thr3ads.net - Secure testing commits - [Secure-testing-commits] r854

If this information is useful, please help other people find it:
Share via:
Joey Hess
2005-Apr-19 09:14 UTC
[Secure-testing-commits] r854 - sarge-checks/CAN

Author: joeyh
Date: 2005-04-19 09:14:20 +0000 (Tue, 19 Apr 2005)
New Revision: 854

Modified:
   sarge-checks/CAN/list
Log:
automatic CAN database update

Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list	2005-04-18 21:45:57 UTC (rev 853)
+++ sarge-checks/CAN/list	2005-04-19 09:14:20 UTC (rev 854)
@@ -1,3 +1,49 @@
+CAN-2005-1173 (Buffer overflow in PMSoftware Simple Web Server 1.0 allows
remote ...)
+	TODO: check
+CAN-2005-1172 (Cross-site scripting (XSS) vulnerability in init.inc.php in
Coppermine ...)
+	TODO: check
+CAN-2005-1171 (Cross-site scripting (XSS) vulnerability in datenbank module for
phpBB ...)
+	TODO: check
+CAN-2005-1170 (SQL injection vulnerability in datenbank module for phpBB allows
...)
+	TODO: check
+CAN-2005-1169 (Mafia Blog .4 BETA does not properly protect the admin
directory, ...)
+	TODO: check
+CAN-2005-1168 (DiagCollectionControl.dll in Musicmatch 10.00.2047 and earlier
allows ...)
+	TODO: check
+CAN-2005-1167 (Musicmatch 10.00.2047 and earlier store log files in the Program
Files ...)
+	TODO: check
+CAN-2005-1166 (The DNTUS26 process in Dameware NT Utilities and the DWRCS
process in ...)
+	TODO: check
+CAN-2005-1165 (Yager 5.24 and earlier allows remote attackers to cause a denial
of ...)
+	TODO: check
+CAN-2005-1164 (Yager 5.24 and earlier allows remote attackers to cause a denial
of ...)
+	TODO: check
+CAN-2005-1163 (Multiple buffer overflows in Yager 5.24 and earlier allow remote
...)
+	TODO: check
+CAN-2005-1162 (Multiple cross-site scripting (XSS) vulnerabilities in
OneWorldStore ...)
+	TODO: check
+CAN-2005-1161 (Multiple SQL injection vulnerabilities in OneWorldStore allow
remote ...)
+	TODO: check
+CAN-2005-1160 (The privileged &quot;chrome&quot; UI code in Firefox
before 1.0.3 and Mozilla ...)
+	TODO: check
+CAN-2005-1159 (The native implementations of InstallTrigger and other functions
in ...)
+	TODO: check
+CAN-2005-1158 (Multiple &quot;missing security checks&quot; in Firefox
before 1.0.3 allow ...)
+	TODO: check
+CAN-2005-1157 (Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows
remote ...)
+	TODO: check
+CAN-2005-1156 (Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows
remote ...)
+	TODO: check
+CAN-2005-1155 (The favicon functionality in Firefox before 1.0.3 and Mozilla
Suite ...)
+	TODO: check
+CAN-2005-1154 (Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows
remote ...)
+	TODO: check
+CAN-2005-1153 (Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when
blocking a ...)
+	TODO: check
+CAN-2005-1152
+	NOTE: reserved
+CAN-2005-1151
+	NOTE: reserved
 CAN-2005-1150 (Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and
...)
 	NOTE: not-for-us (Sun Java)
 CAN-2005-1149 (SQL injection vulnerability in admin/login.asp in aspclick.it
ACNews ...)
@@ -90,8 +136,8 @@
 CAN-2005-1108 (The ij_untrusted_url function in JunkBuster 2.0.2-r2, with ...)
 	NOTE: only part of Woody, has been removed from Sarge and sid
 	NOTE: not-for-us (Junkbuster)
-CAN-2005-1107
-	NOTE: reserved
+CAN-2005-1107 (McAfee Internet Security Suite 2005 uses insecure default ACLs
for ...)
+	TODO: check
 CAN-2005-XXXX [Multiple further vulnerabilities in Mozilla/Firefox beside
CAN-2005-0989]
 	NOTE: Mozilla suite is not affected by all of these issues
 	- mozilla-firefox 1.0.3-1
@@ -383,8 +429,8 @@
 	NOTE: not-for-us (IVT BlueSoleil)
 CAN-2005-0977 (The shmem_nopage function in shmem.c for the tmpfs driver in
Linux ...)
 	- kernel-source-2.6.8 2.6.8-16
-CAN-2005-0976
-	NOTE: reserved
+CAN-2005-0976 (AppleWebKit (WebCore and WebKit), as used in multiple products
such as ...)
+	TODO: check
 CAN-2005-0975
 	NOTE: reserved
 CAN-2005-0974
@@ -1000,7 +1046,6 @@
 	NOTE: reserved
 	- cvs (unfixed; bug filed)
 CAN-2005-0752 [PLUGINSPAGE privileged javascript execution in Firefox] 
-	NOTE: reserved
 	- mozilla-firefox 1.0.3-1
 CAN-2005-0751
 	NOTE: reserved
@@ -3512,7 +3557,7 @@
 	{DSA-651-1}
 	- squid 2.5.7-4
 CAN-2005-0093
-	NOTE: reserved
+	NOTE: rejected
 CAN-2005-0092 (Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel
4GB/4GB ...)
 	NOTE: apparently specific to redhat hugemem kernel
 CAN-2005-0091 (Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel
4GB/4GB ...)
@@ -4019,17 +4064,17 @@
 CAN-2004-1244 (Windows Media Player 9 allows remote attackers to execute
arbitrary ...)
 	NOTE: not-for-us (Microsoft)
 CAN-2004-1243
-	NOTE: reserved
+	NOTE: rejected
 CAN-2004-1242
-	NOTE: reserved
+	NOTE: rejected
 CAN-2004-1241
-	NOTE: reserved
+	NOTE: rejected
 CAN-2004-1240
-	NOTE: reserved
+	NOTE: rejected
 CAN-2004-1239
-	NOTE: reserved
+	NOTE: rejected
 CAN-2004-1238
-	NOTE: reserved
+	NOTE: rejected
 CAN-2004-1237 (Unknown vulnerability in the system call filtering code in the
audit ...)
 	NOTE: apparently redhat specific
 CAN-2004-1236 (Buffer overflow in the LDAP component for Netscape Directory
Server ...)
Secure testing commits - Apr 2005 - r854 - sarge-checks/CAN

[Secure-testing-commits] r854 - sarge-checks/CAN
