[Secure-testing-commits] r2050 - data/CAN

Joey Hess joeyh at costa.debian.org
Tue Sep 20 09:14:22 UTC 2005 

Author: joeyh
Date: 2005-09-20 09:14:18 +0000 (Tue, 20 Sep 2005)
New Revision: 2050

Modified:
   data/CAN/list
Log:
automatic CAN database update

Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-09-20 06:59:19 UTC (rev 2049)
+++ data/CAN/list	2005-09-20 09:14:18 UTC (rev 2050)
@@ -1,8 +1,224 @@
-CAN-2005-2945 [insecure temporary file handling in arc]
+CAN-2005-2990 (AuthInfo.java in LineContol Java Client (jlc) before 0.8.1 stores ...)
+	TODO: check
+CAN-2005-2989 (Multiple SQL injection vulnerabilities in DeluxeBB 1.0 and 1.0.5 allow ...)
+	TODO: check
+CAN-2005-2988 (HP LaserJet 2430, and possibly other printers that use Jetdirect ...)
+	TODO: check
+CAN-2005-2987 (SQL injection vulnerability in login.php in Digital Scribe 1.4 allows ...)
+	TODO: check
+CAN-2005-2986 (The v3flt2k.sys driver in AhnLab V3Pro 2004 Build 6.0.0.383, V3 ...)
+	TODO: check
+CAN-2005-2985 (SQL injection vulnerability in search_result.php in AEwebworks ...)
+	TODO: check
+CAN-2005-2984 (Avocent CCM console server running firmware 2.1 CCM4850 allows remote ...)
+	TODO: check
+CAN-2005-2983 (SQL injection vulnerability in Oracle Reports that use Lexical ...)
+	TODO: check
+CAN-2005-2982 (Cross-site scripting (XSS) vulnerability in CompaqHTTPServer 2.1 ...)
+	TODO: check
+CAN-2005-2981 (Cross-site scripting (XSS) vulnerability in Orion 1.3.8 and 1.4.5 ...)
+	TODO: check
+CAN-2005-2980 (Cross-site scripting (XSS) vulnerability in index.php in ...)
+	TODO: check
+CAN-2005-2979 (SQL injection vulnerability in index.php in phpoutsourcing Noah's ...)
+	TODO: check
+CAN-2005-2978
+	NOTE: reserved
+CAN-2005-2977
+	NOTE: reserved
+CAN-2005-2976
+	NOTE: reserved
+CAN-2005-2975
+	NOTE: reserved
+CAN-2005-2974
+	NOTE: reserved
+CAN-2005-2973
+	NOTE: reserved
+CAN-2005-2972
+	NOTE: reserved
+CAN-2005-2971
+	NOTE: reserved
+CAN-2005-2970
+	NOTE: reserved
+CAN-2005-2969
+	NOTE: reserved
+CAN-2005-2968
+	NOTE: reserved
+CAN-2005-2967
+	NOTE: reserved
+CAN-2005-2966
+	NOTE: reserved
+CAN-2005-2965
+	NOTE: reserved
+CAN-2005-2964
+	NOTE: reserved
+CAN-2005-2963
+	NOTE: reserved
+CAN-2005-2962
+	NOTE: reserved
+CAN-2005-2961
+	NOTE: reserved
+CAN-2005-2960
+	NOTE: reserved
+CAN-2005-2959
+	NOTE: reserved
+CAN-2005-2958
+	NOTE: reserved
+CAN-2005-2957 (Stack-based buffer overflow in AVIRA Desktop for Windows 1.00.00.68 ...)
+	TODO: check
+CAN-2005-2956 (ATutor 1.5.1, and possibly earlier versions, stores sensitive data ...)
+	TODO: check
+CAN-2005-2955 (config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an ...)
+	TODO: check
+CAN-2005-2954 (SQL injection vulnerability in password_reminder.php in ATutor before ...)
+	TODO: check
+CAN-2005-2953 (Cross-site scripting (XSS) vulnerability in merchant.mvc in MIVA ...)
+	TODO: check
+CAN-2005-2952 (Directory traversal vulnerability in s.pl in Subscribe Me Pro ...)
+	TODO: check
+CAN-2005-2951 (Directory traversal vulnerability in security.inc.php in ...)
+	TODO: check
+CAN-2005-2950 (Cross-site scripting (XSS) vulnerability in Sawmill 7.0.0 through ...)
+	TODO: check
+CAN-2005-2949 (pam_per_user before 0.4 does not verify if the user name changes ...)
+	TODO: check
+CAN-2005-2948 (KillProcess 2.20 and earlier allows local users to bypass kill list ...)
+	TODO: check
+CAN-2005-2947 (Buffer overflow in KillProcess 2.20 and earlier allows user-complicit ...)
+	TODO: check
+CAN-2005-2946 (The default configuration on OpenSSL before 0.9.8 uses MD5 for ...)
+	TODO: check
+CAN-2005-2944 (The perform_file_save function in GNOME Workstation Command Center ...)
+	TODO: check
+CAN-2005-2943
+	NOTE: reserved
+CAN-2005-2942
+	NOTE: reserved
+CAN-2005-2941
+	NOTE: reserved
+CAN-2005-2940
+	NOTE: reserved
+CAN-2005-2939
+	NOTE: reserved
+CAN-2005-2938
+	NOTE: reserved
+CAN-2005-2937
+	NOTE: reserved
+CAN-2005-2936
+	NOTE: reserved
+CAN-2005-2935 (AntiSpywareMain.exe in Microsoft AntiSpyware does not quote the C ...)
+	TODO: check
+CAN-2005-2934
+	NOTE: reserved
+CAN-2005-2933
+	NOTE: reserved
+CAN-2005-2932
+	NOTE: reserved
+CAN-2005-2931
+	NOTE: reserved
+CAN-2005-2930
+	NOTE: reserved
+CAN-2005-2929
+	NOTE: reserved
+CAN-2005-2928
+	NOTE: reserved
+CAN-2005-2927
+	NOTE: reserved
+CAN-2005-2926
+	NOTE: reserved
+CAN-2005-2925
+	NOTE: reserved
+CAN-2005-2924
+	NOTE: reserved
+CAN-2005-2923
+	NOTE: reserved
+CAN-2005-2922
+	NOTE: reserved
+CAN-2005-2921
+	NOTE: reserved
+CAN-2005-2916 (Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions ...)
+	TODO: check
+CAN-2005-2915 (ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default ...)
+	TODO: check
+CAN-2005-2914 (ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default ...)
+	TODO: check
+CAN-2005-2913
+	NOTE: rejected
+	TODO: check
+CAN-2005-2912 (Linksys WRT54G router allows remote attackers to cause a denial of ...)
+	TODO: check
+CAN-2005-2911
+	NOTE: reserved
+CAN-2005-2910
+	NOTE: reserved
+CAN-2005-2909
+	NOTE: reserved
+CAN-2005-2908
+	NOTE: reserved
+CAN-2005-2907
+	NOTE: reserved
+CAN-2005-2906
+	NOTE: reserved
+CAN-2005-2905
+	NOTE: reserved
+CAN-2005-2904 (Zebedee 2.4.1, when "allowed redirection port" is not set, allows ...)
+	TODO: check
+CAN-2005-2903 (Heap-based buffer overflow in NOD32 2.5 with nod32.002 1.033 build ...)
+	TODO: check
+CAN-2005-2902 (SQL injection vulnerability in class-1 Forum Software 0.24.4 allows ...)
+	TODO: check
+CAN-2005-2901 (Multiple Cross-site scripting (XSS) vulnerabilities in CjWeb2Mail 3.0 ...)
+	TODO: check
+CAN-2005-2900 (Cross-site scripting (XSS) vulnerability in top.php in CjLinkOut 1.0 ...)
+	TODO: check
+CAN-2005-2899 (Multiple cross-site scripting (XSS) vulnerabilities in details.php in ...)
+	TODO: check
+CAN-2005-2898 (** DISPUTED ** ...)
+	TODO: check
+CAN-2005-2897 (WEB//NEWS 1.4 allows remote attackers to obtain sensitive information ...)
+	TODO: check
+CAN-2005-2896 (SQL injection vulnerability in WEB//NEWS 1.4 allows remote attackers ...)
+	TODO: check
+CAN-2005-2895 (setcookie.php in PBLang 4.65, and possibly earlier versions, allows ...)
+	TODO: check
+CAN-2005-2894 (Cross-site scripting (XSS) vulnerability in the user registration in ...)
+	TODO: check
+CAN-2005-2893 (Direct static code injection vulnerability in setcookie.php in PBLang ...)
+	TODO: check
+CAN-2005-2892 (Directory traversal vulnerability in setcookie.php in PBLang 4.65, and ...)
+	TODO: check
+CAN-2005-2891 (WebArchiveX.dll 5.5.0.76 installed before September 6th, 2005 is ...)
+	TODO: check
+CAN-2005-2890 (SecureOL VE2 1.05.1008 does not properly restrict public access to ...)
+	TODO: check
+CAN-2005-2889 (Check Point NGX R60 does not properly verify packets against the ...)
+	TODO: check
+CAN-2005-2888 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) ...)
+	TODO: check
+CAN-2005-2887 (MAXdev MD-Pro 1.0.73, and possibly earlier versions, allows remote ...)
+	TODO: check
+CAN-2005-2886 (Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro ...)
+	TODO: check
+CAN-2005-2885 (The Downloads page in MAXdev MD-Pro 1.0.73, and possibly earlier ...)
+	TODO: check
+CAN-2005-2884 (Cross-site scripting (XSS) vulnerability in events.php in Land Down ...)
+	TODO: check
+CAN-2005-2883 (Cross-site scripting (XSS) vulnerability in Unclassified NewsBoard ...)
+	TODO: check
+CAN-2005-2882 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CAN-2005-2881 (phpCommunityCalendar 4.0.3 allows remote attackers to bypass ...)
+	TODO: check
+CAN-2005-2880 (Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3, ...)
+	TODO: check
+CAN-2005-2879 (Advansysperu Software USB Lock Auto-Protect (AP) 1.5 uses a weak ...)
+	TODO: check
+CAN-2005-2945 (arc 5.21j and earlier create temporary files with world-readable ...)
 	- arc (unfixed; bug #329053; low)
 CAN-2005-XXXX [insecure temporary file handling in ncompress]
 	- ncompress (unfixed; bug #329052; unimportant)
 CAN-2005-2917 [DoS vulnerability in squid's NMTL auth code]
+	NOTE: reserved
 	- squid 2.5.10-6 (unknown)
 CAN-2005-XXXX [user password file created by gajim is world-redable]
 	- gajim 0.8.2-1 (bug #325080; low)
@@ -20,16 +236,17 @@
 CAN-2005-XXXX [texinfo: /tmp race condition when processing large input files]
 	- texinfo (unfixed; bug #328365; low)
 CAN-2005-2920 [clamav: libclamav/upx.c: fix possible buffer overflow.]
+	NOTE: reserved
 	- clamav 0.87-1 (bug #328660; medium)
 CAN-2005-2919 [clamav: libclamav/fsg.c: fix possible infinite loop.]
+	NOTE: reserved
 	- clamav 0.87-1 (bug #328660; medium)
-CAN-2005-2918 [/tmp race condition in gtkdiskfree 1.9.3 and earlier]
+CAN-2005-2918 (The open_cmd_tube function in mount.c for gtkdiskfree 1.9.3 and ...)
 	- gtkdiskfree (bug #328566; low)
 CAN-2005-XXXX [Two local kernel DoS through incorrect ioctl refcounter handling]
 	TODO: Pinged Horms for 2.4
 	- linux-2.6 (unfixed; medium)
-CAN-2005-2877 [Shell command injection in twiki via rev arguments]
-	NOTE: reserved
+CAN-2005-2877 (The history (revision control) function in TWiki 02-Sep-2004 and ...)
 	NOTE: proactively fixed by the robustness patch
 	- twiki 20040902-2
 CAN-2005-2876 (umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2 allows ...)
@@ -41,7 +258,7 @@
 	- cupsys 1.1.23-1 (unknown)
 CAN-2005-XXXX [snort vulnerable to DoS attack]
 	- snort (unfixed; bug #328134; low)
-CAN-2005-2871 (Buffer overflow in Mozilla Firefox 1.0.6 and earlier allows remote ...)
+CAN-2005-2871 (Buffer overflow in the International Domain Name (IDN) support in ...)
 	- mozilla-firefox 1.0.6-5 (medium)
 	- mozilla (unfixed; bug #327455; medium)
 	- mozilla-thunderbird (unfixed; medium)
@@ -192,8 +409,8 @@
 	- hiki 0.8.3-1
 CAN-2005-2800 (Memory leak in the seq_file implemenetation in the SCSI procfs ...)
 	- linux-2.6 2.6.12-6 (low)
-CAN-2005-2799
-	NOTE: reserved
+CAN-2005-2799 (Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and ...)
+	TODO: check
 CAN-2005-2798 (sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, ...)
 	- openssh 1:4.2p1-1 (bug #326065; medium)
 	- openssh-krb5 (unfixed; bug #327233; medium)
@@ -517,12 +734,10 @@
 	NOTE: reserved
 CAN-2005-2659
 	NOTE: reserved
-CAN-2005-2658 [Buffer overflow in turqstat's date parser]
-	NOTE: reserved
+CAN-2005-2658 (Buffer overflow in utility.cpp in Turquoise SuperStat (turqstat) 2.2.4 ...)
 	{DSA-812-1}
 	- turqstat 2.2.4-1 (unknown)
-CAN-2005-2657
-	NOTE: reserved
+CAN-2005-2657 (Unknown vulnerability in common-lisp-controller 4.18 and earlier ...)
 	{DSA-811-1}
 CAN-2005-2656 (Polygen before 1.0.6 generates precompiled grammar objects with ...)
 	{DSA-794-1}
@@ -909,7 +1124,7 @@
 	NOTE: not-for-us (XMB Forum)
 CAN-2005-2574 (xmb.php in XMB Forum 1.9.1 extracts and defines all provided ...)
 	NOTE: not-for-us (XMB Forum)
-CAN-2005-2573 (MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, ...)
+CAN-2005-2573 (The mysql_create_function function in sql_udf.cc for MySQL 4.0 before ...)
 	- mysql not-affected (Windows specific mysql holes)
 	- mysql-4.1 not-affected (Windows specific mysql holes)
 	- mysql-5.0 not-affected (Windows specific mysql holes)
@@ -1164,7 +1379,7 @@
 	NOTE: not-for-us (Integrated Light Out in HP servers)
 CAN-2005-2551 (Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 ...)
 	NOTE: not-for-us (Novell eDirectory)
-CAN-2005-2547 (security.c in hcid for BlueZ 2.18 and earlier allows remote attackers ...)
+CAN-2005-2547 (security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote ...)
 	{DSA-782-1 DTSA-9-1}
 	- bluez-utils 2.19-0.1etch1 (bug #323365; medium)
 CAN-2005-2546 (Arab Portal 2.0 allows remote attackers to obtain sensitive ...)
@@ -1281,15 +1496,13 @@
 	{DSA-801-1}
 	NOTE: I suspect DSA-801 is fixed by the non-root patches from Ubuntu??
 	- 1:4.2.0a+stable-2sarge1 (medium)
-CAN-2005-2495 [Buffer overflow in x.org's pixmap allocation]
-	NOTE: reserved
+CAN-2005-2495 (Multiple integer overflows in XFree86 before 4.3.0 allow ...)
 	- xorg-x11 6.8.2.dfsg.1-7 (medium)
 CAN-2005-2494 (kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain root ...)
 	- kdebase 4:3.4.2-3 (bug #327039; medium)
 CAN-2005-2493
 	NOTE: reserved
-CAN-2005-2492 [Linux kernel sendmsg() DoS/information disclosure]
-	NOTE: reserved
+CAN-2005-2492 (The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 ...)
 	- linux-2.6 (unfixed; bug #327416; medium)
 CAN-2005-2491 (Integer overflow in pcre_compile.c in Perl Compatible Regular ...)
 	{DSA-800-1 DTSA-10-1}
@@ -1299,8 +1512,7 @@
 	- python2.1 2.1.3dfsg-3 (medium)
 	- python2.2 2.2.3dfsg-4 (medium)
 	- python2.3 2.3.5-8 (medium)
-CAN-2005-2490 [amd64 specific local privilege escalation in sendmsg() from Linux kernel]
-	NOTE: reserved
+CAN-2005-2490 (Stack-based buffer overflow in the sendmsg function call in the Linux ...)
 	- linux-2.6 (unfixed; bug #327416; medium)
 CAN-2004-2302 (Race condition in the sysfs_read_file and sysfs_write_file functions ...)
 	{DTSA-16-1}
@@ -4203,8 +4415,7 @@
 CAN-2005-1914 (CenterICQ 4.20.0 and earlier creates temporary files with predictable ...)
 	{DSA-754-1 DTSA-2-1}
 	- centericq 4.20.0-7 (medium)
-CAN-2005-1913 [DoS: in Linux kernel: Clean up subthread exec]
-	NOTE: reserved
+CAN-2005-1913 (The Linux kernel 2.6 before 2.6.12.1 allows local users to cause a ...)
 	{DTSA-16-1}
 	- linux-2.6 2.6.12-1 (medium)
 	- kernel-source-2.6.11 2.6.11-6 (medium)
@@ -4528,7 +4739,7 @@
 	- squirrelmail 2:1.4.4-6 (bug #314374; medium)
 CAN-2005-1768 (Race condition in the ia32 compatibility code for the execve system ...)
 	- kernel-source-2.4.27 2.4.27-11 (medium; bug #319629)
-CAN-2005-1767 (Unknown vulnerability in the Linux kernel 2.6.x and 2.4.x allows local ...)
+CAN-2005-1767 (traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment ...)
 	NOTE: linux-2.6 not affected (already fixed)
 	- kernel-source-2.4.27 2.4.27-11 (unknown)
 CAN-2005-1766 (Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 ...)
@@ -4555,7 +4766,7 @@
 	- kernel-source-2.6.8 2.6.8-17
 	- kernel-source-2.6.8 2.6.8-16sarge1
 	- kernel-source-2.4.27 2.4.27-11
-CAN-2005-1761 (Unknown vulnerability in the Linux kernel allows local users to cause ...)
+CAN-2005-1761 (Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users ...)
 	{DTSA-16-1}
 	- linux-2.6 2.6.12-1 (medium)
 	- kernel-source-2.6.11 2.6.11-6 (medium)
@@ -11741,7 +11952,7 @@
 	NOTE: not shipped in deb
 	- krb5 (unfixed; bug #278271; low)
 	- arla 0.36.2-11
-CAN-2004-0970 (The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package in ...)
+CAN-2004-0970 (The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as ...)
 	{DSA-588-1}
 	NOTE: sarge is not vulnerable as our version uses set -C
 CAN-2004-0969 (The groffer script in the Groff package 1.18 and later versions, as ...)

More information about the Secure-testing-commits mailing list