Author: joeyh
Date: 2005-09-02 21:14:17 +0000 (Fri, 02 Sep 2005)
New Revision: 1787
Modified:
data/CAN/list
Log:
automatic CAN database update
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-09-02 14:03:45 UTC (rev 1786)
+++ data/CAN/list 2005-09-02 21:14:17 UTC (rev 1787)
@@ -21,8 +21,10 @@
NOTE: Fix in -8 had problems
- polygen 1.0.6-9 (low)
CAN-2005-2761 [Various XSS in phpgroupware''s phpgwapi]
+ {DSA-798-1}
- phpgroupware 0.9.16.008-1 (unknown)
CAN-2005-2716 [Insecure usage of popen() in Affix]
+ {DSA-796-1}
- affix 2.1.2-3 (bug #325444; medium)
CAN-2005-XXXX [Insecure tempfile usage in tleds]
- tleds 1.05beta10-9 (bug# 276789; low)
@@ -107,6 +109,7 @@
NOTE: reserved
CAN-2005-2656
NOTE: reserved
+ {DSA-794-1}
CAN-2005-2655 [Privilege escalation due to insufficient privilege drop in
maildrop''s lockmail]
NOTE: reserved
{DSA-791-1 DTSA-11-1}
@@ -432,6 +435,7 @@
CAN-2005-2601 (SQL injection vulnerability in MidiCart allows remote attackers
to ...)
NOTE: not-fur-us (MidiCart)
CAN-2005-2600 (FUDForum 2.6.15 with "Tree View" enabled
allows remote attackers to ...)
+ {DSA-798-1}
- egroupware-fudforum (unfixed; bug #323928; medium)
- phpgroupware 0.9.16.008-1 (bug #323929; medium)
CAN-2005-2599 (Hummingbird FTP for Connectivity 10.0 uses weak encryption
(trivial ...)
@@ -838,7 +842,7 @@
CAN-2005-2499 (slocate before 2.7 does not properly process very long paths,
which ...)
- slocate (unfixed; bug #324951; low)
CAN-2005-2498 (Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier
(PEAR ...)
- {DSA-789-1}
+ {DSA-798-1 DSA-789-1}
- drupal 4.5.5-1 (bug #323347; high)
- phpgroupware 0.9.16.008-1 (unfixed; bug #323349; high)
- egroupware 1.0.0.009.dfsg-1 (bug #323350; high)
@@ -858,7 +862,7 @@
CAN-2005-2492
NOTE: reserved
CAN-2005-2491 (Integer overflow in pcre_compile.c in Perl Compatible Regular
...)
- {DTSA-10-1}
+ {DSA-800-1 DTSA-10-1}
- pcre3 6.3-0.1etch1 (bug #324531; medium)
TODO: gnumeric seems to embed a copy of PCRE, check
- python2.1 2.1.3dfsg-3 (medium)
@@ -1274,6 +1278,7 @@
CAN-2005-2391 (Unknown vulnerability in 3Com OfficeConnect Wireless 11g Access
Point ...)
NOTE: not-for-us (3Com OfficeConnect Wireless 11g AP)
CAN-2005-2390 (Multiple format string vulnerabilities in ProFTPD before
1.3.0rc2 ...)
+ {DSA-795-1}
- proftpd 1.2.10-20 (low)
NOTE: ftpshut fixed in -19, SQLShowInfo in -20
CAN-2005-2389 (NDMP server in Veritas NetBackup 5.1 allows attackers to cause a
...)
@@ -2555,7 +2560,7 @@
{DTSA-5-1}
- gaim 1:1.4.0-5 (medium)
CAN-2005-2101 (langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary
files in ...)
- - kdeedu 4:3.4.2-1 (low)
+ - kdeedu 4:3.4.2-1 (low)
CAN-2005-2100
NOTE: reserved
CAN-2005-2099 (The Linux kernel before 2.6.12.5 does not properly destroy a
keyring ...)
@@ -2574,7 +2579,7 @@
- cupsys (unfixed; bug #324464; low)
- poppler 0.4.0-1 (low)
CAN-2005-2096 (Buffer overflow in zlib 1.2 and later versions allows remote
attackers ...)
- {DSA-740-1}
+ {DSA-797-1 DSA-740-1}
NOTE: Several packages ship embedded copies of zlib, there are a lot probably
more
NOTE: Florian Weimer is doing a comprehensive audit using clamav
NOTE: to search for static zlib signatures in binaries in Debian
@@ -3893,7 +3898,7 @@
{DSA-760-1 DTSA-4-1}
- ekg 1:1.5+20050712+1.6rc2-1 (low)
CAN-2005-1849 (inftrees.h in zlib 1.2.2 allows remote attackers to cause a
denial of ...)
- {DSA-763-1}
+ {DSA-797-1 DSA-763-1}
NOTE: This is only contrib code not built in the binary packages AFAIK
- zlib 1:1.2.3-1 (low)
CAN-2005-1848 (The dhcpcd DHCP client before 1.3.22 allows remote attackers to
cause ...)