Author: joeyh
Date: 2005-02-18 18:18:33 +0100 (Fri, 18 Feb 2005)
New Revision: 443
Modified:
sarge-checks/CAN/list
Log:
filled in some gaps
Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list 2005-02-18 12:28:21 UTC (rev 442)
+++ sarge-checks/CAN/list 2005-02-18 17:18:33 UTC (rev 443)
@@ -879,13 +879,13 @@
- kernel-source-2.6.10 2.6.10-4
CAN-2005-0178 (Race condition in the setsid function in Linux before 2.6.8.1
has ...)
NOTE: see USN-82-1
- TODO: check
+ TODO: check with kernel team
CAN-2005-0177 (nls_ascii.c in Linux before 2.6.8.1 uses an incorrect table
size, ...)
NOTE: see USN-82-1
- TODO: check
+ TODO: check with kernel team
CAN-2005-0176 (The shmctl function in Linux before 2.6.8.1 allows local users
to ...)
- TODO: check
NOTE: see USN-82-1
+ TODO: check with kernel team
CAN-2004-1392 (PHP 4.0 with cURL functions allows remote attackers to bypass
the ...)
- php4 4:4.3.10-3
CAN-2004-1391 (Untrusted execution path vulnerability in the PPPoE daemon
(PPPoEd) in ...)
@@ -1113,7 +1113,7 @@
CAN-2005-0088 (The publisher handler for mod_python 2.7.8 and earlier allows
remote ...)
- libapache2-mod-python (unfixed; bug #294835)
CAN-2005-0087 (The alsa-lib package in Red Hat Linux 4 disables stack
protection for ...)
- TODO: check
+ NOTE: debian does not have stack protection
CAN-2005-0086 (Heap-based buffer overflow in less in Red Hat Enterprise Linux 3
...)
NOTE: not-for-us (redhat specific less bug)
CAN-2005-0085 (Cross-site scripting (XSS) vulnerability in ht://dig (htdig)
before ...)
@@ -1418,7 +1418,7 @@
NOTE: Fixed in upstream 2.6.10
- kernel-source-2.6.8 2.6.8-11
- kernel-source-2.6.9 2.6.9-4
- TODO: what about 2.4?
+ TODO: what about 2.4? check with kernel team
CAN-2004-1332 (Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i,
with ...)
NOTE: not-for-us (hpux)
CAN-2004-1331 (The execCommand method in Microsoft Internet Explorer 6.0 SP2
allows ...)
@@ -2377,7 +2377,7 @@
CAN-2004-0920 (Symantec Norton AntiVirus 2004, and earlier versions, allows a
virus ...)
NOTE: not-for-us (norton)
CAN-2004-0919 (The syscons CONS_SCRSHOT ioctl in FreeBSD 5.x allows local users
to ...)
- TODO: check
+ NOTE: not-for-us (FreeBSD)
CAN-2004-0918 (The asn_parse_header function (asn1.c) in the SNMP module for
Squid ...)
{DSA-576-1}
- squid 2.5.7
@@ -2499,20 +2499,22 @@
CAN-2004-0873 (Apple iChat AV 2.1, AV 2.0, and 1.0.1 allows remote attackers to
...)
NOTE: not-for-us (apple)
CAN-2004-0872 (Opera does not prevent cookies that are sent over an insecure
...)
- TODO: check
+ NOTE: not-for-us (Opera)
CAN-2004-0871 (Mozilla does not prevent cookies that are sent over an insecure
...)
- TODO: check
+ NOTE: upstream knows about the problem, no fix expected
+ TODO: followup
CAN-2004-0870 (KDE Konqueror does not prevent cookies that are sent over an
insecure ...)
- TODO: check
+ NOTE: upstream knows about the problem, no fix expected
+ TODO: followup
CAN-2004-0869 (Internet Explorer does not prevent cookies that are sent over an
...)
- TODO: check
+ NOTE: not-for-us (MSIE)
CAN-2004-0868
NOTE: rejected
NOTE: not-for-us (microsoft)
CAN-2004-0867 (Mozilla Firefox 0.9.2 allows web sites to set cookies for ...)
- mozilla-firefox 0.9.3
CAN-2004-0866 (Internet Explorer 6.0 allows web sites to set cookies for ...)
- TODO: check
+ NOTE: not-for-us (MSIE)
CAN-2004-0865
NOTE: reserved
CAN-2004-0864