Author: joeyh
Date: 2005-07-30 03:29:46 +0000 (Sat, 30 Jul 2005)
New Revision: 1492
Modified:
data/CAN/list
Log:
handle a few XXXX that got numbers and some new CANs covered by existing
DSAs
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-07-30 03:18:06 UTC (rev 1491)
+++ data/CAN/list 2005-07-30 03:29:46 UTC (rev 1492)
@@ -71,8 +71,11 @@
NOTE: not-for-us (Oracle Reports)
CAN-2005-2370 (Multiple "memory alignment errors" in libgadu,
as used in ekg before ...)
{DSA-769-1}
+ - gaim (unfixed)
+ NOTE: DSA only covers gaim
+ TODO: check ekg and others that embed libgadu in source tree
CAN-2005-2369 (Multiple integer signedness errors in libgadu, as used in ekg
before ...)
- TODO: check
+ TODO: check gaim and others that embed libgadu in source tree
CAN-2005-2368 (vim 6.3 before 6.3.082, with modelines enabled, allows attackers
to ...)
- vim 1:6.3-085+1 (bug #320017; medium)
CAN-2005-2367
@@ -157,7 +160,7 @@
CAN-2005-2318 (Cross-site scripting (XSS) vulnerability in showerr.asp in DVBBS
7.1 ...)
TODO: check
CAN-2005-2317 (Shorewall 2.4.x before 2.4.1, 2.2.x before 2.2.5, and 2.0.x
before ...)
- TODO: check
+ - shorewall 2.4.1-2 (medium)
CAN-2005-2316
NOTE: reserved
CAN-2005-2315
@@ -238,7 +241,7 @@
TODO: check
CAN-2005-2277 (Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0
allows ...)
{DSA-762-1}
- TODO: check
+ - affix 2.1.2-2 (medium)
CAN-2005-2276 (Cross-site scripting (XSS) vulnerability in Novell Groupwise
WebAccess ...)
TODO: check
CAN-2004-2284 (The read_list_from_file function in vacation.pl for OpenWebmail
before ...)
@@ -417,8 +420,6 @@
NOTE: This doesn''t look like a real security issue as cron.daily
should only be
NOTE: writable by root, but lets include it as the maintainer considers it an
issue
- faif 1.19.2-14 (low)
-CAN-2005-XXXX [Shorewall lets users which have been accepted by MAC based
access control bypass the other access checks]
- - shorewall 2.4.1-2 (medium)
CAN-2005-XXXX [pdns: Two DoS vulnerabilities in the LDAP backend]
- pdns (unfixed; bug #318798; medium)
NOTE: CVE id requested from mitre
@@ -833,8 +834,6 @@
CAN-2005-XXXX [netpanzer: DoS through endless loop trigged through a crafted
packet]
- netpanzer (unfixed; bug #318329; medium)
NOTE: CVE id requested from mitre
-CAN-2005-XXXX [Missing input sanitising in affix''s btsrv/btobex
services]
- - affix 2.1.2-2 (medium)
CAN-2005-2259 (The dispallclosed2 function in dispallclosed.pl for multiple
USANet ...)
NOTE: not-for-us (USANet)
CAN-2005-2258 (PHP remote file inclusion vulnerability in photolist.inc.php in
Squito ...)