Author: jmm-guest
Date: 2005-08-05 09:44:05 +0000 (Fri, 05 Aug 2005)
New Revision: 1528
Modified:
data/CAN/list
Log:
new kernel vuln
tiff does only affect Woody
ekg dos already fixed
tdiary already fixed
clamav CANified
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-08-05 09:20:37 UTC (rev 1527)
+++ data/CAN/list 2005-08-05 09:44:05 UTC (rev 1528)
@@ -4,112 +4,110 @@
- tor 0.1.0.13-1 (medium)
CAN-2005-2457
NOTE: reserved
-begin claimed by jmm
CAN-2005-2456 (Array index overflow in the xfrm_sk_policy_insert function in
...)
- TODO: check
+ - linux-2.6 (unfixed; bug filed; medium)
CAN-2005-2455 (Greasemonkey before 0.3.5 allows remote web servers to (1) read
...)
- TODO: check
+ NOTE: not-for-us (Greasemonkey)
CAN-2005-2454
NOTE: reserved
CAN-2005-2453 (Cross-site scripting (XSS) vulnerability in NetworkActiv Web
Server ...)
- TODO: check
+ NOTE: not-for-us (NetworkActiv Web Server)
CAN-2005-2452 (libtiff 4.0 allows remote attackers to cause a denial of
service ...)
- TODO: check
+ NOTE: CVE description is broken, this only affects 3.6, it's been fixed
in 3.7
+ - tiff 3.7.0-1
CAN-2005-2451 (Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6
enabled, ...)
- TODO: check
+ NOTE: not-for-us (IOS)
CAN-2005-2450 (Multipl integer overflows in the (1) TNEF, (2) CHM, or (3) FSG
file ...)
- TODO: check
+ - clamav 0.86.2-1 (medium)
CAN-2005-2449 (Race condition in sandbox before 1.2.11 allows local users to
create ...)
- TODO: check
+ NOTE: not-for-us (sandbox)
CAN-2005-2448 (Multiple "endianness errors" in libgadu in ekg before
1.6rc2 allow ...)
- TODO: check
+ - ekg 1:1.5+20050718+1.6rc3-1 (low)
CAN-2005-2447
NOTE: rejected
- TODO: check
CAN-2005-2446
NOTE: rejected
- TODO: check
CAN-2005-2445 (SQL injection vulnerability in viewPrd.asp in Product Cart 2.6
allows ...)
- TODO: check
+ NOTE: not-for-us (Product Cart)
CAN-2005-2444 (Trillian Pro 3.1 build 121, when checking Yahoo e-mail, stores
the ...)
- TODO: check
+ NOTE: not-for-us (Trillian)
CAN-2005-2443 (Kshout 2.x and 3.x stores settings.dat under the web document
root ...)
- TODO: check
+ NOTE: not-for-us (KShout)
CAN-2005-2442 (Cross-Application Scripting (XAS) vulnerability in SPI Dynamics
...)
- TODO: check
+ NOTE: not-for-us (SPI Dynamics Web Inspect)
CAN-2005-2441 (Multiple cross-site scripting (XSS) vulnerabilities in VBzoom
allow ...)
- TODO: check
+ NOTE: not-for-us (VBzoom)
CAN-2005-2440 (SQL injection vulnerability in login.asp in Thomson Web Skill
Vantage ...)
- TODO: check
+ NOTE: not-for-us (Thomson Web Skill Vantage Manager)
CAN-2005-2439 (SQL injection vulnerability in UseBB 0.5.1 and earlier, when
...)
- TODO: check
+ NOTE: not-for-us (UseBB)
CAN-2005-2438 (Cross-site scripting (XSS) vulnerability in UseBB 0.5.1 and
earlier ...)
- TODO: check
+ NOTE: not-for-us (UseBB)
CAN-2005-2436 (browse.php in Website Baker Project allows remote attackers to
obtain ...)
- TODO: check
+ NOTE: not-for-us (Website Baker)
CAN-2005-2435 (Cross-site scripting (XSS) vulnerability in browse.php in
Website ...)
- TODO: check
+ NOTE: not-for-us (Website Baker)
CAN-2005-2434 (Linksys WRT54G router uses the same private key and certificate
for ...)
- TODO: check
+ NOTE: not-for-us (Linksys hardware)
CAN-2005-2433 (PhpList allows remote attackers to obtain sensitive information
via a ...)
- TODO: check
+ NOTE: not-for-us (PhpList)
CAN-2005-2432 (SQL injection vulnerability in PhpList allows remote attackers
to ...)
- TODO: check
+ NOTE: not-for-us (PhpList)
CAN-2005-2431 (The (1) lost password and (2) account pending features in
GForge 4.5 ...)
- TODO: check
+ TODO: check, whether these apply to 3.1 as well
CAN-2005-2430 (Multiple cross-site scripting (XSS) vulnerabilities in GForge
4.5 ...)
- TODO: check
+ TODO: check, whether these apply to 3.1 as well
CAN-2005-2429 (Firefox, when opening Microsoft Word documents, does not
properly set ...)
- TODO: check
+ NOTE: not-for-us (Firefox on Windows)
CAN-2005-2428 (Lotus Domino R5 and R6 WebMail stores data in hidden form
fields in ...)
- TODO: check
+ NOTE: not-for-us (Lotus Domino)
CAN-2005-2427 (Cross-site scripting (XSS) vulnerability in viewCart.asp in
CartWIZ ...)
- TODO: check
+ NOTE: not-for-us (CartWIZ)
CAN-2005-2426 (FTPshell Server 3.38 allows remote authenticated users to cause
a ...)
- TODO: check
+ NOTE: not-for-us (FTPshell Server)
CAN-2005-2425 (Stack-based buffer overflow in Ares FileShare 1.1 allows remote
...)
- TODO: check
+ NOTE: not-for-us (Ares FileShare)
CAN-2005-2424 (The management interface for Siemens SANTIS 50 running firmware
...)
- TODO: check
+ NOTE: not-for-us (Siemens hardware)
CAN-2005-2423 (Beehive Forum allows remote attackers to obtain sensitive
information ...)
- TODO: check
+ NOTE: not-for-us (Beehive)
CAN-2005-2422 (Cross-site scripting (XSS) vulnerability in index.php in
Beehive Forum ...)
- TODO: check
+ NOTE: not-for-us (Beehive)
CAN-2005-2421 (Multiple SQL injection vulnerabilities in index.php and other
pages in ...)
- TODO: check
+ NOTE: not-for-us (Beehive)
CAN-2005-2420 (flsearch.pl in FtpLocate 2.02 allows remote attackers to
execute ...)
- TODO: check
+ NOTE: not-for-us (FtpLocate)
CAN-2005-2419 (B-FOCuS Router 312+ allows remote attackers to bypass
authentication ...)
- TODO: check
+ NOTE: not-for-us (hardware issue)
CAN-2005-2418 (Realchat 3.5.1b allows remote attackers to gain privileges by
...)
- TODO: check
+ NOTE: not-for-us (Realchat)
CAN-2005-2417 (Contrexx before 1.0.5 allows remote attackers to obtain
sensitive ...)
- TODO: check
+ NOTE: not-for-us (Contrexx)
CAN-2005-2416 (Multiple cross-site scripting (XSS) vulnerabilities in Contrexx
before ...)
- TODO: check
+ NOTE: not-for-us (Contrexx)
CAN-2005-2415 (Multiple SQL injection vulnerabilities in Contrexx before 1.0.5
allow ...)
- TODO: check
+ NOTE: not-for-us (Contrexx)
CAN-2005-2414 (Race condition in the xpcom library, as used by web browsers
such as ...)
+ NOTE: This is pretty obscure
TODO: check
CAN-2005-2413 (PHP remote file inclusion vulnerability in
apa_phpinclude.inc.php in ...)
- TODO: check
+ NOTE: not-for-us (Atomic Photo Album)
CAN-2005-2412 (PHP remote file inclusion vulnerability in block.php in PHP
FirstPost ...)
- TODO: check
+ NOTE: not-for-us (First Post)
CAN-2005-2411 (Cross-Site Request Forgery (CSRF) vulnerability in tDiary
2.1.1, and ...)
- TODO: check
+ - tdiary 2.0.2-1 (medium)
CAN-2005-2410 (Format string vulnerability in the nm_info_handler function in
Network ...)
- TODO: check
+ NOTE: not-for-us (Network Manager)
CAN-2005-2409 (Format string vulnerability in util.c in nbsmtp 0.99 and
earlier, ...)
- TODO: check
+ NOTE: not-for-us (nbsmtp)
CAN-2005-2408
NOTE: reserved
CAN-2005-2407 (Unknown vulnerability in Opera 8.01 allows attackers to perform
"link ...)
- TODO: check
+ NOTE: not-for-us (Opera)
CAN-2005-2406 (Opera 8.01 allows remote attackers to conduct cross-site
scripting ...)
- TODO: check
+ NOTE: not-for-us (Opera)
CAN-2005-2405 (Opera 8.01, when the "Arial Unicode MS" font
(ARIALUNI.TTF) is ...)
- TODO: check
-end claimed by jmm
+ NOTE: not-for-us (Opera)
CAN-2004-2297 (The Reviews module in PHP-Nuke 6.0 to 7.3 allows remote
attackers to ...)
TODO: check
CAN-2004-2296 (The preview_review function in the Reviews module in PHP-Nuke
6.0 to ...)
@@ -555,8 +553,6 @@
- netdiag 0.7-7.1 (bug #206905; low)
CAN-2005-XXXX [Integer overflow in ffmpeg's MPEG encoding]
- ffmpeg (unfixed; bug #320150; medium)
-CAN-2005-XXXX [Multiple integer overflows in clamav]
- - clamav 0.86.2-1 (medium)
CAN-2005-XXXX [netpbm: arbitrary postscript code execution]
- netpbm (unfixed; bug #319757; low)
CAN-2005-XXXX [Further minor security issues in phpbb]
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
