thr3ads.net - Secure testing commits - [Secure-testing-commits] r429

If this information is useful, please help other people find it:
Share via:
Joey Hess
2005-Feb-17 20:14 UTC
[Secure-testing-commits] r429 - sarge-checks/CAN

Author: joeyh
Date: 2005-02-17 21:14:29 +0100 (Thu, 17 Feb 2005)
New Revision: 429

Modified:
   sarge-checks/CAN/list
Log:
automatic CAN database update

Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list	2005-02-17 19:30:25 UTC (rev 428)
+++ sarge-checks/CAN/list	2005-02-17 20:14:29 UTC (rev 429)
@@ -1,3 +1,21 @@
+CAN-2005-0455
+	NOTE: reserved
+CAN-2005-0454 (Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and
earlier ...)
+	TODO: check
+CAN-2005-0453 (The buffer_urldecode function in Lighttpd 1.3.7 and earlier does
not ...)
+	TODO: check
+CAN-2005-0452 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft
...)
+	TODO: check
+CAN-2005-0451 (Sami HTTP Server 1.0.5 allows remote attackers to cause a denial
of ...)
+	TODO: check
+CAN-2005-0450 (Directory traversal vulnerability in Sami HTTP Server 1.0.5
allows ...)
+	TODO: check
+CAN-2005-0449 (The netfilter/iptables module in Linux before 2.6.8.1 allows
remote ...)
+	TODO: check
+CAN-2005-0448
+	NOTE: reserved
+CAN-2005-0430 (The Quake 3 engine, as used in multiple game packages, allows
remote ...)
+	TODO: check
 begin claimed by djoume
 CAN-2005-0447 (Solaris 7, 8, and 9 allows remote attackers to cause a denial of
...)
 	TODO: check
@@ -15,7 +33,7 @@
 	TODO: check
 CAN-2005-0440 (ELOG before 2.5.7 allows remote attackers to bypass
authentication and ...)
 	TODO: check
-CAN-2005-0439 (Buffer overflow in ELOG before 2.5.7 allows remote attackers to
...)
+CAN-2005-0439 (Buffer overflow in the decode_post function in ELOG before 2.5.7
...)
 	TODO: check
 CAN-2005-0438 (awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to
obtain ...)
 	TODO: check
@@ -70,18 +88,18 @@
 CAN-2005-0412 (Cross-site scripting (XSS) vulnerability in Spidean PostWrap
allows ...)
 	TODO: check
 end claimed by djoume
-CAN-2005-0411
-	NOTE: reserved
-CAN-2005-0410
-	NOTE: reserved
-CAN-2005-0409
-	NOTE: reserved
-CAN-2005-0408
-	NOTE: reserved
-CAN-2005-0407
-	NOTE: reserved
-CAN-2005-0406
-	NOTE: reserved
+CAN-2005-0411 (Directory traversal vulnerability in index.php for CitrusDB
0.3.6 and ...)
+	TODO: check
+CAN-2005-0410 (SQL injection vulnerability in importcc.php for CitrusDB 0.3.6
and ...)
+	TODO: check
+CAN-2005-0409 (CitrusDB 0.3.6 and earlier does not verify authorization for the
(1) ...)
+	TODO: check
+CAN-2005-0408 (CitrusDB 0.3.6 and earlier generates easily predictable MD5
hashes of ...)
+	TODO: check
+CAN-2005-0407 (Cross-site scripting (XSS) vulnerability in Openconf 1.04, and
...)
+	TODO: check
+CAN-2005-0406 (A design flaw in image processing software that modifies JPEG
images ...)
+	TODO: check
 CAN-2005-0405
 	NOTE: reserved
 CAN-2005-0404
@@ -158,6 +176,7 @@
 	NOTE: cyrus-sasl code seems too old for any of the problems to apply
 CAN-2005-0372
 	NOTE: reserved
+	{DSA-686-1}
 CAN-2005-0371 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0
and ...)
 	- armagetron (unfixed; bug #295294)
 CAN-2005-0370 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0
and ...)
@@ -398,12 +417,10 @@
 	- monit 1:4.2.1-1
 CAN-2005-0365 (The dcopidlng script in KDE 3.3.2 creates temporary files with
...)
 	- kdelibs 4:3.3.2-2
-CAN-2005-0363
-	NOTE: reserved
+CAN-2005-0363 (awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to
execute ...)
 	{DSA-682-1}
 	- awstats 6.2-1.2
-CAN-2005-0362
-	NOTE: reserved
+CAN-2005-0362 (awstats.pl in AWStats 6.2 allows remote attackers to execute
arbitrary ...)
 	- awstats 6.2-1.2
 	NOTE: http://patches.ubuntu.com/patches/awstats.more-CAN-2005-0016.diff
 	NOTE: http://packetstormsecurity.nl/0501-exploits/AWStatsVulnAnalysis.pdf
@@ -612,12 +629,12 @@
 CAN-2005-0247 (Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and
earlier ...)
 	{DSA-683-1}
 	- postgresql 7.4.7-2
-CAN-2005-0246 (The intagg contrib module for PostgreSQL 8.0.1 and earlier
allows ...)
+CAN-2005-0246 (The intagg contrib module for PostgreSQL 8.0.0 and earlier
allows ...)
 	- postgresql 7.4.7-1
-CAN-2005-0245 (Buffer overflow in gram.y for PostgreSQL 8.0.1 and earlier may
allow ...)
+CAN-2005-0245 (Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may
allow ...)
 	{DSA-683-1}
 	- postgresql 7.4.7-1
-CAN-2005-0244 (PostgreSQL 8.0.1 and earlier allows local users to bypass the
EXECUTE ...)
+CAN-2005-0244 (PostgreSQL 8.0.0 and earlier allows local users to bypass the
EXECUTE ...)
 	- postgresql 7.4.7-1
 CAN-2005-0243
 	NOTE: reserved
@@ -776,7 +793,7 @@
 	NOTE: reserved
 CAN-2005-0207
 	NOTE: reserved
-CAN-2005-0206 (The original patch for integer overflow vulnerabilities in Xpdf
2.0 ...)
+CAN-2005-0206 (The patch for integer overflow vulnerabilities in Xpdf 2.0 and
3.0 ...)
 	TODO: check
 CAN-2005-0205
 	NOTE: reserved
@@ -834,14 +851,12 @@
 	NOTE: Does not apply to 2.6.8
 	NOTE: Fixed in 2.6.9-6 to be uploaded
 	- kernel-source-2.6.9 2.6.9-6
-CAN-2005-0178
-	NOTE: reserved
+CAN-2005-0178 (Race condition in the setsid function in Linux before 2.6.8.1
has ...)
 	NOTE: see USN-82-1
-CAN-2005-0177
-	NOTE: reserved
+CAN-2005-0177 (nls_ascii.c in Linux before 2.6.8.1 uses an incorrect table
size, ...)
 	NOTE: see USN-82-1
-CAN-2005-0176
-	NOTE: reserved
+CAN-2005-0176 (The shmctl function in Linux before 2.6.8.1 allows local users
to ...)
+	TODO: check
 CAN-2004-1392 (PHP 4.0 with cURL functions allows remote attackers to bypass
the ...)
 	- php4 4:4.3.10-3
 CAN-2004-1391 (Untrusted execution path vulnerability in the PPPoE daemon
(PPPoEd) in ...)
@@ -1027,8 +1042,7 @@
 	NOTE: reserved
 CAN-2005-0106
 	NOTE: reserved
-CAN-2005-0105
-	NOTE: reserved
+CAN-2005-0105 (Unknown vulnerability in typespeed 0.4.1 and earlier allows
local ...)
 	{DSA-684-1}
 CAN-2005-0104 (Cross-site scripting (XSS) vulnerability in webmail.php in ...)
 	{DSA-662-1}
@@ -1040,7 +1054,7 @@
 CAN-2005-0101 (Buffer overflow in the socket_getline function in Newspost 2.1.1
and ...)
 	- newspost 2.1.1-2
 CAN-2005-0100 (Format string vulnerability in the movemail utility in (1) Emacs
20.x, ...)
-	{DSA-671-1 DSA-670-1}
+	{DSA-685-1 DSA-671-1 DSA-670-1}
 	- emacs21 21.3+1-9
 	- xemacs21 21.4.16-2
 CAN-2005-0099
@@ -1117,8 +1131,7 @@
 	{DSA-655-1}
 CAN-2005-0071 (vdr before 1.2.6 does not securely create files, which allows
...)
 	{DSA-656-1}
-CAN-2005-0070
-	NOTE: reserved
+CAN-2005-0070 (Synaesthesia 2.1 and earlier, and possibly other versions, when
...)
 	{DSA-681-1}
 CAN-2005-0069 (The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow
local ...)
 	- vim 1:6.3-058+1
@@ -1319,8 +1332,7 @@
 	- ncpfs 2.2.6-1
 CAN-2005-0012 (Format string vulnerability in the a_Interface_msg function in
Dillo ...)
 	- dillo 0.8.3-1
-CAN-2005-0011
-	NOTE: reserved
+CAN-2005-0011 (Multiple vulnerabilities in fliccd, when installed setuid root
as part ...)
 	- kdeedu (unfixed; bug #295499)
 CAN-2005-0010 (Unknown vulnerability in the MMSE dissector in Ethereal 0.10.4
through ...)
 	- ethereal 0.10.9-1
Secure testing commits - Feb 2005 - r429 - sarge-checks/CAN

[Secure-testing-commits] r429 - sarge-checks/CAN
