thr3ads.net - Secure testing commits - [Secure-testing-commits] r355

If this information is useful, please help other people find it:
Share via:
Joey Hess
2005-Feb-06 08:14 UTC
[Secure-testing-commits] r355 - in sarge-checks: CAN CVE

Author: joeyh
Date: 2005-02-06 09:14:14 +0100 (Sun, 06 Feb 2005)
New Revision: 355

Modified:
   sarge-checks/CAN/list
   sarge-checks/CVE/list
Log:
automatic CAN database update

Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list	2005-02-05 22:25:33 UTC (rev 354)
+++ sarge-checks/CAN/list	2005-02-06 08:14:14 UTC (rev 355)
@@ -1,15 +1,141 @@
-CAN-2005-0218
-	- clamav 0.81
-CAN-2005-0198
-	- uw-imap 7:2002edebian1-6
-CAN-2005-0175
+CAN-2005-0229
 	NOTE: reserved
+CAN-2005-0228
+	TODO: check
+CAN-2005-0227
+	TODO: check
+CAN-2005-0226
+	TODO: check
+CAN-2005-0225
+	TODO: check
+CAN-2005-0224
+	TODO: check
+CAN-2005-0223
+	TODO: check
+CAN-2005-0222
+	TODO: check
+CAN-2005-0221
+	TODO: check
+CAN-2005-0220
+	TODO: check
+CAN-2005-0219
+	TODO: check
+CAN-2005-0217
+	TODO: check
+CAN-2005-0216
+	TODO: check
+CAN-2005-0215
+	TODO: check
+CAN-2005-0214
+	TODO: check
+CAN-2005-0213
+	TODO: check
+CAN-2005-0212
+	TODO: check
+CAN-2005-0211
 	{DSA-667-1}
-CAN-2005-0174
+	TODO: check
+CAN-2005-0210
 	NOTE: reserved
-CAN-2005-0173
+CAN-2005-0209
 	NOTE: reserved
+CAN-2005-0208
+	NOTE: reserved
+CAN-2005-0207
+	NOTE: reserved
+CAN-2005-0206
+	NOTE: reserved
+CAN-2005-0205
+	NOTE: reserved
+CAN-2005-0204
+	NOTE: reserved
+CAN-2005-0203
+	NOTE: reserved
+CAN-2005-0202
+	NOTE: reserved
+CAN-2005-0201
+	NOTE: reserved
+CAN-2005-0200
+	TODO: check
+CAN-2005-0199
+	TODO: check
+CAN-2005-0197
+	TODO: check
+CAN-2005-0196
+	TODO: check
+CAN-2005-0195
+	TODO: check
+CAN-2005-0194
 	{DSA-667-1}
+	TODO: check
+CAN-2005-0193
+	TODO: check
+CAN-2005-0192
+	TODO: check
+CAN-2005-0191
+	TODO: check
+CAN-2005-0190
+	TODO: check
+CAN-2005-0189
+	TODO: check
+CAN-2005-0188
+	TODO: check
+CAN-2005-0187
+	TODO: check
+CAN-2005-0186
+	TODO: check
+CAN-2005-0185
+	TODO: check
+CAN-2005-0184
+	TODO: check
+CAN-2005-0183
+	TODO: check
+CAN-2005-0182
+	TODO: check
+CAN-2005-0181
+	NOTE: reserved
+CAN-2005-0180
+	TODO: check
+CAN-2005-0179
+	TODO: check
+CAN-2005-0178
+	NOTE: reserved
+CAN-2005-0177
+	NOTE: reserved
+CAN-2005-0176
+	NOTE: reserved
+CAN-2004-1392
+	TODO: check
+CAN-2004-1391
+	TODO: check
+CAN-2004-1390
+	TODO: check
+CAN-2004-1389
+	TODO: check
+CAN-2004-1388
+	TODO: check
+CAN-2004-1387
+	TODO: check
+CAN-2004-1386
+	TODO: check
+CAN-2004-1385
+	TODO: check
+CAN-2004-1384
+	TODO: check
+CAN-2004-1383
+	TODO: check
+CAN-2004-1382
+	TODO: check
+CAN-2005-0218 (ClamAV 0.80 and earlier allows remote attackers to bypass virus
...)
+	- clamav 0.81
+CAN-2005-0198 (A logic error in the CRAM-MD5 code for the University of
Washington ...)
+	- uw-imap 7:2002edebian1-6
+CAN-2005-0175 (Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison
the ...)
+	{DSA-667-1}
+CAN-2005-0174 (Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison
the ...)
+	TODO: check
+CAN-2005-0173 (squid_ldap_auth in Squid 2.5 and earlier allows remote
authenticated ...)
+	{DSA-667-1}
 CAN-2005-0172
 	NOTE: reserved
 CAN-2005-0171
@@ -53,8 +179,7 @@
 	NOTE: reserved
 CAN-2005-0153
 	NOTE: reserved
-CAN-2005-0152
-	NOTE: reserved
+CAN-2005-0152 (PHP remote code injection vulnerability in Squirrelmail 1.2.6
allows ...)
 	{DSA-662-1}
 CAN-2005-0151
 	NOTE: reserved
@@ -106,8 +231,7 @@
 CAN-2004-1380 (Firefox before 1.0 and Mozilla before 1.7.5 allows inactive ...)
 	- mozilla-firefox 1.0
 	- mozilla-browser 2:1.7.5
-CAN-2005-0133
-	NOTE: reserved
+CAN-2005-0133 (ClamAV 0.80 and earlier allows remote attackers to cause a
denial of ...)
 	- clamav 0.80-0.81rc1-1
 CAN-2005-0132
 	NOTE: reserved
@@ -168,16 +292,14 @@
 	NOTE: reserved
 CAN-2005-0105
 	NOTE: reserved
-CAN-2005-0104
-	NOTE: reserved
+CAN-2005-0104 (Cross-site scripting (XSS) vulnerability in webmail.php in ...)
 	{DSA-662-1}
-CAN-2005-0103
-	NOTE: reserved
+CAN-2005-0103 (PHP remote code injection vulnerability in webmail.php in
SquirrelMail ...)
 	- squirrelmail 2:1.4.4-1
 CAN-2005-0102 (Integer overflow in camel-lock-helper in Evolution 2.0.2 and
earlier ...)
 	- evolution 2.0.3-1.2
-CAN-2005-0101
-	NOTE: reserved
+CAN-2005-0101 (Buffer overflow in the socket_getline function in Newspost 2.1.1
and ...)
+	TODO: check
 CAN-2005-0100
 	NOTE: reserved
 CAN-2005-0099
@@ -202,8 +324,7 @@
 	NOTE: reserved
 CAN-2005-0090
 	NOTE: reserved
-CAN-2005-0089
-	NOTE: reserved
+CAN-2005-0089 (The SimpleXMLRPCServer library module in Python 2.2, 2.3 before
2.3.5, ...)
 	{DSA-666-1}
 CAN-2005-0088
 	NOTE: reserved
@@ -244,8 +365,7 @@
 	{DSA-658-1}
 CAN-2005-0076
 	NOTE: reserved
-CAN-2005-0075
-	NOTE: reserved
+CAN-2005-0075 (prefs.php in SquirrelMail before 1.4.4, with register_globals
enabled, ...)
 	- squirrelmail 2:1.4.4-1
 CAN-2005-0074
 	NOTE: reserved
@@ -410,7 +530,7 @@
 	NOTE: reserved
 CAN-2004-1341
 	NOTE: reserved
-CAN-2004-1340 (Debian GNU/Linux installs the libpam-radius-auth package with
the ...)
+CAN-2004-1340 (Debian GNU/Linux 3.0 installs the libpam-radius-auth package
with the ...)
 	{DSA-659-1}
 	- libpam-radius-auth 1.3.16-1.1
 CAN-2005-0032
@@ -441,21 +561,17 @@
 	{DSA-641-1}
 CAN-2005-0019
 	NOTE: reserved
-CAN-2005-0018
-	NOTE: reserved
+CAN-2005-0018 (The f2 shell script in the f2c package 3.1 allows local users to
read ...)
 	{DSA-661-1}
-CAN-2005-0017
-	NOTE: reserved
+CAN-2005-0017 (The f2c translator in the f2c package 3.1 allows local users to
read ...)
 	{DSA-661-1}
 CAN-2005-0016 (Buffer overflow in the exported_display function in xatitv in
gatos ...)
 	{DSA-640-1}
 CAN-2005-0015 (diatheke.pl in Sword 1.5.7a allows remote attackers to execute
...)
 	{DSA-650-1}
-CAN-2005-0014
-	NOTE: reserved
+CAN-2005-0014 (Buffer overflow in ncplogin in ncpfs before 2.2.6 allows remote
...)
 	- ncpfs (unfixed; bug #293446)
-CAN-2005-0013
-	NOTE: reserved
+CAN-2005-0013 (nwclient.c in ncpfs before 2.2.6 does not drop root privileges
before ...)
 	{DSA-665-1}
 	- ncpfs (unfixed; bug #293446)
 CAN-2005-0012 (Format string vulnerability in the a_Interface_msg function in
Dillo ...)
@@ -853,7 +969,7 @@
 	{DSA-615-1}
 CAN-2004-1178
 	NOTE: reserved
-CAN-2004-1177 (Cross-site scripting vulnerability in the driver script in
mailman ...)
+CAN-2004-1177 (Cross-site scripting (XSS) vulnerability in the driver script in
...)
 	- mailman 2.1.5-5
 	NOTE: there''s also bug #285839, no CAN.
 CAN-2004-1176 (Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55
and ...)
@@ -1085,7 +1201,7 @@
 	NOTE: fixed in 2.6.8 and 2.4.27
 CAN-2004-1071 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to
...)
 	NOTE: fixed in 2.6.8 and 2.4.27
-CAN-2004-1070 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to
...)
+CAN-2004-1070 (The load_elf_binary function in the binfmt_elf loader
(binfmt_elf.c) ...)
 	NOTE: fixed in 2.6.8 and 2.4.27
 CAN-2004-1069 (Race condition in SELinux 2.6.x through 2.6.9 allows local users
to ...)
 	NOTE: 2.6 only issue
@@ -1395,7 +1511,7 @@
 	NOTE: fixed in 2.4.28, 2.6.9
 	NOTE: check with kernel people
 CAN-2004-0948
-	NOTE: reserved
+	NOTE: rejected
 CAN-2004-0947 (Buffer overflow in unarj before 2.63a-r2 allows remote attackers
to ...)
 	{DSA-652-1}
 	NOTE: see http://lwn.net/Alerts/110733/
@@ -2380,8 +2496,8 @@
 CAN-2004-0492 (Heap-based buffer overflow in proxy_util.c for mod_proxy in
Apache ...)
 	{DSA-525}
 	- apache 1.3.31-2
-CAN-2004-0491
-	NOTE: reserved
+CAN-2004-0491 (The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does
not ...)
+	TODO: check
 CAN-2004-0490 (cPanel, when compiling Apache 1.3.29 and PHP with the
mod_phpsuexec ...)
 	NOTE: not-for-us (cPanel is not our cpanel)
 CAN-2004-0489 (Argument injection vulnerability in the SSH URI handler for
Safari on ...)
@@ -3356,8 +3472,8 @@
 	{DSA-424}
 CAN-2003-1022
 	{DSA-416}
-CAN-2003-1021
-	NOTE: reserved
+CAN-2003-1021 (The scosession program in OpenServer 5.0.6 and 5.0.7 allows
local ...)
+	TODO: check
 CAN-2003-1020 (The format_send_to_gui function in formats.c for irssi before
0.8.9 ...)
 	- irssi-text 0.8.9-0.1
 CAN-2003-1019
@@ -8273,7 +8389,7 @@
 CAN-2000-0016 (Buffer overflow in Internet Anywhere POP3 Mail Server allows
remote ...)
 CAN-2000-0008 (FTPPro allows local users to read sensitive information, which
is ...)
 CAN-2000-0005 (HP-UX aserver program allows local users to gain privileges via
a ...)
-CAN-1999-1572 (cpio on FreeBSD 2.1.0, and possibly other operating systems,
uses a 0 ...)
+CAN-1999-1572 (cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other
...)
 	{DSA-664-1}
 CAN-1999-1571 (Buffer overflow in sar for SCO OpenServer 5.0.0 through 5.0.5
may ...)
 CAN-1999-1570 (Buffer overflow in sar for OpenServer 5.0.5 allows local users
to gain ...)

Modified: sarge-checks/CVE/list
==================================================================---
sarge-checks/CVE/list	2005-02-05 22:25:33 UTC (rev 354)
+++ sarge-checks/CVE/list	2005-02-06 08:14:14 UTC (rev 355)
@@ -1212,7 +1212,7 @@
 CVE-2002-0658
 	{DSA-137}
 CVE-2002-0653
-	NOTE: covered by DSA-135
+	TODO: check
 STOP: This is apporixmatly where woody was released.
 CVE-2002-0651
 CVE-2002-0650
Secure testing commits - Feb 2005 - r355 - in sarge-checks: CAN CVE

[Secure-testing-commits] r355 - in sarge-checks: CAN CVE
