[Secure-testing-commits] r1434 - data/DSA

2005-07-19 Thread Moritz Muehlenhoff 
Author: jmm-guest
Date: 2005-07-19 08:01:18 + (Tue, 19 Jul 2005)
New Revision: 1434

Modified:
   data/DSA/list
Log:
new heartbeat dsa


Modified: data/DSA/list
===
--- data/DSA/list   2005-07-18 23:06:38 UTC (rev 1433)
+++ data/DSA/list   2005-07-19 08:01:18 UTC (rev 1434)
@@ -1,3 +1,7 @@
+[19 Jul 2005] DSA-761-1 heartbeat - insecure temporary files
+   {CAN-2005-2231}
+   - heartbeat 1.2.3-12
+   NOTE: not fixed in testing at time of DSA (only 0/2 days old)
 [18 Jul 2005] DSA-760-1 ekg - several
{CAN-2005-1850 CAN-2005-1851 CAN-2005-1916}
- ekg 1.5+20050712+1.6rc2-1 (low)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r1442 - data/CAN

2005-07-19 Thread Martin Zobel-Helas 
Author: mhelas-guest
Date: 2005-07-19 14:34:55 + (Tue, 19 Jul 2005)
New Revision: 1442

Modified:
   data/CAN/list
Log:
go through the list of CANs from 2002


Modified: data/CAN/list
===
--- data/CAN/list   2005-07-19 13:24:16 UTC (rev 1441)
+++ data/CAN/list   2005-07-19 14:34:55 UTC (rev 1442)
@@ -94,33 +94,37 @@
 CAN-2002-2064 (isadmin.php in PhpWebGallery 1.0 allows remote attackers to 
gain ...)
NOTE: not-for-us (PhpWebGallery)
 CAN-2002-2063 (AtGuard 3.2 allows remote attackers to bypass firwall filters 
and ...)
-   TODO: check
+   NOTE: not-for-us (AtGuard)
 CAN-2002-2062 (Cross-site scripting (XSS) vulnerability in ftp.htt in Internet 
...)
-   TODO: check
+   NOTE: not-for-us (Microsoft)
 CAN-2002-2061 (Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 
and ...)
-   TODO: check
+   NOTE: fixed in upstream 1.0.1
+   NOTE: see 
http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html
+   - mozilla 2:1.1-1 (low)
 CAN-2002-2060 (Buffer overflow in Links 2.0 pre4 allows remote attackers to 
crash ...)
-   TODO: check
+   NOTE: not-for-us (other branch in the archive)
 CAN-2002-2059 (BIOS D845BG, D845HV, D845PT and D845WN on Intel motherboards 
does not ...)
-   TODO: check
+   NOTE; not-for-us (Intel)
 CAN-2002-2058 (TeeKai Tracking Online 1.0 uses weak encryption of web usage 
...)
-   TODO: check
+   NOTE: not-for-us (TeeKai)
 CAN-2002-2057 (TeeKai Forum 1.2 uses weak encryption of web usage statistics 
in ...)
-   TODO: check
+   NOTE: not-for-us (TeeKai)
 CAN-2002-2056 (Cross-site scripting (XSS) vulnerability in TeeKai Forum 1.2 
allows ...)
-   TODO: check
+   NOTE: not-for-us (TeeKai)
 CAN-2002-2055 (Cross-site scripting (XSS) vulnerability in userlog.php in 
TeeKai ...)
-   TODO: check
+   NOTE: not-for-us (TeeKai)
 CAN-2002-2054 (TeeKai Forum 1.2 allows remote attackers to authenticate as the 
...)
-   TODO: check
+   NOTE: not-for-us (TeeKai)
 CAN-2002-2053 (The design of the Hot Standby Routing Protocol (HSRP), as 
implemented ...)
-   TODO: check
+   NOTE: not-for-us (Cisco)
 CAN-2002-2052 (Cisco 2611 router running IOS 12.1(6.5), possibly an interim 
release, ...)
-   TODO: check
+   NOTE: not-for-us (Cisco)
 CAN-2002-2051 (The processor_web plugin for ModLogAn 0.5.0 through 0.7.11, 
when used ...)
-   TODO: check
+   NOTE: fixed in 0.7.12-1
+   - modlogan 0.7.12-1 (low)
 CAN-2002-2050 (Directory traversal vulnerability in processor_web plugin for 
ModLogAn ...)
-   TODO: check
+   NOTE: fixed in 0.7.12-1
+   - modlogan 0.7.12-1 (low)
 CAN-2002-2049 (configure for Dsniff 2.3, fragroute 1.2, and fragrouter 1.6, 
when ...)
TODO: check
 CAN-2002-2048 (** local / non-priv overflow only? ** ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits