Secure testing commits - Feb 2005 - r487 - sarge-checks/CAN

Author: joeyh
Date: 2005-02-25 09:14:20 +0100 (Fri, 25 Feb 2005)
New Revision: 487

Modified:
   sarge-checks/CAN/list
Log:
automatic CAN database update

Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list	2005-02-25 03:17:55 UTC (rev 486)
+++ sarge-checks/CAN/list	2005-02-25 08:14:20 UTC (rev 487)
@@ -1,3 +1,49 @@
+CAN-2005-0532 (The reiserfs_copy_from_user_to_file_region function in
reiserfs/file.c ...)
+	TODO: check
+CAN-2005-0531 (The atm_get_addr function in addr.c for Linux kernel 2.6.10 and
2.6.11 ...)
+	TODO: check
+CAN-2005-0530 (Signedness error in the copy_from_read_buf function in n_tty.c
for ...)
+	TODO: check
+CAN-2005-0529 (Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types
for ...)
+	TODO: check
+CAN-2005-0528
+	NOTE: reserved
+CAN-2005-0527
+	NOTE: reserved
+CAN-2005-0526 (Multiple cross-site scripting (XSS) vulnerabilities in PBLang
4.65 ...)
+	TODO: check
+CAN-2005-0525
+	NOTE: reserved
+CAN-2005-0524
+	NOTE: reserved
+CAN-2005-0523 (Format string vulnerability in ProZilla 1.3.7.3 and earlier
allows ...)
+	TODO: check
+CAN-2005-0522 (Chat Anywhere 2.72a stores sensitive information such as
passwords in ...)
+	TODO: check
+CAN-2005-0521 (SendLink 1.5 stores sensitive information, possibly including
...)
+	TODO: check
+CAN-2005-0520 (ArGoSoft before 1.4.2.8 allows remote attackers to read
arbitrary ...)
+	TODO: check
+CAN-2005-0519 (ArGoSoft before 1.4.2.7 allows remote attackers to read
arbitrary ...)
+	TODO: check
+CAN-2005-0518 (eXeem 0.21 stores sensitive information such as passwords in
plaintext ...)
+	TODO: check
+CAN-2005-0517 (PeerFTP_5 stores sensitive information such as passwords in
plaintext ...)
+	TODO: check
+CAN-2005-0516 (The ImageGalleryPlugin (ImageGalleryPlugin.pm) in Twiki allows
remote ...)
+	TODO: check
+CAN-2005-0515
+	NOTE: reserved
+CAN-2005-0514 (Cross-site scripting (XSS) vulnerability in Verity Ultraseek
before ...)
+	TODO: check
+CAN-2005-0513 (PHP remote code injection vulnerability in mail_autocheck.php in
...)
+	TODO: check
+CAN-2005-0512 (PHP remote code injection vulnerability in Tar.php in Mambo
4.5.2 ...)
+	TODO: check
+CAN-2005-0511 (Direct code injection vulnerability in misc.php for vBulletin
3.0.6 ...)
+	TODO: check
+CAN-2003-1086 (PHP remote code injection vulnerability in pm/lib.inc.php in
pMachine ...)
+	TODO: check
 CAN-2005-0510 (The daemon for fallback-reboot before 0.995 allows attackers to
cause ...)
 	NOTE: not-for-us (fallback-reboot)
 CAN-2005-0509 (Multiple cross-site scripting (XSS) vulnerabilities in the Mono
1.0.5 ...)
@@ -1486,10 +1532,10 @@
 CAN-2005-0162 (Stack-based buffer overflow in the get_internal_addresses
function in ...)
 	- openswan 2.2.0-6
 	NOTE: does not seem to affect freeswan
-CAN-2005-0161
-	NOTE: reserved
-CAN-2005-0160
-	NOTE: reserved
+CAN-2005-0161 (Multiple directory traversal vulnerabilities in unace 1.2b allow
...)
+	TODO: check
+CAN-2005-0160 (Multiple buffer overflows in unace 1.2b allow attackers to
execute ...)
+	TODO: check
 CAN-2005-0159 (The tpkg-* scripts in the toolchain-source 3.0.4 package on
Debian ...)
 	{DSA-679-1}
 CAN-2005-0158 (Format string vulnerability in bidwatcher before 1.3.17 allows
remote ...)
@@ -3884,8 +3930,8 @@
 	NOTE: not-for-us (IRIX)
 CAN-2004-0482 (Multiple "incorrect bounds checking" errors in
certain functions for ...)
 	NOTE: not-for-us (OpenBSD)
-CAN-2004-0481
-	NOTE: reserved
+CAN-2004-0481 (The logging feature in kcms_configure in the KCMS package on
Solaris 8 ...)
+	TODO: check
 CAN-2004-0480 (Argument injection vulnerability in IBM Lotus Notes 6.0.3 and
6.5 ...)
 	NOTE: not-for-us (Lotus Notes)
 CAN-2004-0479 (Internet Explorer 6 allows remote attackers to cause a denial of
...)
@@ -3915,10 +3961,10 @@
 	NOTE: not-for-us (Juniper JUNOS)
 CAN-2004-0467 (Juniper JUNOS 5.x through JUNOS 7.x allows remote attackers to
cause a ...)
 	NOTE: not-for-us (Juniper JUNOS)
-CAN-2004-0466
-	NOTE: reserved
-CAN-2004-0465
-	NOTE: reserved
+CAN-2004-0466 (WebConnect 6.5, 6.4.4, and possibly earlier versions allows
remote ...)
+	TODO: check
+CAN-2004-0465 (Directory traversal vulnerability in jretest.html in WebConnect
6.5 ...)
+	TODO: check
 CAN-2004-0464
 	NOTE: reserved
 CAN-2004-0463