Author: joeyh
Date: 2005-09-03 21:14:19 +0000 (Sat, 03 Sep 2005)
New Revision: 1799
Modified:
data/CAN/list
Log:
automatic CAN database update
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-09-03 15:02:10 UTC (rev 1798)
+++ data/CAN/list 2005-09-03 21:14:19 UTC (rev 1799)
@@ -260,6 +260,7 @@
{DSA-791-1 DTSA-11-1}
- maildrop 1.5.3-1.1etch1 (medium)
CAN-2005-2654 (phpldapadmin before 0.9.6c allows remote attackers to gain
anonymous ...)
+ {DSA-790-1}
- phpldapadmin 0.9.6c-5 (medium)
CAN-2005-XXXX [cplay - still unsafe temporary file handling vulnerable to
symlink attacks]
- cplay 1.49-8 (bug #324913; low)
@@ -1264,7 +1265,7 @@
CAN-2005-2449 (Race condition in sandbox before 1.2.11 allows local users to
create ...)
NOTE: not-for-us (sandbox)
CAN-2005-2448 (Multiple "endianness errors" in libgadu in ekg
before 1.6rc2 allow ...)
- {DTSA-4-1 DTSA-2-1}
+ {DTSA-2-1 DTSA-4-1}
- ekg 1:1.5+20050718+1.6rc3-1 (low)
- centericq 4.20.0-8etch1 (bug #323185; medium)
CAN-2005-2447
@@ -1424,7 +1425,7 @@
CAN-2005-2391 (Unknown vulnerability in 3Com OfficeConnect Wireless 11g Access
Point ...)
NOTE: not-for-us (3Com OfficeConnect Wireless 11g AP)
CAN-2005-2390 (Multiple format string vulnerabilities in ProFTPD before
1.3.0rc2 ...)
- {DSA-795-1}
+ {DSA-795-2}
- proftpd 1.2.10-20 (low)
NOTE: ftpshut fixed in -19, SQLShowInfo in -20
CAN-2005-2389 (NDMP server in Veritas NetBackup 5.1 allows attackers to cause a
...)
@@ -1466,7 +1467,7 @@
CAN-2005-2371 (Unknown vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g
allows ...)
NOTE: not-for-us (Oracle Reports)
CAN-2005-2370 (Multiple "memory alignment errors" in libgadu,
as used in ekg before ...)
- {DSA-769-1 DTSA-5-1 DTSA-2-1}
+ {DSA-769-1 DTSA-2-1 DTSA-5-1}
- gaim 1:1.4.0-5 (low)
- centericq 4.20.0-8etch1 (bug #323185; low)
CAN-2005-2369 (Multiple integer signedness errors in libgadu, as used in ekg
before ...)
@@ -3832,7 +3833,7 @@
CAN-2005-1938
NOTE: rejected
CAN-2005-1937 (A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows
remote ...)
- {DSA-777-1 DSA-775-1 DTSA-8-2 DTSA-7-1}
+ {DSA-777-1 DSA-775-1 DTSA-7-1 DTSA-8-2}
- mozilla-firefox 1.0.4-2sarge3 (medium)
- mozilla 2:1.7.8-1sarge1 (medium)
CAN-2004-2137 (Outlook Express 6.0, when sending multipart e-mail messages
using the ...)
@@ -4586,7 +4587,6 @@
CAN-2005-1655 (AOL Instant Messenger 5.5.x and earlier allows remote attackers
to ...)
NOTE: not-for-us (AOL Instant Messenger)
CAN-2005-1654 (Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote
attackers ...)
- {DSA-790-1}
NOTE: not-for-us (Hosting Controller)
CAN-2004-2093 (Buffer overflow in the open_socket_out function in socket.c for
rsync ...)
- rsync 2.6.1-1
@@ -12006,7 +12006,7 @@
CAN-2004-0719 (Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows
XP, ...)
NOTE: not-fos-us (Microsoft)
CAN-2004-0718 (The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4)
...)
- {DSA-777-1 DSA-775-1 DTSA-8-2 DTSA-7-1}
+ {DSA-777-1 DSA-775-1 DTSA-7-1 DTSA-8-2}
NOTE: This has been fixed in mozilla-firefox 0.8 and mozilla 1.6, but recent
NOTE: upstream versions became vulnerable again, see
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=296850