Author: joeyh Date: 2005-05-16 23:50:12 +0000 (Mon, 16 May 2005) New Revision: 1077 Modified: sarge-checks/CAN/list Log: finished processing today''s CANs Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-05-16 23:37:16 UTC (rev 1076) +++ sarge-checks/CAN/list 2005-05-16 23:50:12 UTC (rev 1077) @@ -69,30 +69,30 @@ NOTE: not-for-us (Gamespy cd-key validation system) CAN-2005-1555 (Cross-site scripting (XSS) vulnerability in the JRun Web Server in ...) NOTE: not-for-us (JRun) -begin claimed by joeyh CAN-2005-1554 (SQL injection vulnerability in view_user.php in WowBB 1.6, 1.61, and ...) - TODO: check + NOTE: not-for-us (WowBB) CAN-2005-1553 (GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0 uses a ...) - TODO: check + NOTE: not-for-us (GeoVision Digital Video Surveillance System) CAN-2005-1552 (GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0, when ...) - TODO: check + NOTE: not-for-us (GeoVision Digital Video Surveillance System) CAN-2005-1551 (Sophos Anti-Virus 3.93 does not check downloaded files for viruses ...) - TODO: check + NOTE: not-for-us (Sophos Anti-Virus) CAN-2005-1550 (easymsgb.pl in Easy Message Board allows remote attackers to execute ...) - TODO: check + NOTE: not-for-us (easy message board) CAN-2005-1549 (Directory traversal vulnerability in easymsgb.pl in Easy Message Board ...) - TODO: check + NOTE: not-for-us (easy message board) CAN-2005-1548 (SQL injection vulnerability in index.php in Advanced Guestbook 2.3.1 ...) - TODO: check + NOTE: not-for-us (Advanced Guestbook) CAN-2005-1547 (Heap-based buffer overflow in the demo version of Bakbone Netvault, ...) - TODO: check + NOTE: not-for-us (Bakbone Netvault) CAN-2005-1546 (Buffer overflow in the PE parser in HT Editor before 0.8.0 allows ...) - TODO: check + NOTE: not-for-us (HT Editor) CAN-2005-1545 (Integer overflow in the ELF parser in HT Editor before 0.8.0 allows ...) - TODO: check + NOTE: not-for-us (HT Editor) CAN-2005-1544 (Stack-based buffer overflow in libTIFF before 1.53 allows remote ...) - TODO: check -end claimed by joeyh + NOTE: CVE info about vulnerable version number is bogus + - tiff 3.7.2-1 + TODO: what about tiff3g? CAN-2005-1543 NOTE: reserved CAN-2005-1542 @@ -116,9 +116,11 @@ CAN-2005-1533 NOTE: reserved CAN-2005-1532 (Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly ...) - TODO: check + - mozilla-firefox 1.0.4 + - mozilla-browser 2:1.7.8 CAN-2005-1531 (Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly ...) - TODO: check + - mozilla-firefox 1.0.4 + - mozilla-browser 2:1.7.8 CAN-2005-1530 NOTE: reserved CAN-2005-1529 @@ -142,11 +144,11 @@ CAN-2005-1520 NOTE: reserved CAN-2005-1519 (Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered ...) - TODO: check + - squid 2.5.9-9 CAN-2005-1518 (Unknown vulnerability in Solaris 7 through 9, when using Federated ...) - TODO: check + NOTE: not-for-us (Solaris) CAN-2005-1517 (Unknown vulnerability in Cisco Firewall Services Module (FWSM) 2.3.1 ...) - TODO: check + NOTE: not-for-us (Cisco) CAN-2005-XXXX [Buffer overflow in libotr] - libotr 2.0.2-1 CAN-2005-XXXX [vpnc: config file path security hole] @@ -154,8 +156,6 @@ - vpnc 0.3.2+SVN20050326-2 CAN-2005-XXXX [DoS security problem in gnutls] - gnutls (unfixed; bug #309111) -CAN-2005-XXXX [DNS response spoofing in Squid] - - squid 2.5.9-9 CAN-2005-XXXX [Several buffer overflows in termpkg] NOTE: Not in Sarge - termpkg 3.3-2 @@ -163,8 +163,6 @@ - binutils (unfixed; bug #308625) CAN-2005-XXXX [Integer overflow in gdb''s ELF parsing] - gdb (unfixed; bug #308624) -CAN-2005-XXXX [Buffer overflow in libtiff''s BitsPerSample parsing] - - tiff 3.7.2-1 CAN-2005-XXXX [Multiple vulnerabilities in HT editor] - ht 0.8.0-2 CAN-2005-XXXX [unrar: opens /tmp/debug_unrar.txt