Author: joeyh
Date: 2005-01-18 21:57:46 +0100 (Tue, 18 Jan 2005)
New Revision: 282
Modified:
sarge-checks/CAN/list
Log:
new CANs
Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list 2005-01-18 20:14:23 UTC (rev 281)
+++ sarge-checks/CAN/list 2005-01-18 20:57:46 UTC (rev 282)
@@ -1,5 +1,5 @@
CAN-2005-0080
- TODO: check
+ - mailman 2.1.5-5
CAN-2005-0079
NOTE: reserved
CAN-2005-0078
@@ -23,13 +23,13 @@
CAN-2005-0069
NOTE: reserved
CAN-2005-0068
- TODO: check
+ NOTE: general icmp design error
CAN-2005-0067
- TODO: check
+ NOTE: general tcp design error, no indication it affects linux
CAN-2005-0066
- TODO: check
+ NOTE: general tcp design error
CAN-2005-0065
- TODO: check
+ NOTE: general tcp design error
CAN-2005-0064
NOTE: reserved
CAN-2005-0063
@@ -73,7 +73,7 @@
CAN-2005-0044
NOTE: reserved
CAN-2005-0043
- TODO: check
+ NOTE: not-for-us (iTunes)
CAN-2005-0042
NOTE: reserved
CAN-2005-0041
@@ -95,69 +95,69 @@
CAN-2005-0033
NOTE: reserved
CAN-2004-1376
- TODO: check
+ NOTE: not-for-us (MSIE)
CAN-2004-1375
- TODO: check
+ NOTE: not-for-us (HP-UX)
CAN-2004-1374
- TODO: check
+ NOTE: not-for-us (NetBSD)
CAN-2004-1373
- TODO: check
+ NOTE: not-for-us (Shoutcast)
CAN-2004-1372
- TODO: check
+ NOTE: not-for-us (IBM DB2)
CAN-2004-1371
- TODO: check
+ NOTE: not-for-us (Oracle)
CAN-2004-1370
- TODO: check
+ NOTE: not-for-us (Oracle)
CAN-2004-1369
- TODO: check
+ NOTE: not-for-us (Oracle)
CAN-2004-1368
- TODO: check
+ NOTE: not-for-us (Oracle)
CAN-2004-1367
- TODO: check
+ NOTE: not-for-us (Oracle)
CAN-2004-1366
- TODO: check
+ NOTE: not-for-us (Oracle)
CAN-2004-1365
- TODO: check
+ NOTE: not-for-us (Oracle)
CAN-2004-1364
- TODO: check
+ NOTE: not-for-us (Oracle)
CAN-2004-1363
- TODO: check
+ NOTE: not-for-us (Oracle)
CAN-2004-1362
- TODO: check
+ NOTE: not-for-us (Oracle)
CAN-2004-1361
- TODO: check
+ NOTE: not-for-us (Windows)
CAN-2004-1360
- TODO: check
+ NOTE: not-for-us (Solaris)
CAN-2004-1359
- TODO: check
+ NOTE: not-for-us (Solaris)
CAN-2004-1358
- TODO: check
+ NOTE: not-for-us (Solaris)
CAN-2004-1357
- TODO: check
+ NOTE: not-for-us (ssh on Solaris)
CAN-2004-1356
- TODO: check
+ NOTE: not-for-us (Solaris)
CAN-2004-1355
- TODO: check
+ NOTE: not-for-us (Solaris)
CAN-2004-1354
- TODO: check
+ NOTE: not-for-us (Solaris)
CAN-2004-1353
- TODO: check
+ NOTE: not-for-us (Solaris)
CAN-2004-1352
- TODO: check
+ NOTE: not-for-us (Solaris)
CAN-2004-1351
- TODO: check
+ NOTE: not-for-us (Solaris)
CAN-2004-1350
- TODO: check
+ NOTE: not-for-us (Sun Java System Web Proxy Server )
CAN-2004-1349
- TODO: check
+ NOTE: not-for-us (gzip on Solaris)
CAN-2004-1348
- TODO: check
+ NOTE: not-for-us (Solaris)
CAN-2004-1347
- TODO: check
+ NOTE: not-for-us (xdm on Solaris)
CAN-2004-1346
- TODO: check
+ NOTE: not-for-us (Solaris)
CAN-2004-1345
- TODO: check
+ NOTE: not-for-us (Sun StorEdge Enterprise Storage Manager)
CAN-2004-1344
NOTE: reserved
CAN-2004-1343
@@ -231,7 +231,7 @@
CAN-2005-0003
NOTE: reserved
CAN-2005-0002 (poppassd_pam 1.0 and earlier, when changing a user password,
does not ...)
- TODO: check
+ NOTE: not-for-us (poppassd_pam)
CAN-2005-0001 (Race condition in the page fault handler (fault.c) for Linux
kernel ...)
NOTE: bug in i386 SMP page fault handler, local root (bugtraq)
TODO: check with kernel team
@@ -309,7 +309,7 @@
CAN-2004-1307
NOTE: reserved
CAN-2004-1306 (Heap-based buffer overflow in winhlp32.exe in Windows NT,
Windows 2000 ...)
- TODO: check
+ NOTE: not-for-us (Windows)
CAN-2004-1305 (The Windows Animated Cursor (ANI) in Windows NT, Windows 2000
through ...)
NOTE: not-for-us (Microsoft)
CAN-2004-1304 (Stack-based buffer overflow in the ELF header parsing code in
file ...)
@@ -703,6 +703,7 @@
- cupsys 1.1.22-2
- tetex-bin 2.0.2-25
- gpdf (unfixed; bug #290731)
+ - koffice 1:1.3.5-1
CAN-2004-1124
NOTE: reserved
CAN-2004-1123 (Darwin Streaming Server 5.0.1, and possibly earlier versions,
allows ...)
@@ -875,7 +876,7 @@
CAN-2004-1050 (Heap-based buffer overflow in Internet Explorer 6 allows remote
...)
NOTE: not-for-us (Microsoft)
CAN-2004-1049 (Integer overflow in the LoadImage API of the USER32 Lib for
Microsoft ...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2004-1048
NOTE: reserved
CAN-2004-1047
@@ -895,7 +896,7 @@
CAN-2004-1040
NOTE: reserved
CAN-2004-1039 (The NFS mountd service on SCO UnixWare 7.1.1, 7.1.3, 7.1.4, and
7.0.1, ...)
- TODO: check
+ NOTE: not-for-us (SCO UnixWare)
CAN-2004-1038 (A design error in the IEEE1394 specification allows attackers
with ...)
NOTE: not-for-us (IEEE1394 specification bug, physical security)
CAN-2004-1037 (The search function in TWiki 20030201 allows remote attackers to
...)
@@ -1016,7 +1017,7 @@
CAN-2004-0992 (Format string vulnerability in the -a option (daemon mode) in
...)
NOTE: not-for-us (Proxytunnel)
CAN-2004-0991 (Buffer overflow in mpg123 before 0.59s-r9 allows remote
attackers to ...)
- TODO: check
+ - mpg123 0.59r-19
CAN-2004-0990 (Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2),
and ...)
{DSA-602-1 DSA-601-1 DSA-591-1 DSA-589-1}
- libgd2 2.0.30-1
@@ -1255,7 +1256,7 @@
CAN-2004-0898
NOTE: reserved
CAN-2004-0897 (The Indexing Service for Microsoft Windows XP and Server 2003
does not ...)
- TODO: check
+ NOTE: not-for-us (Windows)
CAN-2004-0896
NOTE: reserved
CAN-2004-0895
@@ -1809,7 +1810,7 @@
CAN-2004-0639 (Multiple cross-site scripting (XSS) vulnerabilities in
Squirrelmail ...)
{DSA-535}
CAN-2004-0638 (Buffer overflow in the KSDWRTB function in the dbms_system
package ...)
- TODO: check
+ NOTE: not-for-us (Oracle)
CAN-2004-0637
NOTE: reserved
CAN-2004-0636 (Buffer overflow in the goaway function in the aim:goaway URI
handler ...)