thr3ads.net - Secure testing commits - [Secure-testing-commits] r356

If this information is useful, please help other people find it:
Share via:
Joey Hess
2005-Feb-06 19:56 UTC
[Secure-testing-commits] r356 - in sarge-checks: CAN CVE DSA

Author: joeyh
Date: 2005-02-06 20:56:01 +0100 (Sun, 06 Feb 2005)
New Revision: 356

Modified:
   sarge-checks/CAN/list
   sarge-checks/CVE/list
   sarge-checks/DSA/list
Log:
mass update


Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list	2005-02-06 08:14:14 UTC (rev 355)
+++ sarge-checks/CAN/list	2005-02-06 19:56:01 UTC (rev 356)
@@ -1,40 +1,41 @@
 CAN-2005-0229
 	NOTE: reserved
 CAN-2005-0228
-	TODO: check
+	- gpsd 2.7-4
+	NOTE: apparently dup of CAN-2004-1388
 CAN-2005-0227
-	TODO: check
+	{DSA-668-1}
 CAN-2005-0226
-	TODO: check
+	NOTE: not-for-us (ngIRCd)
 CAN-2005-0225
-	TODO: check
+	NOTE: partially fixed already
+	- firehol (unfixed; bug #293900)
 CAN-2005-0224
-	TODO: check
+	NOTE: not-for-us (HP-UX)
 CAN-2005-0223
-	TODO: check
+	NOTE: not-for-us (Java SDK and RTE for Tru64 UNIX)
 CAN-2005-0222
-	TODO: check
+	- gallery 1.4.4-pl5-1
 CAN-2005-0221
-	TODO: check
+	- gallery 1.4.4-pl5-1
 CAN-2005-0220
-	TODO: check
+	- gallery 1.4.4-pl5-1
 CAN-2005-0219
-	TODO: check
+	- gallery 1.4.4-pl5-1
 CAN-2005-0217
-	TODO: check
+	NOTE: not-for-us (Invision Community Blog )
 CAN-2005-0216
-	TODO: check
+	NOTE: not-for-us (Woltlab Burning Board Lite)
 CAN-2005-0215
-	TODO: check
+	NOTE: not-for-us (Mozilla 1.6 for Windows)
 CAN-2005-0214
-	TODO: check
+	NOTE: not-for-us (SPHPBlog)
 CAN-2005-0213
-	TODO: check
+	NOTE: not-for-us (WinHKI)
 CAN-2005-0212
-	TODO: check
+	NOTE: not-for-us (The Amp II engine as used by Gore: Ultimate Soldier)
 CAN-2005-0211
 	{DSA-667-1}
-	TODO: check
 CAN-2005-0210
 	NOTE: reserved
 CAN-2005-0209
@@ -56,48 +57,47 @@
 CAN-2005-0201
 	NOTE: reserved
 CAN-2005-0200
-	TODO: check
+	NOTE: not-for-us (TikiWiki)
 CAN-2005-0199
-	TODO: check
+	NOTE: not-for-us (ngIRCd)
 CAN-2005-0197
-	TODO: check
+	NOTE: not-for-us (Cisco)
 CAN-2005-0196
-	TODO: check
+	NOTE: not-for-us (Cisco)
 CAN-2005-0195
-	TODO: check
+	NOTE: not-for-us (Cisco)
 CAN-2005-0194
 	{DSA-667-1}
-	TODO: check
 CAN-2005-0193
-	TODO: check
+	NOTE: not-for-us (mRouter in iSync in OS X)
 CAN-2005-0192
-	TODO: check
+	NOTE: not-for-us (RealPlayer)
 CAN-2005-0191
-	TODO: check
+	NOTE: not-for-us (RealPlayer)
 CAN-2005-0190
-	TODO: check
+	NOTE: not-for-us (RealPlayer)
 CAN-2005-0189
-	TODO: check
+	NOTE: not-for-us (RealPlayer)
 CAN-2005-0188
-	TODO: check
+	NOTE: not-for-us (AtHoc toolbar)
 CAN-2005-0187
-	TODO: check
+	NOTE: not-for-us (AtHoc toolbar)
 CAN-2005-0186
-	TODO: check
+	NOTE: not-for-us (CIsco)
 CAN-2005-0185
-	TODO: check
+	NOTE: not-for-us (NodeManager Professional)
 CAN-2005-0184
 	TODO: check
 CAN-2005-0183
 	TODO: check
 CAN-2005-0182
-	TODO: check
+	NOTE: not-for-us (mod_dosevasive module for apache)
 CAN-2005-0181
 	NOTE: reserved
 CAN-2005-0180
-	TODO: check
+	TODO: check with kernel team
 CAN-2005-0179
-	TODO: check
+	TODO: check with kernel team
 CAN-2005-0178
 	NOTE: reserved
 CAN-2005-0177
@@ -105,27 +105,27 @@
 CAN-2005-0176
 	NOTE: reserved
 CAN-2004-1392
-	TODO: check
+	TODO: check (asked vorlon if we''ve vulnerable)
 CAN-2004-1391
-	TODO: check
+	NOTE: not-for-us (PPPoE daemon (PPPoEd) in QNX RTP)
 CAN-2004-1390
-	TODO: check
+	NOTE: not-for-us (PPPoE daemon (PPPoEd) in QNX RTP)
 CAN-2004-1389
-	TODO: check
+	NOTE: not-for-us (Veritas NetBackup Administrative Assistant)
 CAN-2004-1388
-	TODO: check
+	- gpsd 2.7-4
 CAN-2004-1387
-	TODO: check
+	- apache 1.3.33-3
 CAN-2004-1386
-	TODO: check
+	NOTE: not-for-us (TikiWiki)
 CAN-2004-1385
-	TODO: check
+	- phpgroupware (unfixed; bug filed)
 CAN-2004-1384
-	TODO: check
+	- phpgroupware (unfixed; bug filed)
 CAN-2004-1383
-	TODO: check
+	- phpgroupware (unfixed; bug filed)
 CAN-2004-1382
-	TODO: check
+	- 2.3.2.ds1-19
 CAN-2005-0218 (ClamAV 0.80 and earlier allows remote attackers to bypass virus
...)
 	- clamav 0.81
 CAN-2005-0198 (A logic error in the CRAM-MD5 code for the University of
Washington ...)
@@ -133,7 +133,7 @@
 CAN-2005-0175 (Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison
the ...)
 	{DSA-667-1}
 CAN-2005-0174 (Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison
the ...)
-	TODO: check
+	- squid (unfixed; bug filed)
 CAN-2005-0173 (squid_ldap_auth in Squid 2.5 and earlier allows remote
authenticated ...)
 	{DSA-667-1}
 CAN-2005-0172
@@ -299,7 +299,7 @@
 CAN-2005-0102 (Integer overflow in camel-lock-helper in Evolution 2.0.2 and
earlier ...)
 	- evolution 2.0.3-1.2
 CAN-2005-0101 (Buffer overflow in the socket_getline function in Newspost 2.1.1
and ...)
-	TODO: check
+	- newspost 2.1.1-2
 CAN-2005-0100
 	NOTE: reserved
 CAN-2005-0099
@@ -1555,7 +1555,7 @@
 CAN-2004-0930 (The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly
other ...)
 	- samba 3.0.8-1
 CAN-2004-0929 (Heap-based buffer overflow in the OJPEGVSetField function in
...)
-	- tiff3g (unfixed; bug #283544)
+	NOTE: tiff3g was removed from debian
 CAN-2004-0928
 	NOTE: reserved
 CAN-2004-0927 (ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same
example ...)
@@ -2497,7 +2497,7 @@
 	{DSA-525}
 	- apache 1.3.31-2
 CAN-2004-0491 (The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does
not ...)
-	TODO: check
+	NOTE: appears redhat specific
 CAN-2004-0490 (cPanel, when compiling Apache 1.3.29 and PHP with the
mod_phpsuexec ...)
 	NOTE: not-for-us (cPanel is not our cpanel)
 CAN-2004-0489 (Argument injection vulnerability in the SSH URI handler for
Safari on ...)
@@ -3473,7 +3473,7 @@
 CAN-2003-1022
 	{DSA-416}
 CAN-2003-1021 (The scosession program in OpenServer 5.0.6 and 5.0.7 allows
local ...)
-	TODO: check
+	NOTE: not-for-us (SCO)
 CAN-2003-1020 (The format_send_to_gui function in formats.c for irssi before
0.8.9 ...)
 	- irssi-text 0.8.9-0.1
 CAN-2003-1019

Modified: sarge-checks/CVE/list
==================================================================---
sarge-checks/CVE/list	2005-02-06 08:14:14 UTC (rev 355)
+++ sarge-checks/CVE/list	2005-02-06 19:56:01 UTC (rev 356)
@@ -1212,7 +1212,7 @@
 CVE-2002-0658
 	{DSA-137}
 CVE-2002-0653
-	TODO: check
+	NOTE: covered by DSA 135
 STOP: This is apporixmatly where woody was released.
 CVE-2002-0651
 CVE-2002-0650

Modified: sarge-checks/DSA/list
==================================================================---
sarge-checks/DSA/list	2005-02-06 08:14:14 UTC (rev 355)
+++ sarge-checks/DSA/list	2005-02-06 19:56:01 UTC (rev 356)
@@ -1,5 +1,5 @@
-[04 Feb 2005] DSA-667-1 postgresql - privilege escalation
-	NOTE: no CAN given
+[04 Feb 2005] DSA-668-1 postgresql - privilege escalation
+	{CAN-2005-0227}
 	- postgresql 7.4.7-1
 	NOTE: not fixed in testing at time of DSA
 [04 Feb 2005] DSA-667-1 squid - several
Secure testing commits - Feb 2005 - r356 - in sarge-checks: CAN CVE DSA

[Secure-testing-commits] r356 - in sarge-checks: CAN CVE DSA
