Secure testing commits - Sep 2005 - r2007 - data/CAN

Author: joeyh
Date: 2005-09-15 21:14:17 +0000 (Thu, 15 Sep 2005)
New Revision: 2007

Modified:
   data/CAN/list
Log:
automatic CAN database update

Modified: data/CAN/list
==================================================================---
data/CAN/list	2005-09-15 16:04:59 UTC (rev 2006)
+++ data/CAN/list	2005-09-15 21:14:17 UTC (rev 2007)
@@ -783,6 +783,7 @@
 CAN-2003-1229 (X509TrustManager in (1) Java Secure Socket Extension (JSSE) in
SDK and ...)
 	NOTE: not-for-us (Sun JSSE and JRE)
 CAN-2005-2617 (The syscall32_setup_pages function in syscall32.c for Linux
kernel ...)
+	{DTSA-16-1}
 	NOTE: http://lists.debian.org/debian-kernel/2005/08/msg00991.html 
 	NOTE: amd64 specific DOS
 	- linux-2.6 2.6.12-6
@@ -920,6 +921,7 @@
 	{DSA-778-1}
 	- mantis 0.19.2-4 (medium)
 CAN-2005-2555 (Linux kernel 2.6.x does not properly restrict socket policy
access to ...)
+	{DTSA-16-1}
 	- linux-2.6.12 2.6.12-6 (medium)
 	- kernel-source-2.6.8 2.6.8-16sarge2
 	- kernel-source-2.4.27 2.4.27-10sarge2
@@ -1267,6 +1269,7 @@
 	NOTE: reserved
 	- linux-2.6 (unfixed; bug #327416; medium)
 CAN-2004-2302 (Race condition in the sysfs_read_file and sysfs_write_file
functions ...)
+	{DTSA-16-1}
 	- kernel-source-2.6.8 (unfixed; bug #322339; medium)
 	- linux-2.6 2.6.12-1 (bug #322339; medium)
 	NOTE: 2.4.27 not affected
@@ -1285,6 +1288,7 @@
 	NOTE: previous ssh delay bugs
 	- ssh (unfixed; bug #314645; low)
 CAN-2005-2548 (vlan_dev.c in Linux kernel 2.6.8 allows remote attackers to
cause a ...)
+	{DTSA-16-1}
 	NOTE: Will appear in next kernel DSA, fixed in 2.6 since 2.6.9
 	- kernel-image-2.6.8-i386 (unfixed; bug #309308; low)
 	NOTE: 2.6.12-1 contained a partially broken fix
@@ -1342,10 +1346,12 @@
 CAN-2005-2469
 	NOTE: reserved
 CAN-2005-2459 (The huft_build function in inflate.c in the zlib routines in the
Linux ...)
+	{DTSA-16-1}
 	NOTE: 2.6.8 will be handled in DSA, 2.6.8 will soon be removed from sid
 	- linux-2.6 2.6.12-3 (bug #323173)
 	- kernel-source-2.4.27 2.4.27-11 (medium)
 CAN-2005-2458 (inflate.c in the zlib routines in the Linux kernel before
2.6.12.5 ...)
+	{DTSA-16-1}
 	NOTE: 2.6.8 will be handled in DSA, 2.6.8 will soon be removed from sid
 	- linux-2.6 2.6.12-3 (bug #323173; medium)
 	- kernel-source-2.4.27 2.4.27-11 (medium)
@@ -1492,9 +1498,11 @@
 CAN-2005-XXXX [Crypto weakness in Tor''s handshaking process]
 	- tor 0.1.0.14-1 (medium)
 CAN-2005-2457 (The driver for compressed ISO file systems (zisofs) in the Linux
...)
+	{DTSA-16-1}
 	- linux-2.6 2.6.12-3 (medium)
 	- kernel-source-2.4.27 2.4.27-11 (medium)
 CAN-2005-2456 (Array index overflow in the xfrm_sk_policy_insert function in
...)
+	{DTSA-16-1}
 	- linux-2.6 2.6.12-2 (bug #321401; medium)
 	- kernel-source-2.4.27 2.4.27-11 (medium)
 CAN-2005-2455 (Greasemonkey before 0.3.5 allows remote web servers to (1) read
...)
@@ -1514,7 +1522,7 @@
 CAN-2005-2449 (Race condition in sandbox before 1.2.11 allows local users to
create ...)
 	NOTE: not-for-us (sandbox)
 CAN-2005-2448 (Multiple "endianness errors" in libgadu in ekg
before 1.6rc2 allow ...)
-	{DTSA-2-1 DTSA-4-1}
+	{DSA-813-1 DTSA-2-1 DTSA-4-1}
 	- ekg 1:1.5+20050718+1.6rc3-1 (low)
 	- centericq 4.20.0-8etch1 (bug #323185; medium)
 CAN-2005-2447
@@ -1718,11 +1726,11 @@
 CAN-2005-2371 (Unknown vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g
allows ...)
 	NOTE: not-for-us (Oracle Reports)
 CAN-2005-2370 (Multiple "memory alignment errors" in libgadu,
as used in ekg before ...)
-	{DSA-769-1 DTSA-2-1 DTSA-5-1}
+	{DSA-813-1 DSA-769-1 DTSA-2-1 DTSA-5-1}
 	- gaim 1:1.4.0-5 (low)
 	- centericq 4.20.0-8etch1 (bug #323185; low)
 CAN-2005-2369 (Multiple integer signedness errors in libgadu, as used in ekg
before ...)
-	{DTSA-2-1}
+	{DSA-813-1 DTSA-2-1}
 	TODO: check gaim and others that embed libgadu in source tree
 	- centericq 4.20.0-8etch1 (bug #323185; medium)
 CAN-2005-2368 (vim 6.3 before 6.3.082, with modelines enabled, allows external
...)
@@ -2963,9 +2971,11 @@
 CAN-2005-2100
 	NOTE: reserved
 CAN-2005-2099 (The Linux kernel before 2.6.12.5 does not properly destroy a
keyring ...)
+	{DTSA-16-1}
 	NOTE: 2.6.8 and 2.4.27 not affected
 	- linux-2.6 2.6.12-3 (unfixed; bug #323039; medium)
 CAN-2005-2098 (The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel
before ...)
+	{DTSA-16-1}
 	NOTE: 2.6.8 and 2.4.27 not affected
 	- linux-2.6 2.6.12-3 (unfixed; bug #323039; medium)
 CAN-2005-2097 (xpdf and kpdf do not properly validate the
"loca" table in PDF files, ...)
@@ -4154,6 +4164,7 @@
 	- centericq 4.20.0-7 (medium)
 CAN-2005-1913 [DoS: in Linux kernel: Clean up subthread exec]
 	NOTE: reserved
+	{DTSA-16-1}
 	- linux-2.6 2.6.12-1 (medium)
 	- kernel-source-2.6.11 2.6.11-6 (medium)
 CAN-2005-1912
@@ -4482,6 +4493,7 @@
 CAN-2005-1766 (Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5
...)
 	NOTE: not-for-us (RealPlayer)
 CAN-2005-1765 (syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64
platform, ...)
+	{DTSA-16-1}
 	- kernel-source-2.6.8 2.6.8-17
 	- kernel-source-2.6.8 2.6.8-16sarge1
 	- linux-2.6 2.6.12-1 (medium)
@@ -4495,11 +4507,13 @@
 	- kernel-source-2.6.8 2.6.8-16sarge1
 	TODO: check if it''s fixed in linux-2.6
 CAN-2005-1762 (The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the
AMD64 ...)
+	{DTSA-16-1}
 	- linux-2.6 2.6.12-1 (medium)
 	- kernel-source-2.6.8 2.6.8-17
 	- kernel-source-2.6.8 2.6.8-16sarge1
 	- kernel-source-2.4.27 2.4.27-11
 CAN-2005-1761 (Unknown vulnerability in the Linux kernel allows local users to
cause ...)
+	{DTSA-16-1 DTSA-16-1}
 	- linux-2.6 2.6.12-1 (medium)
 	- kernel-source-2.6.11 2.6.11-6 (medium)
 	- kernel-source-2.6.8 2.6.8-17