Secure testing commits - Sep 2005 - r2190 - data/CAN

Author: joeyh
Date: 2005-09-27 09:14:18 +0000 (Tue, 27 Sep 2005)
New Revision: 2190

Modified:
   data/CAN/list
Log:
automatic CAN database update

Modified: data/CAN/list
==================================================================---
data/CAN/list	2005-09-27 07:10:35 UTC (rev 2189)
+++ data/CAN/list	2005-09-27 09:14:18 UTC (rev 2190)
@@ -1,3 +1,37 @@
+CAN-2005-3060
+	NOTE: reserved
+CAN-2005-3059 (Multiple unspecified vulnerabilities in Opera 8.50 on Linux and
...)
+	TODO: check
+CAN-2005-3058
+	NOTE: reserved
+CAN-2005-3057
+	NOTE: reserved
+CAN-2005-3056
+	NOTE: reserved
+CAN-2005-3055 (Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a
denial ...)
+	TODO: check
+CAN-2005-3054 (fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does
not ...)
+	TODO: check
+CAN-2005-3053 (The sys_set_mempolicy function in mempolicy.c in Linux kernel
2.6.x ...)
+	TODO: check
+CAN-2005-3052 (SQL injection vulnerability in module/down.inc.php in jportal
2.3.1 ...)
+	TODO: check
+CAN-2005-3051 (Stack-based buffer overflow in 7-Zip 3.13, 4.23, and 4.26 BETA
allows ...)
+	TODO: check
+CAN-2005-3050 (PhpMyFaq 1.5.1 allows remote attackers to obtain sensitive
information ...)
+	TODO: check
+CAN-2005-3049 (PhpMyFaq 1.5.1 stores data files under the web document root
with ...)
+	TODO: check
+CAN-2005-3048 (Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1
...)
+	TODO: check
+CAN-2005-3047 (Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFaq
1.5.1 ...)
+	TODO: check
+CAN-2005-3046 (SQL injection vulnerability in password.php in PhpMyFaq 1.5.1
allows ...)
+	TODO: check
+CAN-2005-3045 (SQL injection vulnerability in search.php in My Little Forum 1.5
and ...)
+	TODO: check
+CAN-2003-1232 (Emacs 21.2.1 does not prompt or warn the user before executing
Lisp ...)
+	TODO: check
 CAN-2005-XXXX [egroupware unsafe use of /tmp for storing a log file]
 	- egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low)
 CAN-2005-XXXX [SQL injection vulnerability in egroupware in account deletion]
@@ -346,7 +380,8 @@
 	NOT-FOR-US: MAXDev MD-Pro
 CAN-2005-2884 (Cross-site scripting (XSS) vulnerability in events.php in Land
Down ...)
 	NOT-FOR-US: Land Down Under
-CAN-2005-2883 (Cross-site scripting (XSS) vulnerability in Unclassified
NewsBoard ...)
+CAN-2005-2883
+	REJECTED
 	NOT-FOR-US: Unclassified News Board
 CAN-2005-2882 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	NOT-FOR-US: phpCommunityCalendar
@@ -379,7 +414,7 @@
 	- clamav 0.87-1 (bug #328660; medium)
 CAN-2005-2918 (The open_cmd_tube function in mount.c for gtkdiskfree 1.9.3 and
...)
 	- gtkdiskfree (bug #328566; low)
-CAN-2005-3044 [Two local kernel DoS through incorrect ioctl refcounter
handling]
+CAN-2005-3044 (Multiple vulnerabilities in Linux kernel before 2.6.13.2 allow
local ...)
 	TODO: Pinged Horms for 2.4
 	- linux-2.6 2.6.12-7 (medium)
 CAN-2005-2877 (The history (revision control) function in TWiki 02-Sep-2004 and
...)
@@ -733,32 +768,25 @@
 	RESERVED
 CAN-2005-2708
 	RESERVED
-CAN-2005-2707 [Firefox: Spoofing through clever construction of windows/tabs]
-	RESERVED
+CAN-2005-2707 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows
remote ...)
 	- mozilla-firefox 1.0.7-1 (bug filed; medium)
 	- mozilla <unfixed> (bug filed; medium)
-CAN-2005-2706 [Firefox: Javascript execution with chrome privileges through
about: subcommand]
-	RESERVED
+CAN-2005-2706 (Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows
remote ...)
 	- mozilla-firefox 1.0.7-1 (bug filed; high)
 	- mozilla <unfixed> (bug filed; high)
-CAN-2005-2705 [Firefox: Integer overflow in Javascript engine]
-	RESERVED
+CAN-2005-2705 (Integer overflow in the JavaScript engine in Firefox before
1.0.7 and ...)
 	- mozilla-firefox 1.0.7-1 (bug filed; high)
 	- mozilla <unfixed> (bug filed; high)
-CAN-2005-2704 [Firefox: Incorrect chrome/javascript permission handling]
-	RESERVED
+CAN-2005-2704 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows
remote ...)
 	- mozilla-firefox 1.0.7-1 (bug filed; medium)
 	- mozilla <unfixed> (bug filed; medium)
-CAN-2005-2703 [Firefox: Incorrect passing of XMLHttp requests]
-	RESERVED
+CAN-2005-2703 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows
remote ...)
 	- mozilla-firefox 1.0.7-1 (bug filed; medium)
 	- mozilla <unfixed> (bug filed; medium)
-CAN-2005-2702 [Firefox: Arbitrary code execution through crafted Unicode
sequences]
-	RESERVED
+CAN-2005-2702 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows
remote ...)
 	- mozilla-firefox 1.0.7-1 (bug filed; high)
 	- mozilla <unfixed> (bug filed; high)
-CAN-2005-2701 [Firefox: Arbitrary code execution through crafted XBM through
unspecified vuln]
-	RESERVED
+CAN-2005-2701 (Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla
Suite ...)
 	- mozilla-firefox 1.0.7-1 (bug filed; medium)
 	- mozilla <unfixed> (bug filed; medium)
 CAN-2005-2700 (ssl_engine_kernel.c in mod_ssl before 2.8.24, when using ...)