Author: joeyh Date: 2005-10-19 21:14:18 +0000 (Wed, 19 Oct 2005) New Revision: 2457 Modified: data/CAN/list Log: automatic update Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-10-19 20:42:23 UTC (rev 2456) +++ data/CAN/list 2005-10-19 21:14:18 UTC (rev 2457) @@ -1,3 +1,9 @@ +CAN-2005-3256 (The key selection dialogue in Enigmail before 0.92.1 can incorrectly ...) + TODO: check +CAN-2005-3253 + RESERVED +CAN-2005-3252 (Stack-based buffer overflow in the Back Orifice (BO) preprocessor for ...) + TODO: check CAN-2005-XXXX [buffer overflow in snort''s bo preprocessor] - snort <not-affected> (Vulnerable code was introduced later) NOTE: See bug #334606 @@ -27,7 +33,7 @@ RESERVED CAN-2005-3238 (Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket Option ...) NOT-FOR-US: Solaris -CAN-2005-3257 [local root via loadkeys] +CAN-2005-3257 (The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12 allows local ...) - linux-2.6 <unfixed> (bug #334113; medium) - kernel-source-2.4.27 <unfixed> (medium) CAN-2005-3237 (Cross-site scripting (XSS) vulnerability in Cyphor 0.19 allows remote ...) @@ -743,8 +749,7 @@ NOT-FOR-US: phpoutsourcing Noah''s classifieds CAN-2005-2979 (SQL injection vulnerability in index.php in phpoutsourcing Noah''s ...) NOT-FOR-US: phpoutsourcing Noah''s classifieds -CAN-2005-2978 [Buffer overflow in netpbm''s pnmtopng] - RESERVED +CAN-2005-2978 (pnmtopng in netpbm before 10.25, when using the -trans option, uses ...) - netpbm-free 2:10.0-10 CAN-2005-2977 RESERVED @@ -764,8 +769,7 @@ - koffice 1:1.3.5-5 (bug #333497; medium) CAN-2005-2970 RESERVED -CAN-2005-2969 [openssl: Potential SSL2 fallback] - RESERVED +CAN-2005-2969 (The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and ...) - openssl 0.9.8-3 (bug #333500; low) - openssl097 0.9.7g-5 (bug #333500; low) - openssl094 <removed> @@ -2479,9 +2483,9 @@ - fftw3 3.0.1-12 (low; bug #321566) CAN-2005-XXXX [clamav-getfile: Insecure use of temporary files] - clamav-getfiles 0.5-1 (bug #321446; medium) -CAN-2005-3254 [cgiwrap: Minimum UID does not include all system users] +CAN-2005-3254 (The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect ...) - cgiwrap 3.9-3.1 (bug #316881; low) -CAN-2005-3255 [cgiwrap: CGIs can be used to disclose system information] +CAN-2005-3255 (The (1) cgiwrap and (2) php-cgiwrap packages before 3.9 in Debian ...) - cgiwrap 3.9-3.1 (bug #316901; low) CAN-2004-2162 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow ...) - tutos 1.1.20031017-2.1 (bug #318633; medium)