Author: joeyh Date: 2005-09-13 21:14:17 +0000 (Tue, 13 Sep 2005) New Revision: 1965 Modified: data/CAN/list Log: automatic CAN database update Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-09-13 20:46:01 UTC (rev 1964) +++ data/CAN/list 2005-09-13 21:14:17 UTC (rev 1965) @@ -1209,7 +1209,7 @@ CAN-2005-2499 (slocate before 2.7 does not properly process very long paths, which ...) - slocate (unfixed; bug #324951; low) CAN-2005-2498 (Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR ...) - {DSA-798-1 DSA-789-1 DTSA-16-1} + {DSA-798-1 DSA-789-1 DTSA-15-1} - drupal 4.5.5-1 (bug #323347; high) - phpgroupware 0.9.16.008-1 (bug #323349; high) - egroupware 1.0.0.009.dfsg-1 (bug #323350; high) @@ -2062,29 +2062,29 @@ CAN-2005-2271 (iCab 2.9.8 does not clearly associate a Javascript dialog box with the ...) NOTE: not-for-us (iCab) CAN-2005-2270 (Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone ...) - {DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2} + {DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1} - mozilla-firefox 1.0.4-2sarge3 (high) - mozilla 2:1.7.8-1sarge2 (high) - mozilla-thunderbird 1.0.6-1 (high) CAN-2005-2269 (Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does ...) - {DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2} + {DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1} - mozilla-firefox 1.0.4-2sarge3 (high) - mozilla 2:1.7.8-1sarge2 (medium) - mozilla-thunderbird 1.0.6-1 (medium) CAN-2005-2268 (Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly ...) - {DSA-779-2 DSA-779-1 DTSA-8-2} + {DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1} - mozilla-firefox 1.0.4-2sarge3 (medium) - mozilla 2:1.7.8-1sarge2 (medium) CAN-2005-2267 (Firefox before 1.0.5 allows remote attackers to steal information and ...) {DSA-779-2 DSA-779-1 DTSA-8-2} - mozilla-firefox 1.0.4-2sarge3 (medium) CAN-2005-2266 (Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to ...) - {DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2} + {DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1} - mozilla-firefox 1.0.4-2sarge3 (medium) - mozilla 2:1.7.8-1sarge2 (medium) - mozilla-thunderbird 1.0.6-1 (low) CAN-2005-2265 (Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 ...) - {DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2} + {DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1} - mozilla-firefox 1.0.4-2sarge3 (high) - mozilla 2:1.7.8-1sarge2 (medium) - mozilla-thunderbird 1.0.6-1 (medium) @@ -2092,19 +2092,19 @@ {DSA-779-2 DSA-779-1 DTSA-8-2} - mozilla-firefox 1.0.4-2sarge3 (medium) CAN-2005-2263 (The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla ...) - {DSA-779-2 DSA-779-1 DTSA-8-2} + {DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1} - mozilla-firefox 1.0.4-2sarge3 (medium) - mozilla 2:1.7.8-1sarge2 (medium) CAN-2005-2262 (Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers ...) {DSA-779-2 DSA-779-1 DTSA-8-2} - mozilla-firefox 1.0.4-2sarge3 (medium) CAN-2005-2261 (Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, ...) - {DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2} + {DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1} - mozilla-firefox 1.0.4-2sarge3 (medium) - mozilla 2:1.7.8-1sarge2 (medium) - mozilla-thunderbird 1.0.6-1 (medium) CAN-2005-2260 (The browser user interface in Firefox before 1.0.5, Mozilla before ...) - {DSA-779-2 DSA-779-1 DTSA-8-2} + {DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1} - mozilla-firefox 1.0.4-2sarge3 (medium) - mozilla 2:1.7.8-1sarge2 (medium) CAN-2002-2086 (Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of ...) @@ -4062,7 +4062,7 @@ CAN-2005-1938 NOTE: rejected CAN-2005-1937 (A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote ...) - {DSA-777-1 DSA-775-1 DTSA-7-1 DTSA-8-2} + {DSA-810-1 DSA-777-1 DSA-775-1 DTSA-7-1 DTSA-8-2 DTSA-14-1} - mozilla-firefox 1.0.4-2sarge3 (medium) - mozilla 2:1.7.8-1sarge1 (medium) CAN-2004-2137 (Outlook Express 6.0, when sending multipart e-mail messages using the ...) @@ -4097,7 +4097,7 @@ {DSA-737-1 DTSA-3-1} - clamav 0.86.1-1 (low) CAN-2005-1921 (Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka ...) - {DSA-789-1 DSA-746-1 DSA-747-1 DSA-745-1 DTSA-16-1} + {DSA-789-1 DSA-746-1 DSA-747-1 DSA-745-1 DTSA-15-1} NOTE: ITP #312413 - submitter contacted, she has already addressed this NOTE: This will probably be re-organized by the CVE editor, but lets keep it for now, NOTE: as it''s the same issue @@ -4492,7 +4492,7 @@ CAN-2005-1756 (Cross-site scripting (XSS) vulnerability in the ModWeb agent for ...) NOTE: not-for-us (Novell) CAN-2005-1751 (Race condition in shtool 2.0.1 and earlier allows local users to ...) - {DSA-789-1 DTSA-16-1} + {DSA-789-1 DTSA-15-1} - shtool 2.0.1-2 (low) - mysql-ocaml 1.0.3-6 (low) - php4 4.3.10-16etch1 (low) @@ -12238,7 +12238,7 @@ CAN-2004-0719 (Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, ...) NOTE: not-fos-us (Microsoft) CAN-2004-0718 (The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) ...) - {DSA-777-1 DSA-775-1 DTSA-7-1 DTSA-8-2} + {DSA-810-1 DSA-777-1 DSA-775-1 DTSA-7-1 DTSA-8-2 DTSA-14-1} NOTE: This has been fixed in mozilla-firefox 0.8 and mozilla 1.6, but recent NOTE: upstream versions became vulnerable again, see NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=296850