thr3ads.net - Secure testing commits - [Secure-testing-commits] r288

If this information is useful, please help other people find it:
Share via:
Joey Hess
2005-Jan-19 08:14 UTC
[Secure-testing-commits] r288 - sarge-checks/CAN

Author: joeyh
Date: 2005-01-19 09:14:24 +0100 (Wed, 19 Jan 2005)
New Revision: 288

Modified:
   sarge-checks/CAN/list
Log:
automatic CAN database update

Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list	2005-01-18 23:22:22 UTC (rev 287)
+++ sarge-checks/CAN/list	2005-01-19 08:14:24 UTC (rev 288)
@@ -1,4 +1,96 @@
-CAN-2005-0080
+CAN-2005-0121
+	TODO: check
+CAN-2005-0120
+	TODO: check
+CAN-2005-0119
+	TODO: check
+CAN-2005-0118
+	TODO: check
+CAN-2005-0117
+	TODO: check
+CAN-2005-0116
+	TODO: check
+CAN-2005-0115
+	NOTE: reserved
+CAN-2005-0114
+	NOTE: reserved
+CAN-2005-0113
+	TODO: check
+CAN-2005-0112
+	NOTE: reserved
+CAN-2005-0111
+	TODO: check
+CAN-2005-0110
+	TODO: check
+CAN-2005-0109
+	NOTE: reserved
+CAN-2005-0108
+	TODO: check
+CAN-2005-0107
+	NOTE: reserved
+CAN-2005-0106
+	NOTE: reserved
+CAN-2005-0105
+	NOTE: reserved
+CAN-2005-0104
+	NOTE: reserved
+CAN-2005-0103
+	NOTE: reserved
+CAN-2005-0102
+	NOTE: reserved
+CAN-2005-0101
+	NOTE: reserved
+CAN-2005-0100
+	NOTE: reserved
+CAN-2005-0099
+	NOTE: reserved
+CAN-2005-0098
+	NOTE: reserved
+CAN-2005-0097
+	TODO: check
+CAN-2005-0096
+	TODO: check
+CAN-2005-0095
+	TODO: check
+CAN-2005-0094
+	TODO: check
+CAN-2005-0093
+	NOTE: reserved
+CAN-2005-0092
+	NOTE: reserved
+CAN-2005-0091
+	NOTE: reserved
+CAN-2005-0090
+	NOTE: reserved
+CAN-2005-0089
+	NOTE: reserved
+CAN-2005-0088
+	NOTE: reserved
+CAN-2005-0087
+	NOTE: reserved
+CAN-2005-0086
+	NOTE: reserved
+CAN-2005-0085
+	NOTE: reserved
+CAN-2005-0084
+	NOTE: reserved
+CAN-2005-0083
+	NOTE: reserved
+CAN-2005-0082
+	NOTE: reserved
+CAN-2005-0081
+	NOTE: reserved
+CAN-2004-1379
+	TODO: check
+CAN-2004-1378
+	TODO: check
+CAN-2004-1377
+	TODO: check
+CAN-2003-1054
+	TODO: check
+CAN-2003-1053
+	TODO: check
+CAN-2005-0080 (The 55_options_traceback.dpatch patch for mailman 2.1.5 in
Ubuntu 4.10 ...)
 	- mailman 2.1.5-5
 CAN-2005-0079
 	NOTE: reserved
@@ -23,16 +115,16 @@
 CAN-2005-0069
 	NOTE: reserved
 	- vim (unfixed; bug #291125)
-CAN-2005-0068
+CAN-2005-0068 (The original design of ICMP does not require authentication for
...)
 	NOTE: general icmp design error
-CAN-2005-0067
+CAN-2005-0067 (The original design of TCP does not require that port numbers be
...)
 	NOTE: general tcp design error, no indication it affects linux
-CAN-2005-0066
+CAN-2005-0066 (The original design of TCP does not check that the TCP
Acknowledgement ...)
 	NOTE: general tcp design error
-CAN-2005-0065
+CAN-2005-0065 (The original design of TCP does not check that the TCP sequence
number ...)
 	NOTE: general tcp design error
-CAN-2005-0064
-	NOTE: reserved
+CAN-2005-0064 (Buffer overflow in the Decrypt::makeFileKey2 function in
Decrypt.cc ...)
+	TODO: check
 CAN-2005-0063
 	NOTE: reserved
 CAN-2005-0062
@@ -73,7 +165,7 @@
 	NOTE: reserved
 CAN-2005-0044
 	NOTE: reserved
-CAN-2005-0043
+CAN-2005-0043 (Buffer overflow in Apple iTunes 4.7 allows remote attackers to
execute ...)
 	NOTE: not-for-us (iTunes)
 CAN-2005-0042
 	NOTE: reserved
@@ -95,69 +187,69 @@
 	NOTE: reserved
 CAN-2005-0033
 	NOTE: reserved
-CAN-2004-1376
+CAN-2004-1376 (Directory traversal vulnerability in Microsoft Internet Explorer
5.01, ...)
 	NOTE: not-for-us (MSIE)
-CAN-2004-1375
+CAN-2004-1375 (Unknown vulnerability in System Administration Manager (SAM) in
HP-UX ...)
 	NOTE: not-for-us (HP-UX)
-CAN-2004-1374
+CAN-2004-1374 (Multiple buffer overflows in NetBSD kernel may allow local users
to ...)
 	NOTE: not-for-us (NetBSD)
-CAN-2004-1373
+CAN-2004-1373 (Format string vulnerability in SHOUTcast 1.9.4 allows remote
attackers ...)
 	NOTE: not-for-us (Shoutcast)
-CAN-2004-1372
+CAN-2004-1372 (Multiple stack-based buffer overflows in IBM DB2 7.x and 8.1
allow ...)
 	NOTE: not-for-us (IBM DB2)
-CAN-2004-1371
+CAN-2004-1371 (Stack-based buffer overflow in Oracle 9i and 10g allows remote
...)
 	NOTE: not-for-us (Oracle)
-CAN-2004-1370
+CAN-2004-1370 (Multiple SQL injection vulnerabilities in PL/SQL procedures that
run ...)
 	NOTE: not-for-us (Oracle)
-CAN-2004-1369
+CAN-2004-1369 (The TNS Listener in Oracle 10g allows remote attackers to cause
a ...)
 	NOTE: not-for-us (Oracle)
-CAN-2004-1368
+CAN-2004-1368 (ISQL*Plus in Oracle 10g Application Server allows remote
attackers to ...)
 	NOTE: not-for-us (Oracle)
-CAN-2004-1367
+CAN-2004-1367 (Oracle 10g Database Server, when installed with a password that
...)
 	NOTE: not-for-us (Oracle)
-CAN-2004-1366
+CAN-2004-1366 (Oracle 10g Database Server stores the password for the SYSMAN
account ...)
 	NOTE: not-for-us (Oracle)
-CAN-2004-1365
+CAN-2004-1365 (Extproc in Oracle 9i and 10g does not require authentication to
load a ...)
 	NOTE: not-for-us (Oracle)
-CAN-2004-1364
+CAN-2004-1364 (Directory traversal vulnerability in extproc in Oracle 9i and
10g ...)
 	NOTE: not-for-us (Oracle)
-CAN-2004-1363
+CAN-2004-1363 (Buffer overflow in extproc in Oracle 10g allows remote attackers
to ...)
 	NOTE: not-for-us (Oracle)
-CAN-2004-1362
+CAN-2004-1362 (The PL/SQL module for the Oracle HTTP Server in Oracle
Application ...)
 	NOTE: not-for-us (Oracle)
-CAN-2004-1361
+CAN-2004-1361 (Integer underflow in winhlp32.exe in Windows NT, Windows 2000
through ...)
 	NOTE: not-for-us (Windows)
-CAN-2004-1360
+CAN-2004-1360 (Unknown vulnerability in conv_fix in Sun Solaris 7 through 9,
when ...)
 	NOTE: not-for-us (Solaris)
-CAN-2004-1359
+CAN-2004-1359 (Multiple buffer overflows in uucp for Sun Solaris 2.6, 7, 8, and
9 ...)
 	NOTE: not-for-us (Solaris)
-CAN-2004-1358
+CAN-2004-1358 (The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9
disable ...)
 	NOTE: not-for-us (Solaris)
-CAN-2004-1357
+CAN-2004-1357 (The Secure Shell (SSH) Daemon (SSHD) in Sun Solaris 9 does not
...)
 	NOTE: not-for-us (ssh on Solaris)
-CAN-2004-1356
+CAN-2004-1356 (Unknown vulnerability in the sendfilev function in Sun Solaris 8
and 9 ...)
 	NOTE: not-for-us (Solaris)
-CAN-2004-1355
+CAN-2004-1355 (Unknown vulnerability in the TCP/IP stack for Sun Solaris 8 and
9 ...)
 	NOTE: not-for-us (Solaris)
-CAN-2004-1354
+CAN-2004-1354 (The Solaris Management Console (SMC) in Sun Solaris 8 and 9
generates ...)
 	NOTE: not-for-us (Solaris)
-CAN-2004-1353
+CAN-2004-1353 (Unknown vulnerability in LDAP on Sun Solaris 8 and 9, when using
Role ...)
 	NOTE: not-for-us (Solaris)
-CAN-2004-1352
+CAN-2004-1352 (Buffer overflow in the ping daemon of Sun Solaris 7 through 9
may ...)
 	NOTE: not-for-us (Solaris)
-CAN-2004-1351
+CAN-2004-1351 (Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris
7 ...)
 	NOTE: not-for-us (Solaris)
-CAN-2004-1350
+CAN-2004-1350 (Multiple buffer overflows in Sun Java System Web Proxy Server
...)
 	NOTE: not-for-us (Sun Java System Web Proxy Server )
-CAN-2004-1349
+CAN-2004-1349 (gzip before 1.3 in Solaris 8, when called with the -f or -force
flags, ...)
 	NOTE: not-for-us (gzip on Solaris)
-CAN-2004-1348
+CAN-2004-1348 (Unknown vulnerability in in.named on Solaris 8 allows remote
attackers ...)
 	NOTE: not-for-us (Solaris)
-CAN-2004-1347
+CAN-2004-1347 (X Display Manager (XDM) on Solaris 8 allows remote attackers to
cause ...)
 	NOTE: not-for-us (xdm on Solaris)
-CAN-2004-1346
+CAN-2004-1346 (The Sun Solaris Volume Manager (SVM) on Solaris 9 allows local
users ...)
 	NOTE: not-for-us (Solaris)
-CAN-2004-1345
+CAN-2004-1345 (Unknown vulnerability in Sun StorEdge Enterprise Storage Manager
(ESM) ...)
 	NOTE: not-for-us (Sun StorEdge Enterprise Storage Manager)
 CAN-2004-1344
 	NOTE: reserved
@@ -225,8 +317,7 @@
 	NOTE: reserved
 CAN-2005-0006
 	NOTE: reserved
-CAN-2005-0005
-	NOTE: reserved
+CAN-2005-0005 (Heap-based buffer overflow in psd.c for ImageMagick 6.1.0,
6.1.7, and ...)
 	- imagemagick (unfixed; bug #291118)
 CAN-2005-0004
 	NOTE: reserved
@@ -402,6 +493,7 @@
 CAN-2004-1265 (Buffer overflow in the readObjectChunk function in 3dsimp.cpp
for the ...)
 	NOTE: not-for-us (Convex)
 CAN-2004-1264 (Buffer overflow in the simplify_path function in config.c for
ChBg 1.5 ...)
+	{DSA-644-1}
 	- chbg 1.5-4
 CAN-2004-1263 (changepassword.cgi in ChangePassword 0.8, when installed setuid,
...)
 	NOTE: not-for-us (ChangePassword):w
@@ -1170,8 +1262,8 @@
 	NOTE: not-for-us (Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus)
 CAN-2004-0932 (McAfee Anti-Virus Engine DATS drivers before 4398 released on
Oct 13th ...)
 	NOTE: not-for-us (McAfee Anti-Virus Engine DATS drivers)
-CAN-2004-0931
-	NOTE: reserved
+CAN-2004-0931 (MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a
denial ...)
+	TODO: check
 CAN-2004-0930 (The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly
other ...)
 	- samba 3.0.8-1
 CAN-2004-0929 (Heap-based buffer overflow in the OJPEGVSetField function in
...)
@@ -1988,6 +2080,7 @@
 	NOTE: reserved
 CAN-2004-0555
 	NOTE: reserved
+	{DSA-643-1}
 CAN-2004-0554 (Linux kernel 2.4.2x and 2.6.x for x86 allows local users to
cause a ...)
 	NOTE: this was a big deal and is fixed in all current kernels
 CAN-2004-0553
@@ -5089,7 +5182,7 @@
 CAN-2003-0015
 	{DSA-233}
 	- cvs 1.11.2-5.1
-CAN-2003-0014 (bmv 1.2 and earlier allows local users to overwrite arbitrary
files ...)
+CAN-2003-0014 (gsinterf.c in bmv 1.2 and earlier allows local users to
overwrite ...)
 	{DSA-633-1}
 CAN-2003-0013
 	{DSA-230}
Secure testing commits - Jan 2005 - r288 - sarge-checks/CAN

[Secure-testing-commits] r288 - sarge-checks/CAN
