Moritz Muehlenhoff
2005-Sep-03 10:13 UTC
[Secure-testing-commits] r1790 - in data: CAN DSA
Author: jmm-guest
Date: 2005-09-03 10:13:13 +0000 (Sat, 03 Sep 2005)
New Revision: 1790
Modified:
data/CAN/list
data/DSA/list
Log:
new apache2 dos
lots of nfus
canified gallery xss
corrected cve ref for dsa-790
update on proftpd dsa
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-09-03 09:41:57 UTC (rev 1789)
+++ data/CAN/list 2005-09-03 10:13:13 UTC (rev 1790)
@@ -1,8 +1,7 @@
-begin claimed by jmm
CAN-2005-2766 (Symantec AntiVirus Corporate Edition 9.0.1.x and 9.0.4.x, and
possibly ...)
- TODO: check
+ NOTE: not-for-us (Symantec AntiVirus)
CAN-2005-2765 (The user interface in the Windows Firewall does not properly
display ...)
- TODO: check
+ NOTE: not-for-us (Microsoft Windows)
CAN-2005-2764
NOTE: reserved
CAN-2005-2763
@@ -56,46 +55,48 @@
CAN-2005-2738
NOTE: reserved
CAN-2005-2737 (Cross-site scripting (XSS) vulnerability in PhotoPost PHP Pro
5.1 ...)
- TODO: check
+ NOTE: not-for-us (PhotoPost)
CAN-2005-2736 (Cross-site scripting (XSS) vulnerability in YaPig 0.95 and
earlier ...)
- TODO: check
+ NOTE: not-for-us (YaPig)
CAN-2005-2735 (Cross-site scripting (XSS) vulnerability in phpGraphy 0.9.9a and
...)
- TODO: check
+ NOTE: not-for-us (phpGraphy)
CAN-2005-2734 (Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2
and ...)
- TODO: check
+ - gallery 1.5-2 (bug #325285; medium)
+ - gallery2 (unfixed; bug #325285; medium)
CAN-2005-2733 (upload_img_cgi.php in Simple PHP Blog (SPHPBlog) does not
properly ...)
- TODO: check
+ NOTE: not-for-us (Simple PHP Blog)
CAN-2005-2732 (AWStats 6.4, and possibly earlier versions, allows remote
attackers to ...)
TODO: check
CAN-2005-2731 (Directory traversal vulnerability in Astaro Security Linux 6.0,
when ...)
- TODO: check
+ NOTE: not-for-us (Astato specific)
CAN-2005-2730 (The HTTP proxy in Astaro Security Linux 6.0 allows remote
attackers to ...)
- TODO: check
+ NOTE: not-for-us (Astato specific)
CAN-2005-2729 (The HTTP proxy in Astaro Security Linux 6.0 does not properly
filter ...)
- TODO: check
+ NOTE: not-for-us (Astato specific)
CAN-2005-2728 (The byte-range filter in Apache 2.0 before 2.0.54 allows remote
...)
- TODO: check
+ NOTE: The CVE description is wrong, this has been merged for 2.0.55
+ - apache2 (unfixed; bug filed; medium)
CAN-2005-2727 (Home Ftp Server 1.0.7 stores sensitive user information and
server ...)
- TODO: check
+ NOTE: not-for-us (Home Ftp Server)
CAN-2005-2726 (Directory traversal vulnerability in Home Ftp Server 1.0.7
allows ...)
- TODO: check
+ NOTE: not-for-us (Home Ftp Server)
CAN-2005-2725 (The inputtrap utility in QNX RTOS 6.1.0, 6.3, and possibly
earlier ...)
- TODO: check
+ NOTE: not-for-us (QNX)
CAN-2005-2723 (SQL injection vulnerability in auth.php in PaFileDB 3.1, when
...)
- TODO: check
+ NOTE: not-for-us (PaFileDB)
CAN-2005-2722 (Foojan PHP Weblog allows remote attackers to obtain sensitive
...)
- TODO: check
+ NOTE: not-for-us (Foojan PHP Weblog)
CAN-2005-2721 (Multiple cross-site scripting (XSS) vulnerabilities in (1)
index.php ...)
- TODO: check
+ NOTE: not-for-us (Foojan PHP Weblog)
CAN-2005-2720 (Stack-based buffer overflow in the ACE archive decompression
library ...)
- TODO: check
+ NOTE: not-for-us (HAURI Antivirus)
CAN-2005-2719 (Ventrilo 2.1.2 through 2.3.0 allows remote attackers to cause a
denial ...)
- TODO: check
+ NOTE: not-for-us (Ventrilo)
CAN-2005-2718 (Buffer overflow in ad_pcm.c in MPlayer 1.0pre7 and earlier
allows ...)
- TODO: check
+ NOTE: not-for-us (MPlayer)
CAN-2005-2717 (PHP remote file inclusion vulnerability in WebCalendar before
1.0.1 ...)
{DSA-799-1}
- TODO: check
+ - webcalendar (unfixed; bug filed; medium)
CAN-2005-2715
NOTE: reserved
CAN-2005-2714
@@ -129,24 +130,23 @@
CAN-2005-2700
NOTE: reserved
CAN-2005-2699 (admin/admin.php in PHPKit 1.6.1 allows remote authenticated ...)
- TODO: check
+ NOTE: not-for-us (PHPKit)
CAN-2005-2698 (Cross-site scripting (XSS) vulnerability in browse.php in Nephp
...)
- TODO: check
+ NOTE: not-for-us (Nephp Publisher Enterprise)
CAN-2005-2697 (SQL injection vulnerability in search.php for MyBulletinBoard
(MyBB) ...)
- TODO: check
+ NOTE: not-for-us (MyBB)
CAN-2005-2696 (The Lotus Notes client does not properly restrict access to
password ...)
- TODO: check
+ NOTE: not-for-us (Notes)
CAN-2005-2695 (Unspecified vulnerability in the SSL certificate checking ...)
- TODO: check
+ NOTE: not-for-us (Cisco)
CAN-2005-2694 (Buffer overflow in WinAce 2.6.0.5, and possibly earlier
versions, ...)
- TODO: check
+ NOTE: not-for-us (WinAce)
CAN-1999-1586 (loadmodule in SunOS 4.1.x, as used by xnews, does not properly
...)
- TODO: check
+ NOTE: not-for-us (SunOS)
CAN-1999-1585 (The (1) rcS and (2) mountall programs in Sun Solaris 2.x,
possibly ...)
- TODO: check
+ NOTE: not-for-us (Solaris)
CAN-1999-1584 (Unknown vulnerability in (1) loadmodule, and (2) modload if
modload is ...)
- TODO: check
-end claimed by jmm
+ NOTE: not-for-us (SunOS)
CAN-2005-XXXX [osh buffer overflow in handlers.c]
NOTE: This is not the same as -13
- osh 1.7-14 (unfixed; bug #323424; medium)
@@ -177,9 +177,6 @@
- affix 2.1.2-3 (bug #325444; medium)
CAN-2005-XXXX [Insecure tempfile usage in tleds]
- tleds 1.05beta10-9 (bug# 276789; low)
-CAN-2005-XXXX [XSS in gallery''s EXIF handling]
- - gallery 1.5-2 (bug #325285; medium)
- - gallery2 (unfixed; bug #325285; medium)
CAN-2005-2693 (cvsbug in CVS 1.12.12 and earlier creates temporary files
insecurely, ...)
NOTE: cvs: not shipped in binary package
- cvs 1:1.12.9-15 (bug #325106; low)
@@ -263,7 +260,7 @@
{DSA-791-1 DTSA-11-1}
- maildrop 1.5.3-1.1etch1 (medium)
CAN-2005-2654 (phpldapadmin before 0.9.6c allows remote attackers to gain
anonymous ...)
- TODO: check
+ - phpldapadmin 0.9.6c-5 (medium)
CAN-2005-XXXX [cplay - still unsafe temporary file handling vulnerable to
symlink attacks]
- cplay 1.49-8 (bug #324913; low)
CAN-2005-XXXX [$servers[$i][''disable_anon_bind''] = true
doesn''t prevent anonymous to access ldap directory]
@@ -933,9 +930,9 @@
CAN-2005-2527
NOTE: reserved
CAN-2005-2526 (CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to
cause a ...)
- TODO: check
+ NOTE: not-for-us (MacOS X)
CAN-2005-2525 (CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file
...)
- TODO: check
+ NOTE: not-for-us (MacOS X)
CAN-2005-2524
NOTE: reserved
CAN-2005-2523 (Multiple cross-site scripting (XSS) vulnerabilities in Weblog
Server ...)
@@ -3377,7 +3374,7 @@
CAN-2005-2018
NOTE: reserved
CAN-2005-2017 (Symantec AntiVirus 9 Corporate Edition allows local users to
gain ...)
- TODO: check
+ NOTE: not-for-us (Symantec AntiVirus)
CAN-2005-2016
NOTE: reserved
CAN-2005-2015
Modified: data/DSA/list
==================================================================---
data/DSA/list 2005-09-03 09:41:57 UTC (rev 1789)
+++ data/DSA/list 2005-09-03 10:13:13 UTC (rev 1790)
@@ -19,10 +19,11 @@
{CAN-2005-2716}
- affix 2.1.2-3 (medium)
NOTE: not fixed in testing at time of DSA (glibc transition, builds)
-[01 Sep 2005] DSA-795-1 proftpd - format string error
+[01 Sep 2005] DSA-795-2 proftpd - format string error
{CAN-2005-2390}
- proftpd 1.2.10-20 (medium)
NOTE: fixed in testing at time of DSA
+ NOTE: Initial -1 release had a build problem
[01 Sep 2005] DSA-794-1 polygen - programming error
{CAN-2005-2656}
- polygen 1.0.6-9 (low)
@@ -47,7 +48,7 @@
NOTE: not fixed in testing at time of DSA (glibc transition)
NOTE: but fixed in secure-testing repo
[30 Aug 2005] DSA-790-1 phpldapadmin - programming error
- {CAN-2005-1654}
+ {CAN-2005-2654}
- phpldapadmin 0.9.6c-5 (medium)
NOTE: fixed in testing at time of DSA
[29 Aug 2005] DSA-789-1 php4 - several