Author: joeyh Date: 2005-01-29 07:06:27 +0100 (Sat, 29 Jan 2005) New Revision: 326 Modified: sarge-checks/CAN/list Log: update Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-01-28 20:14:15 UTC (rev 325) +++ sarge-checks/CAN/list 2005-01-29 06:06:27 UTC (rev 326) @@ -25,7 +25,8 @@ CAN-2005-0163 NOTE: reserved CAN-2005-0162 - TODO: check + - openswan 2.2.0-6 + NOTE: does not seem to affect freeswan CAN-2005-0161 NOTE: reserved CAN-2005-0160 @@ -49,27 +50,35 @@ CAN-2005-0151 NOTE: reserved CAN-2005-0150 - TODO: check + - mozilla-firefox 1.0 CAN-2005-0149 - TODO: check + - mozilla-thunderbird 0.7 + - mozilla-browser 2:1.7.4 CAN-2005-0148 - TODO: check + NOTE: not-for-us (thunderbird on windows) CAN-2005-0147 - TODO: check + - mozilla-firefox 1.0 + - mozilla-browser 2:1.7.5 CAN-2005-0146 - TODO: check + - mozilla-firefox 1.0 + - mozilla-browser 2:1.7.5 CAN-2005-0145 - TODO: check + - mozilla-firefox 1.0 CAN-2005-0144 - TODO: check + - mozilla-firefox 1.0 + - mozilla-browser 2:1.7.5 CAN-2005-0143 - TODO: check + - mozilla-firefox 1.0 + - mozilla-browser 2:1.7.5 CAN-2005-0142 - TODO: check + - mozilla-firefox 1.0 + - mozilla-thunderbirs 0.7 + - mozilla-browser 2:1.7.5 CAN-2005-0141 - TODO: check + - mozilla-firefox 1.0 + - mozilla-browser 2:1.7.5 CAN-2005-0140 - TODO: check + NOTE: not-for-us (PeID) CAN-2005-0139 NOTE: reserved CAN-2005-0138 @@ -83,11 +92,11 @@ CAN-2005-0134 NOTE: reserved CAN-2004-1381 - TODO: check + - mozilla-firefox 1.0 + - mozilla-browser 2:1.7.5 CAN-2004-1380 - TODO: check -CAN-1999-1572 - TODO: check + - mozilla-firefox 1.0 + - mozilla-browser 2:1.7.5 CAN-2005-0133 NOTE: reserved - clamav 0.80-0.81rc1-1 @@ -102,11 +111,11 @@ CAN-2005-0128 NOTE: reserved CAN-2005-0127 (Mail in Mac OS X 10.3.7, when generating a Message-ID header, ...) - TODO: check + NOTE: not-for-us (MacOS) CAN-2005-0126 (ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to execute ...) - TODO: check + NOTE: not-for-us (MacOS) CAN-2005-0125 (The "at" commands on Mac OS X 10.3.7 and earlier do not properly drop ...) - TODO: check + NOTE: not-for-us (MacOS) CAN-2005-0124 (The coda_pioctl function in the coda functionality (pioctl.c) for ...) - kernel-source-2.4.27 2.4.27-8 NOTE: 2.6.8 apparently ok @@ -127,7 +136,7 @@ CAN-2005-0116 (AWStats 6.1, and other versions before 6.3, allows remote attackers to ...) - awstats 6.2-1.1 CAN-2005-0115 (Stack-based buffer overflow in DataRescue Interactive Disassembler ...) - TODO: check + NOTE: not-for-us (DataRescue Interactive Disassembler) CAN-2005-0114 NOTE: reserved CAN-2005-0113 (inpview in SGI IRIX allows local users to execute arbitrary commands ...) @@ -190,7 +199,7 @@ CAN-2005-0087 NOTE: reserved CAN-2005-0086 (Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 ...) - TODO: check + - less (unfixed; bug filed) CAN-2005-0085 NOTE: reserved CAN-2005-0084 (Buffer overflow in the X11 dissector in Ethereal 0.8.10 through 0.10.8 ...) @@ -314,9 +323,10 @@ CAN-2005-0035 NOTE: reserved CAN-2005-0034 (An "incorrect assumption" in the authvalidated validator function in ...) - TODO: check + NOTE: only affects bind9 9.3.0, we have an earlier version + NOTE: fixed in 9.3.1 CAN-2005-0033 (Buffer overflow in the code for recursion and glue fetching in BIND ...) - TODO: check + - bind 1:8.4.6-1 CAN-2004-1376 (Directory traversal vulnerability in Microsoft Internet Explorer 5.01, ...) NOTE: not-for-us (MSIE) CAN-2004-1375 (Unknown vulnerability in System Administration Manager (SAM) in HP-UX ...) @@ -877,7 +887,7 @@ NOTE: fixed in kernel team svn (?) TODO: track fix CAN-2004-1150 (Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 ...) - TODO: check + NOTE: not-for-us (Winamp) CAN-2004-1149 (Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including ...) NOTE: not-for-us (Computer Associates eTrust EZ Antivirus) CAN-2004-1148 (phpMyAdmin before 2.6.1, when configured with UploadDir functionality, ...) @@ -935,7 +945,7 @@ - gpdf 2.8.2-1 - koffice 1:1.3.5-1 CAN-2004-1124 (Unknown vulnerability in chroot on SCO UnixWare 7.1.1 through 7.1.4 ...) - TODO: check + NOTE: not-for-us (UnixWare) CAN-2004-1123 (Darwin Streaming Server 5.0.1, and possibly earlier versions, allows ...) NOTE: not-for-us (Darwin Streaming Server) CAN-2004-1122 (Safari 1.x to 1.2.4, and possibly other versions, allows inactive ...) @@ -1080,7 +1090,7 @@ CAN-2004-1058 (Race condition in Linux kernel 2.6 allows local users to read the ...) TODO: check with kernel team CAN-2004-1057 (Multiple drivers in Linux kernel 2.4.19 and earlier do not properly ...) - TODO: check + NOTE: fixed after kernel 2.4.19 CAN-2004-1056 (Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not ...) - kernel-source-2.4.27 2.4.27-8 - kernel-image-2.4.27-i386 2.4.27-8 @@ -2386,7 +2396,7 @@ CAN-2004-0468 (Memory leak in Juniper JUNOS Packet Forwarding Engine (PFE) allows ...) NOTE: not-for-us (Juniper JUNOS) CAN-2004-0467 (Unknown vulnerability in Juniper JUNOS 5.x through JUNOS 7.x allows ...) - TODO: check + NOTE: not-for-us (Juniper JUNOS) CAN-2004-0466 NOTE: reserved CAN-2004-0465 @@ -8230,6 +8240,7 @@ CAN-2000-0016 (Buffer overflow in Internet Anywhere POP3 Mail Server allows remote ...) CAN-2000-0008 (FTPPro allows local users to read sensitive information, which is ...) CAN-2000-0005 (HP-UX aserver program allows local users to gain privileges via a ...) +CAN-1999-1572 CAN-1999-1571 (Buffer overflow in sar for SCO OpenServer 5.0.0 through 5.0.5 may ...) CAN-1999-1570 (Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain ...) CAN-1999-1569 (Quake 1 and NetQuake servers allow remote attackers to cause a denial ...)