Author: joeyh
Date: 2005-09-08 21:14:18 +0000 (Thu, 08 Sep 2005)
New Revision: 1868
Modified:
data/CAN/list
Log:
automatic CAN database update
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-09-08 20:01:53 UTC (rev 1867)
+++ data/CAN/list 2005-09-08 21:14:18 UTC (rev 1868)
@@ -224,6 +224,7 @@
CAN-2005-2729 (The HTTP proxy in Astaro Security Linux 6.0 does not properly
filter ...)
NOTE: not-for-us (Astato specific)
CAN-2005-2728 (The byte-range filter in Apache 2.0 before 2.0.54 allows remote
...)
+ {DSA-805-1}
NOTE: The CVE description is wrong, this has been merged for 2.0.55
- apache2 2.0.54-5 (bug #326435; medium)
CAN-2005-2727 (Home Ftp Server 1.0.7 stores sensitive user information and
server ...)
@@ -278,6 +279,7 @@
CAN-2005-2701
NOTE: reserved
CAN-2005-2700 (ssl_engine_kernel.c in mod_ssl before 2.8.24, when using ...)
+ {DSA-805-1}
- libapache-mod-ssl 2.8.24-1 (medium)
- apache2 2.0.54-5 (bug #327210; medium)
CAN-2005-2699 (admin/admin.php in PHPKit 1.6.1 allows remote authenticated ...)
@@ -1374,8 +1376,10 @@
CAN-2004-2161 (SQL injection vulnerability in file_overview.php in TUTOS 1.1
allows ...)
- tutos 1.1.20031017-2.1 (medium)
CAN-2005-2550 (Format string vulnerability in Evolution 1.4 through 2.3.6.1
allows ...)
+ {DTSA-13-1}
- evolution 2.2.3-3 (high)
CAN-2005-2549 (Multiple format string vulnerabilities in Evolution 1.5 through
...)
+ {DTSA-13-1}
- evolution 2.2.3-3 (high)
end claimed by neilm
CAN-2005-XXXX [libnet-ssleay-perl: /tmp/entropy insecure]
@@ -2910,6 +2914,7 @@
CAN-2005-2089 (Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the
web ...)
NOTE: not-for-us (Microsoft)
CAN-2005-2088 (Apache 2.0.45 and 1.3.29, when acting as an HTTP proxy, allows
remote ...)
+ {DSA-805-1 DSA-803-1}
- apache 1.3.33-8 (bug #322607; medium)
- apache2 2.0.54-5 (bug #316173; medium)
CAN-2005-2087 (Internet Explorer 6.0.2900.2180 on Windows XP allows remote
attackers ...)
@@ -4025,6 +4030,7 @@
- php4 4:4.4.0-1 (high)
NOTE: horde3 is not affected by this issue, they ship different XMLRPC code
CAN-2005-1920 (The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x
through ...)
+ {DSA-804-1}
- kdebase 4:3.4.1-1 (bug #319016; medium)
CAN-2005-1919
NOTE: reserved
@@ -6431,6 +6437,7 @@
{DSA-734-1}
- gaim 1:1.3.1-1 (low)
CAN-2005-1268 (Off-by-one error in the mod_ssl Certificate Revocation List
(CRL) ...)
+ {DSA-805-1}
NOTE: This is from latest Trustix advisory, exploitation would require to
trick
NOTE: someone into using a maliciously crafted certificate revocation list
- apache2 2.0.54-5 (bug #320048; low)