Author: jmm-guest
Date: 2005-10-02 17:39:39 +0000 (Sun, 02 Oct 2005)
New Revision: 2269
Modified:
data/CAN/list
Log:
another batch of bugnums + two older issues
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-10-02 16:37:59 UTC (rev 2268)
+++ data/CAN/list 2005-10-02 17:39:39 UTC (rev 2269)
@@ -1,3 +1,9 @@
+CAN-2004-XXXX [Local root exploit in calife]
+ TODO: Can someone read French? Then please rewrite the the title with
+ TODO: according to the information in the bug
+ - calife 2.8.6-1 (bug #235157)
+CAN-2005-XXXX [DoS triggering endless loops in findutils -follow option]
+ - findutils 4.2.22-1 (bug #313081)
CAN-2005-XXXX [Two information disclosure vulnerabilities in Bugzilla]
- bugzilla <unfixed> (bug filed; medium)
CAN-2005-XXXX [Arbitrary code execution in import of SVG files in dia]
@@ -1105,7 +1111,7 @@
CAN-2005-2644 (Buffer overflow in JaguarEditControl.dll in Isemarket
JaguarControl ...)
NOT-FOR-US: JaguarControl
CAN-2005-2643 (Tor 0.1.0.13 and earlier, and experimental versions
0.1.1.4-alpha and ...)
- - tor 0.1.0.14-1 (medium)
+ - tor 0.1.0.14-1 (bug #323786; medium)
CAN-2005-2642 (Buffer overflow in the mutt_decode_xbit function in Handler.c
for Mutt ...)
- mutt <unfixed> (bug #323956; high)
NOTE: Status is not clear; upstream is unresponsive.
@@ -2468,7 +2474,7 @@
NOT-FOR-US: MailEnable
CAN-2005-2277 (Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0
allows ...)
{DSA-762-1}
- - affix 2.1.2-2 (medium)
+ - affix 2.1.2-2 (bug #318328; medium)
CAN-2005-2276 (Cross-site scripting (XSS) vulnerability in Novell Groupwise
WebAccess ...)
NOT-FOR-US: Novell Groupwise WebAccess
CAN-2004-2284 (The read_list_from_file function in vacation.pl for OpenWebmail
before ...)
@@ -2659,49 +2665,49 @@
CAN-2005-2270 (Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly
clone ...)
{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
- mozilla-firefox 1.0.4-2sarge3 (high)
- - mozilla 2:1.7.8-1sarge2 (high)
- - mozilla-thunderbird 1.0.6-1 (high)
+ - mozilla 2:1.7.8-1sarge2 (bug #318062; high)
+ - mozilla-thunderbird 1.0.6-1 (bug #318728; high)
CAN-2005-2269 (Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2
does ...)
{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
- mozilla-firefox 1.0.4-2sarge3 (high)
- - mozilla 2:1.7.8-1sarge2 (medium)
- - mozilla-thunderbird 1.0.6-1 (medium)
+ - mozilla 2:1.7.8-1sarge2 (bug #318062; medium)
+ - mozilla-thunderbird 1.0.6-1 (bug #318728; medium)
CAN-2005-2268 (Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly
...)
{DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1}
- mozilla-firefox 1.0.4-2sarge3 (medium)
- - mozilla 2:1.7.8-1sarge2 (medium)
+ - mozilla 2:1.7.8-1sarge2 (bug #318062; medium)
CAN-2005-2267 (Firefox before 1.0.5 allows remote attackers to steal
information and ...)
{DSA-779-2 DSA-779-1 DTSA-8-2}
- mozilla-firefox 1.0.4-2sarge3 (medium)
CAN-2005-2266 (Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child
frame to ...)
{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
- mozilla-firefox 1.0.4-2sarge3 (medium)
- - mozilla 2:1.7.8-1sarge2 (medium)
- - mozilla-thunderbird 1.0.6-1 (low)
+ - mozilla 2:1.7.8-1sarge2 (bug #318062; medium)
+ - mozilla-thunderbird 1.0.6-1 (bug #318728; low)
CAN-2005-2265 (Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2
and 7.2 ...)
{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
- mozilla-firefox 1.0.4-2sarge3 (high)
- - mozilla 2:1.7.8-1sarge2 (medium)
- - mozilla-thunderbird 1.0.6-1 (medium)
+ - mozilla 2:1.7.8-1sarge2 (bug #318062; medium)
+ - mozilla-thunderbird 1.0.6-1 (bug #318728; medium)
CAN-2005-2264 (Firefox before 1.0.5 allows remote attackers to steal sensitive
...)
{DSA-779-2 DSA-779-1 DTSA-8-2}
- mozilla-firefox 1.0.4-2sarge3 (medium)
CAN-2005-2263 (The InstallTrigger.install method in Firefox before 1.0.5 and
Mozilla ...)
{DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1}
- mozilla-firefox 1.0.4-2sarge3 (medium)
- - mozilla 2:1.7.8-1sarge2 (medium)
+ - mozilla 2:1.7.8-1sarge2 (bug #318062; medium)
CAN-2005-2262 (Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote
attackers ...)
{DSA-779-2 DSA-779-1 DTSA-8-2}
- mozilla-firefox 1.0.4-2sarge3 (medium)
CAN-2005-2261 (Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before
1.7.9, ...)
{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
- mozilla-firefox 1.0.4-2sarge3 (medium)
- - mozilla 2:1.7.8-1sarge2 (medium)
- - mozilla-thunderbird 1.0.6-1 (medium)
+ - mozilla 2:1.7.8-1sarge2 (bug #318062; medium)
+ - mozilla-thunderbird 1.0.6-1 (bug #318728; medium)
CAN-2005-2260 (The browser user interface in Firefox before 1.0.5, Mozilla
before ...)
{DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1}
- mozilla-firefox 1.0.4-2sarge3 (medium)
- - mozilla 2:1.7.8-1sarge2 (medium)
+ - mozilla 2:1.7.8-1sarge2 (bug #318062; medium)
CAN-2002-2086 (Multiple cross-site scripting (XSS) vulnerabilities in magicHTML
of ...)
NOT-FOR-US: magicHTML
CAN-2002-2085 (Directory traversal vulnerability in page.cgi of WWWeBBB Forum
3.82 ...)
@@ -3096,7 +3102,7 @@
NOT-FOR-US: PHPSecurePages (phpSP)
CAN-2005-2250 (Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix
2.1.2 ...)
{DSA-762-1}
- - affix 2.1.2-2 (medium)
+ - affix 2.1.2-2 (bug #318327; medium)
CAN-2005-2249 (Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown
impact ...)
- jinzora <itp> (bug #289487)
CAN-2005-2248 (Directory traversal vulnerability in DownloadProtect before
1.0.3 ...)
@@ -3139,7 +3145,7 @@
NOT-FOR-US: AIX
CAN-2005-2231 (High Availability Linux Project Heartbeat 1.2.3 allows local
users to ...)
{DSA-761-2}
- - heartbeat 1.2.3-12 (medium)
+ - heartbeat 1.2.3-12 (bug #318287; medium)
CAN-2005-2230 (Electronic Mail Operator (elmo) 1.3.2-r1 and earlier creates the
...)
- elmo <unfixed> (bug #318291; medium)
NOTE: upload to unstable still hasn''t occurred (2005-09-18)
@@ -3178,7 +3184,7 @@
CAN-2005-2213 (Buffer overflow in the mms_interp_header function in mms.c in
MMS ...)
NOT-FOR-US: MMS Ripper
CAN-2005-2212 (Backup Manager 0.5.8a creates an archive repository with world
...)
- - backup-manager 0.5.8-2 (low)
+ - backup-manager 0.5.8-2 (bug #308897; low)
CAN-2005-2211 (Backup Manager 0.5.8a creates temporary files insecurely, which
allows ...)
- backup-manager 0.5.8-2 (low)
CAN-2005-2210 (Stack-based buffer overflow in Internet Download Manager 4.05
allows ...)
@@ -3424,10 +3430,10 @@
NOT-FOR-US: Microsoft
CAN-2005-2149 (config.php in Cacti 0.8.6e and earlier allows remote attackers
to set ...)
{DSA-764-1}
- - cacti 0.8.6f-1 (high)
+ - cacti 0.8.6f-1 (bug #315590; high)
CAN-2005-2148 (Cacti 0.8.6e and earlier does not perform proper input
validation to ...)
{DSA-764-1}
- - cacti 0.8.6f-1 (high)
+ - cacti 0.8.6f-1 (bug #315590; high)
CAN-2005-2147 (Trac before 0.8.4 allows remote attackers to read or upload
arbitrary ...)
TODO: Check, whether this was covered by DSA-739 as well
- trac 0.8.4-1
@@ -3509,13 +3515,13 @@
CAN-2005-2111 (login.cgi in Community Link Pro Web Editor allows remote
attackers to ...)
NOT-FOR-US: Community Link Pro Web Editor
CAN-2005-2110 (WordPress 1.5.1.2 and earlier allows remote attackers to obtain
...)
- - wordpress 1.5.1.3-1
+ - wordpress 1.5.1.3-1 (bug #316402)
CAN-2005-2109 (wp-login.php in WordPress 1.5.1.2 and earlier allows remote
attackers ...)
- - wordpress 1.5.1.3-1
+ - wordpress 1.5.1.3-1 (bug #316402)
CAN-2005-2108 (SQL injection vulnerability in XMLRPC server in WordPress
1.5.1.2 and ...)
- - wordpress 1.5.1.3-1
+ - wordpress 1.5.1.3-1 (bug #316402)
CAN-2005-2107 (Multiple cross-site scripting (XSS) vulnerabilities in post.php
in ...)
- - wordpress 1.5.1.3-1
+ - wordpress 1.5.1.3-1 (bug #316402)
CAN-2005-2106 (Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and
4.6.1 ...)
{DSA-745-1}
- drupal 4.5.4-1 (bug #316362)
@@ -3901,8 +3907,7 @@
CAN-2002-1895 (The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when
using ...)
NOT-FOR-US: Windows specific
CAN-2002-1894 (Cross-site scripting (XSS) vulnerability in viewtopic.php in
phpBB ...)
- NOTE: not-for-us
- NOTE: fix before phpbb2 was in Debian.
+ - phpbb2 <not-affected> (Debian package not vulnerable, see #316071,
316295
CAN-2002-1893 (Cross-site scripting (XSS) vulnerability in ArGoSoft Mail Server
Pro ...)
NOTE: not-for-us
CAN-2002-1892 (NETGEAR FVS318 running firmware 1.1 stores the username and
password ...)
@@ -4156,7 +4161,7 @@
CAN-2005-2040 (Multiple buffer overflows in the getterminaltype function in
telnetd ...)
{DSA-758-1}
TODO: Check telnetd from netkit, krb4, krb5, as they all seem to be derived
from the same BSD code base
- - heimdal 0.6.3-11 (bug #315065; high)
+ - heimdal 0.6.3-11 (bug #315065; bug #315086; high)
CAN-2005-2039 (Unknown vulnerability in "various plugins" for
NanoBlogger 3.2.1 and ...)
- nanoblogger <not-affected> (3.1 version in Debian was not affected by
this vulnerability, see #315492)
CAN-2005-2038 (Fortibus CMS 4.0.0 allows remote attackers to modify information
of ...)
@@ -4258,8 +4263,8 @@
- sudo 1.6.8p9-1 (bug #315718; bug #315115; medium)
CAN-2005-1992 (The XMLRPC server in utils.rb for the ruby library (libruby) 1.8
sets ...)
{DSA-748-1}
- - ruby1.8 1.8.2-8 (medium)
- - ruby1.9 1.9.0+20050623-1 (medium)
+ - ruby1.8 1.8.2-8 (bug #315064; medium)
+ - ruby1.9 1.9.0+20050623-1 (bug #315064; medium)
CAN-2005-1991
RESERVED
CAN-2005-1990 (Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to
cause a ...)
@@ -4703,7 +4708,7 @@
- drupal 4.5.4-1 (high; bug #316362)
- phpgroupware 0.9.16.006-1 (high)
- egroupware 1.0.0.007-3.dfsg-1 (bug #317263; high)
- - phpwiki 1.3.7-4 (high)
+ - phpwiki 1.3.7-4 (bug #316714; high)
- php4 4:4.3.10-16etch1 (high; bug #316447)
NOTE: horde3 is not affected by this issue, they ship different XMLRPC code
CAN-2005-1920 (The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x
through ...)
@@ -4845,7 +4850,7 @@
TODO: check
CAN-2005-1856 (The CD-burning feature in backup-manager 0.5.8 and earlier uses
a ...)
{DSA-787-1}
- - backup-manager 0.5.8-2 (low)
+ - backup-manager 0.5.8-2 (bug #315582; low)
CAN-2005-1855 (Backup Manager (backup-manager) before 0.5.8 creates backup
files with ...)
{DSA-787-1}
- backup-manager 0.5.8-2 (medium)
@@ -4860,7 +4865,7 @@
NOTE: Kopete embeds the vulnerable code, but it''s only used as a
fallback when
NOTE: no shared lib version is found. As the Debian package has a dependency
on
NOTE: it the maintainer does not intent to fix it, see # 319443
- - ekg 1:1.5+20050712+1.6rc3-1 (medium)
+ - ekg 1:1.5+20050712+1.6rc3-1 (bug #318970; medium)
CAN-2005-1851 (A certain contributed script for ekg Gadu Gadu client 1.5 and
earlier ...)
{DSA-760-1 DTSA-4-1}
- ekg 1:1.5+20050712+1.6rc2-1 (low)
@@ -5766,7 +5771,7 @@
{DSA-781-1}
- mozilla-firefox 1.0.4
- mozilla 2:1.7.8
- - mozilla-thunderbird 1.0.6-1 (high)
+ - mozilla-thunderbird 1.0.6-1 (bug #318728; high)
CAN-2005-1531 (Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not
properly ...)
- mozilla-firefox 1.0.4
- mozilla 2:1.7.8
@@ -5780,13 +5785,13 @@
- awstats 6.4-1.1 (bug #322591; medium)
CAN-2005-1526 (PHP file inclusion vulnerability in config_settings.php in Cacti
...)
{DSA-764-1}
- - cacti 0.8.6e-1 (high)
+ - cacti 0.8.6e-1 (bug #315703; high)
CAN-2005-1525 (SQL injection vulnerability in config_settings.php for Cacti
before ...)
{DSA-764-1}
- - cacti 0.8.6e-1 (high)
+ - cacti 0.8.6e-1 (bug #315703; high)
CAN-2005-1524 (PHP file inclusion vulnerability in top_graph_header.php in
Cacti ...)
{DSA-764-1}
- - cacti 0.8.6e-1 (high)
+ - cacti 0.8.6e-1 (bug #315703; high)
CAN-2005-1523 (Format string vulnerability in imap4d server in GNU Mailutils
0.5 and ...)
{DSA-732-1}
- mailutils 1:0.6.1-3
@@ -7103,8 +7108,7 @@
CAN-2005-1276
RESERVED
CAN-2005-1275 (Heap-based buffer overflow in the ReadPNMImage function in pnm.c
for ...)
- NOTE: fix accepted to testing, should reach it today (8 may)
- - imagemagick 6:6.0.6.2-2.3
+ - imagemagick 6:6.0.6.2-2.3 (bug #306424)
CAN-2005-1274 (Stack-based buffer overflow in the getIfHeader function in the
WebDAV ...)
- maxdb-7.5.00 7.5.00.24-3
CAN-2005-1273
@@ -7126,7 +7130,7 @@
{DSA-805-1}
NOTE: This is from latest Trustix advisory, exploitation would require to
trick
NOTE: someone into using a maliciously crafted certificate revocation list
- - apache2 2.0.54-5 (bug #320048; low)
+ - apache2 2.0.54-5 (bug #320048; bug #320063; low)
CAN-2005-1267 (The bgp_update_print function in tcpdump 3.x does not properly
handle ...)
- tcpdump 3.9.0.cvs.20050614-1 (medium)
CAN-2005-1266 (Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote
attackers to ...)
@@ -7473,11 +7477,11 @@
CAN-2005-1175 (Heap-based buffer overflow in the Key Distribution Center (KDC)
in MIT ...)
{DSA-757-1}
TODO: check krb4
- - krb5 1.3.6-4 (medium)
+ - krb5 1.3.6-4 (bug #318437; medium)
CAN-2005-1174 (MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center
(KDC) ...)
{DSA-757-1}
TODO: check krb4
- - krb5 1.3.6-4 (medium)
+ - krb5 1.3.6-4 (bug #318437; medium)
CAN-2004-1774 (Buffer overflow in the SDO_CODE_SIZE peocedure of the MD2
package ...)
NOT-FOR-US: Oracle
CAN-2005-1173 (Buffer overflow in PMSoftware Simple Web Server 1.0 allows
remote ...)
@@ -7510,12 +7514,12 @@
{DSA-781-1}
- mozilla-firefox 1.0.3-1
- mozilla 2:1.7.7-1
- - mozilla-thunderbird 1.0.6-1 (high)
+ - mozilla-thunderbird 1.0.6-1 (bug #318728; high)
CAN-2005-1159 (The native implementations of InstallTrigger and other functions
in ...)
{DSA-781-1}
- mozilla-firefox 1.0.3-1
- mozilla 2:1.7.7-1
- - mozilla-thunderbird 1.0.6-1 (medium)
+ - mozilla-thunderbird 1.0.6-1 (bug #318728; medium)
CAN-2005-1158 (Multiple "missing security checks" in Firefox
before 1.0.3 allow ...)
- mozilla-firefox 1.0.3-1
CAN-2005-1157 (Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape
7.2 ...)
@@ -7900,7 +7904,7 @@
{DSA-781-1}
- mozilla 2:1.7.7-1 (bug #306001)
- mozilla-firefox 1.0.2-3
- - mozilla-thunderbird 1.0.6-1 (medium)
+ - mozilla-thunderbird 1.0.6-1 (bug #318728; medium)
CAN-2005-0988 (Race condition in gzip 1.2.4, 1.3.3, and earlier, when
decompressing a ...)
{DSA-752-1}
- gzip 1.3.5-10
@@ -9060,7 +9064,7 @@
NOTE: in unstable is not affected (was fixed before the upload).
- xfree86 4.3.0.dfsg.1-13
NOTE: openmotif is non-free
- - openmotif 2.2.3-1.1 (medium)
+ - openmotif 2.2.3-1.1 (bug #308819; medium)
CAN-2005-0604 (lnss.exe in GFI Languard Network Security Scanner 5.0 stores the
...)
NOT-FOR-US: GFI Languard Network Security Scanner
CAN-2005-0603 (viewtopic.php in phpBB 2.0.12 and earlier allows remote
attackers to ...)
@@ -11139,7 +11143,7 @@
- jabber 1.4.3-3
NOTE: We do not ship jadc2s.
CAN-2004-1377 (The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in)
...)
- - a2ps 1:4.13b-4.3
+ - a2ps 1:4.13b-4.3 (bug #286387; bug #286385)
CAN-2003-1054 (mod_access_referer 1.0.2 allows remote attackers to cause a
denial of ...)
NOT-FOR-US: mod_access_referer
CAN-2003-1053 (Multiple buffer overflows in XShisen allow attackers to execute
...)
@@ -11481,7 +11485,7 @@
CAN-2004-1317 (Stack-based buffer overflow in doexec.c in Netcat for Windows
1.1, ...)
NOTE: apparently only affects netcat in windows
CAN-2004-1316 (Heap-based buffer overflow in MSG_UnEscapeSearchUrl in ...)
- - mozilla 2:1.7.5-1
+ - mozilla 2:1.7.5-1 (bug #288047)
CAN-2004-1315 (viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes
the ...)
- phpbb2 2.0.10-3
CAN-2004-1314 (Safari 1.x allows remote attackers to spoof arbitrary web sites
by ...)
@@ -12434,13 +12438,13 @@
CAN-2004-0914 (Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as
used in ...)
{DSA-607-1}
NOTE: Previous -9 fix had some issues of its own
- - xfree86 4.3.0.dfsg.1-14
+ - xfree86 4.3.0.dfsg.1-14 (bug #309143)
NOTE: lesstif1 and 2 have to be fixed separately
- lesstif1 1:0.93.94-11.3
NOTE: but lesstif2 did get fixed for this hole..
- lesstif2 1:0.93.94-11.2
NOTE: openmotif is non-free
- - openmotif 2.2.3-1.1 (medium)
+ - openmotif 2.2.3-1.1 (bug #309819; medium)
CAN-2004-0913 (Unknown vulnerability in ecartis 0.x before ...)
{DSA-572-1}
- squid 2.5.6-9