Secure testing commits - Mar 2005 - r505 - sarge-checks/CAN

Author: joeyh
Date: 2005-03-01 09:14:18 +0100 (Tue, 01 Mar 2005)
New Revision: 505

Modified:
   sarge-checks/CAN/list
Log:
automatic CAN database update

Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list	2005-03-01 04:26:27 UTC (rev 504)
+++ sarge-checks/CAN/list	2005-03-01 08:14:18 UTC (rev 505)
@@ -1,3 +1,31 @@
+CAN-2005-0594
+	NOTE: reserved
+CAN-2005-0593 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote
attackers ...)
+	TODO: check
+CAN-2005-0592 (Heap-based buffer overflow in the UTF8ToNewUnicode function for
...)
+	TODO: check
+CAN-2005-0591 (Firefox before 1.0.1 allows remote attackers to spoof the
security and ...)
+	TODO: check
+CAN-2005-0590 (The installation confirmation dialog in Firefox before 1.0.1,
...)
+	TODO: check
+CAN-2005-0589 (The Form Fill feature in Firefox before 1.0.1 allows remote
attackers ...)
+	TODO: check
+CAN-2005-0588 (Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict
...)
+	TODO: check
+CAN-2005-0587 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote
malicious ...)
+	TODO: check
+CAN-2005-0586 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote
malicious ...)
+	TODO: check
+CAN-2005-0585 (Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long
...)
+	TODO: check
+CAN-2005-0584 (Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying
the ...)
+	TODO: check
+CAN-2005-0583
+	NOTE: reserved
+CAN-2005-0582
+	NOTE: reserved
+CAN-2005-0581
+	NOTE: reserved
 begin claimed by djoume
 CAN-2005-0580 (cmd5checkpw, when running setuid, does not properly drop
privileges ...)
 	TODO: check
@@ -1433,8 +1461,8 @@
 	NOTE: reserved
 CAN-2005-0256 (The wu_fnmatch function in wu_fnmatch.c for wu-fptd 2.6.1 and
2.6.2 ...)
 	- wu-ftpd 2.6.2-19
-CAN-2005-0255
-	NOTE: reserved
+CAN-2005-0255 (String handling functions in Mozilla 1.7.3 and Firefox 1.0, such
as ...)
+	TODO: check
 CAN-2005-0254 (BibORB 1.3.2, and possibly earlier versions, does not properly
enforce ...)
 	NOTE: not-for-us (BibORB)
 CAN-2005-0253 (Directory traversal vulnerability in index.php for BibORB 1.3.2,
and ...)
@@ -1618,8 +1646,8 @@
 	NOTE: reserved
 CAN-2005-0206 (The patch for integer overflow vulnerabilities in Xpdf 2.0 and
3.0 ...)
 	TODO: check
-CAN-2005-0205
-	NOTE: reserved
+CAN-2005-0205 (KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without
certain ...)
+	TODO: check
 CAN-2005-0204 (Linux kernel before 2.6.9, when running on the AMD64 and Intel
EM64T ...)
 	NOTE: according to the CAN it is fixed in 2.6.10, but
 	NOTE: looking at the source it is not so clear, noting this
@@ -2630,7 +2658,7 @@
 	- kdebase 4:3.3.1-4
 CAN-2004-1157 (Opera 7.x up to 7.54, and possibly other versions, allows remote
...)
 	NOTE: not-for-us (Opera)
-CAN-2004-1156 (Mozilla through 1.7.x, and Mozilla Firefox through 1.x, allows
remote ...)
+CAN-2004-1156 (Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote
...)
 	- mozilla (unfixed; bug #293663)
 	- mozilla-firefox (unfixed; bug #293664)
 CAN-2004-1155 (Internet Explorer 5.01 through 6 allows remote attackers to
spoof ...)
@@ -3138,10 +3166,10 @@
 	NOTE: sarge''s unarj is from a different code base, probably not
vulnerable
 CAN-2004-0946 (rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit
...)
 	NOTE: does not apply per maintainer
-CAN-2004-0945
-	NOTE: reserved
-CAN-2004-0944
-	NOTE: reserved
+CAN-2004-0945 (The web management interface for Mitel 3300 Integrated
Communications ...)
+	TODO: check
+CAN-2004-0944 (The web management interface for Mitel 3300 Integrated
Communications ...)
+	TODO: check
 CAN-2004-0943
 	NOTE: reserved
 CAN-2004-0942 (Apache webserver 2.0.52 and earlier allows remote attackers to
cause a ...)