Author: joeyh
Date: 2005-08-27 09:14:35 +0000 (Sat, 27 Aug 2005)
New Revision: 1668
Modified:
data/CAN/list
Log:
automatic CAN database update
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-08-27 07:20:28 UTC (rev 1667)
+++ data/CAN/list 2005-08-27 09:14:35 UTC (rev 1668)
@@ -1071,11 +1071,12 @@
CAN-2005-2451 (Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6
enabled, ...)
NOTE: not-for-us (IOS)
CAN-2005-2450 (Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG
file ...)
- {DSA-776-1}
+ {DSA-776-1 DTSA-3-1}
- clamav 0.86.2-1 (medium)
CAN-2005-2449 (Race condition in sandbox before 1.2.11 allows local users to
create ...)
NOTE: not-for-us (sandbox)
CAN-2005-2448 (Multiple "endianness errors" in libgadu in ekg
before 1.6rc2 allow ...)
+ {DTSA-4-1 DTSA-2-1}
- ekg 1:1.5+20050718+1.6rc3-1 (low)
- centericq 4.20.0-9 (bug #323185; medium)
CAN-2005-2447
@@ -1275,10 +1276,11 @@
CAN-2005-2371 (Unknown vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g
allows ...)
NOTE: not-for-us (Oracle Reports)
CAN-2005-2370 (Multiple "memory alignment errors" in libgadu,
as used in ekg before ...)
- {DSA-769-1}
+ {DSA-769-1 DTSA-2-1}
- gaim 1:1.4.0-5 (low)
- centericq 4.20.0-9 (bug #323185; low)
CAN-2005-2369 (Multiple integer signedness errors in libgadu, as used in ekg
before ...)
+ {DTSA-2-1}
TODO: check gaim and others that embed libgadu in source tree
- centericq 4.20.0-9 (bug #323185; medium)
CAN-2005-2368 (vim 6.3 before 6.3.082, with modelines enabled, allows external
...)
@@ -2650,7 +2652,7 @@
CAN-2005-2071 (traceroute in Sun Solaris 10 on x86 systems allows local users
to ...)
NOTE: not-for-us (Solaris)
CAN-2005-2070 (The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when
used ...)
- {DSA-737-1}
+ {DSA-737-1 DTSA-3-1}
- clamav 0.86-1 (medium)
CAN-2005-2069 (pam_ldap and nss_ldap, when used with OpenLDAP and connecting to
a ...)
- openldap2.2 2.2.26-3 (medium)
@@ -2682,7 +2684,7 @@
CAN-2005-2057 (Multiple cross-site scripting (XSS) vulnerabilities in Infopop
...)
NOTE: not-for-us (Infopop UBB.Threads)
CAN-2005-2056 (The Quantum archive decompressor in Clam AntiVirus (ClamAV)
before ...)
- {DSA-737-1}
+ {DSA-737-1 DTSA-3-1}
- clamav 0.86.1-1 (medium)
CAN-2005-2055 (RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and
RealOne ...)
NOTE: not-for-us (RealPlayer)
@@ -3673,10 +3675,10 @@
CAN-2005-1924
NOTE: reserved
CAN-2005-1923 (The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV)
0.83, ...)
- {DSA-737-1}
+ {DSA-737-1 DTSA-3-1}
- clamav 0.86.1 (bug #316401; medium)
CAN-2005-1922 (The MS-Expand file handling in Clam AntiVirus (ClamAV) before
0.86 ...)
- {DSA-737-1}
+ {DSA-737-1 DTSA-3-1}
- clamav 0.86.1-1 (low)
CAN-2005-1921 (Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier
(aka ...)
{DSA-746-1 DSA-747-1 DSA-745-1}
@@ -3701,12 +3703,12 @@
NOTE: not-for-us (kpopper)
NOTE: there is a kpopper in kerberos4kth-servers, but this is not the same one
CAN-2005-1916 (linki.py in ekg 2005-06-05 and earlier allows local users to
overwrite ...)
- {DSA-760-1}
+ {DSA-760-1 DTSA-4-1}
- ekg 1:1.5+20050712+1.6rc2-1 (low)
CAN-2005-1915
NOTE: reserved
CAN-2005-1914 (CenterICQ 4.20.0 and earlier creates temporary files with
predictable ...)
- {DSA-754-1}
+ {DSA-754-1 DTSA-2-1}
- centericq 4.20.0-7 (medium)
CAN-2005-1913 [Kernel changelog for 2.6.12.1: Clean up subthread exec]
NOTE: reserved
@@ -3841,16 +3843,16 @@
{DSA-770-1}
- gopher 3.0.8 (low)
CAN-2005-1852 (Multiple integer overflows in libgadu, as used in Kopete in KDE
3.2.3 ...)
- {DSA-767-1}
+ {DSA-767-1 DTSA-4-1}
NOTE: Kopete embeds the vulnerable code, but it''s only used as a
fallback when
NOTE: no shared lib version is found. As the Debian package has a dependency
on
NOTE: it the maintainer does not intent to fix it, see # 319443
- ekg 1:1.5+20050712+1.6rc3-1 (medium)
CAN-2005-1851 (A certain contributed script for ekg Gadu Gadu client 1.5 and
earlier ...)
- {DSA-760-1}
+ {DSA-760-1 DTSA-4-1}
- ekg 1:1.5+20050712+1.6rc2-1 (low)
CAN-2005-1850 (Certain contributed scripts for ekg Gadu Gadu client 1.5 and
earlier ...)
- {DSA-760-1}
+ {DSA-760-1 DTSA-4-1}
- ekg 1:1.5+20050712+1.6rc2-1 (low)
CAN-2005-1849 (inftrees.h in zlib 1.2.2 allows remote attackers to cause a
denial of ...)
{DSA-763-1}