
+	NOTE: reserved
+CAN-2005-2702
+	NOTE: reserved
+CAN-2005-2701
+	NOTE: reserved
+CAN-2005-2700
+	NOTE: reserved
+CAN-2005-2699 (admin/admin.php in PHPKit 1.6.1 allows remote authenticated ...)
+	TODO: check
+CAN-2005-2698 (Cross-site scripting (XSS) vulnerability in browse.php in Nephp ...)
+	TODO: check
+CAN-2005-2697 (SQL injection vulnerability in search.php for MyBulletinBoard (MyBB) ...)
+	TODO: check
+CAN-2005-2696 (The Lotus Notes client does not properly restrict access to password ...)
+	TODO: check
+CAN-2005-2695 (Unspecified vulnerability in the SSL certificate checking ...)
+	TODO: check
+CAN-2005-2694 (Buffer overflow in WinAce 2.6.0.5, and possibly earlier versions, ...)
+	TODO: check
+CAN-1999-1586 (loadmodule in SunOS 4.1.x, as used by xnews, does not properly ...)
+	TODO: check
+CAN-1999-1585 (The (1) rcS and (2) mountall programs in Sun Solaris 2.x, possibly ...)
+	TODO: check
+CAN-1999-1584 (Unknown vulnerability in (1) loadmodule, and (2) modload if modload is ...)
+	TODO: check
 CAN-2005-XXXX [osh buffer overflow in handlers.c]
 	NOTE: This is not the same as -13
 	- osh 1.7-14 (unfixed; bug #323424; medium)
@@ -9,7 +156,7 @@
 	- phpldapadmin 0.9.6c-7 (bug #325785; medium)
 CAN-2005-XXXX [Insecure symlink handling in smb4k]
 	- smb4k 0.6.3-1 (medium)
-CAN-2005-2724 [courier XSS vulnerabiliy]
+CAN-2005-2724 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows ...)
 	{DSA-793-1}
 	- courier 0.47-8 (medium; bug #325631)
 CAN-2005-XXXX [xattr sharing bug in kernel's ext3 code]
@@ -20,10 +167,10 @@
 CAN-2005-XXXX [polygen doesn't honor umask when creating grm.o files]
 	NOTE: Fix in -8 had problems
 	- polygen 1.0.6-9 (low)
-CAN-2005-2761 [Various XSS in phpgroupware's phpgwapi]
+CAN-2005-2761 (Cross-site scripting (XSS) vulnerability in phpGroupWare 0.9.16.000 ...)
 	{DSA-798-1}
 	- phpgroupware 0.9.16.008-1 (unknown)
-CAN-2005-2716 [Insecure usage of popen() in Affix]
+CAN-2005-2716 (The event_pin_code_request function in the btsrv daemon (btsrv.c) in ...)
 	{DSA-796-1}
 	- affix 2.1.2-3 (bug #325444; medium)
 CAN-2005-XXXX [Insecure tempfile usage in tleds]
@@ -31,7 +178,7 @@
 CAN-2005-XXXX [XSS in gallery's EXIF handling]
 	- gallery 1.5-2 (bug #325285; medium)
 	- gallery2 (unfixed; bug #325285; medium)
-CAN-2005-2693 [cvs: cvsbug temporary file bug]
+CAN-2005-2693 (cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, ...)
 	NOTE: cvs: not shipped in binary package
 	- cvs 1:1.12.9-15 (bug #325106; low)
 	- gcvs 1.0final-7 (low)
@@ -110,12 +257,11 @@
 CAN-2005-2656
 	NOTE: reserved
 	{DSA-794-1}
-CAN-2005-2655 [Privilege escalation due to insufficient privilege drop in maildrop's lockmail]
-	NOTE: reserved
+CAN-2005-2655 (lockmail in maildrop before 1.5.3 does not drop privileges before ...)
 	{DSA-791-1 DTSA-11-1}
 	- maildrop 1.5.3-1.1etch1 (medium)
-CAN-2005-2654
-	NOTE: reserved
+CAN-2005-2654 (phpldapadmin before 0.9.6c allows remote attackers to gain anonymous ...)
+	TODO: check
 CAN-2005-XXXX [cplay - still unsafe temporary file handling vulnerable to symlink attacks]
 	- cplay 1.49-8 (bug #324913; low)
 CAN-2005-XXXX [$servers[$i]['disable_anon_bind'] = true doesn't prevent anonymous to access ldap directory]
@@ -434,7 +580,7 @@
 	TODO: file/clone bugs for mozilla-browser and mozilla-thunderbird
 CAN-2005-2601 (SQL injection vulnerability in MidiCart allows remote attackers to ...)
 	NOTE: not-fur-us (MidiCart)
-CAN-2005-2600 (FUDForum 2.6.15 with "Tree View" enabled allows remote attackers to ...)
+CAN-2005-2600 (FUDForum 2.6.15 with "Tree View" enabled, as used in other products ...)
 	{DSA-798-1}
 	- egroupware-fudforum (unfixed; bug #323928; medium)
 	- phpgroupware 0.9.16.008-1 (bug #323929; medium)
@@ -851,8 +997,8 @@
 	TODO: check php5
 CAN-2005-2497
 	NOTE: reserved
-CAN-2005-2496
-	NOTE: reserved
+CAN-2005-2496 (The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option ...)
+	TODO: check
 CAN-2005-2495
 	NOTE: reserved
 CAN-2005-2494
@@ -1180,7 +1326,8 @@
 	NOTE: not-for-us (FtpLocate)
 CAN-2005-2419 (B-FOCuS Router 312+ allows remote attackers to bypass authentication ...)
 	NOTE: not-for-us (hardware issue)
-CAN-2005-2418 (Realchat 3.5.1b allows remote attackers to gain privileges by ...)
+CAN-2005-2418
+	NOTE: rejected
 	NOTE: not-for-us (Realchat)
 CAN-2005-2417 (Contrexx before 1.0.5 allows remote attackers to obtain sensitive ...)
 	NOTE: not-for-us (Contrexx)
@@ -3227,8 +3374,8 @@
 	NOTE: not-for-us (FreeBSD ipfw)
 CAN-2005-2018
 	NOTE: reserved
-CAN-2005-2017
-	NOTE: reserved
+CAN-2005-2017 (Symantec AntiVirus 9 Corporate Edition allows local users to gain ...)
+	TODO: check
 CAN-2005-2016
 	NOTE: reserved
 CAN-2005-2015
@@ -3642,7 +3789,8 @@
 	NOTE: not-for-us (C.J. Steele Tattle)
 CAN-2005-1959 (jammail.pl in jamchen JamMail 1.8 allows remote attackers to execute ...)
 	NOTE: not-for-us (JamMail)
-CAN-2005-1958 (Backup Manager 0.5.7 and earlier creates archives with insecure ...)
+CAN-2005-1958
+	NOTE: rejected
 	- backup-manager 0.5.8-1 (high)
 CAN-2005-1957 (File Upload Manager does not properly check user authentication for ...)
 	NOTE: not-for-us (File Upload Manager)
@@ -3748,8 +3896,8 @@
 CAN-2005-1916 (linki.py in ekg 2005-06-05 and earlier allows local users to overwrite ...)
 	{DSA-760-1 DTSA-4-1}
 	- ekg 1:1.5+20050712+1.6rc2-1 (low)
-CAN-2005-1915
-	NOTE: reserved
+CAN-2005-1915 (The log4sh_readProperties function in log4sh 1.2.5 and earlier allows ...)
+	TODO: check
 CAN-2005-1914 (CenterICQ 4.20.0 and earlier creates temporary files with predictable ...)
 	{DSA-754-1 DTSA-2-1}
 	- centericq 4.20.0-7 (medium)
@@ -3872,12 +4020,10 @@
 CAN-2005-1857
 	NOTE: reserved
 	{DSA-786-1}
-CAN-2005-1856 [backup-manager: Potential symlink attack through hard coded file name]
-	NOTE: reserved
+CAN-2005-1856 (The CD-burning feature in backup-manager 0.5.8 and earlier uses a ...)
 	{DSA-787-1}
 	- backup-manager 0.5.8-2 (low)
-CAN-2005-1855 [Insecure default permissions in backup-manager]
-	NOTE: reserved
+CAN-2005-1855 (Backup Manager (backup-manager) before 0.5.8 creates backup files with ...)
 	{DSA-787-1}
 	- backup-manager 0.5.8-2 (medium)
 CAN-2005-1854 (Unknown vulnerability in apt-cacher in Debian 3.1, related to "missing ...)
@@ -3912,9 +4058,9 @@
 	NOTE: reserved
 CAN-2005-1844
 	NOTE: reserved
-CAN-2005-1843 (Unknown vulnerability in VCNative for Adobe Version Cue 1.0 and 1.0.1, ...)
+CAN-2005-1843 (VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative ...)
 	NOTE: not-for-us (Windows)
-CAN-2005-1842 (Unknown vulnerability in VCNative for Adobe Version Cue 1.0 and 1.0.1, ...)
+CAN-2005-1842 (VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative ...)
 	NOTE: not-for-us (Windows)
 CAN-2005-1841 (The control for Adobe Reader 5.0.9 and 5.0.10 on Linux, Solaris, ...)
 	NOTE: not-for-us (acroread)
@@ -9077,8 +9223,8 @@
 	NOTE: see http://secunia.com/advisories/14925
 	NOTE: kde maintainers informed of it by security team
 	- kmail (unfixed; bug #305601; medium)
-CAN-2005-0403
-	NOTE: reserved
+CAN-2005-0403 (init_dev in tty_io.c in the Red Hat backport of NPTL to Red Hat ...)
+	TODO: check
 CAN-2005-0402 (Firefox before 1.0.2 allows remote attackers to execute arbitrary code ...)
 	- mozilla-firefox 1.0.2-1
 CAN-2005-0401 (FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all ...)
@@ -11703,8 +11849,8 @@
 CAN-2004-0790 (Multiple TCP/IP and ICMP implementations allow remote attackers to ...)
 	- kernel-source-2.6.8 2.6.8-16
 	- kernel-source-2.4.27 2.4.27-10
-CAN-2004-0789
-	NOTE: reserved
+CAN-2004-0789 (Multiple implementations of the DNS protocol, including (1) Poslib ...)
+	TODO: check
 CAN-2004-0788 (Integer overflow in the ICO image decoder for (1) gdk-pixbuf before ...)
 	{DSA-549-1 DSA-546-1}
 CAN-2004-0787 (Cross-site scripting (XSS) vulnerability in the web frontend in OpenCA ...)
@@ -12148,7 +12294,7 @@
 	- usermin 1.090-1
 CAN-2004-0587 (Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in ...)
 	- qla2x00-source 7.01.01-1
-CAN-2004-0586 (acpRunner ActiveX 1.2.5.0 allows remote attackers execute arbitrary ...)
+CAN-2004-0586 (acpRunner ActiveX 1.2.5.0 allows remote attackers to execute arbitrary ...)
 	NOTE: not-for-us (Windows)
 CAN-2004-0585
 	NOTE: rejected
@@ -12329,8 +12475,8 @@
 	- gaim 1:0.81-3
 CAN-2004-0499
 	NOTE: reserved
-CAN-2004-0498
-	NOTE: reserved
+CAN-2004-0498 (The H.323 protocol agent in StoneSoft firewall engine 2.2.8 and ...)
+	TODO: check
 CAN-2004-0497 (Unknown vulnerability in Linux kernel 2.x may allow local users to ...)
 	NOTE: linux kernel fchown hole, fixed in all current kernels
 CAN-2004-0496 (Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users ...)
@@ -18917,7 +19063,8 @@
 CAN-1999-0285 (Denial of service in telnet from the Windows NT Resource Kit, by ...)
 CAN-1999-0284 (Denial of service to NT mail servers including Ipswitch, Mdaemon, and ...)
 CAN-1999-0283 (The Java Web Server would allow remote users to obtain the source ...)
-CAN-1999-0282 (Vulnerabilities in loadmodule and modload programs in SunOS and ...)
+CAN-1999-0282
+	NOTE: rejected
 CAN-1999-0271 (Progressive Networks Real Video server (pnserver) can be crashed remotely. ...)
 CAN-1999-0261 (Netmanager Chameleon SMTPd has several buffer overflows that cause a crash. ...)
 CAN-1999-0258 (Bonk variation of teardrop IP fragmentation denial of service. ...)

More information about the Secure-testing-commits mailing list