[Secure-testing-commits] r2218 - data/CAN

Joey Hess joeyh at costa.debian.org
Thu Sep 29 09:14:22 UTC 2005 

Author: joeyh
Date: 2005-09-29 09:14:18 +0000 (Thu, 29 Sep 2005)
New Revision: 2218

Modified:
   data/CAN/list
Log:
automatic CAN database update

Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-09-29 07:33:41 UTC (rev 2217)
+++ data/CAN/list	2005-09-29 09:14:18 UTC (rev 2218)
@@ -1,3 +1,37 @@
+CAN-2005-3104 (mt-comments.cgi in Movable Type before 3.2 allows attackers to ...)
+	TODO: check
+CAN-2005-3103 (Cross-site scripting (XSS) vulnerability in Movable Type before 3.2 ...)
+	TODO: check
+CAN-2005-3102 (The administrative interface in Movable Type allows attackers to ...)
+	TODO: check
+CAN-2005-3101 (The password reset feature in Movable Type before 3.2 generates ...)
+	TODO: check
+CAN-2005-3100 (Unspecified "PPTP Remote DoS Vulnerability" in Astaro Security Linux ...)
+	TODO: check
+CAN-2005-3099 (Unspecified vulnerability in the (1) Xsun and (2) Xprt commands in ...)
+	TODO: check
+CAN-2005-3098 (poppassd in Qualcomm qpopper 4.0.8 allows local users to modify ...)
+	TODO: check
+CAN-2005-3097 (Directory traversal vulnerability in Avi Alkalay contribute.cgi (aka ...)
+	TODO: check
+CAN-2005-3096 (Avi Alkalay nslookup.cgi program, dated 16 June 2002, allows remote ...)
+	TODO: check
+CAN-2005-3095 (Avi Alkalay notify program, dated 19 Aug 2001, allows remote attackers ...)
+	TODO: check
+CAN-2005-3094 (Avi Alkalay man-cgi script allows remote attackers to execute ...)
+	TODO: check
+CAN-2005-3093 (Nokia 7610 and 3210 phones allows attackers to cause a denial of ...)
+	TODO: check
+CAN-2005-3092 (Heap-based buffer overflow in Image-Line Software FL Studio 5.0.1 ...)
+	TODO: check
+CAN-2005-3091 (Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 ...)
+	TODO: check
+CAN-2005-3090 (Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php ...)
+	TODO: check
+CAN-2005-3089 (Firefox 1.0.6 allows attackers to cause a denial of service (crash) ...)
+	TODO: check
+CAN-2005-3088
+	NOTE: reserved
 CAN-2005-XXXX [backupninja insecure temp file]
 	- backupninja 0.8-2 (medium)
 CAN-2005-XXXX [microcode.ctl downloads microcode w/o user confirmation]
@@ -201,7 +235,7 @@
 	NOT-FOR-US: YaST
 CAN-2005-3012 (The MasterDataCD::createImage function in masterdatacd.cpp for ...)
 	NOT-FOR-US: SimpleCDR-X
-CAN-2005-3011 (texindex in texinfo 4.7 and earlier allows local users to overwrite ...)
+CAN-2005-3011 (texindex in texinfo 4.8 and earlier allows local users to overwrite ...)
 	- texinfo <unfixed> (bug #328365; low)
 CAN-2005-3010 (Direct static code injection vulnerability in the flood protection ...)
 	NOT-FOR-US: CuteNews
@@ -305,8 +339,8 @@
 	RESERVED
 CAN-2005-2965
 	RESERVED
-CAN-2005-2964
-	RESERVED
+CAN-2005-2964 (Stack-based buffer overflow in AbiWord before 2.2.10 allows attackers ...)
+	TODO: check
 CAN-2005-2963 [Mod-Authshadow: Incorrect enforcement of AuthShadow when 'require group' is set]
 	RESERVED
 	- mod-auth-shadow 1.4-2 (bug #323789; medium)
@@ -1419,11 +1453,10 @@
 	- mysql-dfsg-4.1 4.1.13 (medium)
 	- mysql-dfsg-5.0 5.0.7beta-1 (medium)
 	- mysql-dfsg <unfixed> (bug #322133; medium)
-CAN-2005-2557
-	RESERVED
+CAN-2005-2557 (Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis ...)
 	{DSA-778-1}
 	- mantis 0.19.2-4 (low)
-CAN-2005-2556 (SQL injection vulnerability in Mantis before 0.19.2 allows remote ...)
+CAN-2005-2556 (core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with ...)
 	{DSA-778-1}
 	- mantis 0.19.2-4 (medium)
 CAN-2005-2555 (Linux kernel 2.6.x does not properly restrict socket policy access to ...)

More information about the Secure-testing-commits mailing list