From jmm-guest@costa.debian.org Wed Jun 1 07:28:52 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Wed, 01 Jun 2005 07:28:52 +0000 Subject: [Secure-testing-commits] r1183 - sarge-checks/CAN Message-ID: Author: jmm-guest Date: 2005-06-01 07:28:49 +0000 (Wed, 01 Jun 2005) New Revision: 1183 Modified: sarge-checks/CAN/list Log: two new issues in moodle and wordpress Modified: sarge-checks/CAN/list =================================================================== --- sarge-checks/CAN/list 2005-05-31 00:46:48 UTC (rev 1182) +++ sarge-checks/CAN/list 2005-06-01 07:28:49 UTC (rev 1183) @@ -1,3 +1,8 @@ +CAN-2005-XXXX [SQL injection in Wordpress's template handling] + NOTE: Not in Sarge + - wordpress 1.5.1.2-1 +CAN-2005-XXXX [Unspecified issue in moodle's admin/delete.php] + - moodle 1.4.4.dfsg.1-3 CAN-2005-XXXX [Minor DoS condition in mutt due to preditable tempfiles] - mutt (unfixed; bug #311296) CAN-2005-XXXX [Buffer overflow in elog header_buffer] From jmm-guest@costa.debian.org Wed Jun 1 08:10:00 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Wed, 01 Jun 2005 08:10:00 +0000 Subject: [Secure-testing-commits] r1184 - sarge-checks/CAN Message-ID: Author: jmm-guest Date: 2005-06-01 08:09:57 +0000 (Wed, 01 Jun 2005) New Revision: 1184 Modified: sarge-checks/CAN/list Log: Proper fix for CAN-2004-0914 Modified: sarge-checks/CAN/list =================================================================== --- sarge-checks/CAN/list 2005-06-01 07:28:49 UTC (rev 1183) +++ sarge-checks/CAN/list 2005-06-01 08:09:57 UTC (rev 1184) @@ -7140,7 +7140,8 @@ - viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.2 CAN-2004-0914 (Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in ...) {DSA-607-1} - - xfree86 4.3.0.dfsg.1-9 + NOTE: Previous -9 fix had some issues of its own + - xfree86 4.3.0.dfsg.1-14 NOTE: lesstif1 and 2 have to be fixed separately - lesstif1 1:0.93.94-11.3 NOTE: but lesstif2 did get fixed for this hole.. From jmm-guest@costa.debian.org Wed Jun 1 08:43:46 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Wed, 01 Jun 2005 08:43:46 +0000 Subject: [Secure-testing-commits] r1185 - sarge-checks/CAN Message-ID: Author: jmm-guest Date: 2005-06-01 08:43:43 +0000 (Wed, 01 Jun 2005) New Revision: 1185 Modified: sarge-checks/CAN/list Log: CAN-2005-0039 not an issue. Modified: sarge-checks/CAN/list =================================================================== --- sarge-checks/CAN/list 2005-06-01 08:09:57 UTC (rev 1184) +++ sarge-checks/CAN/list 2005-06-01 08:43:43 UTC (rev 1185) @@ -5965,7 +5965,9 @@ CAN-2005-0040 (Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke ...) NOTE: not-for-us (DotNetNuke) CAN-2005-0039 (Certain configurations of IPsec, when using Encapsulating Security ...) - TODO: check + NOTE: These are known issues of IPSEC and basically every VPN system using + NOTE: encryption without authentication. + NOTE: openswan even prevents such configurations CAN-2005-0038 NOTE: reserved CAN-2005-0037 From joeyh@costa.debian.org Wed Jun 1 21:14:23 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Wed, 01 Jun 2005 21:14:23 +0000 Subject: [Secure-testing-commits] r1186 - sarge-checks/CAN Message-ID: Author: joeyh Date: 2005-06-01 21:14:19 +0000 (Wed, 01 Jun 2005) New Revision: 1186 Modified: sarge-checks/CAN/list Log: automatic CAN database update Modified: sarge-checks/CAN/list =================================================================== --- sarge-checks/CAN/list 2005-06-01 08:43:43 UTC (rev 1185) +++ sarge-checks/CAN/list 2005-06-01 21:14:19 UTC (rev 1186) @@ -1,3 +1,211 @@ +CAN-2005-1811 (Cross-site scripting (XSS) vulnerability in usercp.php for ...) + TODO: check +CAN-2005-1810 (SQL injection vulnerability in template-functions-category.php in ...) + TODO: check +CAN-2005-1809 (Sony Ericsson P900 Beamer allows remote attackers to cause a denial of ...) + TODO: check +CAN-2005-1808 (Firefly Studios Stronghold 2 1.2 and earlier allows remote attackers ...) + TODO: check +CAN-2005-1807 (The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier ...) + TODO: check +CAN-2005-1806 (Format string vulnerability in PeerCast 0.1211 and earlier allows ...) + TODO: check +CAN-2005-1805 (SQL injection vulnerability in login.asp in an unknown product by ...) + TODO: check +CAN-2005-1804 (Multiple SQL injection vulnerabilities in Net Portal Dynamic System ...) + TODO: check +CAN-2005-1803 (Multiple cross-site scripting (XSS) vulnerabilities in Net Portal ...) + TODO: check +CAN-2005-1802 (Nortel VPN Router (aka Contivity) allows remote attackers to cause a ...) + TODO: check +CAN-2005-1801 (The vCard viewer in Nokia 9500 allows attackers to cause a denial of ...) + TODO: check +CAN-2005-1800 (Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 ...) + TODO: check +CAN-2005-1799 (Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.5.7 and ...) + TODO: check +CAN-2005-1798 (Directory traversal vulnerability in ServersCheck Monitoring Software ...) + TODO: check +CAN-2005-1797 (The design of Advanced Encryption Standard (AES), aka Rijndael, allows ...) + TODO: check +CAN-2005-1796 (Format string vulnerability in the curses_msg function in the Ncurses ...) + TODO: check +CAN-2005-1795 (The filecopy function in misc.c in Clam AntiVirus (ClamAV) before ...) + TODO: check +CAN-2005-1794 (Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 ...) + TODO: check +CAN-2005-1793 (User32.DLL in Microsoft Windows 98SE, and possibly other operating ...) + TODO: check +CAN-2005-1792 (Memory leak in Windows Management Instrumentation (WMI) service allows ...) + TODO: check +CAN-2005-1791 (Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the ...) + TODO: check +CAN-2005-1790 (Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106 ...) + TODO: check +CAN-2005-1789 (SQL injection vulnerability in SignIn.asp in India Software Solution ...) + TODO: check +CAN-2005-1788 (SQL injection vulnerability in resellerresources.asp in Hosting ...) + TODO: check +CAN-2005-1787 (setup.php in phpStat 1.5 allows remote attackers to bypass ...) + TODO: check +CAN-2005-1786 (SQL injection vulnerability in admin.asp in FunkyASP AD System 1.1 ...) + TODO: check +CAN-2005-1785 (SQL injection vulnerability in ad/login.asp in ZonGG 1.2 allows remote ...) + TODO: check +CAN-2005-1784 (Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers ...) + TODO: check +CAN-2005-1783 (BookReview beta 1.0 allows remote attackers to obtain the path of the ...) + TODO: check +CAN-2005-1782 (Multiple cross-site scripting (XSS) vulnerabilities in BookReview beta ...) + TODO: check +CAN-2005-1781 (Unknown vulnerability in SMTP authentication for MailEnable allows ...) + TODO: check +CAN-2005-1780 (SQL injection vulnerability in admin/login.asp in Active News Manager ...) + TODO: check +CAN-2005-1779 (SQL injection vulnerability in password.asp in MaxWebPortal 1.35, ...) + TODO: check +CAN-2005-1778 (Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke ...) + TODO: check +CAN-2005-1777 (SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows ...) + TODO: check +CAN-2005-1776 (Buffer overflow in the READ_TCP_STRING function in ...) + TODO: check +CAN-2005-1775 (Terminator 3: War of the Machines 1.16 and earlier allows remote ...) + TODO: check +CAN-2005-1774 (WEB-DAV Linux File System (davfs2) 0.2.3 does not properly enforce ...) + TODO: check +CAN-2005-1773 (Multiple unknown vulnerabilities in L-Soft LISTSERV 14.3, 1.8e, and ...) + TODO: check +CAN-2005-1772 (Buffer overflow in the client cd-key hash in Terminator 3: War of the ...) + TODO: check +CAN-2005-1771 (Unknown vulnerability in HP-UX trusted systems B.11.00 through B.11.23 ...) + TODO: check +CAN-2005-1770 (Buffer overflow in the Aavmker4 device driver in Avast! Antivirus 4.6 ...) + TODO: check +CAN-2005-1769 + NOTE: reserved +CAN-2005-1768 + NOTE: reserved +CAN-2005-1767 + NOTE: reserved +CAN-2005-1766 + NOTE: reserved +CAN-2005-1765 + NOTE: reserved +CAN-2005-1764 + NOTE: reserved +CAN-2005-1763 + NOTE: reserved +CAN-2005-1762 + NOTE: reserved +CAN-2005-1761 + NOTE: reserved +CAN-2005-1760 + NOTE: reserved +CAN-2005-1759 + NOTE: reserved +CAN-2005-1758 + NOTE: reserved +CAN-2005-1757 + NOTE: reserved +CAN-2005-1756 + NOTE: reserved +CAN-2005-1751 (Race condition in shtool 2.0.1 and earlier allows local users to ...) + TODO: check +CAN-2004-2136 (dm-crypt on Linux kernel 2.6.x, when used on certain file systems ...) + TODO: check +CAN-2004-2135 (cryptoloop on Linux kernel 2.6.x, when used on certain file systems ...) + TODO: check +CAN-2004-2134 (Oracle toplink mapping workBench uses a weak encryption algorithm for ...) + TODO: check +CAN-2004-2133 (Certain third-party packages for CVSup 16.1h, such as SuSE Linux, ...) + TODO: check +CAN-2004-2132 (Directory traversal vulnerability in PJreview_Neo.cgi in PJ CGI Neo ...) + TODO: check +CAN-2004-2131 (Stack-based buffer overflow in ontape for IBM Informix Dynamic Server ...) + TODO: check +CAN-2004-2130 (Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in ...) + TODO: check +CAN-2004-2129 (SurfNOW 2.2 allows remote attackers to cause a denial of service ...) + TODO: check +CAN-2004-2128 (Cross-site scripting (XSS) vulnerability in BRS WebWeaver 1.07 allows ...) + TODO: check +CAN-2004-2127 (Directory traversal vulnerability in Web Blog 1.1 allows remote ...) + TODO: check +CAN-2004-2126 (The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure ...) + TODO: check +CAN-2004-2125 (Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and ...) + TODO: check +CAN-2004-2124 (The register_globals simulation capability in Gallery 1.3.1 through ...) + TODO: check +CAN-2004-2123 (Multiple cross-site scripting (XSS) vulnerabilities in Nextplace.com ...) + TODO: check +CAN-2004-2122 (Cross-site scripting (XSS) vulnerability in intraforum_db.cgi in Intra ...) + TODO: check +CAN-2004-2121 (Multiple directory traversal vulnerabilities in Borland Web Server ...) + TODO: check +CAN-2004-2120 (Reptile Web Server allows remote attackers to cause a denial of ...) + TODO: check +CAN-2004-2119 (Cross-site scripting (XSS) vulnerability in Tiny Server 1.1 allows ...) + TODO: check +CAN-2004-2118 (Tiny Server 1.1 allows remote attackers to cause a denial of service ...) + TODO: check +CAN-2004-2117 (Tiny Server 1.1 allows remote attackers to cause a denial of service ...) + TODO: check +CAN-2004-2116 (Directory traversal vulnerability in Tiny Server 1.1 allows remote ...) + TODO: check +CAN-2004-2115 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP ...) + TODO: check +CAN-2004-2114 (Stack-based and heap-based buffer overflows in ProxyNow! 2.75 and ...) + TODO: check +CAN-2004-2113 (Cross-site scripting (XSS) vulnerability in BremsServer 1.2.4 allows ...) + TODO: check +CAN-2004-2112 (Directory traversal vulnerability in BremsServer 1.2.4 allows remote ...) + TODO: check +CAN-2004-2111 (Stack-based buffer overflow in the site chmod command in Serv-U FTP ...) + TODO: check +CAN-2004-2110 (SQL injection vulnerability in register.php in Phorum before 3.4.6 ...) + TODO: check +CAN-2004-2109 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...) + TODO: check +CAN-2004-2108 (Multiple SQL injection vulnerabilities in QuadComm Q-Shop allow remote ...) + TODO: check +CAN-2004-2107 (Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not ...) + TODO: check +CAN-2004-2106 (Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote ...) + TODO: check +CAN-2004-2105 (The webacc servlet in Novell NetWare Enterprise Web Server 5.1 and 6.0 ...) + TODO: check +CAN-2004-2104 (Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote ...) + TODO: check +CAN-2004-2103 (Cross-site scripting (XSS) vulnerability in Novell NetWare Enterprise ...) + TODO: check +CAN-2004-2102 (Cross-site scripting (XSS) vulnerability in FREESCO 2.05, a modified ...) + TODO: check +CAN-2004-2101 (The sysinfo script in GeoHttpServer allows remote attackers to cause a ...) + TODO: check +CAN-2004-2100 (GeoHttpServer, when configured to authenticate users, allows remote ...) + TODO: check +CAN-2004-2099 (Buffer overflow in Need for Speed Hot Pursuit 2.0 client (NFSHP2), ...) + TODO: check +CAN-2004-2098 (Cross-site scripting (XSS) vulnerability in the banner engine (TBE) ...) + TODO: check +CAN-2004-2097 (Multiple scripts on SuSE Linux 9.0 allow local users to overwrite ...) + TODO: check +CAN-2004-2096 (Cross-site scripting (XSS) vulnerability in Mephistoles httpd 0.6.0 ...) + TODO: check +CAN-2004-2095 (Honeyd before 0.8 replies to TCP packets with the SYN and RST flags ...) + TODO: check +CAN-2004-2094 (Cross-site scripting (XSS) vulnerability in WebcamXP 1.06.945 allows ...) + TODO: check +CAN-2003-1216 (SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier ...) + TODO: check +CAN-2003-1215 (SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier ...) + TODO: check +CAN-2002-1665 (Buffer overflow in Yahoo! Messenger before February 2002 allows remote ...) + TODO: check +CAN-2002-1664 (Yahoo! Messenger before February 2002 allows remote attackers to add ...) + TODO: check CAN-2005-XXXX [SQL injection in Wordpress's template handling] NOTE: Not in Sarge - wordpress 1.5.1.2-1 @@ -36,13 +244,13 @@ NOTE: not-for-us (BEA Weblogic) CAN-2005-1742 (BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users ...) NOTE: not-for-us (BEA Weblogic) -CAN-2005-1741 (Gearbox Software Halo Combat Evolved 1.6 allows remote attackers to ...) +CAN-2005-1741 (Gearbox Software Halo: Combat Evolved 1.6 allows remote attackers to ...) NOTE: not-for-us (Halo) CAN-2005-1740 (fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files ...) NOTE: fixproc not installed in Debian package CAN-2005-1739 (The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick ...) - imagemagick 6:6.0.6.2-2.4 -CAN-2005-1738 (Multiple format string vulnerabilities in the (1) logPrintBadfile ...) +CAN-2005-1738 (Format string vulnerability in the logPrintBadfile function in ...) NOTE: not-for-us (Iron Bars Shell) CAN-2005-1737 (Multiple unknown vulnerabilities in PROMS 0.11 allow "non-authorized ...) NOTE: not-for-us (PROMS) @@ -103,7 +311,7 @@ NOTE: not-for-us (Blue Coat) CAN-2005-1709 (Unknown vulnerability in Blue Coat Reporter before 7.1.2 allows remote ...) NOTE: not-for-us (Blue Coat) -CAN-2005-1708 (Unknown vulnerability in Blue Coat Reporter before 7.1.2 allows ...) +CAN-2005-1708 (templates.admin.users.user_form_processing in Blue Coat Reporter ...) NOTE: not-for-us (Blue Coat) CAN-2005-1707 (The fn_show_postinst function in Gentoo webapp-config before 1.10-r14 ...) NOTE: not-for-us (Gentoo) @@ -135,7 +343,7 @@ NOTE: not-for-us (PostNuke) CAN-2005-1693 (Integer overflow in Computer Associates Vet Antivirus library, as used ...) NOTE: not-for-us (CA Antivirus) -CAN-2005-1692 (Format string vulnerability in gxine 0.41 through 0.44 allows remote ...) +CAN-2005-1692 (Format string vulnerability in gxine 0.4.1 through 0.4.4, and other ...) NOTE: Not in sarge due to RC bugs - gxine (unfixed; bug #310712) CAN-2005-1691 @@ -536,8 +744,8 @@ NOTE: CVE info about vulnerable version number is bogus - tiff 3.7.2-3 NOTE: tiff3g not in testing -CAN-2005-1543 - NOTE: reserved +CAN-2005-1543 (Multiple stack-based and heap-based buffer overflows in Remote ...) + TODO: check CAN-2005-1542 NOTE: reserved CAN-2005-1541 @@ -579,16 +787,12 @@ CAN-2005-1524 NOTE: reserved CAN-2005-1523 [GNU Mailutils 0.6 imap4d Format String Vulnerability] - NOTE: reserved - mailutils 1:0.6.1-3 CAN-2005-1522 [GNU Mailutils 0.6 imap4d FETCH Command Resource Consumption DoS Vulnerability] - NOTE: reserved - mailutils 1:0.6.1-3 CAN-2005-1521 [GNU Mailutils 0.6 imap4d fetch_io Heap overflow Vulnerability] - NOTE: reserved - mailutils 1:0.6.1-3 CAN-2005-1520 [GNU Mailutils 0.6 mail header_get_field_name() Buffer Overflow Vulnerability] - NOTE: reserved - mailutils 1:0.6.1-3 CAN-2005-1519 (Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered ...) - squid 2.5.9-9 @@ -625,7 +829,7 @@ NOTE: not-for-us (PwsPHP) CAN-2005-1507 (Buffer overflow in the Tomcat plugin in 4d WebSTAR 5.33 and 5.4 allows ...) NOTE: not-for-us (WebSTAR) -CAN-2005-1506 (SQL injection vulnerability in out.php in CJ Ultra Plus 1.0.3 and ...) +CAN-2005-1506 (SQL injection vulnerability in out.php in CJ Ultra (CJUltra) Plus ...) NOTE: not-for-us (CJ Ultra Plus) CAN-2005-1505 (The new account wizard in Mail.app 2.0 in Mac OS 10.4, when ...) NOTE: not-for-us (MacOS) @@ -1602,8 +1806,8 @@ - postgresql 7.4.7-6 CAN-2005-1409 (PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain ...) - postgresql 7.4.7-6 -CAN-2005-1408 - NOTE: reserved +CAN-2005-1408 (Apple Keynote 2.0 and 2.0.1 allows remote attackers to read arbitrary ...) + TODO: check CAN-2005-1407 (Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the ...) NOTE: not-for-us (Skype) CAN-2005-1406 (The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly ...) @@ -1937,22 +2141,22 @@ NOTE: reserved CAN-2005-1257 NOTE: reserved -CAN-2005-1256 - NOTE: reserved -CAN-2005-1255 - NOTE: reserved -CAN-2005-1254 - NOTE: reserved +CAN-2005-1256 (Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail ...) + TODO: check +CAN-2005-1255 (Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 ...) + TODO: check +CAN-2005-1254 (Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 ...) + TODO: check CAN-2005-1253 NOTE: reserved -CAN-2005-1252 - NOTE: reserved +CAN-2005-1252 (Directory traversal vulnerability in the Web Calendaring server in ...) + TODO: check CAN-2005-1251 NOTE: reserved CAN-2005-1250 NOTE: reserved -CAN-2005-1249 - NOTE: reserved +CAN-2005-1249 (The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) ...) + TODO: check CAN-2005-1248 (Buffer overflow in Apple iTunes before 4.8 allows remote attackers to ...) NOTE: not-for-us (Apple iTunes) CAN-2005-1247 (webadmin.exe in Novell Nsure Audit 1.0.1 allows remote attackers to ...) @@ -2304,11 +2508,9 @@ - mozilla-firefox 1.0.3-1 - mozilla 1.7.7-1 CAN-2005-1152 [Qpopper can be forced to create group or world writable files] - NOTE: reserved {DSA-728-1} - qpopper 4.0.5-4sarge1 CAN-2005-1151 [Insufficient privilege drop in qpopper] - NOTE: reserved {DSA-728-1} - qpopper 4.0.5-4sarge1 CAN-2005-1150 (Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and ...) @@ -3305,7 +3507,7 @@ CAN-2005-0758 (zgrep in gzip before 1.3.5 does not properly sanitize arguments, which ...) NOTE: see http://bugs.gentoo.org/show_bug.cgi?id=90626 - gzip 1.3.5-10 -CAN-2005-0757 (The xattr file system code on Linux 2.4.x on 64-bit systems does not ...) +CAN-2005-0757 (The xattr file system code, as backported in Red Hat Enterprise Linux ...) - kernel-source-2.4.27 (unfixed; bug #311164) CAN-2005-0756 NOTE: reserved @@ -4924,8 +5126,7 @@ NOTE: reserved CAN-2005-0357 NOTE: reserved -CAN-2005-0356 - NOTE: reserved +CAN-2005-0356 (Multiple TCP implementations with Protection Against Wrapped Sequence ...) - kernel-source-2.6.8 (unfixed; bug #310804) TODO: 2.4? CAN-2005-0355 @@ -5281,7 +5482,7 @@ NOTE: not-for-us (BottomLine WebSeries) CAN-2005-0283 (Directory traversal vulnerability in index.php in QwikiWiki allows ...) NOTE: not-for-us (QwikiWiki) -CAN-2005-0282 (SQL injection vulnerability in member.php in MyBB allows remote ...) +CAN-2005-0282 (SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) ...) NOTE: not-for-us (MyBB) CAN-2005-0281 (Cross-site scripting (XSS) vulnerability in the web interface in ...) NOTE: not-for-us (Soldner Secret) @@ -9720,7 +9921,8 @@ NOTE: fixed in 2.4.22-pre3 CAN-2003-0699 (The C-Media PCI sound driver in Linux before 2.4.21 does not use the ...) NOTE: fixed in 2.4.21-rc2 -CAN-2003-0698 (Buffer overflow in Exim before 4.21 allows remote attackers to cause a ...) +CAN-2003-0698 + NOTE: rejected - exim 3.36-8 CAN-2003-0697 (Format string vulnerability in lpd in the bos.rte.printers fileset for ...) NOTE: not-for-us (AIX) @@ -12713,7 +12915,7 @@ CAN-2002-0134 (Telnet proxy in Avirt Gateway Suite 4.2 does not require ...) CAN-2002-0133 (Buffer overflows in Avirt Gateway Suite 4.2 allow remote attackers to ...) CAN-2002-0132 (Buffer overflow in Chinput 3.0 allows local users to execute arbitrary ...) -CAN-2002-0131 (ActivePython ActiveX control for Python, when used in Internet ...) +CAN-2002-0131 (ActivePython ActiveX control for Python in the AXScript package, when ...) CAN-2002-0130 (Buffer overflow in efax 0.9 and earlier, when installed setuid root, ...) CAN-2002-0129 (efax 0.9 and earlier, when installed setuid root, allows local users ...) CAN-2002-0127 (Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26, when configured ...) @@ -13617,7 +13819,7 @@ CAN-2000-1150 (Felix IRC client in BeOS r5 pro and earlier allows remote attackers to ...) CAN-2000-1147 (Buffer overflow in IIS ISAPI .ASP parsing mechanism allows attackers ...) CAN-2000-1138 (Lotus Notes R5 client R5.0.5 and earlier does not properly warn users ...) -CAN-2000-1134 (tcsh, csh, sh, and bash on various Unix systems follow symlinks when ...) +CAN-2000-1134 (Multiple shell programs on various Unix systems, including (1) tcsh, ...) CAN-2000-1133 (Authentix Authentix100 allows remote attackers to bypass ...) CAN-2000-1130 (McAfee WebShield SMTP 4.5 allows remote attackers to bypass email ...) CAN-2000-1129 (McAfee WebShield SMTP 4.5 allows remote attackers to cause a denial of ...) From jmm-guest@costa.debian.org Thu Jun 2 09:18:24 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Thu, 02 Jun 2005 09:18:24 +0000 Subject: [Secure-testing-commits] r1187 - sarge-checks/CAN Message-ID: Author: jmm-guest Date: 2005-06-02 09:18:21 +0000 (Thu, 02 Jun 2005) New Revision: 1187 Modified: sarge-checks/CAN/list Log: claim Modified: sarge-checks/CAN/list =================================================================== --- sarge-checks/CAN/list 2005-06-01 21:14:19 UTC (rev 1186) +++ sarge-checks/CAN/list 2005-06-02 09:18:21 UTC (rev 1187) @@ -1,3 +1,4 @@ +begin claimed by jmm CAN-2005-1811 (Cross-site scripting (XSS) vulnerability in usercp.php for ...) TODO: check CAN-2005-1810 (SQL injection vulnerability in template-functions-category.php in ...) @@ -142,6 +143,7 @@ TODO: check CAN-2004-2122 (Cross-site scripting (XSS) vulnerability in intraforum_db.cgi in Intra ...) TODO: check +end claimed by jmm CAN-2004-2121 (Multiple directory traversal vulnerabilities in Borland Web Server ...) TODO: check CAN-2004-2120 (Reptile Web Server allows remote attackers to cause a denial of ...) From jmm-guest@costa.debian.org Thu Jun 2 09:50:44 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Thu, 02 Jun 2005 09:50:44 +0000 Subject: [Secure-testing-commits] r1188 - sarge-checks/CAN Message-ID: Author: jmm-guest Date: 2005-06-02 09:50:40 +0000 (Thu, 02 Jun 2005) New Revision: 1188 Modified: sarge-checks/CAN/list Log: processed block, claim new Modified: sarge-checks/CAN/list =================================================================== --- sarge-checks/CAN/list 2005-06-02 09:18:21 UTC (rev 1187) +++ sarge-checks/CAN/list 2005-06-02 09:50:40 UTC (rev 1188) @@ -1,88 +1,88 @@ -begin claimed by jmm CAN-2005-1811 (Cross-site scripting (XSS) vulnerability in usercp.php for ...) - TODO: check + NOTE: not-for-us (MyBB) CAN-2005-1810 (SQL injection vulnerability in template-functions-category.php in ...) - TODO: check + NOTE: Not in Sarge + - wordpress 1.5.1.2-1 CAN-2005-1809 (Sony Ericsson P900 Beamer allows remote attackers to cause a denial of ...) - TODO: check + NOTE: not-for-us (Sony hardware issue) CAN-2005-1808 (Firefly Studios Stronghold 2 1.2 and earlier allows remote attackers ...) - TODO: check + NOTE: not-for-us (Stronghold game) CAN-2005-1807 (The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier ...) - TODO: check + NOTE: not-for-us (PHPMailer) CAN-2005-1806 (Format string vulnerability in PeerCast 0.1211 and earlier allows ...) - TODO: check + NOTE: not-for-us (PeerCast) CAN-2005-1805 (SQL injection vulnerability in login.asp in an unknown product by ...) - TODO: check + NOTE: not-for-us (Online Solutions for Educators) CAN-2005-1804 (Multiple SQL injection vulnerabilities in Net Portal Dynamic System ...) - TODO: check + NOTE: not-for-us (Net Portal Dynamic System) CAN-2005-1803 (Multiple cross-site scripting (XSS) vulnerabilities in Net Portal ...) - TODO: check + NOTE: not-for-us (Net Portal Dynamic System) CAN-2005-1802 (Nortel VPN Router (aka Contivity) allows remote attackers to cause a ...) - TODO: check + NOTE: not-for-us (Nortel hardware) CAN-2005-1801 (The vCard viewer in Nokia 9500 allows attackers to cause a denial of ...) - TODO: check + NOTE: not-for-us (Nokia hardware) CAN-2005-1800 (Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 ...) - TODO: check + NOTE: not-for-us (Jaws glossary gadget) CAN-2005-1799 (Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.5.7 and ...) - TODO: check + NOTE: not-for-us (FreeStyle Wiki) CAN-2005-1798 (Directory traversal vulnerability in ServersCheck Monitoring Software ...) - TODO: check + NOTE: not-for-us (ServersCheck) CAN-2005-1797 (The design of Advanced Encryption Standard (AES), aka Rijndael, allows ...) - TODO: check + NOTE: Cryptographic attack on AES, cannot be fixed CAN-2005-1796 (Format string vulnerability in the curses_msg function in the Ncurses ...) TODO: check CAN-2005-1795 (The filecopy function in misc.c in Clam AntiVirus (ClamAV) before ...) - TODO: check + NOTE: not-for-us (ClamAV on Mac OS X) CAN-2005-1794 (Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2005-1793 (User32.DLL in Microsoft Windows 98SE, and possibly other operating ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2005-1792 (Memory leak in Windows Management Instrumentation (WMI) service allows ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2005-1791 (Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2005-1790 (Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106 ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2005-1789 (SQL injection vulnerability in SignIn.asp in India Software Solution ...) - TODO: check + NOTE: not-for-us (India Software Solution shopping cart) CAN-2005-1788 (SQL injection vulnerability in resellerresources.asp in Hosting ...) - TODO: check + NOTE: not-for-us (Hosting Controller) CAN-2005-1787 (setup.php in phpStat 1.5 allows remote attackers to bypass ...) - TODO: check + NOTE: not-for-us (phpStat) CAN-2005-1786 (SQL injection vulnerability in admin.asp in FunkyASP AD System 1.1 ...) - TODO: check + NOTE: not-for-us (FunkyASP) CAN-2005-1785 (SQL injection vulnerability in ad/login.asp in ZonGG 1.2 allows remote ...) - TODO: check + NOTE: not-for-us (ZonGG) CAN-2005-1784 (Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers ...) - TODO: check + NOTE: not-for-us (Hosting Controller) CAN-2005-1783 (BookReview beta 1.0 allows remote attackers to obtain the path of the ...) - TODO: check + NOTE: not-for-us (BookReview) CAN-2005-1782 (Multiple cross-site scripting (XSS) vulnerabilities in BookReview beta ...) - TODO: check + NOTE: not-for-us (BookReview) CAN-2005-1781 (Unknown vulnerability in SMTP authentication for MailEnable allows ...) - TODO: check + NOTE: not-for-us (MailEnable) CAN-2005-1780 (SQL injection vulnerability in admin/login.asp in Active News Manager ...) - TODO: check + NOTE: not-for-us (Active News Manager) CAN-2005-1779 (SQL injection vulnerability in password.asp in MaxWebPortal 1.35, ...) - TODO: check + NOTE: not-for-us (MaxWebPortal) CAN-2005-1778 (Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke ...) - TODO: check + NOTE: not-for-us (PostNuke) CAN-2005-1777 (SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows ...) - TODO: check + NOTE: not-for-us (PostNuke) CAN-2005-1776 (Buffer overflow in the READ_TCP_STRING function in ...) - TODO: check + NOTE: not-for-us (C'Nedra) CAN-2005-1775 (Terminator 3: War of the Machines 1.16 and earlier allows remote ...) - TODO: check + NOTE: not-for-us (Terminator game) CAN-2005-1774 (WEB-DAV Linux File System (davfs2) 0.2.3 does not properly enforce ...) - TODO: check + - davfs2 (unfixed; bug #310757) CAN-2005-1773 (Multiple unknown vulnerabilities in L-Soft LISTSERV 14.3, 1.8e, and ...) - TODO: check + NOTE: not-for-us (Listserv) CAN-2005-1772 (Buffer overflow in the client cd-key hash in Terminator 3: War of the ...) - TODO: check + NOTE: not-for-us (Terminator game) CAN-2005-1771 (Unknown vulnerability in HP-UX trusted systems B.11.00 through B.11.23 ...) - TODO: check + NOTE: not-for-us (HPUX) CAN-2005-1770 (Buffer overflow in the Aavmker4 device driver in Avast! Antivirus 4.6 ...) - TODO: check + NOTE: not-for-us (Avast) CAN-2005-1769 NOTE: reserved CAN-2005-1768 @@ -112,38 +112,38 @@ CAN-2005-1756 NOTE: reserved CAN-2005-1751 (Race condition in shtool 2.0.1 and earlier allows local users to ...) - TODO: check + - shtool (unfixed; bug #311206) CAN-2004-2136 (dm-crypt on Linux kernel 2.6.x, when used on certain file systems ...) TODO: check CAN-2004-2135 (cryptoloop on Linux kernel 2.6.x, when used on certain file systems ...) TODO: check CAN-2004-2134 (Oracle toplink mapping workBench uses a weak encryption algorithm for ...) - TODO: check + NOTE: not-for-us (Oracle) CAN-2004-2133 (Certain third-party packages for CVSup 16.1h, such as SuSE Linux, ...) TODO: check CAN-2004-2132 (Directory traversal vulnerability in PJreview_Neo.cgi in PJ CGI Neo ...) - TODO: check + NOTE: not-for-us (PJ CGI Nero) CAN-2004-2131 (Stack-based buffer overflow in ontape for IBM Informix Dynamic Server ...) - TODO: check + NOTE: not-for-us (Informix Dynamic Server) CAN-2004-2130 (Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in ...) - TODO: check + - phpbb2 2.0.6d-2 CAN-2004-2129 (SurfNOW 2.2 allows remote attackers to cause a denial of service ...) - TODO: check + NOTE: not-for-us (SurfNOW) CAN-2004-2128 (Cross-site scripting (XSS) vulnerability in BRS WebWeaver 1.07 allows ...) - TODO: check + NOTE: not-for-us (WebWeaver) CAN-2004-2127 (Directory traversal vulnerability in Web Blog 1.1 allows remote ...) - TODO: check + NOTE: not-for-us (Web Blog) CAN-2004-2126 (The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure ...) - TODO: check + NOTE: not-for-us (BlackICE) CAN-2004-2125 (Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and ...) - TODO: check + NOTE: not-for-us (BlackICE) CAN-2004-2124 (The register_globals simulation capability in Gallery 1.3.1 through ...) - TODO: check + - gallery 1.4.4-pl1-1 CAN-2004-2123 (Multiple cross-site scripting (XSS) vulnerabilities in Nextplace.com ...) - TODO: check + NOTE: not-for-us (Nextplace) CAN-2004-2122 (Cross-site scripting (XSS) vulnerability in intraforum_db.cgi in Intra ...) - TODO: check -end claimed by jmm + NOTE: not-for-us (Intra Forum) +begin claimed by jmm CAN-2004-2121 (Multiple directory traversal vulnerabilities in Borland Web Server ...) TODO: check CAN-2004-2120 (Reptile Web Server allows remote attackers to cause a denial of ...) @@ -208,17 +208,13 @@ TODO: check CAN-2002-1664 (Yahoo! Messenger before February 2002 allows remote attackers to add ...) TODO: check -CAN-2005-XXXX [SQL injection in Wordpress's template handling] - NOTE: Not in Sarge - - wordpress 1.5.1.2-1 +end claimed by jmm CAN-2005-XXXX [Unspecified issue in moodle's admin/delete.php] - moodle 1.4.4.dfsg.1-3 CAN-2005-XXXX [Minor DoS condition in mutt due to preditable tempfiles] - mutt (unfixed; bug #311296) CAN-2005-XXXX [Buffer overflow in elog header_buffer] - elog 2.5.9+r1674-1 -CAN-2005-XXXX [Insecure tempfile generation in shtool] - - shtool (unfixed; bug #311206) CAN-2005-XXXX [gforge arbitrary code execution through viewFile.php] NOTE: According to advisory posted to Bugtraq fixed in 3.1-30, however it's NOTE: not mentioned in the changelog, so it's either a hidden fix or unfixed From jmm-guest@costa.debian.org Thu Jun 2 09:57:33 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Thu, 02 Jun 2005 09:57:33 +0000 Subject: [Secure-testing-commits] r1189 - sarge-checks/CAN Message-ID: Author: jmm-guest Date: 2005-06-02 09:57:30 +0000 (Thu, 02 Jun 2005) New Revision: 1189 Modified: sarge-checks/CAN/list Log: new drupal issue. Modified: sarge-checks/CAN/list =================================================================== --- sarge-checks/CAN/list 2005-06-02 09:50:40 UTC (rev 1188) +++ sarge-checks/CAN/list 2005-06-02 09:57:30 UTC (rev 1189) @@ -1,3 +1,5 @@ +CAN-2005-XXXX [Privilege escalation in Drupal] + - drupal 4.5.3-1 CAN-2005-1811 (Cross-site scripting (XSS) vulnerability in usercp.php for ...) NOTE: not-for-us (MyBB) CAN-2005-1810 (SQL injection vulnerability in template-functions-category.php in ...) From jmm-guest@costa.debian.org Thu Jun 2 12:22:00 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Thu, 02 Jun 2005 12:22:00 +0000 Subject: [Secure-testing-commits] r1190 - sarge-checks/CAN Message-ID: Author: jmm-guest Date: 2005-06-02 12:21:57 +0000 (Thu, 02 Jun 2005) New Revision: 1190 Modified: sarge-checks/CAN/list Log: ettercap format string issue Modified: sarge-checks/CAN/list =================================================================== --- sarge-checks/CAN/list 2005-06-02 09:57:30 UTC (rev 1189) +++ sarge-checks/CAN/list 2005-06-02 12:21:57 UTC (rev 1190) @@ -32,7 +32,7 @@ CAN-2005-1797 (The design of Advanced Encryption Standard (AES), aka Rijndael, allows ...) NOTE: Cryptographic attack on AES, cannot be fixed CAN-2005-1796 (Format string vulnerability in the curses_msg function in the Ncurses ...) - TODO: check + - ettercap (unfixed; bug #311615) CAN-2005-1795 (The filecopy function in misc.c in Clam AntiVirus (ClamAV) before ...) NOTE: not-for-us (ClamAV on Mac OS X) CAN-2005-1794 (Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 ...) @@ -147,7 +147,7 @@ NOTE: not-for-us (Intra Forum) begin claimed by jmm CAN-2004-2121 (Multiple directory traversal vulnerabilities in Borland Web Server ...) - TODO: check + NOTE: not-for-us (Borland Web Server) CAN-2004-2120 (Reptile Web Server allows remote attackers to cause a denial of ...) TODO: check CAN-2004-2119 (Cross-site scripting (XSS) vulnerability in Tiny Server 1.1 allows ...) From jmm-guest@costa.debian.org Thu Jun 2 12:35:44 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Thu, 02 Jun 2005 12:35:44 +0000 Subject: [Secure-testing-commits] r1191 - sarge-checks/CAN Message-ID: Author: jmm-guest Date: 2005-06-02 12:35:41 +0000 (Thu, 02 Jun 2005) New Revision: 1191 Modified: sarge-checks/CAN/list Log: More not-for-us. Modified: sarge-checks/CAN/list =================================================================== --- sarge-checks/CAN/list 2005-06-02 12:21:57 UTC (rev 1190) +++ sarge-checks/CAN/list 2005-06-02 12:35:41 UTC (rev 1191) @@ -149,68 +149,67 @@ CAN-2004-2121 (Multiple directory traversal vulnerabilities in Borland Web Server ...) NOTE: not-for-us (Borland Web Server) CAN-2004-2120 (Reptile Web Server allows remote attackers to cause a denial of ...) - TODO: check + NOTE: not-for-us (Reptile Web Server) CAN-2004-2119 (Cross-site scripting (XSS) vulnerability in Tiny Server 1.1 allows ...) - TODO: check + NOTE: not-for-us (Tiny Server) CAN-2004-2118 (Tiny Server 1.1 allows remote attackers to cause a denial of service ...) - TODO: check + NOTE: not-for-us (Tiny Server) CAN-2004-2117 (Tiny Server 1.1 allows remote attackers to cause a denial of service ...) - TODO: check + NOTE: not-for-us (Tiny Server) CAN-2004-2116 (Directory traversal vulnerability in Tiny Server 1.1 allows remote ...) - TODO: check + NOTE: not-for-us (Tiny Server) CAN-2004-2115 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP ...) - TODO: check + NOTE: not-for-us (Oracle) CAN-2004-2114 (Stack-based and heap-based buffer overflows in ProxyNow! 2.75 and ...) - TODO: check + NOTE: not-for-us (ProxyNow!) CAN-2004-2113 (Cross-site scripting (XSS) vulnerability in BremsServer 1.2.4 allows ...) - TODO: check + NOTE: not-for-us (BremsServer) CAN-2004-2112 (Directory traversal vulnerability in BremsServer 1.2.4 allows remote ...) - TODO: check + NOTE: not-for-us (BremsServer) CAN-2004-2111 (Stack-based buffer overflow in the site chmod command in Serv-U FTP ...) - TODO: check + NOTE: not-for-us (Serv-U FTP Server) CAN-2004-2110 (SQL injection vulnerability in register.php in Phorum before 3.4.6 ...) - TODO: check + NOTE: not-for-us (Phorum) CAN-2004-2109 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...) - TODO: check + NOTE: not-for-us (Q-Shop) CAN-2004-2108 (Multiple SQL injection vulnerabilities in QuadComm Q-Shop allow remote ...) - TODO: check + NOTE: not-for-us (Q-Shop) CAN-2004-2107 (Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not ...) - TODO: check + NOTE: not-for-us (Finjan SurfinGate) CAN-2004-2106 (Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote ...) - TODO: check + NOTE: not-for-us (Novell NetWare) CAN-2004-2105 (The webacc servlet in Novell NetWare Enterprise Web Server 5.1 and 6.0 ...) - TODO: check + NOTE: not-for-us (Novell NetWare) CAN-2004-2104 (Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote ...) - TODO: check + NOTE: not-for-us (Novell NetWare) CAN-2004-2103 (Cross-site scripting (XSS) vulnerability in Novell NetWare Enterprise ...) - TODO: check + NOTE: not-for-us (Novell NetWare) CAN-2004-2102 (Cross-site scripting (XSS) vulnerability in FREESCO 2.05, a modified ...) - TODO: check + NOTE: not-for-us (Freesco) CAN-2004-2101 (The sysinfo script in GeoHttpServer allows remote attackers to cause a ...) - TODO: check + NOTE: not-for-us (GeoHttpServer) CAN-2004-2100 (GeoHttpServer, when configured to authenticate users, allows remote ...) - TODO: check + NOTE: not-for-us (GeoHttpServer) CAN-2004-2099 (Buffer overflow in Need for Speed Hot Pursuit 2.0 client (NFSHP2), ...) - TODO: check + NOTE: not-for-us (Need for Speed game) CAN-2004-2098 (Cross-site scripting (XSS) vulnerability in the banner engine (TBE) ...) - TODO: check + NOTE: not-for-us (Banner engine) CAN-2004-2097 (Multiple scripts on SuSE Linux 9.0 allow local users to overwrite ...) TODO: check CAN-2004-2096 (Cross-site scripting (XSS) vulnerability in Mephistoles httpd 0.6.0 ...) - TODO: check + NOTE: not-for-us (Mephistoles) CAN-2004-2095 (Honeyd before 0.8 replies to TCP packets with the SYN and RST flags ...) - TODO: check + - honeyd 0.8-1 CAN-2004-2094 (Cross-site scripting (XSS) vulnerability in WebcamXP 1.06.945 allows ...) - TODO: check + NOTE: not-for-us (WebcamXP) CAN-2003-1216 (SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier ...) - TODO: check + - phpbb2 2.0.8a-1 CAN-2003-1215 (SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier ...) - TODO: check + - phpbb2 2.0.8a-1 CAN-2002-1665 (Buffer overflow in Yahoo! Messenger before February 2002 allows remote ...) - TODO: check + NOTE: not-for-us (Yahoo Messenger) CAN-2002-1664 (Yahoo! Messenger before February 2002 allows remote attackers to add ...) - TODO: check -end claimed by jmm + NOTE: not-for-us (Yahoo Messenger) CAN-2005-XXXX [Unspecified issue in moodle's admin/delete.php] - moodle 1.4.4.dfsg.1-3 CAN-2005-XXXX [Minor DoS condition in mutt due to preditable tempfiles] From joeyh@costa.debian.org Thu Jun 2 21:14:26 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Thu, 02 Jun 2005 21:14:26 +0000 Subject: [Secure-testing-commits] r1192 - sarge-checks/CAN Message-ID: Author: joeyh Date: 2005-06-02 21:14:22 +0000 (Thu, 02 Jun 2005) New Revision: 1192 Modified: sarge-checks/CAN/list Log: automatic CAN database update Modified: sarge-checks/CAN/list =================================================================== --- sarge-checks/CAN/list 2005-06-02 12:35:41 UTC (rev 1191) +++ sarge-checks/CAN/list 2005-06-02 21:14:22 UTC (rev 1192) @@ -1,70 +1,70 @@ CAN-2005-XXXX [Privilege escalation in Drupal] - - drupal 4.5.3-1 + - drupal 4.5.3-1 CAN-2005-1811 (Cross-site scripting (XSS) vulnerability in usercp.php for ...) - NOTE: not-for-us (MyBB) + NOTE: not-for-us (MyBB) CAN-2005-1810 (SQL injection vulnerability in template-functions-category.php in ...) NOTE: Not in Sarge - wordpress 1.5.1.2-1 CAN-2005-1809 (Sony Ericsson P900 Beamer allows remote attackers to cause a denial of ...) - NOTE: not-for-us (Sony hardware issue) + NOTE: not-for-us (Sony hardware issue) CAN-2005-1808 (Firefly Studios Stronghold 2 1.2 and earlier allows remote attackers ...) - NOTE: not-for-us (Stronghold game) + NOTE: not-for-us (Stronghold game) CAN-2005-1807 (The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier ...) - NOTE: not-for-us (PHPMailer) + NOTE: not-for-us (PHPMailer) CAN-2005-1806 (Format string vulnerability in PeerCast 0.1211 and earlier allows ...) - NOTE: not-for-us (PeerCast) + NOTE: not-for-us (PeerCast) CAN-2005-1805 (SQL injection vulnerability in login.asp in an unknown product by ...) - NOTE: not-for-us (Online Solutions for Educators) + NOTE: not-for-us (Online Solutions for Educators) CAN-2005-1804 (Multiple SQL injection vulnerabilities in Net Portal Dynamic System ...) - NOTE: not-for-us (Net Portal Dynamic System) + NOTE: not-for-us (Net Portal Dynamic System) CAN-2005-1803 (Multiple cross-site scripting (XSS) vulnerabilities in Net Portal ...) - NOTE: not-for-us (Net Portal Dynamic System) + NOTE: not-for-us (Net Portal Dynamic System) CAN-2005-1802 (Nortel VPN Router (aka Contivity) allows remote attackers to cause a ...) - NOTE: not-for-us (Nortel hardware) + NOTE: not-for-us (Nortel hardware) CAN-2005-1801 (The vCard viewer in Nokia 9500 allows attackers to cause a denial of ...) - NOTE: not-for-us (Nokia hardware) + NOTE: not-for-us (Nokia hardware) CAN-2005-1800 (Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 ...) - NOTE: not-for-us (Jaws glossary gadget) + NOTE: not-for-us (Jaws glossary gadget) CAN-2005-1799 (Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.5.7 and ...) - NOTE: not-for-us (FreeStyle Wiki) + NOTE: not-for-us (FreeStyle Wiki) CAN-2005-1798 (Directory traversal vulnerability in ServersCheck Monitoring Software ...) - NOTE: not-for-us (ServersCheck) + NOTE: not-for-us (ServersCheck) CAN-2005-1797 (The design of Advanced Encryption Standard (AES), aka Rijndael, allows ...) - NOTE: Cryptographic attack on AES, cannot be fixed + NOTE: Cryptographic attack on AES, cannot be fixed CAN-2005-1796 (Format string vulnerability in the curses_msg function in the Ncurses ...) - - ettercap (unfixed; bug #311615) + - ettercap (unfixed; bug #311615) CAN-2005-1795 (The filecopy function in misc.c in Clam AntiVirus (ClamAV) before ...) - NOTE: not-for-us (ClamAV on Mac OS X) + NOTE: not-for-us (ClamAV on Mac OS X) CAN-2005-1794 (Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 ...) - NOTE: not-for-us (Microsoft) + NOTE: not-for-us (Microsoft) CAN-2005-1793 (User32.DLL in Microsoft Windows 98SE, and possibly other operating ...) - NOTE: not-for-us (Microsoft) + NOTE: not-for-us (Microsoft) CAN-2005-1792 (Memory leak in Windows Management Instrumentation (WMI) service allows ...) - NOTE: not-for-us (Microsoft) + NOTE: not-for-us (Microsoft) CAN-2005-1791 (Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the ...) - NOTE: not-for-us (Microsoft) + NOTE: not-for-us (Microsoft) CAN-2005-1790 (Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106 ...) - NOTE: not-for-us (Microsoft) + NOTE: not-for-us (Microsoft) CAN-2005-1789 (SQL injection vulnerability in SignIn.asp in India Software Solution ...) - NOTE: not-for-us (India Software Solution shopping cart) + NOTE: not-for-us (India Software Solution shopping cart) CAN-2005-1788 (SQL injection vulnerability in resellerresources.asp in Hosting ...) - NOTE: not-for-us (Hosting Controller) + NOTE: not-for-us (Hosting Controller) CAN-2005-1787 (setup.php in phpStat 1.5 allows remote attackers to bypass ...) - NOTE: not-for-us (phpStat) + NOTE: not-for-us (phpStat) CAN-2005-1786 (SQL injection vulnerability in admin.asp in FunkyASP AD System 1.1 ...) - NOTE: not-for-us (FunkyASP) + NOTE: not-for-us (FunkyASP) CAN-2005-1785 (SQL injection vulnerability in ad/login.asp in ZonGG 1.2 allows remote ...) - NOTE: not-for-us (ZonGG) + NOTE: not-for-us (ZonGG) CAN-2005-1784 (Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers ...) - NOTE: not-for-us (Hosting Controller) + NOTE: not-for-us (Hosting Controller) CAN-2005-1783 (BookReview beta 1.0 allows remote attackers to obtain the path of the ...) - NOTE: not-for-us (BookReview) + NOTE: not-for-us (BookReview) CAN-2005-1782 (Multiple cross-site scripting (XSS) vulnerabilities in BookReview beta ...) - NOTE: not-for-us (BookReview) + NOTE: not-for-us (BookReview) CAN-2005-1781 (Unknown vulnerability in SMTP authentication for MailEnable allows ...) - NOTE: not-for-us (MailEnable) + NOTE: not-for-us (MailEnable) CAN-2005-1780 (SQL injection vulnerability in admin/login.asp in Active News Manager ...) - NOTE: not-for-us (Active News Manager) + NOTE: not-for-us (Active News Manager) CAN-2005-1779 (SQL injection vulnerability in password.asp in MaxWebPortal 1.35, ...) NOTE: not-for-us (MaxWebPortal) CAN-2005-1778 (Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke ...) @@ -76,7 +76,7 @@ CAN-2005-1775 (Terminator 3: War of the Machines 1.16 and earlier allows remote ...) NOTE: not-for-us (Terminator game) CAN-2005-1774 (WEB-DAV Linux File System (davfs2) 0.2.3 does not properly enforce ...) - - davfs2 (unfixed; bug #310757) + - davfs2 (unfixed; bug #310757) CAN-2005-1773 (Multiple unknown vulnerabilities in L-Soft LISTSERV 14.3, 1.8e, and ...) NOTE: not-for-us (Listserv) CAN-2005-1772 (Buffer overflow in the client cd-key hash in Terminator 3: War of the ...) @@ -128,7 +128,7 @@ CAN-2004-2131 (Stack-based buffer overflow in ontape for IBM Informix Dynamic Server ...) NOTE: not-for-us (Informix Dynamic Server) CAN-2004-2130 (Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in ...) - - phpbb2 2.0.6d-2 + - phpbb2 2.0.6d-2 CAN-2004-2129 (SurfNOW 2.2 allows remote attackers to cause a denial of service ...) NOTE: not-for-us (SurfNOW) CAN-2004-2128 (Cross-site scripting (XSS) vulnerability in BRS WebWeaver 1.07 allows ...) @@ -140,7 +140,7 @@ CAN-2004-2125 (Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and ...) NOTE: not-for-us (BlackICE) CAN-2004-2124 (The register_globals simulation capability in Gallery 1.3.1 through ...) - - gallery 1.4.4-pl1-1 + - gallery 1.4.4-pl1-1 CAN-2004-2123 (Multiple cross-site scripting (XSS) vulnerabilities in Nextplace.com ...) NOTE: not-for-us (Nextplace) CAN-2004-2122 (Cross-site scripting (XSS) vulnerability in intraforum_db.cgi in Intra ...) @@ -199,13 +199,13 @@ CAN-2004-2096 (Cross-site scripting (XSS) vulnerability in Mephistoles httpd 0.6.0 ...) NOTE: not-for-us (Mephistoles) CAN-2004-2095 (Honeyd before 0.8 replies to TCP packets with the SYN and RST flags ...) - - honeyd 0.8-1 + - honeyd 0.8-1 CAN-2004-2094 (Cross-site scripting (XSS) vulnerability in WebcamXP 1.06.945 allows ...) NOTE: not-for-us (WebcamXP) CAN-2003-1216 (SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier ...) - - phpbb2 2.0.8a-1 + - phpbb2 2.0.8a-1 CAN-2003-1215 (SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier ...) - - phpbb2 2.0.8a-1 + - phpbb2 2.0.8a-1 CAN-2002-1665 (Buffer overflow in Yahoo! Messenger before February 2002 allows remote ...) NOTE: not-for-us (Yahoo Messenger) CAN-2002-1664 (Yahoo! Messenger before February 2002 allows remote attackers to add ...) From jmm-guest@costa.debian.org Fri Jun 3 10:10:35 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Fri, 03 Jun 2005 10:10:35 +0000 Subject: [Secure-testing-commits] r1193 - sarge-checks/DSA Message-ID: Author: jmm-guest Date: 2005-06-03 10:10:34 +0000 (Fri, 03 Jun 2005) New Revision: 1193 Modified: sarge-checks/DSA/list Log: new krb4 dsa Modified: sarge-checks/DSA/list =================================================================== --- sarge-checks/DSA/list 2005-06-02 21:14:22 UTC (rev 1192) +++ sarge-checks/DSA/list 2005-06-03 10:10:34 UTC (rev 1193) @@ -1,3 +1,7 @@ +[02 Jun 2005] DSA-731-1 krb4 - buffer overflows + {CAN-2005-0468 CAN-2005-0468} + - krb4 1.2.2-11.2 + NOTE: fixed in testing in time of DSA [27 May 2005] DSA-730-1 bzip2 - race condition {CAN-2005-0953} - bzip2 1.0.2-6 From jmm-guest@costa.debian.org Fri Jun 3 10:11:48 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Fri, 03 Jun 2005 10:11:48 +0000 Subject: [Secure-testing-commits] r1194 - sarge-checks/CAN Message-ID: Author: jmm-guest Date: 2005-06-03 10:11:45 +0000 (Fri, 03 Jun 2005) New Revision: 1194 Modified: sarge-checks/CAN/list Log: ettercap fixed Modified: sarge-checks/CAN/list =================================================================== --- sarge-checks/CAN/list 2005-06-03 10:10:34 UTC (rev 1193) +++ sarge-checks/CAN/list 2005-06-03 10:11:45 UTC (rev 1194) @@ -32,7 +32,7 @@ CAN-2005-1797 (The design of Advanced Encryption Standard (AES), aka Rijndael, allows ...) NOTE: Cryptographic attack on AES, cannot be fixed CAN-2005-1796 (Format string vulnerability in the curses_msg function in the Ncurses ...) - - ettercap (unfixed; bug #311615) + - ettercap 1:0.7.1-1.1 CAN-2005-1795 (The filecopy function in misc.c in Clam AntiVirus (ClamAV) before ...) NOTE: not-for-us (ClamAV on Mac OS X) CAN-2005-1794 (Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 ...) From joeyh@costa.debian.org Fri Jun 3 21:14:24 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Fri, 03 Jun 2005 21:14:24 +0000 Subject: [Secure-testing-commits] r1195 - sarge-checks/CAN Message-ID: Author: joeyh Date: 2005-06-03 21:14:20 +0000 (Fri, 03 Jun 2005) New Revision: 1195 Modified: sarge-checks/CAN/list Log: automatic CAN database update Modified: sarge-checks/CAN/list =================================================================== --- sarge-checks/CAN/list 2005-06-03 10:11:45 UTC (rev 1194) +++ sarge-checks/CAN/list 2005-06-03 21:14:20 UTC (rev 1195) @@ -1,3 +1,61 @@ +CAN-2005-1840 (Directory traversal vulnerability in class.layout_phpcms.php in phpCMS ...) + TODO: check +CAN-2005-1839 (Multiple SQL injection vulnerabilities in Liberum Help Desk 0.97.3 ...) + TODO: check +CAN-2005-1838 (Multiple cross-site scripting vulnerabilities in castnewPost.asp in ...) + TODO: check +CAN-2005-1837 (Fortinet firewall running FortiOS 2.x contains a hardcoded uername ...) + TODO: check +CAN-2005-1836 (NEXTWEB (i)Site allows remote attackers to cause a denial of service ...) + TODO: check +CAN-2005-1835 (NEXTWEB (i)Site stores databases under the web document root with ...) + TODO: check +CAN-2005-1834 (SQL injection vulnerability in login.asp in NEXTWEB (i)Site allows ...) + TODO: check +CAN-2005-1833 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 ...) + TODO: check +CAN-2005-1832 (Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard ...) + TODO: check +CAN-2005-1831 (Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux ...) + TODO: check +CAN-2005-1830 (The DbgMsg.sys driver in Compuware SoftICE DriverStudio 3.1 and 3.2 ...) + TODO: check +CAN-2005-1829 (Microsoft Internet Explorer 6 SP2 allows remote attackers to cause a ...) + TODO: check +CAN-2005-1828 (D-Link DSL-504T stores usernames and passwords in cleartext in the ...) + TODO: check +CAN-2005-1827 (D-Link DSL-504T allows remote attackers to bypass authentication and ...) + TODO: check +CAN-2005-1826 (Buffer overflow in HP Radia Notify Daemon 3.1.0.0 (formerly by ...) + TODO: check +CAN-2005-1825 (Multiple stack-based buffer overflows in the nvd_exec function in HP ...) + TODO: check +CAN-2005-1824 (The sql_escape_string function in auth/sql.c for the mailutils SQL ...) + TODO: check +CAN-2005-1823 (Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam ...) + TODO: check +CAN-2005-1822 (Multiple SQL injection vulnerabilities in Qualiteam X-Cart 4.0.8 allow ...) + TODO: check +CAN-2005-1821 (PHP remote code injection vulnerability in pdl_header.inc.php in ...) + TODO: check +CAN-2005-1820 (zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote ...) + TODO: check +CAN-2005-1819 (Cross-site scripting (XSS) vulnerability in NikoSoft WebMail before ...) + TODO: check +CAN-2005-1818 (Multiple SQL injection vulnerabilities in NewLife Blogger before 3.3.1 ...) + TODO: check +CAN-2005-1817 (Invision Power Board (IPB) 1.0 through 1.3 allows remote attackers to ...) + TODO: check +CAN-2005-1816 (Invision Power Board (IPB) 1.0 through 2.0.4 allows non-root admins to ...) + TODO: check +CAN-2005-1815 (Multiple buffer overflows in Hummingbird Connectivity inetD 10.0.0.1 ...) + TODO: check +CAN-2005-1814 (Stack-based buffer overflow in PicoWebServer 1.0 allows remote ...) + TODO: check +CAN-2005-1813 (Directory traversal vulnerability in FutureSoft TFTP Server Evaluation ...) + TODO: check +CAN-2005-1812 (Multiple stack-based buffer overflows in FutureSoft TFTP Server ...) + TODO: check CAN-2005-XXXX [Privilege escalation in Drupal] - drupal 4.5.3-1 CAN-2005-1811 (Cross-site scripting (XSS) vulnerability in usercp.php for ...) @@ -4763,7 +4821,7 @@ - krb5 1.3.6-2 - heimdal 0.6.3-10 CAN-2005-0468 (Heap-based buffer overflow in the env_opt_add function in telnet.c for ...) - {DSA-703-1} + {DSA-731-1 DSA-731-1 DSA-703-1} - krb5 1.3.6-2 - krb4 1.2.2-11.2 TODO: check netkit-telnet, netkit-telnet-ssl From jmm-guest@costa.debian.org Fri Jun 3 22:01:06 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Fri, 03 Jun 2005 22:01:06 +0000 Subject: [Secure-testing-commits] r1196 - sarge-checks/DSA Message-ID: Author: jmm-guest Date: 2005-06-03 22:01:05 +0000 (Fri, 03 Jun 2005) New Revision: 1196 Modified: sarge-checks/DSA/list Log: new dsa Modified: sarge-checks/DSA/list =================================================================== --- sarge-checks/DSA/list 2005-06-03 21:14:20 UTC (rev 1195) +++ sarge-checks/DSA/list 2005-06-03 22:01:05 UTC (rev 1196) @@ -1,3 +1,7 @@ +[03 Jun 2005] DSA-732-1 mailutils - several + {CAN-2005-1520 CAN-2005-1521 CAN-2005-1522 CAN-2005-1523} + - mailutils 0.6.1-4 + NOTE: fixed in testing in time of DSA [02 Jun 2005] DSA-731-1 krb4 - buffer overflows {CAN-2005-0468 CAN-2005-0468} - krb4 1.2.2-11.2 From jmm-guest@costa.debian.org Fri Jun 3 22:11:03 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Fri, 03 Jun 2005 22:11:03 +0000 Subject: [Secure-testing-commits] r1197 - sarge-checks/CAN Message-ID: Author: jmm-guest Date: 2005-06-03 22:11:00 +0000 (Fri, 03 Jun 2005) New Revision: 1197 Modified: sarge-checks/CAN/list Log: several not-for-us, mailutils already fixed Modified: sarge-checks/CAN/list =================================================================== --- sarge-checks/CAN/list 2005-06-03 22:01:05 UTC (rev 1196) +++ sarge-checks/CAN/list 2005-06-03 22:11:00 UTC (rev 1197) @@ -1,61 +1,61 @@ CAN-2005-1840 (Directory traversal vulnerability in class.layout_phpcms.php in phpCMS ...) - TODO: check + NOTE: not-for-us (phpCMS) CAN-2005-1839 (Multiple SQL injection vulnerabilities in Liberum Help Desk 0.97.3 ...) - TODO: check + NOTE: not-for-us (Liberum) CAN-2005-1838 (Multiple cross-site scripting vulnerabilities in castnewPost.asp in ...) - TODO: check + NOTE: not-for-us (Liberum) CAN-2005-1837 (Fortinet firewall running FortiOS 2.x contains a hardcoded uername ...) - TODO: check + NOTE: not-for-us (Fortinet firewall) CAN-2005-1836 (NEXTWEB (i)Site allows remote attackers to cause a denial of service ...) - TODO: check + NOTE: not-for-us (NEXTWEB) CAN-2005-1835 (NEXTWEB (i)Site stores databases under the web document root with ...) - TODO: check + NOTE: not-for-us (NEXTWEB) CAN-2005-1834 (SQL injection vulnerability in login.asp in NEXTWEB (i)Site allows ...) - TODO: check + NOTE: not-for-us (NEXTWEB) CAN-2005-1833 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 ...) - TODO: check + NOTE: not-for-us (MyBB) CAN-2005-1832 (Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard ...) - TODO: check + NOTE: not-for-us (MyBB) CAN-2005-1831 (Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux ...) TODO: check CAN-2005-1830 (The DbgMsg.sys driver in Compuware SoftICE DriverStudio 3.1 and 3.2 ...) - TODO: check + NOTE: not-for-us (SoftICE) CAN-2005-1829 (Microsoft Internet Explorer 6 SP2 allows remote attackers to cause a ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2005-1828 (D-Link DSL-504T stores usernames and passwords in cleartext in the ...) - TODO: check + NOTE: not-for-us (D-Link hardware issue) CAN-2005-1827 (D-Link DSL-504T allows remote attackers to bypass authentication and ...) - TODO: check + NOTE: not-for-us (D-Link hardware issue) CAN-2005-1826 (Buffer overflow in HP Radia Notify Daemon 3.1.0.0 (formerly by ...) - TODO: check + NOTE: not-for-us (HP Radia) CAN-2005-1825 (Multiple stack-based buffer overflows in the nvd_exec function in HP ...) - TODO: check + NOTE: not-for-us (HP Radia) CAN-2005-1824 (The sql_escape_string function in auth/sql.c for the mailutils SQL ...) - TODO: check + - mailutils 1:0.6.1-2 CAN-2005-1823 (Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam ...) - TODO: check + NOTE: not-for-us (Qualiteam X-Cart) CAN-2005-1822 (Multiple SQL injection vulnerabilities in Qualiteam X-Cart 4.0.8 allow ...) - TODO: check + NOTE: not-for-us (Qualiteam X-Cart) CAN-2005-1821 (PHP remote code injection vulnerability in pdl_header.inc.php in ...) - TODO: check + NOTE: not-for-us (PowerDownload) CAN-2005-1820 (zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote ...) - TODO: check + NOTE: not-for-us (Zeroboard) CAN-2005-1819 (Cross-site scripting (XSS) vulnerability in NikoSoft WebMail before ...) - TODO: check + NOTE: not-for-us (NikoSoft WebMail) CAN-2005-1818 (Multiple SQL injection vulnerabilities in NewLife Blogger before 3.3.1 ...) - TODO: check + NOTE: not-for-us (NewLife Blogger) CAN-2005-1817 (Invision Power Board (IPB) 1.0 through 1.3 allows remote attackers to ...) - TODO: check + NOTE: not-for-us (Invision Power Board) CAN-2005-1816 (Invision Power Board (IPB) 1.0 through 2.0.4 allows non-root admins to ...) - TODO: check + NOTE: not-for-us (Invision Power Board) CAN-2005-1815 (Multiple buffer overflows in Hummingbird Connectivity inetD 10.0.0.1 ...) - TODO: check + NOTE: not-for-us (Hummingbird Connectivity) CAN-2005-1814 (Stack-based buffer overflow in PicoWebServer 1.0 allows remote ...) - TODO: check + NOTE: not-for-us (PicoWebServer) CAN-2005-1813 (Directory traversal vulnerability in FutureSoft TFTP Server Evaluation ...) - TODO: check + NOTE: not-for-us (FutureSoft TFTP Server) CAN-2005-1812 (Multiple stack-based buffer overflows in FutureSoft TFTP Server ...) - TODO: check + NOTE: not-for-us (FutureSoft TFTP Server) CAN-2005-XXXX [Privilege escalation in Drupal] - drupal 4.5.3-1 CAN-2005-1811 (Cross-site scripting (XSS) vulnerability in usercp.php for ...) From jmm-guest@costa.debian.org Fri Jun 3 22:29:33 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Fri, 03 Jun 2005 22:29:33 +0000 Subject: [Secure-testing-commits] r1198 - sarge-checks/CAN Message-ID: Author: jmm-guest Date: 2005-06-03 22:29:30 +0000 (Fri, 03 Jun 2005) New Revision: 1198 Modified: sarge-checks/CAN/list Log: Fix elog entry. Modified: sarge-checks/CAN/list =================================================================== --- sarge-checks/CAN/list 2005-06-03 22:11:00 UTC (rev 1197) +++ sarge-checks/CAN/list 2005-06-03 22:29:30 UTC (rev 1198) @@ -272,8 +272,6 @@ - moodle 1.4.4.dfsg.1-3 CAN-2005-XXXX [Minor DoS condition in mutt due to preditable tempfiles] - mutt (unfixed; bug #311296) -CAN-2005-XXXX [Buffer overflow in elog header_buffer] - - elog 2.5.9+r1674-1 CAN-2005-XXXX [gforge arbitrary code execution through viewFile.php] NOTE: According to advisory posted to Bugtraq fixed in 3.1-30, however it's NOTE: not mentioned in the changelog, so it's either a hidden fix or unfixed @@ -1770,7 +1768,7 @@ - eskuel 1.0.5-3.1 CAN-2005-XXXX [eskuel: No authentication at all] - eskuel (unfixed; bug #163653) -CAN-2005-XXXX [Buffer overflow in elog] +CAN-2005-XXXX [Buffer overflow in elog's header buffer] - elog 2.5.7+r1558-3 CAN-2005-XXXX [Unspeficied security issue in ipsec-tool's single DES support] - ipsec-tools 0.5.2-1 From jmm-guest@costa.debian.org Fri Jun 3 23:09:33 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Fri, 03 Jun 2005 23:09:33 +0000 Subject: [Secure-testing-commits] r1199 - sarge-checks/CAN Message-ID: Author: jmm-guest Date: 2005-06-03 23:09:30 +0000 (Fri, 03 Jun 2005) New Revision: 1199 Modified: sarge-checks/CAN/list Log: - Several not-for-us - some issues need further evaluation (kernel disk encryption, some minor temp races) - CANified ht issues Modified: sarge-checks/CAN/list =================================================================== --- sarge-checks/CAN/list 2005-06-03 22:29:30 UTC (rev 1198) +++ sarge-checks/CAN/list 2005-06-03 23:09:30 UTC (rev 1199) @@ -17,7 +17,8 @@ CAN-2005-1832 (Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard ...) NOTE: not-for-us (MyBB) CAN-2005-1831 (Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux ...) - TODO: check + NOTE: Unreproducable by SuSE security team, sudo contains code to circumvent such + NOTE: behaviour, seems like a broken PAM setup on the submitter's side CAN-2005-1830 (The DbgMsg.sys driver in Compuware SoftICE DriverStudio 3.1 and 3.2 ...) NOTE: not-for-us (SoftICE) CAN-2005-1829 (Microsoft Internet Explorer 6 SP2 allows remote attackers to cause a ...) @@ -174,13 +175,15 @@ CAN-2005-1751 (Race condition in shtool 2.0.1 and earlier allows local users to ...) - shtool (unfixed; bug #311206) CAN-2004-2136 (dm-crypt on Linux kernel 2.6.x, when used on certain file systems ...) - TODO: check + NOTE: This looks like a minor issue, the paper is from Feb 2004, check whether this still applies + TODO: check, whether this still applies CAN-2004-2135 (cryptoloop on Linux kernel 2.6.x, when used on certain file systems ...) - TODO: check + NOTE: This looks like a minor issue, the paper is from Feb 2004, check whether this still applies + TODO: check, whether this still applies CAN-2004-2134 (Oracle toplink mapping workBench uses a weak encryption algorithm for ...) NOTE: not-for-us (Oracle) CAN-2004-2133 (Certain third-party packages for CVSup 16.1h, such as SuSE Linux, ...) - TODO: check + NOTE: not-for-us (CVSup third party modules) CAN-2004-2132 (Directory traversal vulnerability in PJreview_Neo.cgi in PJ CGI Neo ...) NOTE: not-for-us (PJ CGI Nero) CAN-2004-2131 (Stack-based buffer overflow in ontape for IBM Informix Dynamic Server ...) @@ -253,7 +256,8 @@ CAN-2004-2098 (Cross-site scripting (XSS) vulnerability in the banner engine (TBE) ...) NOTE: not-for-us (Banner engine) CAN-2004-2097 (Multiple scripts on SuSE Linux 9.0 allow local users to overwrite ...) - TODO: check + TODO: check these packages, whether they create tempfiles with the current PID: + TODO: fvwm, fvwm-gnome, x-base-clients, lvm10 CAN-2004-2096 (Cross-site scripting (XSS) vulnerability in Mephistoles httpd 0.6.0 ...) NOTE: not-for-us (Mephistoles) CAN-2004-2095 (Honeyd before 0.8 replies to TCP packets with the SYN and RST flags ...) @@ -792,15 +796,15 @@ CAN-2005-1547 (Heap-based buffer overflow in the demo version of Bakbone Netvault, ...) NOTE: not-for-us (Bakbone Netvault) CAN-2005-1546 (Buffer overflow in the PE parser in HT Editor before 0.8.0 allows ...) - NOTE: not-for-us (HT Editor) + - ht 0.8.0-2 CAN-2005-1545 (Integer overflow in the ELF parser in HT Editor before 0.8.0 allows ...) - NOTE: not-for-us (HT Editor) + - ht 0.8.0-2 CAN-2005-1544 (Stack-based buffer overflow in libTIFF before 1.53 allows remote ...) NOTE: CVE info about vulnerable version number is bogus - tiff 3.7.2-3 NOTE: tiff3g not in testing CAN-2005-1543 (Multiple stack-based and heap-based buffer overflows in Remote ...) - TODO: check + NOTE: not-for-us (Novell Zenworks) CAN-2005-1542 NOTE: reserved CAN-2005-1541 @@ -867,8 +871,6 @@ - binutils 2.15-6 CAN-2005-XXXX [kmd affected by binutils's ELF parser vulnerability] - kmd 0.9.19-1.1 -CAN-2005-XXXX [Multiple vulnerabilities in HT editor] - - ht 0.8.0-2 CAN-2005-XXXX [unrar: opens /tmp/debug_unrar.txt] NOTE: Source package has been renamed from unrar to unrar-free - unrar-free 1:0.0.1-2 @@ -1862,7 +1864,7 @@ CAN-2005-1409 (PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain ...) - postgresql 7.4.7-6 CAN-2005-1408 (Apple Keynote 2.0 and 2.0.1 allows remote attackers to read arbitrary ...) - TODO: check + NOTE: not-for-us (Apple) CAN-2005-1407 (Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the ...) NOTE: not-for-us (Skype) CAN-2005-1406 (The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly ...) @@ -2197,21 +2199,21 @@ CAN-2005-1257 NOTE: reserved CAN-2005-1256 (Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail ...) - TODO: check + NOTE: not-for-us (IMail) CAN-2005-1255 (Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 ...) - TODO: check + NOTE: not-for-us (IMail) CAN-2005-1254 (Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 ...) - TODO: check + NOTE: not-for-us (IMail) CAN-2005-1253 NOTE: reserved CAN-2005-1252 (Directory traversal vulnerability in the Web Calendaring server in ...) - TODO: check + NOTE: not-for-us (IMail) CAN-2005-1251 NOTE: reserved CAN-2005-1250 NOTE: reserved CAN-2005-1249 (The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) ...) - TODO: check + NOTE: not-for-us (IMail) CAN-2005-1248 (Buffer overflow in Apple iTunes before 4.8 allows remote attackers to ...) NOTE: not-for-us (Apple iTunes) CAN-2005-1247 (webadmin.exe in Novell Nsure Audit 1.0.1 allows remote attackers to ...) From joeyh@costa.debian.org Sat Jun 4 09:14:25 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Sat, 04 Jun 2005 09:14:25 +0000 Subject: [Secure-testing-commits] r1200 - sarge-checks/CAN Message-ID: Author: joeyh Date: 2005-06-04 09:14:21 +0000 (Sat, 04 Jun 2005) New Revision: 1200 Modified: sarge-checks/CAN/list Log: automatic CAN database update Modified: sarge-checks/CAN/list =================================================================== --- sarge-checks/CAN/list 2005-06-03 23:09:30 UTC (rev 1199) +++ sarge-checks/CAN/list 2005-06-04 09:14:21 UTC (rev 1200) @@ -846,12 +846,16 @@ CAN-2005-1524 NOTE: reserved CAN-2005-1523 [GNU Mailutils 0.6 imap4d Format String Vulnerability] + {DSA-732-1} - mailutils 1:0.6.1-3 CAN-2005-1522 [GNU Mailutils 0.6 imap4d FETCH Command Resource Consumption DoS Vulnerability] + {DSA-732-1} - mailutils 1:0.6.1-3 CAN-2005-1521 [GNU Mailutils 0.6 imap4d fetch_io Heap overflow Vulnerability] + {DSA-732-1} - mailutils 1:0.6.1-3 CAN-2005-1520 [GNU Mailutils 0.6 mail header_get_field_name() Buffer Overflow Vulnerability] + {DSA-732-1} - mailutils 1:0.6.1-3 CAN-2005-1519 (Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered ...) - squid 2.5.9-9 From jmm-guest@costa.debian.org Sun Jun 5 11:12:53 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Sun, 05 Jun 2005 11:12:53 +0000 Subject: [Secure-testing-commits] r1201 - sarge-checks/CAN Message-ID: Author: jmm-guest Date: 2005-06-05 11:12:44 +0000 (Sun, 05 Jun 2005) New Revision: 1201 Modified: sarge-checks/CAN/list Log: fuse fix pending Modified: sarge-checks/CAN/list =================================================================== --- sarge-checks/CAN/list 2005-06-04 09:14:21 UTC (rev 1200) +++ sarge-checks/CAN/list 2005-06-05 11:12:44 UTC (rev 1201) @@ -1,3 +1,6 @@ +CAN-2005-XXXX [Information leak in fuse] + NOTE: Fixed packages have already been prepared, pending upload and/or security team upload + - fuse (unfixed; bug #311634) CAN-2005-1840 (Directory traversal vulnerability in class.layout_phpcms.php in phpCMS ...) NOTE: not-for-us (phpCMS) CAN-2005-1839 (Multiple SQL injection vulnerabilities in Liberum Help Desk 0.97.3 ...) From jmm-guest@costa.debian.org Sun Jun 5 11:13:11 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Sun, 05 Jun 2005 11:13:11 +0000 Subject: [Secure-testing-commits] r1202 - sarge-checks Message-ID: Author: jmm-guest Date: 2005-06-05 11:13:11 +0000 (Sun, 05 Jun 2005) New Revision: 1202 Modified: sarge-checks/elf-vuln Log: ELF status update Modified: sarge-checks/elf-vuln =================================================================== --- sarge-checks/elf-vuln 2005-06-05 11:12:44 UTC (rev 1201) +++ sarge-checks/elf-vuln 2005-06-05 11:13:11 UTC (rev 1202) @@ -1,18 +1,18 @@ binutils (fixed) elfutils (not in debian) -gdb (bug filed) +gdb (fixed) ht (fixed) prelink (not affected, as not using elfutils library) elfsign -rpm (only newer than in debian contains elfutils) -acl2 (maintainer is checking back) +rpm (not affected, only newer than in debian contains elfutils) +acl2 (affected according to maintainer, full exploit potential unclear, rebuilds complicated) alleyoop (moritz checking) -axiom (maintainer is checking back) +axiom (affected according to maintainer, full exploit potential unclear, rebuilds complicated) crash (micah is talking with upstream) fenris (not in sarge, moritz checking) gccchecker -gcl (maintainer is checking back) -gclcvs (maintainer is checking back) +gcl (affected according to maintainer, full exploit potential unclear, rebuilds complicated) +gclcvs (affected according to maintainer, full exploit potential unclear, rebuilds complicated) ggcov insight kdebindings From jmm-guest@costa.debian.org Mon Jun 6 06:47:55 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Mon, 06 Jun 2005 06:47:55 +0000 Subject: [Secure-testing-commits] r1203 - sarge-checks/CAN Message-ID: Author: jmm-guest Date: 2005-06-06 06:47:53 +0000 (Mon, 06 Jun 2005) New Revision: 1203 Modified: sarge-checks/CAN/list Log: Different fix was needed for ht. Modified: sarge-checks/CAN/list =================================================================== --- sarge-checks/CAN/list 2005-06-05 11:13:11 UTC (rev 1202) +++ sarge-checks/CAN/list 2005-06-06 06:47:53 UTC (rev 1203) @@ -801,7 +801,7 @@ CAN-2005-1546 (Buffer overflow in the PE parser in HT Editor before 0.8.0 allows ...) - ht 0.8.0-2 CAN-2005-1545 (Integer overflow in the ELF parser in HT Editor before 0.8.0 allows ...) - - ht 0.8.0-2 + - ht 0.8.0-3 CAN-2005-1544 (Stack-based buffer overflow in libTIFF before 1.53 allows remote ...) NOTE: CVE info about vulnerable version number is bogus - tiff 3.7.2-3 From jmm-guest@costa.debian.org Mon Jun 6 06:57:56 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Mon, 06 Jun 2005 06:57:56 +0000 Subject: [Secure-testing-commits] r1204 - sarge-checks/CAN Message-ID: Author: jmm-guest Date: 2005-06-06 06:57:54 +0000 (Mon, 06 Jun 2005) New Revision: 1204 Modified: sarge-checks/CAN/list Log: alsa stack protection bypass fixed Modified: sarge-checks/CAN/list =================================================================== --- sarge-checks/CAN/list 2005-06-06 06:47:53 UTC (rev 1203) +++ sarge-checks/CAN/list 2005-06-06 06:57:54 UTC (rev 1204) @@ -6115,7 +6115,8 @@ {DSA-689-1} - libapache2-mod-python 3.1.3-3 CAN-2005-0087 (The alsa-lib package in Red Hat Linux 4 disables stack protection for ...) - NOTE: debian does not have stack protection + NOTE: debian does not have stack protection, but it's fixed anyway since 1.0.9 + - alsa-lib 1.0.9-1 CAN-2005-0086 (Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 ...) NOTE: not-for-us (redhat specific less bug) CAN-2005-0085 (Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before ...) From jmm-guest@costa.debian.org Mon Jun 6 07:52:26 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Mon, 06 Jun 2005 07:52:26 +0000 Subject: [Secure-testing-commits] r1205 - sarge-checks/CAN Message-ID: Author: jmm-guest Date: 2005-06-06 07:52:24 +0000 (Mon, 06 Jun 2005) New Revision: 1205 Modified: sarge-checks/CAN/list Log: Two new issues already in the BTS. gforge is not affected by the viewFile.php vulnerability, as the code is question had already been removed some time before the advisory was posted. Modified: sarge-checks/CAN/list =================================================================== --- sarge-checks/CAN/list 2005-06-06 06:57:54 UTC (rev 1204) +++ sarge-checks/CAN/list 2005-06-06 07:52:24 UTC (rev 1205) @@ -1,3 +1,7 @@ +CAN-2005-XXXX [Directory traversal in zoo] + - zoo (unfixed; bug #306164) +CAN-2005-XXXX [Cross Site Scripting in websieve] + - websieve (unfixed; bug #311838) CAN-2005-XXXX [Information leak in fuse] NOTE: Fixed packages have already been prepared, pending upload and/or security team upload - fuse (unfixed; bug #311634) @@ -280,10 +284,9 @@ CAN-2005-XXXX [Minor DoS condition in mutt due to preditable tempfiles] - mutt (unfixed; bug #311296) CAN-2005-XXXX [gforge arbitrary code execution through viewFile.php] - NOTE: According to advisory posted to Bugtraq fixed in 3.1-30, however it's - NOTE: not mentioned in the changelog, so it's either a hidden fix or unfixed - TODO: Check back with maintainer - - gforge 3.1-30 + NOTE: viewFile.php has been removed along with other files in -26, so Debian is + NOTE: no longer affected. + - gforge 3.1-26 CAN-2005-XXXX [osh buffer overflow] - osh 1.7-13 CAN-2005-XXXX [xile buffer overrun in terminal code] From jmm-guest@costa.debian.org Mon Jun 6 12:09:37 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Mon, 06 Jun 2005 12:09:37 +0000 Subject: [Secure-testing-commits] r1206 - sarge-checks/CAN Message-ID: Author: jmm-guest Date: 2005-06-06 12:09:35 +0000 (Mon, 06 Jun 2005) New Revision: 1206 Modified: sarge-checks/CAN/list Log: fuse fixed. Modified: sarge-checks/CAN/list =================================================================== --- sarge-checks/CAN/list 2005-06-06 07:52:24 UTC (rev 1205) +++ sarge-checks/CAN/list 2005-06-06 12:09:35 UTC (rev 1206) @@ -4,7 +4,7 @@ - websieve (unfixed; bug #311838) CAN-2005-XXXX [Information leak in fuse] NOTE: Fixed packages have already been prepared, pending upload and/or security team upload - - fuse (unfixed; bug #311634) + - fuse 2.3.0-1 CAN-2005-1840 (Directory traversal vulnerability in class.layout_phpcms.php in phpCMS ...) NOTE: not-for-us (phpCMS) CAN-2005-1839 (Multiple SQL injection vulnerabilities in Liberum Help Desk 0.97.3 ...) From jmm-guest@costa.debian.org Tue Jun 7 08:47:41 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Tue, 07 Jun 2005 08:47:41 +0000 Subject: [Secure-testing-commits] r1207 - sarge-checks/CAN Message-ID: Author: jmm-guest Date: 2005-06-07 08:47:38 +0000 (Tue, 07 Jun 2005) New Revision: 1207 Modified: sarge-checks/CAN/list Log: fuse CANified, gnome-vfs2 fixed Modified: sarge-checks/CAN/list =================================================================== --- sarge-checks/CAN/list 2005-06-06 12:09:35 UTC (rev 1206) +++ sarge-checks/CAN/list 2005-06-07 08:47:38 UTC (rev 1207) @@ -1,3 +1,5 @@ +CAN-2005-1858 [Information leak in fuse due to insufficient clearing of memory] + - fuse 2.3.0-1 CAN-2005-XXXX [Directory traversal in zoo] - zoo (unfixed; bug #306164) CAN-2005-XXXX [Cross Site Scripting in websieve] @@ -2,5 +4,2 @@ - websieve (unfixed; bug #311838) -CAN-2005-XXXX [Information leak in fuse] - NOTE: Fixed packages have already been prepared, pending upload and/or security team upload - - fuse 2.3.0-1 CAN-2005-1840 (Directory traversal vulnerability in class.layout_phpcms.php in phpCMS ...) @@ -3810,7 +3809,7 @@ NOTE: not-for-us (Ipswitch Collaboration Suite) CAN-2005-0706 (Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a ...) NOTE: Sarge version does not install the module with the vulnerable code - NOTE: gnome-vfs2 is vulnerable in stable (1.9), 2.10 in experimental has been fixed + - gnome-vfs2 2.10.1-4 - grip 3.2.0-4 - libcdaudio 0.99.9-2.1 - gnome-vfs 1.0.5-5.1 From joeyh@costa.debian.org Tue Jun 7 09:14:35 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Tue, 07 Jun 2005 09:14:35 +0000 Subject: [Secure-testing-commits] r1208 - sarge-checks/CAN Message-ID: Author: joeyh Date: 2005-06-07 09:14:32 +0000 (Tue, 07 Jun 2005) New Revision: 1208 Modified: sarge-checks/CAN/list Log: automatic CAN database update Modified: sarge-checks/CAN/list =================================================================== --- sarge-checks/CAN/list 2005-06-07 08:47:38 UTC (rev 1207) +++ sarge-checks/CAN/list 2005-06-07 09:14:32 UTC (rev 1208) @@ -3809,7 +3809,7 @@ NOTE: not-for-us (Ipswitch Collaboration Suite) CAN-2005-0706 (Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a ...) NOTE: Sarge version does not install the module with the vulnerable code - - gnome-vfs2 2.10.1-4 + - gnome-vfs2 2.10.1-4 - grip 3.2.0-4 - libcdaudio 0.99.9-2.1 - gnome-vfs 1.0.5-5.1 From joeyh@costa.debian.org Wed Jun 8 09:14:24 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Wed, 08 Jun 2005 09:14:24 +0000 Subject: [Secure-testing-commits] r1209 - sarge-checks/CAN Message-ID: Author: joeyh Date: 2005-06-08 09:14:21 +0000 (Wed, 08 Jun 2005) New Revision: 1209 Modified: sarge-checks/CAN/list Log: automatic CAN database update Modified: sarge-checks/CAN/list =================================================================== --- sarge-checks/CAN/list 2005-06-07 09:14:32 UTC (rev 1208) +++ sarge-checks/CAN/list 2005-06-08 09:14:21 UTC (rev 1209) @@ -1,3 +1,47 @@ +CAN-2005-1863 + NOTE: reserved +CAN-2005-1862 + NOTE: reserved +CAN-2005-1861 + NOTE: reserved +CAN-2005-1860 + NOTE: reserved +CAN-2005-1859 + NOTE: reserved +CAN-2005-1857 + NOTE: reserved +CAN-2005-1856 + NOTE: reserved +CAN-2005-1855 + NOTE: reserved +CAN-2005-1854 + NOTE: reserved +CAN-2005-1853 + NOTE: reserved +CAN-2005-1852 + NOTE: reserved +CAN-2005-1851 + NOTE: reserved +CAN-2005-1850 + NOTE: reserved +CAN-2005-1849 + NOTE: reserved +CAN-2005-1848 + NOTE: reserved +CAN-2005-1847 (Multiple buffer overflows in YaMT before 0.5_2 allow attackers to ...) + TODO: check +CAN-2005-1846 (Multiple directory traversal vulnerabilities in YaMT before 0.5_2 ...) + TODO: check +CAN-2005-1845 + NOTE: reserved +CAN-2005-1844 + NOTE: reserved +CAN-2005-1843 + NOTE: reserved +CAN-2005-1842 + NOTE: reserved +CAN-2005-1841 + NOTE: reserved CAN-2005-1858 [Information leak in fuse due to insufficient clearing of memory] - fuse 2.3.0-1 CAN-2005-XXXX [Directory traversal in zoo] @@ -383,7 +427,7 @@ - mailscanner (unfixed; bug #310774) CAN-2005-1705 (gdb before 6.3 searches the current working directory to load the ...) - gdb 6.3-6 -CAN-2005-1704 (Integer overflow in the BFD library for gdb before 6.3 allows ...) +CAN-2005-1704 (Integer overflow in the Binary File Descriptor (BFD) library for gdb ...) - gdb 6.3-6 CAN-2005-1703 (Warrior Kings: Battles 1.23 and earlier allows remote attackers to ...) NOTE: not-for-us (Warrior Kings: Battles) @@ -416,7 +460,7 @@ NOTE: reserved CAN-2005-1689 NOTE: reserved -CAN-2005-1688 (Wordpress 1.5 and earlier allow remote attackers to obtain sensitive ...) +CAN-2005-1688 (Wordpress 1.5 and earlier allows remote attackers to obtain sensitive ...) NOTE: Removed from Sarge due to intransparent handling of security issues by upstream - wordpress 1.5.1-1 CAN-2005-1687 (SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and ...) @@ -2037,7 +2081,7 @@ CAN-2005-1335 (Unknown vulnerability in Mac OS X 10.3.9 allows local users to gain ...) NOTE: not-for-us (Mac OS X) CAN-2005-1334 - NOTE: reserved + NOTE: rejected CAN-2005-1333 (Directory traversal vulnerability in the Bluetooth file and object ...) NOTE: not-for-us (Mac OS X) CAN-2005-1332 (Bluetooth-enabled systems in Mac OS X 10.3.9 enables the Bluetooth ...) @@ -2345,7 +2389,7 @@ - xine-lib 1.0.1-1 CAN-2005-1194 (Stack-based buffer overflow in the ieee_putascii function for nasm ...) - nasm 0.98.38-1.2 -CAN-2005-1193 (The make_clickable function in bbcode.php for phpBB before 2.0.15 ...) +CAN-2005-1193 (The bbencode_second_pass and make_clickable functions in bbcode.php ...) - phpbb2 2.0.13+1-6 CAN-2005-1192 (Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and ...) NOTE: not-for-us (HP-UX) From jmm-guest@costa.debian.org Wed Jun 8 09:20:30 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Wed, 08 Jun 2005 09:20:30 +0000 Subject: [Secure-testing-commits] r1210 - sarge-checks/CAN Message-ID: Author: jmm-guest Date: 2005-06-08 09:20:28 +0000 (Wed, 08 Jun 2005) New Revision: 1210 Modified: sarge-checks/CAN/list Log: process latest CVE update Modified: sarge-checks/CAN/list =================================================================== --- sarge-checks/CAN/list 2005-06-08 09:14:21 UTC (rev 1209) +++ sarge-checks/CAN/list 2005-06-08 09:20:28 UTC (rev 1210) @@ -29,9 +29,9 @@ CAN-2005-1848 NOTE: reserved CAN-2005-1847 (Multiple buffer overflows in YaMT before 0.5_2 allow attackers to ...) - TODO: check + NOTE: not-for-us (YaMT) CAN-2005-1846 (Multiple directory traversal vulnerabilities in YaMT before 0.5_2 ...) - TODO: check + NOTE: not-for-us (YaMT) CAN-2005-1845 NOTE: reserved CAN-2005-1844 From jmm-guest@costa.debian.org Wed Jun 8 21:23:32 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Wed, 08 Jun 2005 21:23:32 +0000 Subject: [Secure-testing-commits] r1211 - sarge-checks/CAN Message-ID: Author: jmm-guest Date: 2005-06-08 21:23:29 +0000 (Wed, 08 Jun 2005) New Revision: 1211 Modified: sarge-checks/CAN/list Log: New kernel vulnerabilities. Modified: sarge-checks/CAN/list =================================================================== --- sarge-checks/CAN/list 2005-06-08 09:20:28 UTC (rev 1210) +++ sarge-checks/CAN/list 2005-06-08 21:23:29 UTC (rev 1211) @@ -2226,8 +2226,9 @@ NOTE: reserved CAN-2005-1266 NOTE: reserved -CAN-2005-1265 +CAN-2005-1265 [Invalid range checking for mmap() in the Linux kernel] NOTE: reserved + - kernel-source-2.6.8 (unfixed) CAN-2005-1264 [Local privilege escalation in the Linux kernel's raw ioctl] - kernel-source-2.6.8 2.6.8-15sarge1 - kernel-source-2.6.8 2.6.8-16 @@ -3619,8 +3620,9 @@ - gzip 1.3.5-10 CAN-2005-0757 (The xattr file system code, as backported in Red Hat Enterprise Linux ...) - kernel-source-2.4.27 (unfixed; bug #311164) -CAN-2005-0756 +CAN-2005-0756 [DoS through insufficient validation of addresses for ptrace() on amd64] NOTE: reserved + - kernel-source-2.6.8 (unfixed) CAN-2005-0755 (Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player ...) - helix-player 1.0.4-1 CAN-2005-0754 [Untrusted code execution in Kommander] From jmm-guest@costa.debian.org Thu Jun 9 09:01:35 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Thu, 09 Jun 2005 09:01:35 +0000 Subject: [Secure-testing-commits] r1212 - sarge-checks/CAN Message-ID: Author: jmm-guest Date: 2005-06-09 09:01:32 +0000 (Thu, 09 Jun 2005) New Revision: 1212 Modified: sarge-checks/CAN/list Log: new leafnode dos gedit fixed Modified: sarge-checks/CAN/list =================================================================== --- sarge-checks/CAN/list 2005-06-08 21:23:29 UTC (rev 1211) +++ sarge-checks/CAN/list 2005-06-09 09:01:32 UTC (rev 1212) @@ -1,3 +1,5 @@ +CAN-2005-XXXX [Minor DoS through malicous NNTP servers in leafnode's fetchnews] + - leafnode 1.11.3.rel-1 CAN-2005-1863 NOTE: reserved CAN-2005-1862 @@ -467,8 +469,8 @@ NOTE: Removed from Sarge due to intransparent handling of security issues by upstream - wordpress 1.5.1-1 CAN-2005-1686 (Format string vulnerability in gedit 2.10.2 may allow attackers to ...) - TODO: Affects experimental, check whether 2.8 from Sarge/sid is affected as well - - gedit (unfixed) + NOTE: Only exploitable under rare circumstances + - gedit 2.10.3-1 CAN-2005-1685 (episodex guestbook allows remote attackers to bypass authentication ...) NOTE: not-for-us (episodex) CAN-2005-1684 (Cross-site scripting (XSS) vulnerability in default.asp for episodex ...) From joeyh@costa.debian.org Thu Jun 9 09:14:22 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Thu, 09 Jun 2005 09:14:22 +0000 Subject: [Secure-testing-commits] r1213 - sarge-checks/CAN Message-ID: Author: joeyh Date: 2005-06-09 09:14:19 +0000 (Thu, 09 Jun 2005) New Revision: 1213 Modified: sarge-checks/CAN/list Log: automatic CAN database update Modified: sarge-checks/CAN/list =================================================================== --- sarge-checks/CAN/list 2005-06-09 09:01:32 UTC (rev 1212) +++ sarge-checks/CAN/list 2005-06-09 09:14:19 UTC (rev 1213) @@ -1,3 +1,141 @@ +CAN-2005-1930 + NOTE: reserved +CAN-2005-1929 + NOTE: reserved +CAN-2005-1928 + NOTE: reserved +CAN-2005-1927 + NOTE: reserved +CAN-2005-1926 + NOTE: reserved +CAN-2005-1925 + NOTE: reserved +CAN-2005-1924 + NOTE: reserved +CAN-2005-1923 + NOTE: reserved +CAN-2005-1922 + NOTE: reserved +CAN-2005-1921 + NOTE: reserved +CAN-2005-1920 + NOTE: reserved +CAN-2005-1919 + NOTE: reserved +CAN-2005-1918 + NOTE: reserved +CAN-2005-1917 + NOTE: reserved +CAN-2005-1916 + NOTE: reserved +CAN-2005-1915 + NOTE: reserved +CAN-2005-1914 + NOTE: reserved +CAN-2005-1913 + NOTE: reserved +CAN-2005-1912 + NOTE: reserved +CAN-2005-1911 (The fetchnews NNTP client in leafnode 1.11.2 and earlier can hang ...) + TODO: check +CAN-2005-1910 (SQL injection vulnerability in login.asp for WWWeb Concepts Events ...) + TODO: check +CAN-2005-1909 (The web server control panel in 602LAN SUITE 2004 allows remote ...) + TODO: check +CAN-2005-1908 (Perception LiteWeb allows remote attackers to bypass access controls ...) + TODO: check +CAN-2005-1907 (The ISA Firewall service in Microsoft Internet Security and ...) + TODO: check +CAN-2005-1906 (SQL injection vulnerability in login.asp in livingmailing 1.3 allows ...) + TODO: check +CAN-2005-1905 (The klif.sys driver in Kaspersky Labs Anti-Virus 5.0.227, 5.0.228, and ...) + TODO: check +CAN-2005-1904 (SQL injection vulnerability in login.asp in JiRo's Upload System (JUS) ...) + TODO: check +CAN-2005-1903 (Buffer overflow in the IMAP service for SPA-PRO Mail @Solomon 4.00 ...) + TODO: check +CAN-2005-1902 (Directory traversal vulnerability in the IMAP service for SPA-PRO Mail ...) + TODO: check +CAN-2005-1901 (Multiple cross-site scripting (XSS) vulnerabilities in Sawmill before ...) + TODO: check +CAN-2005-1900 (Multiple unknown vulnerabilities in Sawmill before 7.1.6 allow remote ...) + TODO: check +CAN-2005-1899 (Rakkarsoft RakNet network library 2.33 and earlier, when released ...) + TODO: check +CAN-2005-1898 (The passthrough functionality in phpThumb.php in phpThumb() before ...) + TODO: check +CAN-2005-1897 (Unknown vulnerability in FlexCast Audio Video Streaming Server before ...) + TODO: check +CAN-2005-1896 (Directory traversal vulnerability in thumb.php in FlatNuke 2.5.3 ...) + TODO: check +CAN-2005-1895 (Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.3 allows ...) + TODO: check +CAN-2005-1894 (Direct code injection vulnerability in FlatNuke 2.5.3 allows remote ...) + TODO: check +CAN-2005-1893 (FlatNuke 2.5.3 allows remote attackers to obtain sensitive information ...) + TODO: check +CAN-2005-1892 (FlatNuke 2.5.3 allows remote attackers to cause a denial of service or ...) + TODO: check +CAN-2005-1891 (The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM) 5.9.3797 ...) + TODO: check +CAN-2005-1890 (Unknown vulnerability in Mortiforo before 0.9.1 allows users to access ...) + TODO: check +CAN-2005-1889 (Unknown vulnerability in Sun ONE Application Server 6.5 SP1 ...) + TODO: check +CAN-2005-1888 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 ...) + TODO: check +CAN-2005-1887 (Unknown vulnerability in the Sun Solaris C library (libc and ...) + TODO: check +CAN-2005-1886 (Cross-site scripting (XSS) vulnerability in view.php in YaPiG 0.92b, ...) + TODO: check +CAN-2005-1885 (view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to ...) + TODO: check +CAN-2005-1884 (Directory traversal vulnerability in the (1) rmdir or (2) mkdir ...) + TODO: check +CAN-2005-1883 (global.php in YaPiG 0.92b allows remote attackers to include arbitrary ...) + TODO: check +CAN-2005-1882 (PHP remote code injection vulnerability in last_gallery.php in YaPiG ...) + TODO: check +CAN-2005-1881 (upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict ...) + TODO: check +CAN-2005-1880 (everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary ...) + TODO: check +CAN-2005-1879 (LutelWall 0.97 and earlier allows local users to overwrite arbitrary ...) + TODO: check +CAN-2005-1878 (GIPTables Firewall 1.1 and earlier allows local users to overwrite ...) + TODO: check +CAN-2005-1877 (Cross-site scripting (XSS) vulnerability in view_ticket.php in Lpanel ...) + TODO: check +CAN-2005-1876 (Direct code injection vulnerability in CuteNews 1.3.6 and earlier ...) + TODO: check +CAN-2005-1875 (Multiple SQL injection vulnerabilities in list.php in Exhibit Engine ...) + TODO: check +CAN-2005-1874 (Directory traversal vulnerability in Dzip before 2.9 allows remote ...) + TODO: check +CAN-2005-1873 (Multiple buffer overflows in Crob FTP 3.6.1, and possibly earlier ...) + TODO: check +CAN-2005-1872 (Buffer overflow in the administrative console in IBM WebSphere ...) + TODO: check +CAN-2005-1871 (Unknown vulnerability in the privilege system in Drupal 4.4.0 through ...) + TODO: check +CAN-2005-1870 (PHP remote code injection vulnerability in childwindow.inc.php in ...) + TODO: check +CAN-2005-1869 (PHP remote code injection vulnerability in start_lobby.php in MWChat ...) + TODO: check +CAN-2005-1868 (I-Man 0.9, and possibly earlier versions, allows remote attackers to ...) + TODO: check +CAN-2005-1867 (Symantec Brightmail AntiSpam before 6.0.2 has a hard-coded database ...) + TODO: check +CAN-2005-1866 (Cross-site scripting (XSS) vulnerability in calendar.php in Calendarix ...) + TODO: check +CAN-2005-1865 (Multiple SQL injection vulnerabilities in Calendarix Advanced 1.5 ...) + TODO: check +CAN-2005-1864 (PHP remote code injection vulnerability in cal_admintop.php in ...) + TODO: check +CAN-2003-1218 + NOTE: reserved +CAN-2003-1217 + NOTE: reserved CAN-2005-XXXX [Minor DoS through malicous NNTP servers in leafnode's fetchnews] - leafnode 1.11.3.rel-1 CAN-2005-1863 @@ -52,7 +190,7 @@ - websieve (unfixed; bug #311838) CAN-2005-1840 (Directory traversal vulnerability in class.layout_phpcms.php in phpCMS ...) NOTE: not-for-us (phpCMS) -CAN-2005-1839 (Multiple SQL injection vulnerabilities in Liberum Help Desk 0.97.3 ...) +CAN-2005-1839 (Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk ...) NOTE: not-for-us (Liberum) CAN-2005-1838 (Multiple cross-site scripting vulnerabilities in castnewPost.asp in ...) NOTE: not-for-us (Liberum) @@ -3634,7 +3772,7 @@ CAN-2005-0752 [PLUGINSPAGE privileged javascript execution in Firefox] - mozilla-firefox 1.0.3-1 CAN-2005-0751 - NOTE: reserved + NOTE: rejected CAN-2005-0750 [Linux kernel af_bluetooth range check flaw; possibly local root] - kernel-source-2.4.27-10 - kernel-source-2.6.8 2.6.8-16 @@ -5157,7 +5295,7 @@ NOTE: fix in -4 was broken - kdelibs 3.3.2-6 CAN-2005-0395 - NOTE: reserved + NOTE: rejected CAN-2005-0394 NOTE: reserved CAN-2005-0393 @@ -5861,7 +5999,7 @@ - kernel-source-2.6.8 2.6.8-14 - kernel-source-2.6.11 2.6.11-1 CAN-2005-0203 - NOTE: reserved + NOTE: rejected CAN-2005-0202 (Directory traversal vulnerability in the true_path function in ...) {DSA-674-1} - mailman 2.1.5-6 From jmm-guest@costa.debian.org Thu Jun 9 09:27:19 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Thu, 09 Jun 2005 09:27:19 +0000 Subject: [Secure-testing-commits] r1214 - sarge-checks/CAN Message-ID: Author: jmm-guest Date: 2005-06-09 09:27:16 +0000 (Thu, 09 Jun 2005) New Revision: 1214 Modified: sarge-checks/CAN/list Log: leafnode CANified in less than 15 mins claim block Modified: sarge-checks/CAN/list =================================================================== --- sarge-checks/CAN/list 2005-06-09 09:14:19 UTC (rev 1213) +++ sarge-checks/CAN/list 2005-06-09 09:27:16 UTC (rev 1214) @@ -36,8 +36,9 @@ NOTE: reserved CAN-2005-1912 NOTE: reserved +begin claimed by jmm CAN-2005-1911 (The fetchnews NNTP client in leafnode 1.11.2 and earlier can hang ...) - TODO: check + - leafnode 1.11.3.rel-1 CAN-2005-1910 (SQL injection vulnerability in login.asp for WWWeb Concepts Events ...) TODO: check CAN-2005-1909 (The web server control panel in 602LAN SUITE 2004 allows remote ...) @@ -132,12 +133,11 @@ TODO: check CAN-2005-1864 (PHP remote code injection vulnerability in cal_admintop.php in ...) TODO: check +end claimed by jmm CAN-2003-1218 NOTE: reserved CAN-2003-1217 NOTE: reserved -CAN-2005-XXXX [Minor DoS through malicous NNTP servers in leafnode's fetchnews] - - leafnode 1.11.3.rel-1 CAN-2005-1863 NOTE: reserved CAN-2005-1862 From jmm-guest@costa.debian.org Thu Jun 9 09:41:26 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Thu, 09 Jun 2005 09:41:26 +0000 Subject: [Secure-testing-commits] r1215 - sarge-checks/CAN Message-ID: Author: jmm-guest Date: 2005-06-09 09:41:24 +0000 (Thu, 09 Jun 2005) New Revision: 1215 Modified: sarge-checks/CAN/list Log: drupal CANified, the rest only not-for-us Modified: sarge-checks/CAN/list =================================================================== --- sarge-checks/CAN/list 2005-06-09 09:27:16 UTC (rev 1214) +++ sarge-checks/CAN/list 2005-06-09 09:41:24 UTC (rev 1215) @@ -36,104 +36,103 @@ NOTE: reserved CAN-2005-1912 NOTE: reserved -begin claimed by jmm CAN-2005-1911 (The fetchnews NNTP client in leafnode 1.11.2 and earlier can hang ...) - leafnode 1.11.3.rel-1 CAN-2005-1910 (SQL injection vulnerability in login.asp for WWWeb Concepts Events ...) - TODO: check + NOTE: not-for-us (WWWeb Concepts Events System) CAN-2005-1909 (The web server control panel in 602LAN SUITE 2004 allows remote ...) - TODO: check + NOTE: not-for-us (602LAN SUITE) CAN-2005-1908 (Perception LiteWeb allows remote attackers to bypass access controls ...) - TODO: check + NOTE: not-for-us (Perception LiteWeb) CAN-2005-1907 (The ISA Firewall service in Microsoft Internet Security and ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2005-1906 (SQL injection vulnerability in login.asp in livingmailing 1.3 allows ...) - TODO: check + NOTE: not-for-us (livingmailing) CAN-2005-1905 (The klif.sys driver in Kaspersky Labs Anti-Virus 5.0.227, 5.0.228, and ...) - TODO: check + NOTE: not-for-us (Kaspersky) CAN-2005-1904 (SQL injection vulnerability in login.asp in JiRo's Upload System (JUS) ...) - TODO: check + NOTE: not-for-us (JiRo's Upload Systems) CAN-2005-1903 (Buffer overflow in the IMAP service for SPA-PRO Mail @Solomon 4.00 ...) - TODO: check + NOTE: not-for-us (SPA-PRO Mail) CAN-2005-1902 (Directory traversal vulnerability in the IMAP service for SPA-PRO Mail ...) - TODO: check + NOTE: not-for-us (SPA-PRO Mail) CAN-2005-1901 (Multiple cross-site scripting (XSS) vulnerabilities in Sawmill before ...) - TODO: check + NOTE: not-for-us (Sawmill) CAN-2005-1900 (Multiple unknown vulnerabilities in Sawmill before 7.1.6 allow remote ...) - TODO: check + NOTE: not-for-us (Sawmill) CAN-2005-1899 (Rakkarsoft RakNet network library 2.33 and earlier, when released ...) - TODO: check + NOTE: not-for-us (RakNet) CAN-2005-1898 (The passthrough functionality in phpThumb.php in phpThumb() before ...) - TODO: check + NOTE: not-for-us (phpThumb) CAN-2005-1897 (Unknown vulnerability in FlexCast Audio Video Streaming Server before ...) - TODO: check + NOTE: not-for-us (FlexCast) CAN-2005-1896 (Directory traversal vulnerability in thumb.php in FlatNuke 2.5.3 ...) - TODO: check + NOTE: not-for-us (FlatNuke) CAN-2005-1895 (Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.3 allows ...) - TODO: check + NOTE: not-for-us (FlatNuke) CAN-2005-1894 (Direct code injection vulnerability in FlatNuke 2.5.3 allows remote ...) - TODO: check + NOTE: not-for-us (FlatNuke) CAN-2005-1893 (FlatNuke 2.5.3 allows remote attackers to obtain sensitive information ...) - TODO: check + NOTE: not-for-us (FlatNuke) CAN-2005-1892 (FlatNuke 2.5.3 allows remote attackers to cause a denial of service or ...) - TODO: check + NOTE: not-for-us (FlatNuke) CAN-2005-1891 (The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM) 5.9.3797 ...) - TODO: check + NOTE: not-for-us (AOL Instant Messenger) CAN-2005-1890 (Unknown vulnerability in Mortiforo before 0.9.1 allows users to access ...) - TODO: check + NOTE: not-for-us (Mortiforo) CAN-2005-1889 (Unknown vulnerability in Sun ONE Application Server 6.5 SP1 ...) - TODO: check + NOTE: not-for-us (Sun ONE) CAN-2005-1888 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 ...) - TODO: check + NOTE: not-for-us (MediaWiki not yet in Debian) + TODO: track ITP: #217571 CAN-2005-1887 (Unknown vulnerability in the Sun Solaris C library (libc and ...) - TODO: check + NOTE: not-for-us (Solaris) CAN-2005-1886 (Cross-site scripting (XSS) vulnerability in view.php in YaPiG 0.92b, ...) - TODO: check + NOTE: not-for-us (YaPiG) CAN-2005-1885 (view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to ...) - TODO: check + NOTE: not-for-us (YaPiG) CAN-2005-1884 (Directory traversal vulnerability in the (1) rmdir or (2) mkdir ...) - TODO: check + NOTE: not-for-us (YaPiG) CAN-2005-1883 (global.php in YaPiG 0.92b allows remote attackers to include arbitrary ...) - TODO: check + NOTE: not-for-us (YaPiG) CAN-2005-1882 (PHP remote code injection vulnerability in last_gallery.php in YaPiG ...) - TODO: check + NOTE: not-for-us (YaPiG) CAN-2005-1881 (upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict ...) - TODO: check + NOTE: not-for-us (YaPiG) CAN-2005-1880 (everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary ...) - TODO: check + NOTE: not-for-us (everybuddy) CAN-2005-1879 (LutelWall 0.97 and earlier allows local users to overwrite arbitrary ...) - TODO: check + NOTE: not-for-us (LutelWall) CAN-2005-1878 (GIPTables Firewall 1.1 and earlier allows local users to overwrite ...) - TODO: check + NOTE: not-for-us (GIPTables) CAN-2005-1877 (Cross-site scripting (XSS) vulnerability in view_ticket.php in Lpanel ...) - TODO: check + NOTE: not-for-us (Lpanel) CAN-2005-1876 (Direct code injection vulnerability in CuteNews 1.3.6 and earlier ...) - TODO: check + NOTE: not-for-us (CuteNews) CAN-2005-1875 (Multiple SQL injection vulnerabilities in list.php in Exhibit Engine ...) - TODO: check + NOTE: not-for-us (Exhibit Engine) CAN-2005-1874 (Directory traversal vulnerability in Dzip before 2.9 allows remote ...) - TODO: check + NOTE: not-for-us (Dzip) CAN-2005-1873 (Multiple buffer overflows in Crob FTP 3.6.1, and possibly earlier ...) - TODO: check + NOTE: not-for-us (Crob) CAN-2005-1872 (Buffer overflow in the administrative console in IBM WebSphere ...) - TODO: check + NOTE: not-for-us (WebSphere) CAN-2005-1871 (Unknown vulnerability in the privilege system in Drupal 4.4.0 through ...) - TODO: check + - drupal 4.5.3-1 CAN-2005-1870 (PHP remote code injection vulnerability in childwindow.inc.php in ...) - TODO: check + NOTE: not-for-us (Popper) CAN-2005-1869 (PHP remote code injection vulnerability in start_lobby.php in MWChat ...) - TODO: check + NOTE: not-for-us (MWChat) CAN-2005-1868 (I-Man 0.9, and possibly earlier versions, allows remote attackers to ...) - TODO: check + NOTE: not-for-us (I-Man) CAN-2005-1867 (Symantec Brightmail AntiSpam before 6.0.2 has a hard-coded database ...) - TODO: check + NOTE: not-for-us (Symantec) CAN-2005-1866 (Cross-site scripting (XSS) vulnerability in calendar.php in Calendarix ...) - TODO: check + NOTE: not-for-us (Calendarix) CAN-2005-1865 (Multiple SQL injection vulnerabilities in Calendarix Advanced 1.5 ...) - TODO: check + NOTE: not-for-us (Calendarix) CAN-2005-1864 (PHP remote code injection vulnerability in cal_admintop.php in ...) - TODO: check -end claimed by jmm + NOTE: not-for-us (Calendarix) CAN-2003-1218 NOTE: reserved CAN-2003-1217 @@ -247,8 +246,6 @@ NOTE: not-for-us (FutureSoft TFTP Server) CAN-2005-1812 (Multiple stack-based buffer overflows in FutureSoft TFTP Server ...) NOTE: not-for-us (FutureSoft TFTP Server) -CAN-2005-XXXX [Privilege escalation in Drupal] - - drupal 4.5.3-1 CAN-2005-1811 (Cross-site scripting (XSS) vulnerability in usercp.php for ...) NOTE: not-for-us (MyBB) CAN-2005-1810 (SQL injection vulnerability in template-functions-category.php in ...) From jmm-guest@costa.debian.org Thu Jun 9 22:22:59 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Thu, 09 Jun 2005 22:22:59 +0000 Subject: [Secure-testing-commits] r1216 - sarge-checks/CAN Message-ID: Author: jmm-guest Date: 2005-06-09 22:22:57 +0000 (Thu, 09 Jun 2005) New Revision: 1216 Modified: sarge-checks/CAN/list Log: Several sparsely documented amd64 specific kernel issues. Modified: sarge-checks/CAN/list =================================================================== --- sarge-checks/CAN/list 2005-06-09 09:41:24 UTC (rev 1215) +++ sarge-checks/CAN/list 2005-06-09 22:22:57 UTC (rev 1216) @@ -1,3 +1,5 @@ +CAN-2005-XXXX [Local privilege escalation through insufficient DRM range checks] + - kernel-source-2.6.8 (unfixed) CAN-2005-1930 NOTE: reserved CAN-2005-1929 @@ -339,14 +341,18 @@ NOTE: reserved CAN-2005-1766 NOTE: reserved -CAN-2005-1765 +CAN-2005-1765 [Unspecified DoS vulnerability on amd64] NOTE: reserved -CAN-2005-1764 + - kernel-source-2.6.8 (unfixed) +CAN-2005-1764 [Unspecified DoS vulnerability on amd64] NOTE: reserved -CAN-2005-1763 + - kernel-source-2.6.8 (unfixed) +CAN-2005-1763 [Unprivileged write into kernel memory on amd64] NOTE: reserved -CAN-2005-1762 + - kernel-source-2.6.8 (unfixed) +CAN-2005-1762 [Unspecified DoS vulnerability on amd64] NOTE: reserved + - kernel-source-2.6.8 (unfixed) CAN-2005-1761 NOTE: reserved CAN-2005-1760 From jmm-guest@costa.debian.org Fri Jun 10 12:46:00 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Fri, 10 Jun 2005 12:46:00 +0000 Subject: [Secure-testing-commits] r1217 - sarge-checks/CAN Message-ID: Author: jmm-guest Date: 2005-06-10 12:45:57 +0000 (Fri, 10 Jun 2005) New Revision: 1217 Modified: sarge-checks/CAN/list Log: Multiple issues in strace Modified: sarge-checks/CAN/list =================================================================== --- sarge-checks/CAN/list 2005-06-09 22:22:57 UTC (rev 1216) +++ sarge-checks/CAN/list 2005-06-10 12:45:57 UTC (rev 1217) @@ -1,3 +1,7 @@ +CAN-2005-XXXX [Multiple buffer and integer overflows in strace] + NOTE: For full details download the sources and see the changelog entry + NOTE: from 2005-05-31 Dmitry V. Levin + - strace 4.5.12-1 CAN-2005-XXXX [Local privilege escalation through insufficient DRM range checks] - kernel-source-2.6.8 (unfixed) CAN-2005-1930 From jmm-guest@costa.debian.org Fri Jun 10 13:20:07 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Fri, 10 Jun 2005 13:20:07 +0000 Subject: [Secure-testing-commits] r1218 - sarge-checks/CAN Message-ID: Author: jmm-guest Date: 2005-06-10 13:20:05 +0000 (Fri, 10 Jun 2005) New Revision: 1218 Modified: sarge-checks/CAN/list Log: Mozillae vulnerable to frame injection again Modified: sarge-checks/CAN/list =================================================================== --- sarge-checks/CAN/list 2005-06-10 12:45:57 UTC (rev 1217) +++ sarge-checks/CAN/list 2005-06-10 13:20:05 UTC (rev 1218) @@ -8058,8 +8058,11 @@ CAN-2004-0719 (Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, ...) NOTE: not-fos-us (Microsoft) CAN-2004-0718 (The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) ...) - - mozilla 1.6 - - mozilla-firefox 0.8 + NOTE: This has been fixed in mozilla-firefox 0.8 and mozilla 1.6, but recent + NOTE: upstream versions became vulnerable again, see + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=296850 + - mozilla (unfixed) + - mozilla-firefox 1.0.4-3 CAN-2004-0717 (Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a ...) NOTE: not-for-us (opera 7.50) CAN-2004-0716 (Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper ...) From jmm-guest@costa.debian.org Fri Jun 10 22:32:19 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Fri, 10 Jun 2005 22:32:19 +0000 Subject: [Secure-testing-commits] r1219 - sarge-checks/CAN Message-ID: Author: jmm-guest Date: 2005-06-10 22:32:16 +0000 (Fri, 10 Jun 2005) New Revision: 1219 Modified: sarge-checks/CAN/list Log: two new gaim dos Modified: sarge-checks/CAN/list =================================================================== --- sarge-checks/CAN/list 2005-06-10 13:20:05 UTC (rev 1218) +++ sarge-checks/CAN/list 2005-06-10 22:32:16 UTC (rev 1219) @@ -1,3 +1,5 @@ +CAN-2005-1934 [Unspecified gaim DoS vulnerability] + - gaim 1:1.3.1-1 CAN-2005-XXXX [Multiple buffer and integer overflows in strace] NOTE: For full details download the sources and see the changelog entry NOTE: from 2005-05-31 Dmitry V. Levin @@ -2365,8 +2367,9 @@ - apache 1.3.31-1 CAN-2005-XXXX [Unspecified buffer overflow in Convert::UUlib perl module] - libconvert-uulib-perl 1.0.5.1-1 -CAN-2005-1269 +CAN-2005-1269 [Unspecified gaim DoS vulnerability] NOTE: reserved + - gaim 1:1.3.1-1 CAN-2005-1268 NOTE: reserved CAN-2005-1267 From joeyh@costa.debian.org Sat Jun 11 01:04:56 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Sat, 11 Jun 2005 01:04:56 +0000 Subject: [Secure-testing-commits] r1220 - / data Message-ID: Author: joeyh Date: 2005-06-11 01:04:55 +0000 (Sat, 11 Jun 2005) New Revision: 1220 Added: data/ Removed: sarge-checks/ Modified: data/checklist Log: Rename sarge-checks data to something not specific to sarge, since we're working on etch now. Sorry for the probable annoyance, but it had to be done. Also, my cron jobs have been updated to use this directory and to check against testing, not sarge. Copied: data (from rev 1219, sarge-checks) Modified: data/checklist =================================================================== --- sarge-checks/checklist 2005-06-10 22:32:16 UTC (rev 1219) +++ data/checklist 2005-06-11 01:04:55 UTC (rev 1220) @@ -194,7 +194,7 @@ } print "
\n"; print "Total number of kernel image packages not up to date: $need_rebuild
\n"; - print "Number of TODO lines in records: $todos
\n"; + print "Number of TODO lines in records: $todos
\n"; print "Maintained by the testing security team
\n"; print "Last update: ".`date`."
\n"; print "\n"; From joeyh@costa.debian.org Sat Jun 11 01:16:52 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Sat, 11 Jun 2005 01:16:52 +0000 Subject: [Secure-testing-commits] r1221 - data/CAN Message-ID: Author: joeyh Date: 2005-06-11 01:16:49 +0000 (Sat, 11 Jun 2005) New Revision: 1221 Modified: data/CAN/list Log: zoo fixed a while ago Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-11 01:04:55 UTC (rev 1220) +++ data/CAN/list 2005-06-11 01:16:49 UTC (rev 1221) @@ -192,7 +192,7 @@ CAN-2005-1858 [Information leak in fuse due to insufficient clearing of memory] - fuse 2.3.0-1 CAN-2005-XXXX [Directory traversal in zoo] - - zoo (unfixed; bug #306164) + - zoo 4.4-3 CAN-2005-XXXX [Cross Site Scripting in websieve] - websieve (unfixed; bug #311838) CAN-2005-1840 (Directory traversal vulnerability in class.layout_phpcms.php in phpCMS ...) From joeyh@costa.debian.org Sat Jun 11 01:17:58 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Sat, 11 Jun 2005 01:17:58 +0000 Subject: [Secure-testing-commits] r1222 - data Message-ID: Author: joeyh Date: 2005-06-11 01:17:57 +0000 (Sat, 11 Jun 2005) New Revision: 1222 Modified: data/checklist Log: 2.6.11 (or later of course) will be the kernel for etch Modified: data/checklist =================================================================== --- data/checklist 2005-06-11 01:16:49 UTC (rev 1221) +++ data/checklist 2005-06-11 01:17:57 UTC (rev 1222) @@ -19,7 +19,7 @@ my %data; -my %needkernel=qw/2.4.27 0 2.6.8 0/; +my %needkernel=qw/2.4.27 0 2.6.11 0/; my $list_unknown=1; #set to 1 to display kernel images with unknown source version my $sources=$ENV{SOURCES_FILE}; my $need_rebuild=0; From joeyh@costa.debian.org Sat Jun 11 01:33:42 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Sat, 11 Jun 2005 01:33:42 +0000 Subject: [Secure-testing-commits] r1223 - data/CAN Message-ID: Author: joeyh Date: 2005-06-11 01:33:38 +0000 (Sat, 11 Jun 2005) New Revision: 1223 Modified: data/CAN/list Log: various fixed holes Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-11 01:17:57 UTC (rev 1222) +++ data/CAN/list 2005-06-11 01:33:38 UTC (rev 1223) @@ -372,7 +372,7 @@ CAN-2005-1756 NOTE: reserved CAN-2005-1751 (Race condition in shtool 2.0.1 and earlier allows local users to ...) - - shtool (unfixed; bug #311206) + - shtool 2.0.1-2 CAN-2004-2136 (dm-crypt on Linux kernel 2.6.x, when used on certain file systems ...) NOTE: This looks like a minor issue, the paper is from Feb 2004, check whether this still applies TODO: check, whether this still applies @@ -904,7 +904,7 @@ CAN-2005-XXXX [clamav: DoS through multiple empty Content-Disposition header lines] - clamav 0.85.1-1 CAN-2005-XXXX [libxpm4: new s_popen() function is insecure garbage] - - libxpm4 (unfixed; bug #308783) + - libxpm4 4.3.0.dfsg.1-14 CAN-2005-1589 [Local privilege escalation in the Linux kernel's pktcdvd ioctl] NOTE: According to Horms from kernel team 2.6.8 not affected - kernel-source-2.6.11 2.6.11-5 @@ -7613,7 +7613,7 @@ NOTE: but lesstif2 did get fixed for this hole.. - lesstif2 1_0.93.94-11.2 NOTE: openmotif is non-free - - openmotif (unfixed; bug #308819) + - openmotif 2.2.3-1.1 CAN-2004-0913 (Unknown vulnerability in ecartis 0.x before ...) {DSA-572-1} - squid 2.5.6-9 From joeyh@costa.debian.org Mon Jun 13 09:14:21 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Mon, 13 Jun 2005 09:14:21 +0000 Subject: [Secure-testing-commits] r1224 - data/CAN Message-ID: Author: joeyh Date: 2005-06-13 09:14:18 +0000 (Mon, 13 Jun 2005) New Revision: 1224 Modified: data/CAN/list Log: automatic CAN database update Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-11 01:33:38 UTC (rev 1223) +++ data/CAN/list 2005-06-13 09:14:18 UTC (rev 1224) @@ -1,3 +1,9 @@ +CAN-2005-1936 (Unknown vulnerability in the web server for the ESS/ Network ...) + TODO: check +CAN-2005-1935 (Heap-based buffer overflow in the BERDecBitString function in ...) + TODO: check +CAN-2005-1933 (Dashboard in Apple Mac OS X Tiger 10.4 allows attackers to execute ...) + TODO: check CAN-2005-1934 [Unspecified gaim DoS vulnerability] - gaim 1:1.3.1-1 CAN-2005-XXXX [Multiple buffer and integer overflows in strace] @@ -66,7 +72,7 @@ NOTE: not-for-us (SPA-PRO Mail) CAN-2005-1901 (Multiple cross-site scripting (XSS) vulnerabilities in Sawmill before ...) NOTE: not-for-us (Sawmill) -CAN-2005-1900 (Multiple unknown vulnerabilities in Sawmill before 7.1.6 allow remote ...) +CAN-2005-1900 (Sawmill before 7.1.6 allows remote attackers to bypass authentication ...) NOTE: not-for-us (Sawmill) CAN-2005-1899 (Rakkarsoft RakNet network library 2.33 and earlier, when released ...) NOTE: not-for-us (RakNet) @@ -1884,12 +1890,12 @@ TODO: check mozilla too CAN-2005-1475 NOTE: reserved -CAN-2005-1474 - NOTE: reserved -CAN-2005-1473 - NOTE: reserved -CAN-2005-1472 - NOTE: reserved +CAN-2005-1474 (Dashboard in Apple Mac OS X 10.4.1 allows remote attackers to install ...) + TODO: check +CAN-2005-1473 (SecurityAgent in Apple Mac OS X 10.4.1 allows attackers with physical ...) + TODO: check +CAN-2005-1472 (Certain system calls in Apple Mac OS X 10.4.1 do not properly enforce ...) + TODO: check CAN-2005-1471 (Heap-based buffer overflow in RSA SecurID Web Agent 5, 5.2, and 5.3 ...) NOTE: not-for-us (RSA SecurID Web Agent) CAn-2005-XXXX [race condition with a buffered temp file] @@ -6157,8 +6163,8 @@ NOTE: reserved CAN-2005-0152 (PHP remote code injection vulnerability in Squirrelmail 1.2.6 allows ...) {DSA-662-1} -CAN-2005-0151 - NOTE: reserved +CAN-2005-0151 (Unknown vulnerability in the installation of Adobe License Management ...) + TODO: check CAN-2005-0150 (Firefox before 1.0 allows the user to store a (1) javascript: or (2) ...) - mozilla-firefox 1.0 CAN-2005-0149 (Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not ...) From jmm-guest@costa.debian.org Mon Jun 13 09:49:02 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Mon, 13 Jun 2005 09:49:02 +0000 Subject: [Secure-testing-commits] r1225 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-13 09:49:00 +0000 (Mon, 13 Jun 2005) New Revision: 1225 Modified: data/CAN/list Log: Several not-for-us Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-13 09:14:18 UTC (rev 1224) +++ data/CAN/list 2005-06-13 09:49:00 UTC (rev 1225) @@ -1,9 +1,9 @@ CAN-2005-1936 (Unknown vulnerability in the web server for the ESS/ Network ...) - TODO: check + NOTE: not-for-us (Xerox hardware issue) CAN-2005-1935 (Heap-based buffer overflow in the BERDecBitString function in ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2005-1933 (Dashboard in Apple Mac OS X Tiger 10.4 allows attackers to execute ...) - TODO: check + NOTE: not-for-us (Apple) CAN-2005-1934 [Unspecified gaim DoS vulnerability] - gaim 1:1.3.1-1 CAN-2005-XXXX [Multiple buffer and integer overflows in strace] @@ -1891,11 +1891,11 @@ CAN-2005-1475 NOTE: reserved CAN-2005-1474 (Dashboard in Apple Mac OS X 10.4.1 allows remote attackers to install ...) - TODO: check + NOTE: not-for-us (Apple) CAN-2005-1473 (SecurityAgent in Apple Mac OS X 10.4.1 allows attackers with physical ...) - TODO: check + NOTE: not-for-us (Apple) CAN-2005-1472 (Certain system calls in Apple Mac OS X 10.4.1 do not properly enforce ...) - TODO: check + NOTE: not-for-us (Apple) CAN-2005-1471 (Heap-based buffer overflow in RSA SecurID Web Agent 5, 5.2, and 5.3 ...) NOTE: not-for-us (RSA SecurID Web Agent) CAn-2005-XXXX [race condition with a buffered temp file] @@ -6164,7 +6164,7 @@ CAN-2005-0152 (PHP remote code injection vulnerability in Squirrelmail 1.2.6 allows ...) {DSA-662-1} CAN-2005-0151 (Unknown vulnerability in the installation of Adobe License Management ...) - TODO: check + NOTE: not-for-us (Adobe License Management Software) CAN-2005-0150 (Firefox before 1.0 allows the user to store a (1) javascript: or (2) ...) - mozilla-firefox 1.0 CAN-2005-0149 (Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not ...) From joeyh@costa.debian.org Wed Jun 15 09:14:22 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Wed, 15 Jun 2005 09:14:22 +0000 Subject: [Secure-testing-commits] r1226 - data/CAN Message-ID: Author: joeyh Date: 2005-06-15 09:14:19 +0000 (Wed, 15 Jun 2005) New Revision: 1226 Modified: data/CAN/list Log: automatic CAN database update Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-13 09:49:00 UTC (rev 1225) +++ data/CAN/list 2005-06-15 09:14:19 UTC (rev 1226) @@ -1,3 +1,83 @@ +CAN-2005-1975 (Multiple cross-site scripting (XSS) vulnerabilities in Annuaire 1Two ...) + TODO: check +CAN-2005-1974 (Unknown vulnerability in Java 2 Platform, Standard Edition (J2SE) 5.0 ...) + TODO: check +CAN-2005-1973 (Java Web Start in Java 2 Platform Standard Edition (J2SE) 5.0 and 5.0 ...) + TODO: check +CAN-2005-1972 (Multiple SQL injection vulnerabilities in InteractivePHP FusionBB .11 ...) + TODO: check +CAN-2005-1971 (Directory traversal vulnerability in InteractivePHP FusionBB .11 Beta ...) + TODO: check +CAN-2005-1970 (Symantec pcAnywhere 10.5x and 11.x before 11.5, with "Launch with ...) + TODO: check +CAN-2005-1969 (Cross-site scripting (XSS) vulnerability in Pragma Systems ...) + TODO: check +CAN-2005-1968 (Cross-site scripting (XSS) vulnerability in ProductCart Ecommerce ...) + TODO: check +CAN-2005-1967 (Multiple SQL injection vulnerabilities in ProductCart Ecommerce before ...) + TODO: check +CAN-2005-1966 (The eTrace_validaddr function in eTrace plugin for e107 portal allows ...) + TODO: check +CAN-2005-1965 (PHP remote code injection vulnerability in siteframe.php for Broadpool ...) + TODO: check +CAN-2005-1964 (PHP remote code injection vulnerability in utilit.php for Ovidentia ...) + TODO: check +CAN-2005-1963 (Cerberus Helpdesk 0.97.3 allows remote attackers to obtain sensitive ...) + TODO: check +CAN-2005-1962 (Cross-site scripting (XSS) vulnerability in Cerberus Helpdesk 0.97.3 ...) + TODO: check +CAN-2005-1961 (Unknown vulnerability in ObjectWeb Consortium C-JDBC before 1.3.1 ...) + TODO: check +CAN-2005-1960 (The getemails function in C.J. Steele Tattle allows remote attackers ...) + TODO: check +CAN-2005-1959 (jammail.pl in jamchen JamMail 1.8 allows remote attackers to execute ...) + TODO: check +CAN-2005-1958 (Backup Manager 0.5.7 and earlier creates archives with insecure ...) + TODO: check +CAN-2005-1957 (File Upload Manager does not properly check user authentication for ...) + TODO: check +CAN-2005-1956 (File Upload Manager allows remote attackers to upload arbitrary files ...) + TODO: check +CAN-2005-1955 (Cross-site scripting (XSS) vulnerability in index.php in singapore ...) + TODO: check +CAN-2005-1954 (singapore 0.9.11 allows remote attackers to obtain sensitive ...) + TODO: check +CAN-2005-1953 (Heap-based buffer overflow in the CGI extension for Pico Server ...) + TODO: check +CAN-2005-1952 (Directory traversal vulnerability in Pico Server (pServ) 3.3 allows ...) + TODO: check +CAN-2005-1951 (Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 ...) + TODO: check +CAN-2005-1950 (hints.pl in Webhints 1.03 allows remote attackers to execute arbitrary ...) + TODO: check +CAN-2005-1949 (The eping_validaddr function in functions.php for the eping plugin for ...) + TODO: check +CAN-2005-1948 (Multiple SQL injection vulnerabilities in Invision Gallery before ...) + TODO: check +CAN-2005-1947 (Cross-site request forgery (CSRF) vulnerability in Invision Gallery ...) + TODO: check +CAN-2005-1946 (Multiple SQL injection vulnerabilities in Invision Blog before 1.1.2 ...) + TODO: check +CAN-2005-1945 (Cross-site scripting (XSS) vulnerability in the convert_highlite_words ...) + TODO: check +CAN-2005-1944 (xmysqladmin 1.0 and earlier allows local users to delete arbitrary ...) + TODO: check +CAN-2005-1943 (Multiple SQL injection vulnerabilities in Loki download manager 2.0 ...) + TODO: check +CAN-2005-1942 (Cisco switches that support 802.1x security allow remote attackers to ...) + TODO: check +CAN-2005-1941 (SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) ...) + TODO: check +CAN-2005-1940 + NOTE: reserved +CAN-2005-1939 + NOTE: reserved +CAN-2005-1938 + NOTE: reserved +CAN-2005-1937 (A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote ...) + TODO: check +CAN-2004-2137 (Outlook Express 6.0, when sending multipart e-mail messages using the ...) + TODO: check CAN-2005-1936 (Unknown vulnerability in the web server for the ESS/ Network ...) NOTE: not-for-us (Xerox hardware issue) CAN-2005-1935 (Heap-based buffer overflow in the BERDecBitString function in ...) @@ -360,23 +440,22 @@ NOTE: reserved - kernel-source-2.6.8 (unfixed) CAN-2005-1763 [Unprivileged write into kernel memory on amd64] - NOTE: reserved - kernel-source-2.6.8 (unfixed) CAN-2005-1762 [Unspecified DoS vulnerability on amd64] NOTE: reserved - kernel-source-2.6.8 (unfixed) CAN-2005-1761 NOTE: reserved -CAN-2005-1760 - NOTE: reserved +CAN-2005-1760 (sysreport 1.3.15 and earlier includes contents of the up2date file in ...) + TODO: check CAN-2005-1759 NOTE: reserved -CAN-2005-1758 - NOTE: reserved -CAN-2005-1757 - NOTE: reserved -CAN-2005-1756 - NOTE: reserved +CAN-2005-1758 (Buffer overflow in the IMAP command continuation function in Novell ...) + TODO: check +CAN-2005-1757 (Buffer overflow in the Modweb agent for Novell NetMail 3.52 before ...) + TODO: check +CAN-2005-1756 (Cross-site scripting (XSS) vulnerability in the ModWeb agent for ...) + TODO: check CAN-2005-1751 (Race condition in shtool 2.0.1 and earlier allows local users to ...) - shtool 2.0.1-2 CAN-2004-2136 (dm-crypt on Linux kernel 2.6.x, when used on certain file systems ...) @@ -533,24 +612,24 @@ NOTE: reserved CAN-2005-1729 NOTE: reserved -CAN-2005-1728 - NOTE: reserved -CAN-2005-1727 - NOTE: reserved +CAN-2005-1728 (MCX Client for Apple Mac OS X 10.4.x up to 10.4.1 insecurely logs ...) + TODO: check +CAN-2005-1727 (Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and ...) + TODO: check CAN-2005-1726 NOTE: reserved -CAN-2005-1725 - NOTE: reserved -CAN-2005-1724 - NOTE: reserved -CAN-2005-1723 - NOTE: reserved -CAN-2005-1722 - NOTE: reserved -CAN-2005-1721 - NOTE: reserved -CAN-2005-1720 - NOTE: reserved +CAN-2005-1725 (launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local users ...) + TODO: check +CAN-2005-1724 (NFS on Apple Mac OS X 10.4.x up to 10.4.1 does not properly obey the ...) + TODO: check +CAN-2005-1723 (LaunchServices in Apple Mac OS X 10.4.x up to 10.4.1 does not properly ...) + TODO: check +CAN-2005-1722 (Unknown vulnerability in the CoreGraphics Window Server for Mac OS X ...) + TODO: check +CAN-2005-1721 (Buffer overflow in the legacy client support for AFP Server for Mac OS ...) + TODO: check +CAN-2005-1720 (AFP Server for Mac OS X 10.4.1, when using an ACL enabled volume, does ...) + TODO: check CAN-2005-1719 (Unknown vulnerability in ALWIL avast! antivirus 4 (4.6.6230) and ...) NOTE: not-for-us (avast! antivirus) CAN-2005-1718 (Buffer overflow in LS Games War Times 1.03 and earlier allows remote ...) @@ -1953,9 +2032,9 @@ - ethereal 0.10.10-2sarge2 CAN-2005-1456 (Multiple unknown vulnerabilities in the (1) DHCP and (2) Telnet ...) - ethereal 0.10.10-2sarge2 -CAN-2005-1455 (Buffer overflow in the sql_escape_func function in FreeRADIUS 1.0.2 ...) +CAN-2005-1455 (Buffer overflow in the sql_escape_func function in the SQL module for ...) - freeradius 1.0.2-4 -CAN-2005-1454 (SQL injection vulnerability in the radius_xlat function in FreeRADIUS ...) +CAN-2005-1454 (SQL injection vulnerability in the radius_xlat function in the SQL ...) - freeradius 1.0.2-4 CAN-2005-1453 (fetchnews in leafnode 1.9.48 to 1.11.1 allows remote NNTP servers to ...) - leafnode 1.11.2.rel-1 @@ -2374,7 +2453,6 @@ CAN-2005-XXXX [Unspecified buffer overflow in Convert::UUlib perl module] - libconvert-uulib-perl 1.0.5.1-1 CAN-2005-1269 [Unspecified gaim DoS vulnerability] - NOTE: reserved - gaim 1:1.3.1-1 CAN-2005-1268 NOTE: reserved @@ -2383,7 +2461,6 @@ CAN-2005-1266 NOTE: reserved CAN-2005-1265 [Invalid range checking for mmap() in the Linux kernel] - NOTE: reserved - kernel-source-2.6.8 (unfixed) CAN-2005-1264 [Local privilege escalation in the Linux kernel's raw ioctl] - kernel-source-2.6.8 2.6.8-15sarge1 @@ -2493,30 +2570,30 @@ NOTE: reserved CAN-2005-1217 NOTE: reserved -CAN-2005-1216 - NOTE: reserved -CAN-2005-1215 - NOTE: reserved -CAN-2005-1214 - NOTE: reserved -CAN-2005-1213 - NOTE: reserved -CAN-2005-1212 - NOTE: reserved -CAN-2005-1211 - NOTE: reserved +CAN-2005-1216 (Microsoft ISA Server 2000 allows remote attackers to connect to ...) + TODO: check +CAN-2005-1215 (Microsoft ISA Server 2000 allows remote attackers to poison the ISA ...) + TODO: check +CAN-2005-1214 (Microsoft Agent allows remote attackers to spoof trusted Internet ...) + TODO: check +CAN-2005-1213 (Stack-based buffer overflow in the news reader for Microsoft Outlook ...) + TODO: check +CAN-2005-1212 (Buffer overflow in Microsoft Step-by-Step Interactive Training ...) + TODO: check +CAN-2005-1211 (Buffer overflow in the PNG image rendering component of Microsoft ...) + TODO: check CAN-2005-1210 NOTE: reserved CAN-2005-1209 NOTE: reserved -CAN-2005-1208 - NOTE: reserved -CAN-2005-1207 - NOTE: reserved -CAN-2005-1206 - NOTE: reserved -CAN-2005-1205 - NOTE: reserved +CAN-2005-1208 (Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, ...) + TODO: check +CAN-2005-1207 (Buffer overflow in the Web Client service in Microsoft Windows XP and ...) + TODO: check +CAN-2005-1206 (Buffer overflow in the Server Message Block (SMB) functionality for ...) + TODO: check +CAN-2005-1205 (The Telnet client for Microsoft Windows XP, Windows Server 2003, and ...) + TODO: check CAN-2002-1657 (PostgreSQL uses the username for a salt when generating passwords, ...) NOTE: This is not a real world problem; it's only applicable in rare circurstances NOTE: like someone analysing stolen user database information and even then the gain @@ -3777,7 +3854,6 @@ CAN-2005-0757 (The xattr file system code, as backported in Red Hat Enterprise Linux ...) - kernel-source-2.4.27 (unfixed; bug #311164) CAN-2005-0756 [DoS through insufficient validation of addresses for ptrace() on amd64] - NOTE: reserved - kernel-source-2.6.8 (unfixed) CAN-2005-0755 (Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player ...) - helix-player 1.0.4-1 @@ -4380,8 +4456,8 @@ NOTE: not-for-us (phpWebSite) CAN-2005-0564 NOTE: reserved -CAN-2005-0563 - NOTE: reserved +CAN-2005-0563 (Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web ...) + TODO: check CAN-2005-0562 (GIF file validation error in MSN Messenger 6.2 allows remote attackers ...) NOTE: not-for-us (MSN Messenger) CAN-2005-0561 @@ -4785,8 +4861,8 @@ NOTE: not-for-us (XOOPS) CAN-2003-1085 (The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem ...) NOTE: not-for-us (Thomson cable modem) -CAN-2005-0488 - NOTE: reserved +CAN-2005-0488 (Certain BSD-based Telnet clients, including those used on Solaris and ...) + TODO: check CAN-2004-1639 (Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows ...) NOTE: This is not a real security issue; it just describes the fact that the Gecko NOTE: engine of the Mozillae may be lead into a crash if you feed it with large chunks From jmm-guest@costa.debian.org Wed Jun 15 09:20:22 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Wed, 15 Jun 2005 09:20:22 +0000 Subject: [Secure-testing-commits] r1227 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-15 09:20:20 +0000 (Wed, 15 Jun 2005) New Revision: 1227 Modified: data/CAN/list Log: claim Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-15 09:14:19 UTC (rev 1226) +++ data/CAN/list 2005-06-15 09:20:20 UTC (rev 1227) @@ -1,3 +1,4 @@ +begin claimed by jmm CAN-2005-1975 (Multiple cross-site scripting (XSS) vulnerabilities in Annuaire 1Two ...) TODO: check CAN-2005-1974 (Unknown vulnerability in Java 2 Platform, Standard Edition (J2SE) 5.0 ...) @@ -68,6 +69,7 @@ TODO: check CAN-2005-1941 (SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) ...) TODO: check +end claimed by jmm CAN-2005-1940 NOTE: reserved CAN-2005-1939 From jmm-guest@costa.debian.org Wed Jun 15 09:34:43 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Wed, 15 Jun 2005 09:34:43 +0000 Subject: [Secure-testing-commits] r1228 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-15 09:34:40 +0000 (Wed, 15 Jun 2005) New Revision: 1228 Modified: data/CAN/list Log: lots of not-for-us Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-15 09:20:20 UTC (rev 1227) +++ data/CAN/list 2005-06-15 09:34:40 UTC (rev 1228) @@ -1,75 +1,73 @@ -begin claimed by jmm CAN-2005-1975 (Multiple cross-site scripting (XSS) vulnerabilities in Annuaire 1Two ...) - TODO: check + NOTE: not-for-us (Annuaire) CAN-2005-1974 (Unknown vulnerability in Java 2 Platform, Standard Edition (J2SE) 5.0 ...) - TODO: check + NOTE: not-for-us (Sun Java) CAN-2005-1973 (Java Web Start in Java 2 Platform Standard Edition (J2SE) 5.0 and 5.0 ...) - TODO: check + NOTE: not-for-us (Sun Java) CAN-2005-1972 (Multiple SQL injection vulnerabilities in InteractivePHP FusionBB .11 ...) - TODO: check + NOTE: not-for-us (InteractivePHP FusionBB) CAN-2005-1971 (Directory traversal vulnerability in InteractivePHP FusionBB .11 Beta ...) - TODO: check + NOTE: not-for-us (InteractivePHP FusionBB) CAN-2005-1970 (Symantec pcAnywhere 10.5x and 11.x before 11.5, with "Launch with ...) - TODO: check + NOTE: not-for-us (pcAnywhere) CAN-2005-1969 (Cross-site scripting (XSS) vulnerability in Pragma Systems ...) - TODO: check + NOTE: not-for-us (Pragma Telnetserver) CAN-2005-1968 (Cross-site scripting (XSS) vulnerability in ProductCart Ecommerce ...) - TODO: check + NOTE: not-for-us (ProductCart Ecommerce) CAN-2005-1967 (Multiple SQL injection vulnerabilities in ProductCart Ecommerce before ...) - TODO: check + NOTE: not-for-us (ProductCart Ecommerce) CAN-2005-1966 (The eTrace_validaddr function in eTrace plugin for e107 portal allows ...) - TODO: check + NOTE: not-for-us (e107) CAN-2005-1965 (PHP remote code injection vulnerability in siteframe.php for Broadpool ...) - TODO: check + NOTE: not-for-us (Broadpool Siteframe) CAN-2005-1964 (PHP remote code injection vulnerability in utilit.php for Ovidentia ...) - TODO: check + NOTE: not-for-us (Ovidentia Portal) CAN-2005-1963 (Cerberus Helpdesk 0.97.3 allows remote attackers to obtain sensitive ...) - TODO: check + NOTE: not-for-us (Cerberus Helpdesk) CAN-2005-1962 (Cross-site scripting (XSS) vulnerability in Cerberus Helpdesk 0.97.3 ...) - TODO: check + NOTE: not-for-us (Cerberus Helpdesk) CAN-2005-1961 (Unknown vulnerability in ObjectWeb Consortium C-JDBC before 1.3.1 ...) - TODO: check + NOTE: not-for-us (C-JDBC) CAN-2005-1960 (The getemails function in C.J. Steele Tattle allows remote attackers ...) - TODO: check + NOTE: not-for-us (C.J. Steele Tattle) CAN-2005-1959 (jammail.pl in jamchen JamMail 1.8 allows remote attackers to execute ...) - TODO: check + NOTE: not-for-us (JamMail) CAN-2005-1958 (Backup Manager 0.5.7 and earlier creates archives with insecure ...) TODO: check CAN-2005-1957 (File Upload Manager does not properly check user authentication for ...) - TODO: check + NOTE: not-for-us (File Upload Manager) CAN-2005-1956 (File Upload Manager allows remote attackers to upload arbitrary files ...) - TODO: check + NOTE: not-for-us (File Upload Manager) CAN-2005-1955 (Cross-site scripting (XSS) vulnerability in index.php in singapore ...) - TODO: check + NOTE: not-for-us (singapore) CAN-2005-1954 (singapore 0.9.11 allows remote attackers to obtain sensitive ...) - TODO: check + NOTE: not-for-us (singapore) CAN-2005-1953 (Heap-based buffer overflow in the CGI extension for Pico Server ...) - TODO: check + NOTE: not-for-us (Pico Server) CAN-2005-1952 (Directory traversal vulnerability in Pico Server (pServ) 3.3 allows ...) - TODO: check + NOTE: not-for-us (Pico Server) CAN-2005-1951 (Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 ...) - TODO: check + NOTE: not-for-us (osCommerce) CAN-2005-1950 (hints.pl in Webhints 1.03 allows remote attackers to execute arbitrary ...) - TODO: check + NOTE: not-for-us (Webhints) CAN-2005-1949 (The eping_validaddr function in functions.php for the eping plugin for ...) - TODO: check + NOTE: not-for-us (e107) CAN-2005-1948 (Multiple SQL injection vulnerabilities in Invision Gallery before ...) - TODO: check + NOTE: not-for-us (Invision Gallery) CAN-2005-1947 (Cross-site request forgery (CSRF) vulnerability in Invision Gallery ...) - TODO: check + NOTE: not-for-us (Invision Gallery) CAN-2005-1946 (Multiple SQL injection vulnerabilities in Invision Blog before 1.1.2 ...) - TODO: check + NOTE: not-for-us (Invision Blog) CAN-2005-1945 (Cross-site scripting (XSS) vulnerability in the convert_highlite_words ...) - TODO: check + NOTE: not-for-us (Invision Blog) CAN-2005-1944 (xmysqladmin 1.0 and earlier allows local users to delete arbitrary ...) - TODO: check + NOTE: not-for-us (xmysqladmin) CAN-2005-1943 (Multiple SQL injection vulnerabilities in Loki download manager 2.0 ...) - TODO: check + NOTE: not-for-us (Loki download manager) CAN-2005-1942 (Cisco switches that support 802.1x security allow remote attackers to ...) - TODO: check + NOTE: not-for-us (Cisco hardware issue) CAN-2005-1941 (SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) ...) - TODO: check -end claimed by jmm + NOTE: not-for-us (SilverCity) CAN-2005-1940 NOTE: reserved CAN-2005-1939 @@ -79,7 +77,7 @@ CAN-2005-1937 (A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote ...) TODO: check CAN-2004-2137 (Outlook Express 6.0, when sending multipart e-mail messages using the ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2005-1936 (Unknown vulnerability in the web server for the ESS/ Network ...) NOTE: not-for-us (Xerox hardware issue) CAN-2005-1935 (Heap-based buffer overflow in the BERDecBitString function in ...) @@ -453,11 +451,11 @@ CAN-2005-1759 NOTE: reserved CAN-2005-1758 (Buffer overflow in the IMAP command continuation function in Novell ...) - TODO: check + NOTE: not-for-us (Novell) CAN-2005-1757 (Buffer overflow in the Modweb agent for Novell NetMail 3.52 before ...) - TODO: check + NOTE: not-for-us (Novell) CAN-2005-1756 (Cross-site scripting (XSS) vulnerability in the ModWeb agent for ...) - TODO: check + NOTE: not-for-us (Novell) CAN-2005-1751 (Race condition in shtool 2.0.1 and earlier allows local users to ...) - shtool 2.0.1-2 CAN-2004-2136 (dm-crypt on Linux kernel 2.6.x, when used on certain file systems ...) @@ -615,23 +613,23 @@ CAN-2005-1729 NOTE: reserved CAN-2005-1728 (MCX Client for Apple Mac OS X 10.4.x up to 10.4.1 insecurely logs ...) - TODO: check + NOTE: not-for-us (Apple) CAN-2005-1727 (Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and ...) - TODO: check + NOTE: not-for-us (Apple) CAN-2005-1726 NOTE: reserved CAN-2005-1725 (launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local users ...) - TODO: check + NOTE: not-for-us (Apple) CAN-2005-1724 (NFS on Apple Mac OS X 10.4.x up to 10.4.1 does not properly obey the ...) - TODO: check + NOTE: not-for-us (Apple) CAN-2005-1723 (LaunchServices in Apple Mac OS X 10.4.x up to 10.4.1 does not properly ...) - TODO: check + NOTE: not-for-us (Apple) CAN-2005-1722 (Unknown vulnerability in the CoreGraphics Window Server for Mac OS X ...) - TODO: check + NOTE: not-for-us (Apple) CAN-2005-1721 (Buffer overflow in the legacy client support for AFP Server for Mac OS ...) - TODO: check + NOTE: not-for-us (Apple) CAN-2005-1720 (AFP Server for Mac OS X 10.4.1, when using an ACL enabled volume, does ...) - TODO: check + NOTE: not-for-us (Apple) CAN-2005-1719 (Unknown vulnerability in ALWIL avast! antivirus 4 (4.6.6230) and ...) NOTE: not-for-us (avast! antivirus) CAN-2005-1718 (Buffer overflow in LS Games War Times 1.03 and earlier allows remote ...) From jmm-guest@costa.debian.org Wed Jun 15 09:41:25 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Wed, 15 Jun 2005 09:41:25 +0000 Subject: [Secure-testing-commits] r1229 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-15 09:41:19 +0000 (Wed, 15 Jun 2005) New Revision: 1229 Modified: data/CAN/list Log: firefox regression already fixed backup-manager unfixed Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-15 09:34:40 UTC (rev 1228) +++ data/CAN/list 2005-06-15 09:41:19 UTC (rev 1229) @@ -33,7 +33,7 @@ CAN-2005-1959 (jammail.pl in jamchen JamMail 1.8 allows remote attackers to execute ...) NOTE: not-for-us (JamMail) CAN-2005-1958 (Backup Manager 0.5.7 and earlier creates archives with insecure ...) - TODO: check + - backup-manager (unfixed; bug #308897) CAN-2005-1957 (File Upload Manager does not properly check user authentication for ...) NOTE: not-for-us (File Upload Manager) CAN-2005-1956 (File Upload Manager allows remote attackers to upload arbitrary files ...) @@ -75,7 +75,7 @@ CAN-2005-1938 NOTE: reserved CAN-2005-1937 (A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote ...) - TODO: check + - mozilla-firefox 1.0.4-3 CAN-2004-2137 (Outlook Express 6.0, when sending multipart e-mail messages using the ...) NOTE: not-for-us (Microsoft) CAN-2005-1936 (Unknown vulnerability in the web server for the ESS/ Network ...) From djoume-guest@costa.debian.org Thu Jun 16 08:29:31 2005 From: djoume-guest@costa.debian.org (=?UTF-8?Q?SALVETTI_Djoum=C3=A9?=) Date: Thu, 16 Jun 2005 08:29:31 +0000 Subject: [Secure-testing-commits] r1230 - website Message-ID: Author: djoume-guest Date: 2005-06-16 08:29:26 +0000 (Thu, 16 Jun 2005) New Revision: 1230 Modified: website/index.html Log: * broken links Modified: website/index.html =================================================================== --- website/index.html 2005-06-15 09:41:19 UTC (rev 1229) +++ website/index.html 2005-06-16 08:29:26 UTC (rev 1230) @@ -74,9 +74,9 @@

The team can be contacted through its mailing list, - secure-testing-team@lists.alioth.debian.org. + secure-testing-team@lists.alioth.debian.org. There is a second mailing list, - secure-testing-commits@lists.alioth.debian.org + secure-testing-commits@lists.alioth.debian.org that receives commit messages to our repository. An alioth project page is also available. From joeyh@costa.debian.org Thu Jun 16 14:14:51 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Thu, 16 Jun 2005 14:14:51 +0000 Subject: [Secure-testing-commits] r1231 - data/CAN Message-ID: Author: joeyh Date: 2005-06-16 14:14:48 +0000 (Thu, 16 Jun 2005) New Revision: 1231 Modified: data/CAN/list Log: spamassassin dos Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-16 08:29:26 UTC (rev 1230) +++ data/CAN/list 2005-06-16 14:14:48 UTC (rev 1231) @@ -2460,6 +2460,7 @@ NOTE: reserved CAN-2005-1266 NOTE: reserved + - spamassassin (unfixed; bug #314447) CAN-2005-1265 [Invalid range checking for mmap() in the Linux kernel] - kernel-source-2.6.8 (unfixed) CAN-2005-1264 [Local privilege escalation in the Linux kernel's raw ioctl] From jmm-guest@costa.debian.org Fri Jun 17 09:41:30 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Fri, 17 Jun 2005 09:41:30 +0000 Subject: [Secure-testing-commits] r1232 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-17 09:41:27 +0000 (Fri, 17 Jun 2005) New Revision: 1232 Modified: data/CAN/list Log: Multiple XSSs in squirrelmail Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-16 14:14:48 UTC (rev 1231) +++ data/CAN/list 2005-06-17 09:41:27 UTC (rev 1232) @@ -425,8 +425,9 @@ NOTE: not-for-us (HPUX) CAN-2005-1770 (Buffer overflow in the Aavmker4 device driver in Avast! Antivirus 4.6 ...) NOTE: not-for-us (Avast) -CAN-2005-1769 +CAN-2005-1769 [Multiple Cross Site Scripting vulnerabilities in Squirrelmail] NOTE: reserved + - squirrelmail (unfixed; bug #314374) CAN-2005-1768 NOTE: reserved CAN-2005-1767 From jmm-guest@costa.debian.org Fri Jun 17 09:48:38 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Fri, 17 Jun 2005 09:48:38 +0000 Subject: [Secure-testing-commits] r1233 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-17 09:48:36 +0000 (Fri, 17 Jun 2005) New Revision: 1233 Modified: data/CAN/list Log: tor information leak Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-17 09:41:27 UTC (rev 1232) +++ data/CAN/list 2005-06-17 09:48:36 UTC (rev 1233) @@ -1,3 +1,5 @@ +CAN-2005-XXXX [Tor: Information leak through insufficient length verification of relay calls] + - tor 0.0.9.10-1 CAN-2005-1975 (Multiple cross-site scripting (XSS) vulnerabilities in Annuaire 1Two ...) NOTE: not-for-us (Annuaire) CAN-2005-1974 (Unknown vulnerability in Java 2 Platform, Standard Edition (J2SE) 5.0 ...) From jmm-guest@costa.debian.org Fri Jun 17 10:54:48 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Fri, 17 Jun 2005 10:54:48 +0000 Subject: [Secure-testing-commits] r1234 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-17 10:54:45 +0000 (Fri, 17 Jun 2005) New Revision: 1234 Modified: data/CAN/list Log: new tcpdump dos fixed in sid's cvs checkout Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-17 09:48:36 UTC (rev 1233) +++ data/CAN/list 2005-06-17 10:54:45 UTC (rev 1234) @@ -2459,8 +2459,9 @@ - gaim 1:1.3.1-1 CAN-2005-1268 NOTE: reserved -CAN-2005-1267 +CAN-2005-1267 [tcpdump: DoS through endless loop in BGP decoder] NOTE: reserved + - tcpdump 3.9.0.cvs.20050614-1 CAN-2005-1266 NOTE: reserved - spamassassin (unfixed; bug #314447) From jmm-guest@costa.debian.org Fri Jun 17 11:26:00 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Fri, 17 Jun 2005 11:26:00 +0000 Subject: [Secure-testing-commits] r1235 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-17 11:25:57 +0000 (Fri, 17 Jun 2005) New Revision: 1235 Modified: data/CAN/list Log: amd64 ptrace() issue fixed, I didn't bother to file bugs for .8 and .10, as they'll probably be removed soon. Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-17 10:54:45 UTC (rev 1234) +++ data/CAN/list 2005-06-17 11:25:57 UTC (rev 1235) @@ -3860,6 +3860,7 @@ - kernel-source-2.4.27 (unfixed; bug #311164) CAN-2005-0756 [DoS through insufficient validation of addresses for ptrace() on amd64] - kernel-source-2.6.8 (unfixed) + - kernel-source-2.6.11 2.6.11-7 CAN-2005-0755 (Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player ...) - helix-player 1.0.4-1 CAN-2005-0754 [Untrusted code execution in Kommander] From jmm-guest@costa.debian.org Fri Jun 17 12:40:54 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Fri, 17 Jun 2005 12:40:54 +0000 Subject: [Secure-testing-commits] r1236 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-17 12:40:51 +0000 (Fri, 17 Jun 2005) New Revision: 1236 Modified: data/CAN/list Log: checked telnet environment variable disclosure Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-17 11:25:57 UTC (rev 1235) +++ data/CAN/list 2005-06-17 12:40:51 UTC (rev 1236) @@ -4868,7 +4868,10 @@ CAN-2003-1085 (The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem ...) NOTE: not-for-us (Thomson cable modem) CAN-2005-0488 (Certain BSD-based Telnet clients, including those used on Solaris and ...) - TODO: check + NOTE: netkit-telnet not affected + TODO: check heimdal + - krb4 (unfixed) + - krb5 (unfixed) CAN-2004-1639 (Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows ...) NOTE: This is not a real security issue; it just describes the fact that the Gecko NOTE: engine of the Mozillae may be lead into a crash if you feed it with large chunks From jmm-guest@costa.debian.org Fri Jun 17 12:53:14 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Fri, 17 Jun 2005 12:53:14 +0000 Subject: [Secure-testing-commits] r1237 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-17 12:53:11 +0000 (Fri, 17 Jun 2005) New Revision: 1237 Modified: data/CAN/list Log: new adobe reader issue not affecting us Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-17 12:40:51 UTC (rev 1236) +++ data/CAN/list 2005-06-17 12:53:11 UTC (rev 1237) @@ -2375,8 +2375,9 @@ NOTE: upstream says attack won't work, see bug 307575 CAN-2005-1307 (stopserver.sh in Adobe Version Cue on Mac OS X allows local users to ...) NOTE: not-for-us (Adobe Version Cue) -CAN-2005-1306 +CAN-2005-1306 [Information leak through XML external entities in Adobe Reader 7] NOTE: reserved + NOTE: not-for-us (Adobe Reader 7) CAN-2005-1305 (The hyper.cgi script allows remote attackers to read arbitrary files ...) NOTE: not-for-us (hyper.cgi) CAN-2005-1304 (The citat.pl script allows remote attackers to execute arbitrary files ...) From jmm-guest@costa.debian.org Fri Jun 17 14:24:48 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Fri, 17 Jun 2005 14:24:48 +0000 Subject: [Secure-testing-commits] r1238 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-17 14:24:46 +0000 (Fri, 17 Jun 2005) New Revision: 1238 Modified: data/CAN/list Log: Some not-for-us for MS bugs Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-17 12:53:11 UTC (rev 1237) +++ data/CAN/list 2005-06-17 14:24:46 UTC (rev 1238) @@ -2577,29 +2577,29 @@ CAN-2005-1217 NOTE: reserved CAN-2005-1216 (Microsoft ISA Server 2000 allows remote attackers to connect to ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2005-1215 (Microsoft ISA Server 2000 allows remote attackers to poison the ISA ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2005-1214 (Microsoft Agent allows remote attackers to spoof trusted Internet ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2005-1213 (Stack-based buffer overflow in the news reader for Microsoft Outlook ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2005-1212 (Buffer overflow in Microsoft Step-by-Step Interactive Training ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2005-1211 (Buffer overflow in the PNG image rendering component of Microsoft ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2005-1210 NOTE: reserved CAN-2005-1209 NOTE: reserved CAN-2005-1208 (Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2005-1207 (Buffer overflow in the Web Client service in Microsoft Windows XP and ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2005-1206 (Buffer overflow in the Server Message Block (SMB) functionality for ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2005-1205 (The Telnet client for Microsoft Windows XP, Windows Server 2003, and ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2002-1657 (PostgreSQL uses the username for a salt when generating passwords, ...) NOTE: This is not a real world problem; it's only applicable in rare circurstances NOTE: like someone analysing stolen user database information and even then the gain @@ -4464,7 +4464,7 @@ CAN-2005-0564 NOTE: reserved CAN-2005-0563 (Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2005-0562 (GIF file validation error in MSN Messenger 6.2 allows remote attackers ...) NOTE: not-for-us (MSN Messenger) CAN-2005-0561 From jmm-guest@costa.debian.org Fri Jun 17 14:46:36 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Fri, 17 Jun 2005 14:46:36 +0000 Subject: [Secure-testing-commits] r1239 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-17 14:46:34 +0000 (Fri, 17 Jun 2005) New Revision: 1239 Modified: data/CAN/list Log: zoo directory traversal is unfixed Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-17 14:24:46 UTC (rev 1238) +++ data/CAN/list 2005-06-17 14:46:34 UTC (rev 1239) @@ -280,7 +280,7 @@ CAN-2005-1858 [Information leak in fuse due to insufficient clearing of memory] - fuse 2.3.0-1 CAN-2005-XXXX [Directory traversal in zoo] - - zoo 4.4-3 + - zoo (unfixed; bug #309594) CAN-2005-XXXX [Cross Site Scripting in websieve] - websieve (unfixed; bug #311838) CAN-2005-1840 (Directory traversal vulnerability in class.layout_phpcms.php in phpCMS ...) From micah@costa.debian.org Sun Jun 19 01:05:34 2005 From: micah@costa.debian.org (Micah Anderson) Date: Sun, 19 Jun 2005 01:05:34 +0000 Subject: [Secure-testing-commits] r1240 - data/CAN Message-ID: Author: micah Date: 2005-06-19 01:05:32 +0000 (Sun, 19 Jun 2005) New Revision: 1240 Modified: data/CAN/list Log: Consolodated MediaWiki items into one TODO, and resolved sysreport not-for-us Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-17 14:46:34 UTC (rev 1239) +++ data/CAN/list 2005-06-19 01:05:32 UTC (rev 1240) @@ -180,7 +180,7 @@ NOTE: not-for-us (Sun ONE) CAN-2005-1888 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 ...) NOTE: not-for-us (MediaWiki not yet in Debian) - TODO: track ITP: #217571 + TODO: track ITP: #217571, check CAN-2005-1245, CAN-2005-0536, CAN-2005-0535, CAN-2005-0534, CAN-2004-1405 CAN-2005-1887 (Unknown vulnerability in the Sun Solaris C library (libc and ...) NOTE: not-for-us (Solaris) CAN-2005-1886 (Cross-site scripting (XSS) vulnerability in view.php in YaPiG 0.92b, ...) @@ -450,7 +450,7 @@ CAN-2005-1761 NOTE: reserved CAN-2005-1760 (sysreport 1.3.15 and earlier includes contents of the up2date file in ...) - TODO: check + NOTE: not-for-us (sysreport) CAN-2005-1759 NOTE: reserved CAN-2005-1758 (Buffer overflow in the IMAP command continuation function in Novell ...) @@ -2518,8 +2518,7 @@ - quake2 1:0.3-1.1 - quake2 (unfixed; bug #280573) CAN-2005-1245 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, ...) - NOTE: not-for-us (MediaWiki not yet in Debian) - TODO: track ITP: #217571 + NOTE: not-for-us (MediaWiki not yet in Debian), see CAN-2005-1888 CAN-2005-1244 (Directory traversal vulnerability in the third party tool from NetIQ, ...) NOTE: not-for-us (AS/400 FTP server addon) CAN-2005-1243 (Directory traversal vulnerability in the third party tool from ...) @@ -4624,14 +4623,11 @@ CAN-2005-0537 (Multiple SQL injection vulnerabilities in page.php for iGeneric (iG) ...) NOTE: not-for-us (iGeneric (iG) Shop) CAN-2005-0536 (Directory traversal vulnerability in MediaWiki 1.3.x before 1.3.11 and ...) - NOTE: not-for-us (MediaWiki not yet in Debian) - TODO: track ITP: #217571 + NOTE: not-for-us (MediaWiki not yet in Debian), see CAN-2005-1888 CAN-2005-0535 (Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x ...) - NOTE: not-for-us (MediaWiki not yet in Debian) - TODO: track ITP: #217571 + NOTE: not-for-us (MediaWiki not yet in Debian), see CAN-2005-1888 CAN-2005-0534 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.x ...) - NOTE: not-for-us: (MediaWiki not yet in Debian) - TODO: track ITP: #217571 + NOTE: not-for-us: (MediaWiki not yet in Debian), see CAN-2005-1888 CAN-2005-0533 (Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI ...) NOTE: not-for-us (Trend Micro AntiVirus) CAN-2005-0532 (The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c ...) @@ -5670,7 +5666,7 @@ CAN-2004-1406 (SQL injection vulnerability in ikonboard.cgi in Ikonboard 3.1.0 ...) NOTE: not-for-us (Ikonboard) CAN-2004-1405 (MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not ...) - NOTE: not-for-us (MediaWiki) + NOTE: not-for-us (MediaWiki), see CAN-2005-1888 CAN-2004-1404 (Attachment Mod 2.3.10 module for phpBB, when used with Apache ...) NOTE: not-for-us (Attachment Mod for phpBB) CAN-2004-1403 (PHP remote code injection vulnerability in index.php in GNUBoard 3.39 ...) From joeyh@costa.debian.org Mon Jun 20 03:12:53 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Mon, 20 Jun 2005 03:12:53 +0000 Subject: [Secure-testing-commits] r1241 - in data: . CAN Message-ID: Author: joeyh Date: 2005-06-20 03:12:50 +0000 (Mon, 20 Jun 2005) New Revision: 1241 Modified: data/CAN/list data/updatelist Log: replace [] with CAN info once it becomes available Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-19 01:05:32 UTC (rev 1240) +++ data/CAN/list 2005-06-20 03:12:50 UTC (rev 1241) @@ -86,7 +86,7 @@ NOTE: not-for-us (Microsoft) CAN-2005-1933 (Dashboard in Apple Mac OS X Tiger 10.4 allows attackers to execute ...) NOTE: not-for-us (Apple) -CAN-2005-1934 [Unspecified gaim DoS vulnerability] +CAN-2005-1934 (Gaim before 1.3.1 allows remote attackers to cause a denial of service ...) - gaim 1:1.3.1-1 CAN-2005-XXXX [Multiple buffer and integer overflows in strace] NOTE: For full details download the sources and see the changelog entry @@ -277,7 +277,7 @@ NOTE: reserved CAN-2005-1841 NOTE: reserved -CAN-2005-1858 [Information leak in fuse due to insufficient clearing of memory] +CAN-2005-1858 (FUSE 2.x before 2.3.0 does not properly clear previously used memory ...) - fuse 2.3.0-1 CAN-2005-XXXX [Directory traversal in zoo] - zoo (unfixed; bug #309594) @@ -442,7 +442,7 @@ CAN-2005-1764 [Unspecified DoS vulnerability on amd64] NOTE: reserved - kernel-source-2.6.8 (unfixed) -CAN-2005-1763 [Unprivileged write into kernel memory on amd64] +CAN-2005-1763 (Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures ...) - kernel-source-2.6.8 (unfixed) CAN-2005-1762 [Unspecified DoS vulnerability on amd64] NOTE: reserved @@ -993,7 +993,7 @@ - clamav 0.85.1-1 CAN-2005-XXXX [libxpm4: new s_popen() function is insecure garbage] - libxpm4 4.3.0.dfsg.1-14 -CAN-2005-1589 [Local privilege escalation in the Linux kernel's pktcdvd ioctl] +CAN-2005-1589 (The pkt_ioctl function in the pktcdvd block device ioctl handler ...) NOTE: According to Horms from kernel team 2.6.8 not affected - kernel-source-2.6.11 2.6.11-5 CAN-2005-1588 (SQL injection vulnerability in index.php for Quick.cart 0.3.0 allows ...) @@ -1131,16 +1131,16 @@ NOTE: reserved CAN-2005-1524 NOTE: reserved -CAN-2005-1523 [GNU Mailutils 0.6 imap4d Format String Vulnerability] +CAN-2005-1523 (Format string vulnerability in imap4d server in GNU Mailutils 0.5 and ...) {DSA-732-1} - mailutils 1:0.6.1-3 -CAN-2005-1522 [GNU Mailutils 0.6 imap4d FETCH Command Resource Consumption DoS Vulnerability] +CAN-2005-1522 (The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions ...) {DSA-732-1} - mailutils 1:0.6.1-3 -CAN-2005-1521 [GNU Mailutils 0.6 imap4d fetch_io Heap overflow Vulnerability] +CAN-2005-1521 (Integer overflow in the fetch_io function of the imap4d server in GNU ...) {DSA-732-1} - mailutils 1:0.6.1-3 -CAN-2005-1520 [GNU Mailutils 0.6 mail header_get_field_name() Buffer Overflow Vulnerability] +CAN-2005-1520 (Buffer overflow in the header_get_field_name function in header.c for ...) {DSA-732-1} - mailutils 1:0.6.1-3 CAN-2005-1519 (Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered ...) @@ -2456,7 +2456,7 @@ - apache 1.3.31-1 CAN-2005-XXXX [Unspecified buffer overflow in Convert::UUlib perl module] - libconvert-uulib-perl 1.0.5.1-1 -CAN-2005-1269 [Unspecified gaim DoS vulnerability] +CAN-2005-1269 (Gaim before 1.3.1 allows remote attackers to cause a denial of service ...) - gaim 1:1.3.1-1 CAN-2005-1268 NOTE: reserved @@ -2466,13 +2466,13 @@ CAN-2005-1266 NOTE: reserved - spamassassin (unfixed; bug #314447) -CAN-2005-1265 [Invalid range checking for mmap() in the Linux kernel] +CAN-2005-1265 (The mmap function in the Linux Kernel 2.6.10 can be used to create ...) - kernel-source-2.6.8 (unfixed) -CAN-2005-1264 [Local privilege escalation in the Linux kernel's raw ioctl] +CAN-2005-1264 (Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong ...) - kernel-source-2.6.8 2.6.8-15sarge1 - kernel-source-2.6.8 2.6.8-16 - kernel-source-2.6.11 2.6.11-5 -CAN-2005-1263 [Linux kernel ELF core dump privilege escalation] +CAN-2005-1263 (The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to ...) - kernel-source-2.6.11 2.6.11 2.6.11-4 - kernel-source-2.6.8 2.6.8-16 - kernel-source-2.4.27 2.4.27-10 @@ -2856,10 +2856,10 @@ CAN-2005-1153 (Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a ...) - mozilla-firefox 1.0.3-1 - mozilla 1.7.7-1 -CAN-2005-1152 [Qpopper can be forced to create group or world writable files] +CAN-2005-1152 (popauth.c in qpopper 4.0.5 and earlier does not properly set the ...) {DSA-728-1} - qpopper 4.0.5-4sarge1 -CAN-2005-1151 [Insufficient privilege drop in qpopper] +CAN-2005-1151 (qpopper 4.0.5 and earlier does not properly drop privileges before ...) {DSA-728-1} - qpopper 4.0.5-4sarge1 CAN-2005-1150 (Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and ...) @@ -3269,9 +3269,9 @@ - gaim 1.2.1-1 CAN-2005-XXXX [Insecure tempfile handling in openwebmail CGI scripts] NOTE: Was once part of Debian, but has been removed -CAN-2005-0966 gaim my be crashed remotely +CAN-2005-0966 (The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, ...) - gaim 1:1.2.1-1 -CAN-2005-0965 gaim my be crashed remotely +CAN-2005-0965 (The gaim_markup_strip_html function in Gaim 1.2.0, and possibly ...) - gaim 1:1.2.1-1 CAN-2005-0964 (Unknown vulnerability in Kerio Personal Firewall 4.1.2 and earlier ...) NOTE: not-for-us (Kerio firewall) @@ -3326,7 +3326,7 @@ NOTE: not-for-us (Cisco Hardware issue) CAN-2005-0942 (The XP Server process (xp_server) in Sybase Adaptive Server Enterprise ...) NOTE: not-for-us (Sybase ASE) -CAN-2005-0941 [OpenOffice.org heap possible overflow in DOC parsing] +CAN-2005-0941 (The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 ...) - openoffice.org 1.1.3-9 CAN-2005-0939 NOTE: reserved @@ -3835,21 +3835,21 @@ - ethereal 0.10.10-1 CAN-2005-0765 (Unknown vulnerability in the JXTA dissector in Ethereal 0.10.9 allows ...) - ethereal 0.10.10-1 -CAN-2005-0764 [Buffer overflow with overly long escape sequences in rxvt-unicode] +CAN-2005-0764 (Buffer overflow in command.C for rxvt-unicode before 5.3 allows remote ...) - rxvt-unicode 5.3-1 CAN-2005-0763 (Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier may ...) {DSA-698-1} -CAN-2005-0762 [imagemagick SGI heap overflow allows arbitrary code execution] +CAN-2005-0762 (Heap-based buffer overflow in the SGI parser in ImageMagick before 6.0 ...) {DSA-702-1} - imagemagick 5:6.0.0-1 NOTE: Does only affect imagemagick releases prior to 6 -CAN-2005-0761 [imagemagick crafted PSD DoS] +CAN-2005-0761 (Unknown vulnerability in ImageMagick before 6.1.8 allows remote ...) - imagemagick 5:6.0.2.5 -CAN-2005-0760 [imagemagick malformed TIFF crash DoS] +CAN-2005-0760 (The TIFF decoder in ImageMagick before 6.0 allows remote attackers to ...) {DSA-702-1} - imagemagick 5:6.0.0-1 NOTE: Does only affect imagemagick releases prior to 6 -CAN-2005-0759 [imagemagick invalid TIFF tag DoS] +CAN-2005-0759 (ImageMagick before 6.0 allows remote attackers to cause a denial of ...) {DSA-702-1} - imagemagick 5:6.0.0-1 NOTE: Does only affect imagemagick releases prior to 6 @@ -3858,23 +3858,23 @@ - gzip 1.3.5-10 CAN-2005-0757 (The xattr file system code, as backported in Red Hat Enterprise Linux ...) - kernel-source-2.4.27 (unfixed; bug #311164) -CAN-2005-0756 [DoS through insufficient validation of addresses for ptrace() on amd64] +CAN-2005-0756 (ptrace 2.6.8.1 does not properly verify addresses on the amd64 ...) - kernel-source-2.6.8 (unfixed) - kernel-source-2.6.11 2.6.11-7 CAN-2005-0755 (Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player ...) - helix-player 1.0.4-1 -CAN-2005-0754 [Untrusted code execution in Kommander] +CAN-2005-0754 (Kommander in KDE 3.2 through KDE 3.4.0 executes data files without ...) - kdewebdev 3.3.2-6 -CAN-2005-0753 [Buffer overflow and several memory access problems in CVS] +CAN-2005-0753 (Buffer overflow in CVS before 1.11.20 allows remote attackers to ...) - cvs 1.12.9-13 -CAN-2005-0752 [PLUGINSPAGE privileged javascript execution in Firefox] +CAN-2005-0752 (The Plugin Finder Service (PFS) in Firefox before 1.0.3 allows remote ...) - mozilla-firefox 1.0.3-1 CAN-2005-0751 NOTE: rejected -CAN-2005-0750 [Linux kernel af_bluetooth range check flaw; possibly local root] +CAN-2005-0750 (The bluez_sock_create function in the Bluetooth stack for Linux kernel ...) - kernel-source-2.4.27-10 - kernel-source-2.6.8 2.6.8-16 -CAN-2005-0749 [Linux kernel DoS vulnerability in elf_load_library()] +CAN-2005-0749 (The load_elf_library in the Linux kernel before 2.6.11.6 allows local ...) - kernel-source-2.6.8 2.6.8-16 - kernel-source-2.4.27 2.4.27-10 CAN-2003-1131 (PHP remote code injection vulnerability in index.php in ...) @@ -4650,11 +4650,11 @@ - mozilla 2:1.7.6 CAN-2005-0526 (Multiple cross-site scripting (XSS) vulnerabilities in PBLang 4.65 ...) NOTE: not-for-us (PBLang) -CAN-2005-0525 [PHP DoS vulnerability in JPEG header parsing] +CAN-2005-0525 (The php_next_marker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 ...) {DSA-729-1 DSA-708-1} - php4 4:4.3.10-10 - php3 3.0.18-31 -CAN-2005-0524 [PHP DoS vulnerability in IFF header parsing] +CAN-2005-0524 (The php_handle_iff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 ...) NOTE: php3 not affected - php4 4:4.3.10-10 CAN-2005-0523 (Format string vulnerability in ProZilla 1.3.7.3 and earlier allows ...) @@ -5364,7 +5364,7 @@ - imagemagick (unfixed; bug #298051) CAN-2005-0405 NOTE: reserved -CAN-2005-0404 [information leak in kmail] +CAN-2005-0404 (KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email ...) NOTE: see http://mail.kde.org/pipermail/kmail-devel/2005-February/015490.html NOTE: see http://bugs.kde.org/show_bug.cgi?id=96020 NOTE: see http://www.securiteam.com/unixfocus/5GP0B0AFFE.html @@ -5373,15 +5373,15 @@ - kmail (unfixed; bug #305601) CAN-2005-0403 NOTE: reserved -CAN-2005-0402 [Arbitrary code execution from Firefox sidebar panel] +CAN-2005-0402 (Firefox before 1.0.2 allows remote attackers to execute arbitrary code ...) - mozilla-firefox 1.0.2-1 -CAN-2005-0401 [Drag and drop loading of privileged XUL in Firefox] +CAN-2005-0401 (FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all ...) - mozilla-firefox 1.0.2-1 - mozilla-thunderbird 1.0.2-1 -CAN-2005-0400 [ext2 mkdir() directory entry random kernel memory leak] +CAN-2005-0400 (The ext2_make_empty function call in the Linux kernel before 2.6.11.6 ...) - kernel-source-2.4.27 2.4.27-10 - kernel-source-2.6.8 2.6.8-16 -CAN-2005-0399 [GIF heap overflow parsing Netscape extension 2 in Mozilla] +CAN-2005-0399 (Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, ...) - mozilla-firefox 1.0.2-1 - mozilla-thunderbird 1.0.2-1 CAN-2005-0398 (The KAME racoon daemon in ipsec-tools before 0.5 allows remote ...) @@ -5402,15 +5402,15 @@ {DSA-725-1} CAN-2005-0391 (geneweb 4.10 and earlier does not properly check file permissions and ...) {DSA-712-1} -CAN-2005-0390 [axel buffer overflow in HTTP redirection handling in conn.c] +CAN-2005-0390 (Buffer overflow in the HTTP redirection capability in conn.c for Axel ...) {DSA-706-1} - axel 1.0b-1 CAN-2005-0389 NOTE: rejected -CAN-2005-0388 [Improper IP number validity checking in remstats permits arbitrary command execution] +CAN-2005-0388 (Unknown vulnerability in the remoteping service in remstats 1.0.13 and ...) {DSA-704-1} - remstats 1.0.13a-5 -CAN-2005-0387 [Symlink attack in unix-status-server.pl of remstats] +CAN-2005-0387 (remstats 1.0.13 and earlier, when processing uptime data, allows local ...) {DSA-704-1} - remstats 1.0.13a-5 CAN-2005-0386 (Cross-site scripting (XSS) vulnerability in network.cgi in mailreader ...) @@ -6599,10 +6599,10 @@ NOTE: not-for-us (Sun StorEdge Enterprise Storage Manager) CAN-2004-1344 NOTE: reserved -CAN-2004-1343 [DoS vulnerability in repouid CVS addon patch] +CAN-2004-1343 (CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when ...) {DSA-715-1} - 1.12.9-11 -CAN-2004-1342 [Password bypassing in the repouid CVS addon patch] +CAN-2004-1342 (CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid ...) {DSA-715-1} - 1.12.9-11 CAN-2004-1341 (Cross-site scripting (XSS) vulnerability in info2www before 1.2.2.9 ...) @@ -10757,7 +10757,7 @@ NOTE: fixed in linux 2.4.21 CAN-2003-0466 (Off-by-one error in the fb_realpath() function, as derived from the ...) {DSA-357} -CAN-2003-0465 strncpy in kernel does not pad with zeroes +CAN-2003-0465 (The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the ...) NOTE: generic .c version fixed in 2.6.x but not in 2.4.x NOTE: arch specific asm versions: NOTE: x86 is not affected Modified: data/updatelist =================================================================== --- data/updatelist 2005-06-19 01:05:32 UTC (rev 1240) +++ data/updatelist 2005-06-20 03:12:50 UTC (rev 1241) @@ -93,7 +93,11 @@ my $desc=$2; docan($can) if $can; $can=$1; - $cans{$can}{description}=$desc if length $desc && $desc !~ /^\(.*\)$/; + if (length $desc && $desc !~ /^\(.*\)$/ && + (! exists $cans{$can}{description} || + ! length $cans{$can}{description})) { + $cans{$can}{description}=$desc; + } } elsif (/^\s+NOTE:\s*(reserved|rejected)\s*$/) { # skip it From joeyh@costa.debian.org Mon Jun 20 03:46:47 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Mon, 20 Jun 2005 03:46:47 +0000 Subject: [Secure-testing-commits] r1242 - data Message-ID: Author: joeyh Date: 2005-06-20 03:46:47 +0000 (Mon, 20 Jun 2005) New Revision: 1242 Modified: data/README data/checklist Log: add support for including urgencies in notes, and support for including notes for already fixed packages needs someone to add in html to colorise the can numbers according to their urgency Modified: data/README =================================================================== --- data/README 2005-06-20 03:12:50 UTC (rev 1241) +++ data/README 2005-06-20 03:46:47 UTC (rev 1242) @@ -8,8 +8,8 @@ [date] id description {id id id} - UPCASE: test - - package version + UPCASE: text + - package [version] (note; note; note) end claimed by foo @@ -32,10 +32,15 @@ UPCASE Any word in upper case, typically NOTE, HELP, TODO. May be repeated for each entry. -- package version +- package [version] (note; notes; note) Indicates that the problem is fixed in the given version of the - package. May repeat for other packages. + package. May repeat for other packages. If the problem is unfixed, + omit the version. + The notes can be freeform, but some are understood by the tools, + including "unfixed", "bug #nnnnn", and "high", "medium", or "low" + urgencies. + begin claimed by foo end claimed by foo Marks a set of items that are being checked by someone. Modified: data/checklist =================================================================== --- data/checklist 2005-06-20 03:12:50 UTC (rev 1241) +++ data/checklist 2005-06-20 03:46:47 UTC (rev 1242) @@ -19,6 +19,7 @@ my %data; +my @urgencies=("high", "medium", "low", "unknown"); my %needkernel=qw/2.4.27 0 2.6.11 0/; my $list_unknown=1; #set to 1 to display kernel images with unknown source version my $sources=$ENV{SOURCES_FILE}; @@ -27,7 +28,7 @@ my $unprop = my $unprop_all = my $unfixed = my $todos = 0; sub record { - my ($package, $condition, $item)=@_; + my ($package, $condition, $item, $urgency)=@_; if ($html) { $condition=~s{bug #(\d+)}{bug #$1}g; @@ -35,7 +36,7 @@ $item=~s#((?:CAN|CVE)-\d+-\d+)#$1#g; } - push @{$data{$package}{$condition}}, $item; + push @{$data{$package}{$condition}}, {item => $item, urgency => $urgency}; } foreach my $list (@ARGV) { @@ -54,12 +55,35 @@ } elsif (/^\s+[!-]\s+(\S+)\s+(.*?)\s*$/) { my $package=$1; - my $version=$2; + my $rest=$2; + my $version; + my $notes; + if ($rest=~/([^\(\s]+)\s+\((.*)\)/) { + $version=$1; + $notes=$2; + } + elsif ($rest=~/\((.*)\)/) { + $version=""; + $notes=$1; + } + else { + $version=$rest; + $notes=""; + } + my @notes=split(/\s*;\s+/, $notes); + + my $urgency="unknown"; + foreach my $u (@urgencies) { + if (grep { $_ eq $u } @notes) { + $urgency=$u; + @notes = grep { $_ ne $u } @notes; + last; + } + } if ($package=~/kernel-source-([0-9.]+)/) { my $kernversion=$1; - if (exists $needkernel{$kernversion} && - $version!~/\(/ ) { + if (exists $needkernel{$kernversion}) { $needkernel{$kernversion}=$version if !system("dpkg --compare-versions $needkernel{$kernversion} lt $version"); } } @@ -84,8 +108,8 @@ next; } - if ($version=~/unfixed/ || $version=~/pending/) { - record($package, $version, $id); + if (grep { $_ eq 'unfixed' || $_ eq 'pending' } @notes) { + record($package, join("; ", @notes), $id, $urgency); $unfixed++; } else { @@ -100,7 +124,7 @@ if ($html) { $havver=''.$havver.''; } - record($package, "$version needed, have $havver".(@maddy > 1 ? " [$arches]" : ""), $id); + record($package, "$version needed, have $havver".(@maddy > 1 ? " [$arches]" : ""), $id, $urgency); $unprop++; $unprop_all++ unless @maddy > 1; } @@ -124,9 +148,20 @@ print "

  • " if $html; print "$package $condition for "; my $items=0; - foreach my $item (sort @{$data{$package}{$condition}}) { + foreach my $i (sort @{$data{$package}{$condition}}) { print ", " if $items > 0; - print $item; + + if ($html) { + # TODO: replace with html for shades of red. + if ($i->{urgency} eq 'high') { + print "!!!"; + } + elsif ($i->{urgency} eq 'medium') { + print "!"; + } + } + print $i->{item}; + $items++; } print "\n"; From joeyh@costa.debian.org Mon Jun 20 04:07:52 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Mon, 20 Jun 2005 04:07:52 +0000 Subject: [Secure-testing-commits] r1243 - data Message-ID: Author: joeyh Date: 2005-06-20 04:07:52 +0000 (Mon, 20 Jun 2005) New Revision: 1243 Modified: data/checklist Log: add fancy html colors Modified: data/checklist =================================================================== --- data/checklist 2005-06-20 03:46:47 UTC (rev 1242) +++ data/checklist 2005-06-20 04:07:52 UTC (rev 1243) @@ -19,12 +19,19 @@ my %data; -my @urgencies=("high", "medium", "low", "unknown"); my %needkernel=qw/2.4.27 0 2.6.11 0/; my $list_unknown=1; #set to 1 to display kernel images with unknown source version my $sources=$ENV{SOURCES_FILE}; my $need_rebuild=0; +my @urgencies=("high", "medium", "low", "unknown"); +my %colormap=( + high => "#FF0000", + medium => "#FF9999", + low => "#FFFFFF", + unknown => "#FFFFFF" +); + my $unprop = my $unprop_all = my $unfixed = my $todos = 0; sub record { @@ -152,15 +159,13 @@ print ", " if $items > 0; if ($html) { - # TODO: replace with html for shades of red. - if ($i->{urgency} eq 'high') { - print "!!!"; - } - elsif ($i->{urgency} eq 'medium') { - print "!"; - } + my $color=$colormap{$i->{urgency}}; + print ""; } print $i->{item}; + if ($html) { + print ""; + } $items++; } From joeyh@costa.debian.org Mon Jun 20 04:38:08 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Mon, 20 Jun 2005 04:38:08 +0000 Subject: [Secure-testing-commits] r1244 - data Message-ID: Author: joeyh Date: 2005-06-20 04:38:07 +0000 (Mon, 20 Jun 2005) New Revision: 1244 Modified: data/checklist Log: add missing params Modified: data/checklist =================================================================== --- data/checklist 2005-06-20 04:07:52 UTC (rev 1243) +++ data/checklist 2005-06-20 04:38:07 UTC (rev 1244) @@ -116,7 +116,7 @@ } if (grep { $_ eq 'unfixed' || $_ eq 'pending' } @notes) { - record($package, join("; ", @notes), $id, $urgency); + record($package, '('.join("; ", @notes).')', $id, $urgency); $unfixed++; } else { From joeyh@costa.debian.org Mon Jun 20 04:39:20 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Mon, 20 Jun 2005 04:39:20 +0000 Subject: [Secure-testing-commits] r1245 - data/CAN Message-ID: Author: joeyh Date: 2005-06-20 04:39:18 +0000 (Mon, 20 Jun 2005) New Revision: 1245 Modified: data/CAN/list Log: Add urgencies for unfixed items. This was a first quick pass, decisions are not final. Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-20 04:38:07 UTC (rev 1244) +++ data/CAN/list 2005-06-20 04:39:18 UTC (rev 1245) @@ -1,5 +1,5 @@ CAN-2005-XXXX [Tor: Information leak through insufficient length verification of relay calls] - - tor 0.0.9.10-1 + - tor 0.0.9.10-1 (medium) CAN-2005-1975 (Multiple cross-site scripting (XSS) vulnerabilities in Annuaire 1Two ...) NOTE: not-for-us (Annuaire) CAN-2005-1974 (Unknown vulnerability in Java 2 Platform, Standard Edition (J2SE) 5.0 ...) @@ -77,7 +77,7 @@ CAN-2005-1938 NOTE: reserved CAN-2005-1937 (A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote ...) - - mozilla-firefox 1.0.4-3 + - mozilla-firefox 1.0.4-3 (medium) CAN-2004-2137 (Outlook Express 6.0, when sending multipart e-mail messages using the ...) NOTE: not-for-us (Microsoft) CAN-2005-1936 (Unknown vulnerability in the web server for the ESS/ Network ...) @@ -87,13 +87,13 @@ CAN-2005-1933 (Dashboard in Apple Mac OS X Tiger 10.4 allows attackers to execute ...) NOTE: not-for-us (Apple) CAN-2005-1934 (Gaim before 1.3.1 allows remote attackers to cause a denial of service ...) - - gaim 1:1.3.1-1 + - gaim 1:1.3.1-1 (low) CAN-2005-XXXX [Multiple buffer and integer overflows in strace] NOTE: For full details download the sources and see the changelog entry NOTE: from 2005-05-31 Dmitry V. Levin - - strace 4.5.12-1 + - strace 4.5.12-1 (low) CAN-2005-XXXX [Local privilege escalation through insufficient DRM range checks] - - kernel-source-2.6.8 (unfixed) + - kernel-source-2.6.8 (unfixed; high) CAN-2005-1930 NOTE: reserved CAN-2005-1929 @@ -133,7 +133,7 @@ CAN-2005-1912 NOTE: reserved CAN-2005-1911 (The fetchnews NNTP client in leafnode 1.11.2 and earlier can hang ...) - - leafnode 1.11.3.rel-1 + - leafnode 1.11.3.rel-1 (low) CAN-2005-1910 (SQL injection vulnerability in login.asp for WWWeb Concepts Events ...) NOTE: not-for-us (WWWeb Concepts Events System) CAN-2005-1909 (The web server control panel in 602LAN SUITE 2004 allows remote ...) @@ -280,9 +280,9 @@ CAN-2005-1858 (FUSE 2.x before 2.3.0 does not properly clear previously used memory ...) - fuse 2.3.0-1 CAN-2005-XXXX [Directory traversal in zoo] - - zoo (unfixed; bug #309594) + - zoo (unfixed; bug #309594; medium) CAN-2005-XXXX [Cross Site Scripting in websieve] - - websieve (unfixed; bug #311838) + - websieve (unfixed; bug #311838; low) CAN-2005-1840 (Directory traversal vulnerability in class.layout_phpcms.php in phpCMS ...) NOTE: not-for-us (phpCMS) CAN-2005-1839 (Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk ...) @@ -429,7 +429,7 @@ NOTE: not-for-us (Avast) CAN-2005-1769 [Multiple Cross Site Scripting vulnerabilities in Squirrelmail] NOTE: reserved - - squirrelmail (unfixed; bug #314374) + - squirrelmail (unfixed; bug #314374; low) CAN-2005-1768 NOTE: reserved CAN-2005-1767 @@ -438,15 +438,15 @@ NOTE: reserved CAN-2005-1765 [Unspecified DoS vulnerability on amd64] NOTE: reserved - - kernel-source-2.6.8 (unfixed) + - kernel-source-2.6.8 (unfixed; unknown) CAN-2005-1764 [Unspecified DoS vulnerability on amd64] NOTE: reserved - - kernel-source-2.6.8 (unfixed) + - kernel-source-2.6.8 (unfixed; unknown) CAN-2005-1763 (Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures ...) - - kernel-source-2.6.8 (unfixed) + - kernel-source-2.6.8 (unfixed; unknown) CAN-2005-1762 [Unspecified DoS vulnerability on amd64] NOTE: reserved - - kernel-source-2.6.8 (unfixed) + - kernel-source-2.6.8 (unfixed; unknown) CAN-2005-1761 NOTE: reserved CAN-2005-1760 (sysreport 1.3.15 and earlier includes contents of the up2date file in ...) @@ -562,7 +562,7 @@ CAN-2005-XXXX [Unspecified issue in moodle's admin/delete.php] - moodle 1.4.4.dfsg.1-3 CAN-2005-XXXX [Minor DoS condition in mutt due to preditable tempfiles] - - mutt (unfixed; bug #311296) + - mutt (unfixed; bug #311296; medium) CAN-2005-XXXX [gforge arbitrary code execution through viewFile.php] NOTE: viewFile.php has been removed along with other files in -26, so Debian is NOTE: no longer affected. @@ -661,7 +661,7 @@ CAN-2005-1707 (The fn_show_postinst function in Gentoo webapp-config before 1.10-r14 ...) NOTE: not-for-us (Gentoo) CAN-2005-1706 (Unknown vulnerability in MailScanner 4.41.3 and earlier, related to ...) - - mailscanner (unfixed; bug #310774) + - mailscanner (unfixed; bug #310774; unknown) CAN-2005-1705 (gdb before 6.3 searches the current working directory to load the ...) - gdb 6.3-6 CAN-2005-1704 (Integer overflow in the Binary File Descriptor (BFD) library for gdb ...) @@ -705,7 +705,7 @@ - wordpress 1.5.1-1 CAN-2005-1686 (Format string vulnerability in gedit 2.10.2 may allow attackers to ...) NOTE: Only exploitable under rare circumstances - - gedit 2.10.3-1 + - gedit 2.10.3-1 (low) CAN-2005-1685 (episodex guestbook allows remote attackers to bypass authentication ...) NOTE: not-for-us (episodex) CAN-2005-1684 (Cross-site scripting (XSS) vulnerability in default.asp for episodex ...) @@ -1043,7 +1043,7 @@ CAN-2005-1566 (Acrowave AAP-3100AR wireless router allows remote attackers to bypass ...) NOTE: not-for-us (Acrowave AAP-3100AR wireless router) CAN-2005-1565 (Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is ...) - - bugzilla (unfixed; bug #308789) + - bugzilla (unfixed; bug #308789; medium) NOTE: only affects sid CAN-2005-1564 (post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows ...) - bugzilla 2.16.7-7sarge1 @@ -1988,23 +1988,23 @@ CAN-2005-XXXX [maradns: More frequent rekeying to mitigate possible AES attacks] - maradns 1.0.27-1 CAN-2005-XXXX [Temp file races in gs-gpl addons scripts] - - gs-gpl (unfixed; bug #291373) + - gs-gpl (unfixed; bug #291373; low) CAN-2005-XXXX [Possible SQL injection in freeradius] - freeradius 1.0.2-4 CAN-2005-XXXX [Insecure temp file handling in Thunderbird] - - mozilla-thunderbird (unfixed; bug #306893) + - mozilla-thunderbird (unfixed; bug #306893; low) CAN-2005-XXXX [Directory traversal in unzoo] - unzoo 4.4-4 CAN-2005-XXXX [base-config: World readable config file might reveal password data] - - base-config (unfixed; bug #305142) + - base-config (unfixed; bug #305142; low) CAN-2005-XXXX [Logging bypassing through SIGHUP in syslog-ng] - syslog-ng 1.6.5-2.1 CAN-2005-XXXX [tracksballs: Missing checks for symlinks when writing to predictable file names] - - trackballs (unfixed; bug #302454) + - trackballs (unfixed; bug #302454; medium) CAN-2005-XXXX [Less secure default setting in pwgen or the lack documentation about it] - - pwgen (unfixed; bug #276976) + - pwgen (unfixed; bug #276976; low) CAN-2005-XXXX [Insecure handling of gpg passphrases in gabber] - - gabber (unfixed; bug #177776) + - gabber (unfixed; bug #177776; low) CAN-2005-1470 (Multiple unknown vulnerabilities in the (1) TZSP, (2) MGCP, (3) ISUP, ...) - ethereal 0.10.10-2sarge2 CAN-2005-1469 (Unknown vulnerability in the GSM dissector in Ethereal before 0.10.11 ...) @@ -2048,7 +2048,8 @@ CAN-2002-1661 (The leafnode server in leafnode 1.9.20 to 1.9.29 allows remote ...) NOTE: not-for-us (Leafnode2 development branch) CAN-2005-XXXX [Missing input validation in xtradius] - - xtradius (unfixed; bug #307796; not shipped in binary package) + NOTE: not shipped in deb + - xtradius (unfixed; bug #307796; low) CAN-2005-XXXX [fai tempfile vulnerability] - fai 2.8.2 CAN-2005-XXXX [nvu uses old version of mozilla] @@ -2057,7 +2058,7 @@ NOTE: Has been removed from Sarge - nvu (unfixed; bug #306822) CAN-2005-XXXX [eskuel: arbitrary file retreiving] - - eskuel 1.0.5-3.1 + - eskuel 1.0.5-3.1 (low) CAN-2005-XXXX [eskuel: No authentication at all] - eskuel (unfixed; bug #163653) CAN-2005-XXXX [Buffer overflow in elog's header buffer] @@ -2193,7 +2194,7 @@ NOTE: In Debian this is only part of the examples in share/doc, any admin will NOTE: have to modify it for his purposes anyway, so there's no security problem CAN-2005-1391 (Buffer overflow in the add_port function in APSIS Pound 1.8.2 and ...) - - pound (unfixed; bug #307852) + - pound (unfixed; bug #307852; medium) CAN-2005-1390 NOTE: rejected CAN-2005-1389 @@ -2409,7 +2410,7 @@ CAN-2005-1291 (Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow ...) NOTE: not-for-us (CartWIZ ASP Cart) CAN-2005-1290 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 ...) - - phpbb2 2.0.13+1-6 + - phpbb2 2.0.13+1-6 (low) CAN-2005-1289 (index.cgi in E-Cart 2004 1.1 and earlier allows remote attackers to ...) NOTE: not-for-us (E-Cart) CAN-2005-1288 (inc_login_check.asp ACS Blog 0.8 through 1.1.3 allows remote attackers ...) @@ -2465,9 +2466,9 @@ - tcpdump 3.9.0.cvs.20050614-1 CAN-2005-1266 NOTE: reserved - - spamassassin (unfixed; bug #314447) + - spamassassin (unfixed; bug #314447; low) CAN-2005-1265 (The mmap function in the Linux Kernel 2.6.10 can be used to create ...) - - kernel-source-2.6.8 (unfixed) + - kernel-source-2.6.8 (unfixed; medium) CAN-2005-1264 (Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong ...) - kernel-source-2.6.8 2.6.8-15sarge1 - kernel-source-2.6.8 2.6.8-16 @@ -2516,7 +2517,7 @@ CAN-2005-XXXX [Multiple security problems in Quake 2] NOTE: this release added lots of warnings about the security problems - quake2 1:0.3-1.1 - - quake2 (unfixed; bug #280573) + - quake2 (unfixed; bug #280573; low) CAN-2005-1245 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, ...) NOTE: not-for-us (MediaWiki not yet in Debian), see CAN-2005-1888 CAN-2005-1244 (Directory traversal vulnerability in the third party tool from NetIQ, ...) @@ -2550,7 +2551,7 @@ CAN-2005-1230 (Directory traversal vulnerability in Yawcam 0.2.5 allows remote ...) NOTE: not-for-us (Yawcan) CAN-2005-1229 (Directory traversal vulnerability in cpio 2.6 and earlier allows ...) - - cpio (unfixed; bug #306693) + - cpio (unfixed; bug #306693; medium) CAN-2005-1228 (Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through ...) - gzip 1.3.5-10 CAN-2005-1227 (Cross-site scripting (XSS) vulnerability in PHProjekt 4.2 and earlier ...) @@ -2629,7 +2630,7 @@ CAN-2005-1194 (Stack-based buffer overflow in the ieee_putascii function for nasm ...) - nasm 0.98.38-1.2 CAN-2005-1193 (The bbencode_second_pass and make_clickable functions in bbcode.php ...) - - phpbb2 2.0.13+1-6 + - phpbb2 2.0.13+1-6 (medium) CAN-2005-1192 (Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and ...) NOTE: not-for-us (HP-UX) CAN-2004-1776 (Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and ...) @@ -2926,9 +2927,9 @@ NOTE: Not part of Sarge due to FTBFS on ia64 and alpha - oops (unfixed; bug #307360) CAN-2005-1120 (Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail ...) - - ilohamail (unfixed; bug #304525) + - ilohamail (unfixed; bug #304525; low) CAN-2005-1119 (Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary ...) - - sudo (unfixed; bug #283161) + - sudo (unfixed; bug #283161; low) CAN-2005-1118 (Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in the ...) NOTE: not-for-us (RSA authentication agent) CAN-2005-1117 (PHP remote code injection vulnerability in index.php in ...) @@ -2944,7 +2945,7 @@ CAN-2005-1112 (IBM WebSphere Application Server 6.0 and earlier, when sharing the ...) NOTE: not-for-us (IBM Websphere) CAN-2005-1111 (Race condition in cpio 2.6 and earlier allows local users to modify ...) - - cpio (unfixed; bug #305372) + - cpio (unfixed; bug #305372; low) CAN-2005-1110 (Stack-based buffer overflow in the RespondeHTTPPendiente function in ...) NOTE: not-for-us (Sumus web server) CAN-2005-1109 (The filtering of URLs in JunkBuster before 2.0.2-r3 allows remote ...) @@ -2965,7 +2966,7 @@ NOTE: not-for-us (Windows) CAN-2005-1105 (Directory traversal vulnerability in the MimeBodyPart.getFileName ...) NOTE: api vulnerablity - - libgnumail-java (unfixed; bug #304712) + - libgnumail-java (unfixed; bug #304712; low) CAN-2005-1104 (Multiple cross-site scripting (XSS) vulnerabilities in Centra 7 ...) NOTE: not-for-us (Centra) CAN-2005-1103 (Sygate Security Agent (SSA) in Sygate Secure Enterprise 3.5 through ...) @@ -3104,7 +3105,7 @@ CAN-2005-1040 (Multiple unknown vulnerabilities in netapplet in Novell Linux Desktop ...) NOTE: Debian is not affected; see bug # 310833 CAN-2005-1039 (Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, ...) - - coreutils (unfixed; bug #304556) + - coreutils (unfixed; bug #304556; low) CAN-2005-1038 (crontab in Vixie cron 4.1, when running with the -e option, allows ...) NOTE: long fixed in Debian's cron CAN-2005-1037 (Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, ...) @@ -3462,7 +3463,7 @@ CAN-2002-1648 (Cross-site request forgery (CSRF) vulnerability in compose.php in ...) - squirrelmail 1:1.2.3 CAN-2002-1647 (The quick login feature in Slash Slashcode does not redirect the user ...) - - slash (unfixed; bug #160579) + - slash (unfixed; bug #160579; low) CAN-2002-1646 (SSH Secure Shell for Servers 3.0.0 to 3.1.1 allows remote attackers to ...) NOTE: not-for-us (commercial ssh) CAN-2002-1645 (Buffer overflow in the URL catcher feature for SSH Secure Shell for ...) @@ -3667,9 +3668,9 @@ CAN-2005-0839 (Linux kernel 2.6 before 2.6.11 does not restrict access to the N_MOUSE ...) - kernel-source-2.6.8 2.6.8-16 CAN-2005-0838 (Multiple buffer overflows in the XSL parser for IceCast 2.20 may allow ...) - - icecast2 (unfixed; bug #301368) + - icecast2 (unfixed; bug #301368; low) CAN-2005-0837 (IceCast 2.20 allows remote attackers to bypass the XSL parser and ...) - - icecast2 (unfixed; bug #301368) + - icecast2 (unfixed; bug #301368; low) CAN-2005-0836 (Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up ...) NOTE: not-for-us (Java Web Start for proprietary Sun Java) CAN-2005-0835 (The SNMP service in the Belkin 54G (F5D7130) wireless router allows ...) @@ -3857,10 +3858,10 @@ NOTE: see http://bugs.gentoo.org/show_bug.cgi?id=90626 - gzip 1.3.5-10 CAN-2005-0757 (The xattr file system code, as backported in Red Hat Enterprise Linux ...) - - kernel-source-2.4.27 (unfixed; bug #311164) + - kernel-source-2.4.27 (unfixed; bug #311164; medium) CAN-2005-0756 (ptrace 2.6.8.1 does not properly verify addresses on the amd64 ...) - - kernel-source-2.6.8 (unfixed) - - kernel-source-2.6.11 2.6.11-7 + - kernel-source-2.6.8 (unfixed; medium) + - kernel-source-2.6.11 2.6.11-7 (medium) CAN-2005-0755 (Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player ...) - helix-player 1.0.4-1 CAN-2005-0754 (Kommander in KDE 3.2 through KDE 3.4.0 executes data files without ...) @@ -4093,10 +4094,10 @@ NOTE: not-for-us (Ipswitch Collaboration Suite) CAN-2005-0706 (Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a ...) NOTE: Sarge version does not install the module with the vulnerable code - - gnome-vfs2 2.10.1-4 - - grip 3.2.0-4 - - libcdaudio 0.99.9-2.1 - - gnome-vfs 1.0.5-5.1 + - gnome-vfs2 2.10.1-4 (low) + - grip 3.2.0-4 (low) + - libcdaudio 0.99.9-2.1 (low) + - gnome-vfs 1.0.5-5.1 (low) CAN-2005-0705 (The GPRS-LLC dissector in Ethereal 0.10.7 through 0.10.9, with the ...) - ethereal 0.10.10-1 CAN-2005-0704 (Buffer overflow in the Etheric dissector in Ethereal 0.10.7 through ...) @@ -4531,7 +4532,7 @@ CAN-2004-1736 (Cacti 0.8.5a allows remote attackers to gain sensitive information via ...) - cacti 0.8.5a-5 CAN-2004-1735 (Cross-site scripting (XSS) vulnerability in the create list option in ...) - - sympa (unfixed; bug #298105) + - sympa (unfixed; bug #298105; low) CAN-2004-1734 (PHP remote code injection vulnerability in Mantis 0.19.0a allows ...) - mantis 0.19.2-1 CAN-2004-1733 (Directory traversal vulnerability in MyDMS 1.4.2 and other versions ...) @@ -4867,8 +4868,8 @@ CAN-2005-0488 (Certain BSD-based Telnet clients, including those used on Solaris and ...) NOTE: netkit-telnet not affected TODO: check heimdal - - krb4 (unfixed) - - krb5 (unfixed) + - krb4 (unfixed; low) + - krb5 (unfixed; low) CAN-2004-1639 (Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows ...) NOTE: This is not a real security issue; it just describes the fact that the Gecko NOTE: engine of the Mozillae may be lead into a crash if you feed it with large chunks @@ -4921,7 +4922,7 @@ NOTE: not-for-us (Tonecast) CAN-2004-1617 (Lynx allows remote attackers to cause a denial of service (infinite ...) NOTE: This is fixed in lynx-cur, maybe a fix can be extracted from there - - lynx (unfixed; bug #296340) + - lynx (unfixed; bug #296340; medium) CAN-2004-1616 (Links allows remote attackers to cause a denial of service (memory ...) - links 0.99+1.00pre12-1 CAN-2004-1615 (Opera allows remote attackers to cause a denial of service (invalid ...) @@ -5271,7 +5272,7 @@ CAN-2005-0449 (The netfilter/iptables module in Linux before 2.6.8.1 allows remote ...) NOTE: According to Herbert Xu, 2.4 is not vulnerable : http://oss.sgi.com/archives/netdev/2005-01/msg01107.html NOTE: Seems to be stuck with the ABI bump / debian-installer problem - - kernel-source-2.6.8 (unfixed; bug #295949) + - kernel-source-2.6.8 (unfixed; bug #295949; high) CAN-2005-0448 (Race condition in the rmtree function in File::Path.pm in Perl before ...) {DSA-696-1} - perl 5.8.4-7 @@ -5361,7 +5362,7 @@ NOTE: not-for-us (Openconf) CAN-2005-0406 (A design flaw in image processing software that modifies JPEG images ...) TODO: check all softwares that modifies JPEG images in Debian... - - imagemagick (unfixed; bug #298051) + - imagemagick (unfixed; bug #298051; low) CAN-2005-0405 NOTE: reserved CAN-2005-0404 (KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email ...) @@ -5370,7 +5371,7 @@ NOTE: see http://www.securiteam.com/unixfocus/5GP0B0AFFE.html NOTE: see http://secunia.com/advisories/14925 NOTE: kde maintainers informed of it by security team - - kmail (unfixed; bug #305601) + - kmail (unfixed; bug #305601; medium) CAN-2005-0403 NOTE: reserved CAN-2005-0402 (Firefox before 1.0.2 allows remote attackers to execute arbitrary code ...) @@ -5477,7 +5478,7 @@ CAN-2005-0357 NOTE: reserved CAN-2005-0356 (Multiple TCP implementations with Protection Against Wrapped Sequence ...) - - kernel-source-2.6.8 (unfixed; bug #310804) + - kernel-source-2.6.8 (unfixed; bug #310804; medium) TODO: 2.4? CAN-2005-0355 NOTE: reserved @@ -5503,7 +5504,7 @@ NOTE: checked inetutils 2:1.4.2+20040207-4; not vulnerable and its tftpd is not shipped NOTE: atftp checks h_length NOTE: netkit-tftp not vulnerable - - tftpd-hpa (unfixed; bug #295297) + - tftpd-hpa (unfixed; bug #295297; low) CAN-2004-1484 (Format string vulnerability in the _msg function in error.c in socat ...) - socat 1.4.0.3-1 CAN-2004-1483 (Multiple unknown vulnerabilities in the ActiveX and HTML file browsers ...) @@ -7560,7 +7561,8 @@ {DSA-583-1} NOTE: lvmcreate_initrd not in debian CAN-2004-0971 (The krb5-send-pr script in the kerberos5 (krb5) package in Trustix ...) - - krb5 (unfixed; bug #278271; not shipped in binary package) + NOTE: not shipped in deb + - krb5 (unfixed; bug #278271; low) - arla 0.36.2-11 CAN-2004-0970 (The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package in ...) {DSA-588-1} @@ -8152,8 +8154,8 @@ NOTE: This has been fixed in mozilla-firefox 0.8 and mozilla 1.6, but recent NOTE: upstream versions became vulnerable again, see NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=296850 - - mozilla (unfixed) - - mozilla-firefox 1.0.4-3 + - mozilla (unfixed; medium) + - mozilla-firefox 1.0.4-3 (medium) CAN-2004-0717 (Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a ...) NOTE: not-for-us (opera 7.50) CAN-2004-0716 (Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper ...) @@ -8225,7 +8227,7 @@ NOTE: Matej Vela has checked that these are backported to lesstif1 as well - lesstif1-1 1:0.93.94-9 NOTE: openmotif is non-free - - openmotif (unfixed; bug #308819) + - openmotif (unfixed; bug #308819; low) CAN-2004-0686 (Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the ...) - samba 3.0.5 CAN-2004-0685 (Certain USB drivers in the Linux 2.4 kernel use the copy_to_user ...) From joeyh@costa.debian.org Mon Jun 20 04:42:08 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Mon, 20 Jun 2005 04:42:08 +0000 Subject: [Secure-testing-commits] r1246 - data Message-ID: Author: joeyh Date: 2005-06-20 04:42:08 +0000 (Mon, 20 Jun 2005) New Revision: 1246 Modified: data/checklist Log: make unknown urgencies yellow Modified: data/checklist =================================================================== --- data/checklist 2005-06-20 04:39:18 UTC (rev 1245) +++ data/checklist 2005-06-20 04:42:08 UTC (rev 1246) @@ -29,7 +29,7 @@ high => "#FF0000", medium => "#FF9999", low => "#FFFFFF", - unknown => "#FFFFFF" + unknown => "#FFFF00" ); my $unprop = my $unprop_all = my $unfixed = my $todos = 0; From joeyh@costa.debian.org Mon Jun 20 04:54:47 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Mon, 20 Jun 2005 04:54:47 +0000 Subject: [Secure-testing-commits] r1247 - data/CAN Message-ID: Author: joeyh Date: 2005-06-20 04:54:45 +0000 (Mon, 20 Jun 2005) New Revision: 1247 Modified: data/CAN/list Log: clean up rest of the unknowns, except reserved kernel holes Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-20 04:42:08 UTC (rev 1246) +++ data/CAN/list 2005-06-20 04:54:45 UTC (rev 1247) @@ -661,7 +661,7 @@ CAN-2005-1707 (The fn_show_postinst function in Gentoo webapp-config before 1.10-r14 ...) NOTE: not-for-us (Gentoo) CAN-2005-1706 (Unknown vulnerability in MailScanner 4.41.3 and earlier, related to ...) - - mailscanner (unfixed; bug #310774; unknown) + - mailscanner (unfixed; bug #310774; low) CAN-2005-1705 (gdb before 6.3 searches the current working directory to load the ...) - gdb 6.3-6 CAN-2005-1704 (Integer overflow in the Binary File Descriptor (BFD) library for gdb ...) @@ -2060,7 +2060,7 @@ CAN-2005-XXXX [eskuel: arbitrary file retreiving] - eskuel 1.0.5-3.1 (low) CAN-2005-XXXX [eskuel: No authentication at all] - - eskuel (unfixed; bug #163653) + - eskuel (unfixed; bug #163653; low) CAN-2005-XXXX [Buffer overflow in elog's header buffer] - elog 2.5.7+r1558-3 CAN-2005-XXXX [Unspeficied security issue in ipsec-tool's single DES support] @@ -2458,12 +2458,12 @@ CAN-2005-XXXX [Unspecified buffer overflow in Convert::UUlib perl module] - libconvert-uulib-perl 1.0.5.1-1 CAN-2005-1269 (Gaim before 1.3.1 allows remote attackers to cause a denial of service ...) - - gaim 1:1.3.1-1 + - gaim 1:1.3.1-1 (low) CAN-2005-1268 NOTE: reserved CAN-2005-1267 [tcpdump: DoS through endless loop in BGP decoder] NOTE: reserved - - tcpdump 3.9.0.cvs.20050614-1 + - tcpdump 3.9.0.cvs.20050614-1 (low) CAN-2005-1266 NOTE: reserved - spamassassin (unfixed; bug #314447; low) @@ -4369,7 +4369,7 @@ - lesstif1-1 1:0.93.94-11.3 - libxpm4 4.3.0.dfsg.1-13 NOTE: openmotif is non-free - - openmotif 2.2.3-1.1 + - openmotif 2.2.3-1.1 (low) CAN-2005-0604 (lnss.exe in GFI Languard Network Security Scanner 5.0 stores the ...) NOTE: not-for-us (GFI Languard Network Security Scanner) CAN-2005-0603 (viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to ...) @@ -5453,7 +5453,7 @@ CAN-2005-0372 (Directory traversal vulnerability in gftp 2.0.18 and earlier for GTK+ ...) {DSA-686-1} CAN-2005-0371 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and ...) - - armagetron (unfixed; bug #296840) + - armagetron (unfixed; bug #296840; low) CAN-2005-0370 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and ...) - armagetron 0.2.7.0-1 CAN-2005-0369 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 earlier ...) @@ -7703,7 +7703,7 @@ NOTE: but lesstif2 did get fixed for this hole.. - lesstif2 1_0.93.94-11.2 NOTE: openmotif is non-free - - openmotif 2.2.3-1.1 + - openmotif 2.2.3-1.1 (low) CAN-2004-0913 (Unknown vulnerability in ecartis 0.x before ...) {DSA-572-1} - squid 2.5.6-9 @@ -8221,7 +8221,7 @@ NOTE: Matej Vela has checked that these are backported to lesstif1 as well - lesstif1-1 1:0.93.94-9 NOTE: openmotif is non-free - - openmotif (unfixed; bug #308819) + - openmotif (unfixed; bug #308819; low) CAN-2004-0687 (Multiple stack-based buffer overflows in (1) xpmParseColors in ...) {DSA-561-1 DSA-560-1} NOTE: Matej Vela has checked that these are backported to lesstif1 as well From jmm-guest@costa.debian.org Mon Jun 20 10:33:21 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Mon, 20 Jun 2005 10:33:21 +0000 Subject: [Secure-testing-commits] r1248 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-20 10:33:13 +0000 (Mon, 20 Jun 2005) New Revision: 1248 Modified: data/CAN/list Log: new heimdal vulnerability. Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-20 04:54:45 UTC (rev 1247) +++ data/CAN/list 2005-06-20 10:33:13 UTC (rev 1248) @@ -1,3 +1,6 @@ +CAN-2005-XXXX [buffer overflow in heimdal's getterminaltype() function] + TODO: Check telnetd from netkit, krb4, krb5, as they all seem to be derived from the same BSD code base + - heimdal (unfixed; medium) CAN-2005-XXXX [Tor: Information leak through insufficient length verification of relay calls] - tor 0.0.9.10-1 (medium) CAN-2005-1975 (Multiple cross-site scripting (XSS) vulnerabilities in Annuaire 1Two ...) From jmm-guest@costa.debian.org Mon Jun 20 11:47:06 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Mon, 20 Jun 2005 11:47:06 +0000 Subject: [Secure-testing-commits] r1249 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-20 11:47:04 +0000 (Mon, 20 Jun 2005) New Revision: 1249 Modified: data/CAN/list Log: heimdal getterminaltype() buffer overflow bugnum Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-20 10:33:13 UTC (rev 1248) +++ data/CAN/list 2005-06-20 11:47:04 UTC (rev 1249) @@ -1,6 +1,6 @@ CAN-2005-XXXX [buffer overflow in heimdal's getterminaltype() function] TODO: Check telnetd from netkit, krb4, krb5, as they all seem to be derived from the same BSD code base - - heimdal (unfixed; medium) + - heimdal (unfixed; bug #315065; medium) CAN-2005-XXXX [Tor: Information leak through insufficient length verification of relay calls] - tor 0.0.9.10-1 (medium) CAN-2005-1975 (Multiple cross-site scripting (XSS) vulnerabilities in Annuaire 1Two ...) From jmm-guest@costa.debian.org Mon Jun 20 13:26:34 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Mon, 20 Jun 2005 13:26:34 +0000 Subject: [Secure-testing-commits] r1250 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-20 13:26:32 +0000 (Mon, 20 Jun 2005) New Revision: 1250 Modified: data/CAN/list Log: new ruby issue Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-20 11:47:04 UTC (rev 1249) +++ data/CAN/list 2005-06-20 13:26:32 UTC (rev 1250) @@ -1,3 +1,5 @@ +CAN-2005-XXXX [Arbitrary command execution in Ruby's XMLRPC code] + - ruby1.8 (unfixed; bug #315064; medium) CAN-2005-XXXX [buffer overflow in heimdal's getterminaltype() function] TODO: Check telnetd from netkit, krb4, krb5, as they all seem to be derived from the same BSD code base - heimdal (unfixed; bug #315065; medium) From jmm-guest@costa.debian.org Mon Jun 20 17:41:23 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Mon, 20 Jun 2005 17:41:23 +0000 Subject: [Secure-testing-commits] r1251 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-20 17:41:20 +0000 (Mon, 20 Jun 2005) New Revision: 1251 Modified: data/CAN/list Log: new sudo issue Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-20 13:26:32 UTC (rev 1250) +++ data/CAN/list 2005-06-20 17:41:20 UTC (rev 1251) @@ -1,3 +1,5 @@ +CAN-2005-XXXX [Race condition in sudo's pathname validation] + - sudo (unfixed; bug #315115; medium) CAN-2005-XXXX [Arbitrary command execution in Ruby's XMLRPC code] - ruby1.8 (unfixed; bug #315064; medium) CAN-2005-XXXX [buffer overflow in heimdal's getterminaltype() function] From jmm-guest@costa.debian.org Tue Jun 21 10:25:48 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Tue, 21 Jun 2005 10:25:48 +0000 Subject: [Secure-testing-commits] r1252 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-21 10:25:46 +0000 (Tue, 21 Jun 2005) New Revision: 1252 Modified: data/CAN/list Log: new trac issue Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-20 17:41:20 UTC (rev 1251) +++ data/CAN/list 2005-06-21 10:25:46 UTC (rev 1252) @@ -1,3 +1,5 @@ +CAN-2005-XXXX [File upload vulnerability in trac] + - trac 0.8.4-1 CAN-2005-XXXX [Race condition in sudo's pathname validation] - sudo (unfixed; bug #315115; medium) CAN-2005-XXXX [Arbitrary command execution in Ruby's XMLRPC code] From joeyh@costa.debian.org Tue Jun 21 15:54:31 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Tue, 21 Jun 2005 15:54:31 +0000 Subject: [Secure-testing-commits] r1253 - data/CAN Message-ID: Author: joeyh Date: 2005-06-21 15:54:28 +0000 (Tue, 21 Jun 2005) New Revision: 1253 Modified: data/CAN/list Log: backup-manager fixed; high severity hole Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-21 10:25:46 UTC (rev 1252) +++ data/CAN/list 2005-06-21 15:54:28 UTC (rev 1253) @@ -44,7 +44,7 @@ CAN-2005-1959 (jammail.pl in jamchen JamMail 1.8 allows remote attackers to execute ...) NOTE: not-for-us (JamMail) CAN-2005-1958 (Backup Manager 0.5.7 and earlier creates archives with insecure ...) - - backup-manager (unfixed; bug #308897) + - backup-manager 0.5.8-1 (high) CAN-2005-1957 (File Upload Manager does not properly check user authentication for ...) NOTE: not-for-us (File Upload Manager) CAN-2005-1956 (File Upload Manager allows remote attackers to upload arbitrary files ...) From jmm-guest@costa.debian.org Tue Jun 21 21:13:34 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Tue, 21 Jun 2005 21:13:34 +0000 Subject: [Secure-testing-commits] r1254 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-21 21:13:31 +0000 (Tue, 21 Jun 2005) New Revision: 1254 Modified: data/CAN/list Log: bugzilla fixed Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-21 15:54:28 UTC (rev 1253) +++ data/CAN/list 2005-06-21 21:13:31 UTC (rev 1254) @@ -1052,7 +1052,7 @@ CAN-2005-1566 (Acrowave AAP-3100AR wireless router allows remote attackers to bypass ...) NOTE: not-for-us (Acrowave AAP-3100AR wireless router) CAN-2005-1565 (Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is ...) - - bugzilla (unfixed; bug #308789; medium) + - bugzilla 2.18-7 (medium) NOTE: only affects sid CAN-2005-1564 (post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows ...) - bugzilla 2.16.7-7sarge1 From joeyh@costa.debian.org Wed Jun 22 21:14:23 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Wed, 22 Jun 2005 21:14:23 +0000 Subject: [Secure-testing-commits] r1255 - data/CAN Message-ID: Author: joeyh Date: 2005-06-22 21:14:20 +0000 (Wed, 22 Jun 2005) New Revision: 1255 Modified: data/CAN/list Log: automatic CAN database update Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-21 21:13:31 UTC (rev 1254) +++ data/CAN/list 2005-06-22 21:14:20 UTC (rev 1255) @@ -1,3 +1,427 @@ +CAN-2005-2044 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 ...) + TODO: check +CAN-2005-2043 (Directory traversal vulnerability in XAMPP before 1.4.14 allows remote ...) + TODO: check +CAN-2005-2042 (Cross-site scripting (XSS) vulnerability in ajax-spell before 1.8 ...) + TODO: check +CAN-2005-2041 (Buffer overflow in addschup in ViRobot 2.0 allows remote attackers to ...) + TODO: check +CAN-2005-2040 (Multiple buffer overflows in the getterminaltype function in telnetd ...) + TODO: check +CAN-2005-2039 (Unknown vulnerability in "various plugins" for NanoBlogger 3.2.1 and ...) + TODO: check +CAN-2005-2038 (Fortibus CMS 4.0.0 allows remote attackers to modify information of ...) + TODO: check +CAN-2005-2037 (Multiple SQL injection vulnerabilities in Fortibus CMS 4.0.0 allow ...) + TODO: check +CAN-2005-2036 (modifyUser.asp in Cool Cafe Chat 1.2.1 allows remote attackers to ...) + TODO: check +CAN-2005-2035 (SQL injection vulnerability in login.asp for Cool Cafe Chat 1.2.1 ...) + TODO: check +CAN-2005-2034 (Cross-site scripting (XSS) vulnerability in folderview.asp for ...) + TODO: check +CAN-2005-2033 (Directory traversal vulnerability in folderview.asp for BlueCollar ...) + TODO: check +CAN-2005-2032 (Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows ...) + TODO: check +CAN-2005-2031 (Multiple SQL injection vulnerabilities in socialMPN allow remote ...) + TODO: check +CAN-2005-2030 (Ultimate PHP Board (UPB) 1.9.6 GOLD uses weak encryption for passwords ...) + TODO: check +CAN-2005-2029 (amaroK Web Frontend 1.3 stores the globals.inc file under the web root ...) + TODO: check +CAN-2005-2028 (SQL injection vulnerability in index.php for MercuryBoard 1.1.4 and ...) + TODO: check +CAN-2005-2027 (Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 does ...) + TODO: check +CAN-2005-2026 (Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 has a ...) + TODO: check +CAN-2005-2025 (Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to ...) + TODO: check +CAN-2005-2024 (Vipul Razor Agents (razor-agents) before 2.70 allows remote attackers ...) + TODO: check +CAN-2005-2023 (Unknown vulnerability in gpg2 on SUSE Linux 9.3, when using S/MIME ...) + TODO: check +CAN-2005-2022 (Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch ...) + TODO: check +CAN-2005-2021 (Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier ...) + TODO: check +CAN-2005-2020 + NOTE: reserved +CAN-2005-2019 + NOTE: reserved +CAN-2005-2018 + NOTE: reserved +CAN-2005-2017 + NOTE: reserved +CAN-2005-2016 + NOTE: reserved +CAN-2005-2015 + NOTE: reserved +CAN-2005-2014 (The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote ...) + TODO: check +CAN-2005-2013 (paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive ...) + TODO: check +CAN-2005-2012 (Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 ...) + TODO: check +CAN-2005-2011 (Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0 Beta ...) + TODO: check +CAN-2005-2010 (Cross-site scripting (XSS) vulnerability in trackback.asp in Ublog ...) + TODO: check +CAN-2005-2009 (Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow ...) + TODO: check +CAN-2005-2008 (Yaws Webserver 1.55 and earlier allows remote attackers to obtain the ...) + TODO: check +CAN-2005-2007 (Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier ...) + TODO: check +CAN-2005-2006 (JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain ...) + TODO: check +CAN-2005-2005 (Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier stores the users.dat ...) + TODO: check +CAN-2005-2004 (Multiple cross-site scripting vulnerabilities in Ultimate PHP Board ...) + TODO: check +CAN-2005-2003 (Ultimate PHP Board (UPB) 1.9.6 GOLD allows remote attackers to obtain ...) + TODO: check +CAN-2005-2002 (SQL injection vulnerability in content.php in Mambo 4.5.2.2 and ...) + TODO: check +CAN-2005-2001 (Directory traversal vulnerability in pafiledb.php in paFileDB 3.1 and ...) + TODO: check +CAN-2005-2000 (Multiple SQL injection vulnerabilities in paFileDB 3.1 and earlier ...) + TODO: check +CAN-2005-1999 (Multiple cross-site scripting (XSS) vulnerabilities in pafiledb.php in ...) + TODO: check +CAN-2005-1998 (Directory traversal vulnerability in admin.php in McGallery 1.1 allows ...) + TODO: check +CAN-2005-1997 (show.php in McGallery 1.1 allows remote attackers to connect to ...) + TODO: check +CAN-2005-1996 (PHP remote code injection vulnerability in start.php in Bitrix Site ...) + TODO: check +CAN-2005-1995 (Bitrix Site Manager 4.0.x allows remote attackers to obtain sensitive ...) + TODO: check +CAN-2005-1994 (Finjan SurfinGate 7.0SP2 and SP3 allows remote attackers to download ...) + TODO: check +CAN-2005-1993 (Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL ...) + TODO: check +CAN-2005-1992 (The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets ...) + TODO: check +CAN-2005-1991 + NOTE: reserved +CAN-2005-1990 + NOTE: reserved +CAN-2005-1989 + NOTE: reserved +CAN-2005-1988 + NOTE: reserved +CAN-2005-1987 + NOTE: reserved +CAN-2005-1986 + NOTE: reserved +CAN-2005-1985 + NOTE: reserved +CAN-2005-1984 + NOTE: reserved +CAN-2005-1983 + NOTE: reserved +CAN-2005-1982 + NOTE: reserved +CAN-2005-1981 + NOTE: reserved +CAN-2005-1980 + NOTE: reserved +CAN-2005-1979 + NOTE: reserved +CAN-2005-1978 + NOTE: reserved +CAN-2005-1977 + NOTE: reserved +CAN-2005-1976 + NOTE: reserved +CAN-2002-1782 (The default configuration of University of Washington IMAP daemon ...) + TODO: check +CAN-2002-1781 (Multiple buffer overflows in DeleGate 7.7.0 through 7.8.1 allow remote ...) + TODO: check +CAN-2002-1780 (BPM Studio Pro 4.2 by ALCATech GmbH includes a webserver that allows a ...) + TODO: check +CAN-2002-1779 (The "block fragmented IP Packets" option in Symantec Norton Personal ...) + TODO: check +CAN-2002-1778 (Symantec Norton Personal Firewall 2002 allows remote attackers to ...) + TODO: check +CAN-2002-1777 (** DISPUTED ** ...) + TODO: check +CAN-2002-1776 (** DISPUTED ** ...) + TODO: check +CAN-2002-1775 (** DISPUTED ** ...) + TODO: check +CAN-2002-1774 (** DISPUTED ** ...) + TODO: check +CAN-2002-1773 (Buffer overflow in ICQ 2.6x for MacOS X 10.0 through 10.1.2 allows ...) + TODO: check +CAN-2002-1772 (Novell Netware 5.0 through 5.1 may allow local users to gain "Domain ...) + TODO: check +CAN-2002-1771 (Matt Wright FormMail 1.9 and earlier allows remote attackers to send ...) + TODO: check +CAN-2002-1770 (Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary code ...) + TODO: check +CAN-2002-1769 (Microsoft Site Server 3.0 prior to SP4 installs a default user, ...) + TODO: check +CAN-2002-1768 (Cisco IOS 11.1 through 12.2, when HSRP support is not enabled, allows ...) + TODO: check +CAN-2002-1767 (Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5 for ...) + TODO: check +CAN-2002-1766 (Buffer overflow in Composer in Netscape 4.77 allows local users to ...) + TODO: check +CAN-2002-1765 (Evolution 1.0.3 and 1.0.4 allows remote attackers to cause a denial of ...) + TODO: check +CAN-2002-1764 (acroread in Adobe Acrobat Reader 4.05 on Linux allows local users to ...) + TODO: check +CAN-2002-1763 (The dtscreen Sun Solaris 8 CDE screensaver crashes when the "Shift" ...) + TODO: check +CAN-2002-1762 (Microsoft Baseline Security Analyzer (MBSA) 1.0 stores security scans ...) + TODO: check +CAN-2002-1761 (Directory traversal vulnerability in PHProjekt 2.0 through 3.1 allows ...) + TODO: check +CAN-2002-1760 (Multiple SQL injection vulnerabilities in PHProjekt 2.0 through 3.1 ...) + TODO: check +CAN-2002-1759 (The upload function in PHPProjekt 2.0 through 3.1 does not properly ...) + TODO: check +CAN-2002-1758 (PHProjekt 2.0 through 3.1 allows remote attackers to view or modify ...) + TODO: check +CAN-2002-1757 (PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for ...) + TODO: check +CAN-2002-1756 (ACDSee 4.0 allows remote attackers to cause a denial of service ...) + TODO: check +CAN-2002-1755 (tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, ...) + TODO: check +CAN-2002-1754 (Buffer overflow in Novell NetWare Client 4.80 through 4.83 allows ...) + TODO: check +CAN-2002-1753 (csNewsPro.cgi in CGIScript.net csNews Professional (csNewsPro) allows ...) + TODO: check +CAN-2002-1752 (csChatRBox.cgi in CGIScript.net csChat-R-Box allows remote attackers ...) + TODO: check +CAN-2002-1751 (csLiveSupport.cgi in CGIScript.net csLiveSupport allows remote ...) + TODO: check +CAN-2002-1750 (csGuestbook.cgi in CGISCRIPT.NET csGuestbook 1.0 allows remote ...) + TODO: check +CAN-2002-1749 (Windows 2000 Terminal Services, when using the disconnect feature of ...) + TODO: check +CAN-2002-1748 (Unknown vulnerability in Slash 2.1.x and 2.2 through 2.2.2, as used in ...) + TODO: check +CAN-2002-1747 (Vtun 2.5b1 does not authenticate forwarded packets, which allows ...) + TODO: check +CAN-2002-1746 (Vtun 2.5b1 allows remote attackers to inject data into user sessions ...) + TODO: check +CAN-2002-1745 (Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS ...) + TODO: check +CAN-2002-1744 (Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 ...) + TODO: check +CAN-2002-1743 (AOL ICQ 2002a Build 3722 allows remote attackers to cause a denial of ...) + TODO: check +CAN-2002-1742 (SOAP::Lite 0.50 through 0.52 allows remote attackers to load arbitrary ...) + TODO: check +CAN-2002-1741 (Directory traversal vulnerability in WorldClient.cgi in WorldClient ...) + TODO: check +CAN-2002-1740 (Buffer overflow in WorldClient.cgi in WorldClient in Alt-N ...) + TODO: check +CAN-2002-1739 (Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption ...) + TODO: check +CAN-2002-1738 (Alt-N Technologies MDaemon 5.0.5.0 and earlier creates a default ...) + TODO: check +CAN-2002-1737 (Astaro Security Linux 2.016 creates world-writable files and ...) + TODO: check +CAN-2002-1736 (Unknown vulnerability in CGINews before 1.06 allow remote attackers to ...) + TODO: check +CAN-2002-1735 (Buffer overflow in dlogin 1.0a could allow local users to gain ...) + TODO: check +CAN-2002-1734 (NewsPro 1.01 allows remote attackers to gain unauthorized ...) + TODO: check +CAN-2002-1733 (Cross-site scripting (XSS) vulnerability in the web-based message ...) + TODO: check +CAN-2002-1732 (Multiple cross-site scripting (XSS) vulnerabilities in Actinic Catalog ...) + TODO: check +CAN-2002-1731 (The System Request menu in IBM AS/400 allows local users to list valid ...) + TODO: check +CAN-2002-1730 (ASPjar Guestbook 1.00 allows remote attackers to delete arbitrary ...) + TODO: check +CAN-2002-1729 (Cross-site scripting vulnerability (XSS) in ASPjar Guestbook 1.00 ...) + TODO: check +CAN-2002-1728 (askSam Web Publisher 1.0 and 4.0 allows remote attackers to determine ...) + TODO: check +CAN-2002-1727 (Cross-site scripting vulnerability (XSS) in (1) as_web.exe and (2) ...) + TODO: check +CAN-2002-1726 (secure_inc.php in PhotoDB 1.4 allows remote attackers to bypass ...) + TODO: check +CAN-2002-1725 (phpimageview.php in PHPImageView 1.0 allows remote attackers to obtain ...) + TODO: check +CAN-2002-1724 (Cross-site scripting vulnerability (XSS) in phpimageview.php for ...) + TODO: check +CAN-2002-1723 (Powerboards 2.2b allows remote attackers to view the full path to the ...) + TODO: check +CAN-2002-1722 (Logitech iTouch keyboards allows attackers with physical access to the ...) + TODO: check +CAN-2002-1721 (Off-by-one error in alterMIME 0.1.10 and 0.1.11 allows remote ...) + TODO: check +CAN-2002-1720 (SQL injection vulnerability in Spooky Login 2.0 through 2.5 allows ...) + TODO: check +CAN-2002-1719 (Unknown vulnerability in Bavo 0.3 allows remote attackers to modify ...) + TODO: check +CAN-2002-1718 (Microsoft Internet Information Server (IIS) 5.1 may allow remote ...) + TODO: check +CAN-2002-1717 (Microsoft Internet Information Server (IIS) 5.1 allows remote ...) + TODO: check +CAN-2002-1716 (The Host() function in the Microsoft spreadsheet component on ...) + TODO: check +CAN-2002-1715 (SSH 1 through 3, and possibly other versions, allows local users to ...) + TODO: check +CAN-2002-1714 (Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to ...) + TODO: check +CAN-2002-1713 (The Standard security setting for Mandrake-Security package (msec) in ...) + TODO: check +CAN-2002-1712 (Microsoft Windows 2000 allows remote attackers to cause a denial of ...) + TODO: check +CAN-2002-1711 (BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX ...) + TODO: check +CAN-2002-1710 (The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 ...) + TODO: check +CAN-2002-1709 (SQL injection vulnerability in BasiliX Webmail 1.10 allows remote ...) + TODO: check +CAN-2002-1708 (Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 ...) + TODO: check +CAN-2002-1707 (install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and ...) + TODO: check +CAN-2002-1706 (Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and ...) + TODO: check +CAN-2002-1705 (Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to ...) + TODO: check +CAN-2002-1704 (Zeroboard 4.1, when the "allow_url_fopen" and "register_globals" ...) + TODO: check +CAN-2002-1703 (Cross-site scripting vulnerability (XSS) in auction.cgi for Mewsoft ...) + TODO: check +CAN-2002-1702 (Cross-site scripting vulnerability (XSS) in DeltaScripts PHP ...) + TODO: check +CAN-2002-1700 (Cross-site scripting vulnerability (XSS) in the missing template ...) + TODO: check +CAN-2002-1699 (SQL injection vulnerability in ASP Client Check (ASPCC) 1.3 and 1.5 ...) + TODO: check +CAN-2002-1698 (Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 ...) + TODO: check +CAN-2002-1697 (Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak ...) + TODO: check +CAN-2002-1696 (Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently ...) + TODO: check +CAN-2002-1695 (Norton Internet Security 2001 opens log files with FILE_SHARE_READ and ...) + TODO: check +CAN-2002-1694 (Microsoft Internet Information Server (IIS) 4.0 opens log files with ...) + TODO: check +CAN-2002-1692 (Buffer overflow in backup utility of Microsoft Windows 95 allows ...) + TODO: check +CAN-2002-1691 (Alcatel OmniPCX 4400 installs known user accounts and passwords in the ...) + TODO: check +CAN-2002-1690 (Unknown vulnerability in AIX before 4.0 with unknown attack vectors ...) + TODO: check +CAN-2002-1689 (Unknown vulnerability in the login program on AIX before 4.0 could ...) + TODO: check +CAN-2002-1688 (The browser history feature in Microsoft Internet Explorer 5.5 through ...) + TODO: check +CAN-2002-1687 (Buffer overflow in the diagnostics library in AIX allows local users ...) + TODO: check +CAN-2002-1686 (Buffer overflow in lscfg of unknown versions of AIX has unknown ...) + TODO: check +CAN-2002-1685 (Cross-site scripting vulnerability (XSS) in BadBlue Enterprise Edition ...) + TODO: check +CAN-2002-1684 (Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2) ...) + TODO: check +CAN-2002-1683 (Cross-site scripting (XSS) vulnerability in BadBlue Personal Edition ...) + TODO: check +CAN-2002-1682 (NewsReactor 1.0 uses a weak encryption scheme, which could allow local ...) + TODO: check +CAN-2002-1681 (Cross-site scripting (XSS) vulnerability in Slashcode CVS releases ...) + TODO: check +CAN-2002-1680 (Cross-site scripting (XSS) vulnerability in CGI Online Worldweb ...) + TODO: check +CAN-2002-1679 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 2.2.0 ...) + TODO: check +CAN-2002-1678 (Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft ...) + TODO: check +CAN-2002-1677 (14all.cgi 1.1p15 in mrtgconfig allows remote attackers to determine ...) + TODO: check +CAN-2002-1676 (BindView NetInventory 1.0, when used with NetRC 1.0, allows local ...) + TODO: check +CAN-2002-1675 (Format string vulnerability in the Cio_PrintF function of cio_main.c ...) + TODO: check +CAN-2002-1674 (procfs on FreeBSD before 4.5 allows local users to cause a denial of ...) + TODO: check +CAN-2002-1673 (The web interface for Webmin 0.92 does not properly quote or filter ...) + TODO: check +CAN-2002-1672 (Webmin 0.92, when installed from an RPM, creates /var/webmin with ...) + TODO: check +CAN-2002-1671 (Microsoft Internet Explorer 5.0, 5.01, and 5.5 allows remote attackers ...) + TODO: check +CAN-2002-1670 (Microsoft Windows XP Professional upgrade edition overwrites ...) + TODO: check +CAN-2002-1669 (pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with ...) + TODO: check +CAN-2002-1668 (HP-UX 11.11 and earlier allows local users to cause a denial of ...) + TODO: check +CAN-2002-1667 (The virtual memory management system in FreeBSD 4.5-RELEASE and ...) + TODO: check +CAN-2002-1666 (Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 ...) + TODO: check +CAN-2001-1506 (Unknown vulnerability in the file system protection subsystem in HP ...) + TODO: check +CAN-2001-1505 (tinc 1.0pre3 and 1.0pre4 allows remote attackers to inject data into ...) + TODO: check +CAN-2001-1504 (Lotus Notes R5 Client 4.6 allows remote attackers to execute arbitrary ...) + TODO: check +CAN-2001-1503 (The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS ...) + TODO: check +CAN-2001-1502 (webcart.cgi in Mountain Network Systems WebCart 8.4 allows remote ...) + TODO: check +CAN-2001-1501 (The glob functionality in ProFTPD 1.2.1, and possibly other versions ...) + TODO: check +CAN-2001-1500 (ProFTPD 1.2.2rc2, and possibly other versions, does not properly ...) + TODO: check +CAN-2001-1499 (Check Point VPN-1 4.1SP4 using SecuRemote returns different error ...) + TODO: check +CAN-2001-1498 (Buffer overflow in mod_bf 0.2 allows local users execute arbitrary ...) + TODO: check +CAN-2001-1497 (Microsoft Internet Explorer 4.0 through 6.0 could allow local users to ...) + TODO: check +CAN-2001-1496 (Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd ...) + TODO: check +CAN-2001-1495 (network_query.php in Network Query Tool 1.0 allows remote attackers ...) + TODO: check +CAN-2001-1494 (script command in the util-linux package before 2.11n allows local ...) + TODO: check +CAN-2001-1492 ( ...) + TODO: check +CAN-2001-1491 (Opera 5.11 allows remote attackers to cause a denial of service (CPU ...) + TODO: check +CAN-2001-1490 (Mozilla 0.9.6 allows remote attackers to cause a denial of service ...) + TODO: check +CAN-2001-1489 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...) + TODO: check +CAN-2001-1488 (Open Projects Network Internet Relay Chat (IRC) daemon u2.10.05.18 ...) + TODO: check +CAN-2001-1487 (popauth utility in Qualcomm Qpopper 4.0 and earlier allows local users ...) + TODO: check +CAN-2001-1484 (Alcatel ADSL modems allow remote attackers to access the Trivial File ...) + TODO: check +CAN-2001-1483 (One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows ...) + TODO: check +CAN-2001-1482 (SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 ...) + TODO: check +CAN-2001-1481 (Xitami 2.4 through 2.5 b4 stores the Administrator password in ...) + TODO: check +CAN-2001-1480 (Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows ...) + TODO: check +CAN-2001-1479 (smcboot in Sun SMC (Sun Management Center) 2.0 in Solaris 8 allows ...) + TODO: check +CAN-2001-1478 (Buffer overflow in xlock in UnixWare 7.1.0 and 7.1.1 and Open Unix ...) + TODO: check +CAN-2000-1226 (Snort 1.6, when running in straight ASCII packet logging mode or IDS ...) + TODO: check +CAN-2000-1225 (Xitami 2.5b installs the testcgi.exe program by default in the cgi-bin ...) + TODO: check CAN-2005-XXXX [File upload vulnerability in trac] - trac 0.8.4-1 CAN-2005-XXXX [Race condition in sudo's pathname validation] @@ -436,8 +860,7 @@ NOTE: not-for-us (HPUX) CAN-2005-1770 (Buffer overflow in the Aavmker4 device driver in Avast! Antivirus 4.6 ...) NOTE: not-for-us (Avast) -CAN-2005-1769 [Multiple Cross Site Scripting vulnerabilities in Squirrelmail] - NOTE: reserved +CAN-2005-1769 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...) - squirrelmail (unfixed; bug #314374; low) CAN-2005-1768 NOTE: reserved @@ -622,8 +1045,8 @@ NOTE: reserved CAN-2005-1730 NOTE: reserved -CAN-2005-1729 - NOTE: reserved +CAN-2005-1729 (Novell eDirectory 8.7.3 allows remote attackers to cause a denial of ...) + TODO: check CAN-2005-1728 (MCX Client for Apple Mac OS X 10.4.x up to 10.4.1 insecurely logs ...) NOTE: not-for-us (Apple) CAN-2005-1727 (Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and ...) @@ -747,8 +1170,8 @@ NOTE: not-for-us (Yahoo Messenger) CAN-2005-1670 (Unknown vulnerability in Extreme BlackDiamond 10808 and 8800 switches ...) NOTE: not-for-us (Extreme BlackDiamond hardware) -CAN-2005-1669 - NOTE: reserved +CAN-2005-1669 (Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 ...) + TODO: check CAN-2005-1668 (YusASP Web Asset Manager 1.0 allows remote attackers to gain ...) NOTE: not-for-us (YusASP Web Asset Manager) CAN-2005-1667 (DataTrac Activity Console 1.1 allows remote attackers to cause a ...) @@ -1979,8 +2402,8 @@ CAN-2005-1476 (Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript ...) - mozilla-firefox 1.0.4-1 TODO: check mozilla too -CAN-2005-1475 - NOTE: reserved +CAN-2005-1475 (The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote ...) + TODO: check CAN-2005-1474 (Dashboard in Apple Mac OS X 10.4.1 allows remote attackers to install ...) NOTE: not-for-us (Apple) CAN-2005-1473 (SecurityAgent in Apple Mac OS X 10.4.1 allows attackers with physical ...) @@ -2230,13 +2653,13 @@ NOTE: not-for-us (Mandrake specific packaging flaw) CAN-2005-1378 (SQL injection vulnerability in posting_notes.php in the notes module ...) NOTE: not-for-us (phpbb mod) -CAN-2005-1377 (Multiple PHP remote code injection vulnerabilities in Claroline 1.5.3 ...) +CAN-2005-1377 (Multiple PHP remote code injection vulnerabilities in Claroline (aka ...) NOTE: not-for-us (Claroline) CAN-2005-1376 (Multiple directory traversal vulnerabilities in (1) document.php or ...) NOTE: not-for-us (Claroline) -CAN-2005-1375 (Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 ...) +CAN-2005-1375 (Multiple SQL injection vulnerabilities in Claroline (aka Dokeos) 1.5.3 ...) NOTE: not-for-us (Claroline) -CAN-2005-1374 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 ...) +CAN-2005-1374 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline (aka ...) NOTE: not-for-us (Claroline) CAN-2005-1373 (Multiple SQL injection vulnerabilities in index.php in Dream4 Koobi ...) NOTE: not-for-us (Koobi CMS) @@ -2299,7 +2722,7 @@ - libconvert-uulib-perl 1.0.5.1 CAN-2005-1348 (Buffer overflow in HTTPMail in MailEnable Enterprise 1.04 and earlier ...) NOTE: not-for-us (MailEnable) -CAN-2005-1347 (Adobe Acrobat reader (AcroRd32.exe) 6.0 and earlier allows remote ...) +CAN-2005-1347 (** UNVERIFIABLE ** ...) NOTE: not-for-us (acrobat) CAN-2005-1346 (Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 ...) NOTE: not-for-us (Symantec) @@ -2385,8 +2808,7 @@ NOTE: upstream says attack won't work, see bug 307575 CAN-2005-1307 (stopserver.sh in Adobe Version Cue on Mac OS X allows local users to ...) NOTE: not-for-us (Adobe Version Cue) -CAN-2005-1306 [Information leak through XML external entities in Adobe Reader 7] - NOTE: reserved +CAN-2005-1306 (The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 ...) NOTE: not-for-us (Adobe Reader 7) CAN-2005-1305 (The hyper.cgi script allows remote attackers to read arbitrary files ...) NOTE: not-for-us (hyper.cgi) @@ -2470,8 +2892,7 @@ - gaim 1:1.3.1-1 (low) CAN-2005-1268 NOTE: reserved -CAN-2005-1267 [tcpdump: DoS through endless loop in BGP decoder] - NOTE: reserved +CAN-2005-1267 (The bgp_update_print function in tcpdump 3.x does not properly handle ...) - tcpdump 3.9.0.cvs.20050614-1 (low) CAN-2005-1266 NOTE: reserved From jmm-guest@costa.debian.org Wed Jun 22 23:21:56 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Wed, 22 Jun 2005 23:21:56 +0000 Subject: [Secure-testing-commits] r1256 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-22 23:21:53 +0000 (Wed, 22 Jun 2005) New Revision: 1256 Modified: data/CAN/list Log: claim Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-22 21:14:20 UTC (rev 1255) +++ data/CAN/list 2005-06-22 23:21:53 UTC (rev 1256) @@ -278,6 +278,7 @@ TODO: check CAN-2002-1712 (Microsoft Windows 2000 allows remote attackers to cause a denial of ...) TODO: check +begin claimed by jmm CAN-2002-1711 (BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX ...) TODO: check CAN-2002-1710 (The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 ...) @@ -422,6 +423,7 @@ TODO: check CAN-2000-1225 (Xitami 2.5b installs the testcgi.exe program by default in the cgi-bin ...) TODO: check +end claimed by jmm CAN-2005-XXXX [File upload vulnerability in trac] - trac 0.8.4-1 CAN-2005-XXXX [Race condition in sudo's pathname validation] From jmm-guest@costa.debian.org Wed Jun 22 23:49:00 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Wed, 22 Jun 2005 23:49:00 +0000 Subject: [Secure-testing-commits] r1257 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-22 23:48:58 +0000 (Wed, 22 Jun 2005) New Revision: 1257 Modified: data/CAN/list Log: lots of not-for-us and issues fixed for long. unclaim the rest of the legacy ones for now and claim a block of the fresh ones instead. Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-22 23:21:53 UTC (rev 1256) +++ data/CAN/list 2005-06-22 23:48:58 UTC (rev 1257) @@ -1,3 +1,4 @@ +begin claimed by jmm CAN-2005-2044 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 ...) TODO: check CAN-2005-2043 (Directory traversal vulnerability in XAMPP before 1.4.14 allows remote ...) @@ -46,6 +47,7 @@ TODO: check CAN-2005-2021 (Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier ...) TODO: check +end claimed by jmm CAN-2005-2020 NOTE: reserved CAN-2005-2019 @@ -278,19 +280,18 @@ TODO: check CAN-2002-1712 (Microsoft Windows 2000 allows remote attackers to cause a denial of ...) TODO: check -begin claimed by jmm CAN-2002-1711 (BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX ...) - TODO: check + NOTE: not-for-us (BasiliX) CAN-2002-1710 (The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 ...) - TODO: check + NOTE: not-for-us (BasiliX) CAN-2002-1709 (SQL injection vulnerability in BasiliX Webmail 1.10 allows remote ...) - TODO: check + NOTE: not-for-us (BasiliX) CAN-2002-1708 (Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 ...) - TODO: check + NOTE: not-for-us (BasiliX) CAN-2002-1707 (install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and ...) - TODO: check + - phpbb2 2.0.6c-1 CAN-2002-1706 (Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and ...) - TODO: check + NOTE: not-for-us (Cisco) CAN-2002-1705 (Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to ...) TODO: check CAN-2002-1704 (Zeroboard 4.1, when the "allow_url_fopen" and "register_globals" ...) @@ -304,29 +305,29 @@ CAN-2002-1699 (SQL injection vulnerability in ASP Client Check (ASPCC) 1.3 and 1.5 ...) TODO: check CAN-2002-1698 (Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2002-1697 (Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak ...) TODO: check CAN-2002-1696 (Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently ...) - TODO: check + NOTE: not-for-us (Microsoft Outlook plugin) CAN-2002-1695 (Norton Internet Security 2001 opens log files with FILE_SHARE_READ and ...) - TODO: check + NOTE: not-for-us (Norton) CAN-2002-1694 (Microsoft Internet Information Server (IIS) 4.0 opens log files with ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2002-1692 (Buffer overflow in backup utility of Microsoft Windows 95 allows ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2002-1691 (Alcatel OmniPCX 4400 installs known user accounts and passwords in the ...) - TODO: check + NOTE: not-for-us (Alcatel hardware issue) CAN-2002-1690 (Unknown vulnerability in AIX before 4.0 with unknown attack vectors ...) - TODO: check + NOTE: not-for-us (AIX) CAN-2002-1689 (Unknown vulnerability in the login program on AIX before 4.0 could ...) - TODO: check + NOTE: not-for-us (AIX) CAN-2002-1688 (The browser history feature in Microsoft Internet Explorer 5.5 through ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2002-1687 (Buffer overflow in the diagnostics library in AIX allows local users ...) - TODO: check + NOTE: not-for-us (AIX) CAN-2002-1686 (Buffer overflow in lscfg of unknown versions of AIX has unknown ...) - TODO: check + NOTE: not-for-us (AIX) CAN-2002-1685 (Cross-site scripting vulnerability (XSS) in BadBlue Enterprise Edition ...) TODO: check CAN-2002-1684 (Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2) ...) @@ -350,31 +351,33 @@ CAN-2002-1675 (Format string vulnerability in the Cio_PrintF function of cio_main.c ...) TODO: check CAN-2002-1674 (procfs on FreeBSD before 4.5 allows local users to cause a denial of ...) - TODO: check + NOTE: kfreebsd use a much more recent version of the freebsd kernel + NOTE: not-for-us (FreeBSD) CAN-2002-1673 (The web interface for Webmin 0.92 does not properly quote or filter ...) TODO: check CAN-2002-1672 (Webmin 0.92, when installed from an RPM, creates /var/webmin with ...) TODO: check CAN-2002-1671 (Microsoft Internet Explorer 5.0, 5.01, and 5.5 allows remote attackers ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2002-1670 (Microsoft Windows XP Professional upgrade edition overwrites ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2002-1669 (pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with ...) - TODO: check + NOTE: not-for-us (FreeBSD) CAN-2002-1668 (HP-UX 11.11 and earlier allows local users to cause a denial of ...) - TODO: check + NOTE: not-for-us (HP-UX) CAN-2002-1667 (The virtual memory management system in FreeBSD 4.5-RELEASE and ...) - TODO: check + NOTE: kfreebsd use a much more recent version of the freebsd kernel + NOTE: not-for-us (FreeBSD) CAN-2002-1666 (Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 ...) - TODO: check + NOTE: not-for-us (Oracle) CAN-2001-1506 (Unknown vulnerability in the file system protection subsystem in HP ...) TODO: check CAN-2001-1505 (tinc 1.0pre3 and 1.0pre4 allows remote attackers to inject data into ...) - TODO: check + - tinc 1.0pre5-1 CAN-2001-1504 (Lotus Notes R5 Client 4.6 allows remote attackers to execute arbitrary ...) - TODO: check + NOTE: not-for-us (Lotus Notes) CAN-2001-1503 (The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS ...) - TODO: check + NOTE: not-for-us (Sun) CAN-2001-1502 (webcart.cgi in Mountain Network Systems WebCart 8.4 allows remote ...) TODO: check CAN-2001-1501 (The glob functionality in ProFTPD 1.2.1, and possibly other versions ...) @@ -382,48 +385,47 @@ CAN-2001-1500 (ProFTPD 1.2.2rc2, and possibly other versions, does not properly ...) TODO: check CAN-2001-1499 (Check Point VPN-1 4.1SP4 using SecuRemote returns different error ...) - TODO: check + NOTE: not-for-us (Check Point) CAN-2001-1498 (Buffer overflow in mod_bf 0.2 allows local users execute arbitrary ...) - TODO: check + NOTE: not-for-us (mod_bf) CAN-2001-1497 (Microsoft Internet Explorer 4.0 through 6.0 could allow local users to ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2001-1496 (Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd ...) TODO: check CAN-2001-1495 (network_query.php in Network Query Tool 1.0 allows remote attackers ...) TODO: check CAN-2001-1494 (script command in the util-linux package before 2.11n allows local ...) - TODO: check + - util-linux 2.11n-1 CAN-2001-1492 ( ...) TODO: check CAN-2001-1491 (Opera 5.11 allows remote attackers to cause a denial of service (CPU ...) - TODO: check + NOTE: not-for-us (Opera) CAN-2001-1490 (Mozilla 0.9.6 allows remote attackers to cause a denial of service ...) TODO: check CAN-2001-1489 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2001-1488 (Open Projects Network Internet Relay Chat (IRC) daemon u2.10.05.18 ...) - TODO: check + NOTE: not-for-us (Open Projects ircd) CAN-2001-1487 (popauth utility in Qualcomm Qpopper 4.0 and earlier allows local users ...) TODO: check CAN-2001-1484 (Alcatel ADSL modems allow remote attackers to access the Trivial File ...) - TODO: check + NOTE: not-for-us (Alcatel hardware issue) CAN-2001-1483 (One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows ...) TODO: check CAN-2001-1482 (SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 ...) - TODO: check + NOTE: phpbb was initially uploaded as version 2 or phpbb has been removed now CAN-2001-1481 (Xitami 2.4 through 2.5 b4 stores the Administrator password in ...) - TODO: check + NOTE: not-for-us (Xitami) CAN-2001-1480 (Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows ...) - TODO: check + NOTE: not-for-us (Sun Java) CAN-2001-1479 (smcboot in Sun SMC (Sun Management Center) 2.0 in Solaris 8 allows ...) - TODO: check + NOTE: not-for-us (Sun) CAN-2001-1478 (Buffer overflow in xlock in UnixWare 7.1.0 and 7.1.1 and Open Unix ...) - TODO: check + NOTE: not-for-us (UnixWare) CAN-2000-1226 (Snort 1.6, when running in straight ASCII packet logging mode or IDS ...) - TODO: check + - snort 1.6.1-1 CAN-2000-1225 (Xitami 2.5b installs the testcgi.exe program by default in the cgi-bin ...) - TODO: check -end claimed by jmm + NOTE: not-for-us (Xitami) CAN-2005-XXXX [File upload vulnerability in trac] - trac 0.8.4-1 CAN-2005-XXXX [Race condition in sudo's pathname validation] From jmm-guest@costa.debian.org Thu Jun 23 00:08:28 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Thu, 23 Jun 2005 00:08:28 +0000 Subject: [Secure-testing-commits] r1258 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-23 00:08:26 +0000 (Thu, 23 Jun 2005) New Revision: 1258 Modified: data/CAN/list Log: new nanoblogger issue canified heimdal-telnet lots of not-for-us claim new Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-22 23:48:58 UTC (rev 1257) +++ data/CAN/list 2005-06-23 00:08:26 UTC (rev 1258) @@ -1,53 +1,52 @@ -begin claimed by jmm CAN-2005-2044 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 ...) - TODO: check + NOTE: not-for-us (ATutor) CAN-2005-2043 (Directory traversal vulnerability in XAMPP before 1.4.14 allows remote ...) - TODO: check + NOTE: not-for-us (XAMPP) CAN-2005-2042 (Cross-site scripting (XSS) vulnerability in ajax-spell before 1.8 ...) - TODO: check + NOTE: not-for-us (ajax-spell) CAN-2005-2041 (Buffer overflow in addschup in ViRobot 2.0 allows remote attackers to ...) - TODO: check + NOTE: not-for-us (ViRobot) CAN-2005-2040 (Multiple buffer overflows in the getterminaltype function in telnetd ...) - TODO: check + TODO: Check telnetd from netkit, krb4, krb5, as they all seem to be derived from the same BSD code base + - heimdal (unfixed; bug #315065; medium) CAN-2005-2039 (Unknown vulnerability in "various plugins" for NanoBlogger 3.2.1 and ...) - TODO: check + - nanoblogger (unfixed; bug pending) CAN-2005-2038 (Fortibus CMS 4.0.0 allows remote attackers to modify information of ...) - TODO: check + NOTE: not-for-us (Fortibus CMS) CAN-2005-2037 (Multiple SQL injection vulnerabilities in Fortibus CMS 4.0.0 allow ...) - TODO: check + NOTE: not-for-us (Fortibus CMS) CAN-2005-2036 (modifyUser.asp in Cool Cafe Chat 1.2.1 allows remote attackers to ...) - TODO: check + NOTE: not-for-us (Cool Cafe Chat) CAN-2005-2035 (SQL injection vulnerability in login.asp for Cool Cafe Chat 1.2.1 ...) - TODO: check + NOTE: not-for-us (Cool Cafe Chat) CAN-2005-2034 (Cross-site scripting (XSS) vulnerability in folderview.asp for ...) - TODO: check + NOTE: not-for-us (iGallery) CAN-2005-2033 (Directory traversal vulnerability in folderview.asp for BlueCollar ...) - TODO: check + NOTE: not-for-us (iGallery) CAN-2005-2032 (Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows ...) - TODO: check + NOTE: not-for-us (Solaris) CAN-2005-2031 (Multiple SQL injection vulnerabilities in socialMPN allow remote ...) - TODO: check + NOTE: not-for-us (socialMPN) CAN-2005-2030 (Ultimate PHP Board (UPB) 1.9.6 GOLD uses weak encryption for passwords ...) - TODO: check + NOTE: not-for-us (Ultimate PHP Board) CAN-2005-2029 (amaroK Web Frontend 1.3 stores the globals.inc file under the web root ...) - TODO: check + NOTE: not-for-us (external script that allow interaction between amarok and a browser) CAN-2005-2028 (SQL injection vulnerability in index.php for MercuryBoard 1.1.4 and ...) - TODO: check + NOTE: not-for-us (MercuryBoard) CAN-2005-2027 (Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 does ...) - TODO: check + NOTE: not-for-us (Enterasys hardware issue) CAN-2005-2026 (Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 has a ...) - TODO: check + NOTE: not-for-us (Enterasys hardware issue) CAN-2005-2025 (Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to ...) - TODO: check + NOTE: not-for-us (Cisco) CAN-2005-2024 (Vipul Razor Agents (razor-agents) before 2.70 allows remote attackers ...) TODO: check CAN-2005-2023 (Unknown vulnerability in gpg2 on SUSE Linux 9.3, when using S/MIME ...) TODO: check CAN-2005-2022 (Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch ...) - TODO: check + NOTE: not-for-us (iPlanet) CAN-2005-2021 (Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier ...) - TODO: check -end claimed by jmm + NOTE: not-for-us (cPanel) CAN-2005-2020 NOTE: reserved CAN-2005-2019 @@ -60,6 +59,7 @@ NOTE: reserved CAN-2005-2015 NOTE: reserved +begin claimed by jmm CAN-2005-2014 (The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote ...) TODO: check CAN-2005-2013 (paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive ...) @@ -106,6 +106,7 @@ TODO: check CAN-2005-1992 (The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets ...) TODO: check +end claimed by jmm CAN-2005-1991 NOTE: reserved CAN-2005-1990 @@ -432,9 +433,6 @@ - sudo (unfixed; bug #315115; medium) CAN-2005-XXXX [Arbitrary command execution in Ruby's XMLRPC code] - ruby1.8 (unfixed; bug #315064; medium) -CAN-2005-XXXX [buffer overflow in heimdal's getterminaltype() function] - TODO: Check telnetd from netkit, krb4, krb5, as they all seem to be derived from the same BSD code base - - heimdal (unfixed; bug #315065; medium) CAN-2005-XXXX [Tor: Information leak through insufficient length verification of relay calls] - tor 0.0.9.10-1 (medium) CAN-2005-1975 (Multiple cross-site scripting (XSS) vulnerabilities in Annuaire 1Two ...) From jmm-guest@costa.debian.org Thu Jun 23 00:14:44 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Thu, 23 Jun 2005 00:14:44 +0000 Subject: [Secure-testing-commits] r1259 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-23 00:14:41 +0000 (Thu, 23 Jun 2005) New Revision: 1259 Modified: data/CAN/list Log: canified ruby, trac and sudo yaws already fixed Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-23 00:08:26 UTC (rev 1258) +++ data/CAN/list 2005-06-23 00:14:41 UTC (rev 1259) @@ -59,54 +59,52 @@ NOTE: reserved CAN-2005-2015 NOTE: reserved -begin claimed by jmm CAN-2005-2014 (The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote ...) - TODO: check + NOTE: not-for-us (paFAQ) CAN-2005-2013 (paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive ...) - TODO: check + NOTE: not-for-us (paFAQ) CAN-2005-2012 (Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 ...) - TODO: check + NOTE: not-for-us (paFAQ) CAN-2005-2011 (Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0 Beta ...) - TODO: check + NOTE: not-for-us (paFAQ) CAN-2005-2010 (Cross-site scripting (XSS) vulnerability in trackback.asp in Ublog ...) - TODO: check + NOTE: not-for-us (Ublog Reload) CAN-2005-2009 (Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow ...) - TODO: check + NOTE: not-for-us (Ublog Reload) CAN-2005-2008 (Yaws Webserver 1.55 and earlier allows remote attackers to obtain the ...) - TODO: check + - yaws 1.56-1 CAN-2005-2007 (Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier ...) - TODO: check + - trac 0.8.4-1 CAN-2005-2006 (JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain ...) - TODO: check + NOTE: not-for-us (JBOSS) CAN-2005-2005 (Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier stores the users.dat ...) - TODO: check + NOTE: not-for-us (Ultimate PHP Board) CAN-2005-2004 (Multiple cross-site scripting vulnerabilities in Ultimate PHP Board ...) - TODO: check + NOTE: not-for-us (Ultimate PHP Board) CAN-2005-2003 (Ultimate PHP Board (UPB) 1.9.6 GOLD allows remote attackers to obtain ...) - TODO: check + NOTE: not-for-us (Ultimate PHP Board) CAN-2005-2002 (SQL injection vulnerability in content.php in Mambo 4.5.2.2 and ...) - TODO: check + NOTE: not-for-us (Mambo) CAN-2005-2001 (Directory traversal vulnerability in pafiledb.php in paFileDB 3.1 and ...) - TODO: check + NOTE: not-for-us (paFileDB) CAN-2005-2000 (Multiple SQL injection vulnerabilities in paFileDB 3.1 and earlier ...) - TODO: check + NOTE: not-for-us (paFileDB) CAN-2005-1999 (Multiple cross-site scripting (XSS) vulnerabilities in pafiledb.php in ...) - TODO: check + NOTE: not-for-us (paFileDB) CAN-2005-1998 (Directory traversal vulnerability in admin.php in McGallery 1.1 allows ...) - TODO: check + NOTE: not-for-us (McGallery) CAN-2005-1997 (show.php in McGallery 1.1 allows remote attackers to connect to ...) - TODO: check + NOTE: not-for-us (McGallery) CAN-2005-1996 (PHP remote code injection vulnerability in start.php in Bitrix Site ...) - TODO: check + NOTE: not-for-us (Bitrix Site Manager) CAN-2005-1995 (Bitrix Site Manager 4.0.x allows remote attackers to obtain sensitive ...) - TODO: check + NOTE: not-for-us (Bitrix Site Manager) CAN-2005-1994 (Finjan SurfinGate 7.0SP2 and SP3 allows remote attackers to download ...) - TODO: check + NOTE: not-for-us (Finjan SurfinGate) CAN-2005-1993 (Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL ...) - TODO: check + - sudo (unfixed; bug #315115; medium) CAN-2005-1992 (The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets ...) - TODO: check -end claimed by jmm + - ruby1.8 (unfixed; bug #315064; medium) CAN-2005-1991 NOTE: reserved CAN-2005-1990 @@ -427,12 +425,6 @@ - snort 1.6.1-1 CAN-2000-1225 (Xitami 2.5b installs the testcgi.exe program by default in the cgi-bin ...) NOTE: not-for-us (Xitami) -CAN-2005-XXXX [File upload vulnerability in trac] - - trac 0.8.4-1 -CAN-2005-XXXX [Race condition in sudo's pathname validation] - - sudo (unfixed; bug #315115; medium) -CAN-2005-XXXX [Arbitrary command execution in Ruby's XMLRPC code] - - ruby1.8 (unfixed; bug #315064; medium) CAN-2005-XXXX [Tor: Information leak through insufficient length verification of relay calls] - tor 0.0.9.10-1 (medium) CAN-2005-1975 (Multiple cross-site scripting (XSS) vulnerabilities in Annuaire 1Two ...) From jmm-guest@costa.debian.org Thu Jun 23 00:21:45 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Thu, 23 Jun 2005 00:21:45 +0000 Subject: [Secure-testing-commits] r1260 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-23 00:21:42 +0000 (Thu, 23 Jun 2005) New Revision: 1260 Modified: data/CAN/list Log: xtradius fixed Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-23 00:14:41 UTC (rev 1259) +++ data/CAN/list 2005-06-23 00:21:42 UTC (rev 1260) @@ -2475,7 +2475,7 @@ NOTE: not-for-us (Leafnode2 development branch) CAN-2005-XXXX [Missing input validation in xtradius] NOTE: not shipped in deb - - xtradius (unfixed; bug #307796; low) + - xtradius 1.2.1-beta2-2 CAN-2005-XXXX [fai tempfile vulnerability] - fai 2.8.2 CAN-2005-XXXX [nvu uses old version of mozilla] From joeyh@costa.debian.org Thu Jun 23 02:37:13 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Thu, 23 Jun 2005 02:37:13 +0000 Subject: [Secure-testing-commits] r1261 - data/CAN Message-ID: Author: joeyh Date: 2005-06-23 02:37:10 +0000 (Thu, 23 Jun 2005) New Revision: 1261 Modified: data/CAN/list Log: remove old begin claim that has no end checked razor claimed some new old cans Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-23 00:21:42 UTC (rev 1260) +++ data/CAN/list 2005-06-23 02:37:10 UTC (rev 1261) @@ -40,8 +40,10 @@ CAN-2005-2025 (Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to ...) NOTE: not-for-us (Cisco) CAN-2005-2024 (Vipul Razor Agents (razor-agents) before 2.70 allows remote attackers ...) - TODO: check + NOTE: varying and apparently innacurate info about what versions fix it + - razor (unfixed; bug #314433; low) CAN-2005-2023 (Unknown vulnerability in gpg2 on SUSE Linux 9.3, when using S/MIME ...) + NOTE: insufficient info, possibly SuSE specific TODO: check CAN-2005-2022 (Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch ...) NOTE: not-for-us (iPlanet) @@ -137,6 +139,7 @@ NOTE: reserved CAN-2005-1976 NOTE: reserved +begin claimed by joeyh CAN-2002-1782 (The default configuration of University of Washington IMAP daemon ...) TODO: check CAN-2002-1781 (Multiple buffer overflows in DeleGate 7.7.0 through 7.8.1 allow remote ...) @@ -163,6 +166,7 @@ TODO: check CAN-2002-1770 (Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary code ...) TODO: check +end claimed by joeyh CAN-2002-1769 (Microsoft Site Server 3.0 prior to SP4 installs a default user, ...) TODO: check CAN-2002-1768 (Cisco IOS 11.1 through 12.2, when HSRP support is not enabled, allows ...) @@ -919,7 +923,6 @@ NOTE: not-for-us (Nextplace) CAN-2004-2122 (Cross-site scripting (XSS) vulnerability in intraforum_db.cgi in Intra ...) NOTE: not-for-us (Intra Forum) -begin claimed by jmm CAN-2004-2121 (Multiple directory traversal vulnerabilities in Borland Web Server ...) NOTE: not-for-us (Borland Web Server) CAN-2004-2120 (Reptile Web Server allows remote attackers to cause a denial of ...) From joeyh@costa.debian.org Thu Jun 23 02:57:43 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Thu, 23 Jun 2005 02:57:43 +0000 Subject: [Secure-testing-commits] r1262 - data/CAN Message-ID: Author: joeyh Date: 2005-06-23 02:57:40 +0000 (Thu, 23 Jun 2005) New Revision: 1262 Modified: data/CAN/list Log: processed block Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-23 02:37:10 UTC (rev 1261) +++ data/CAN/list 2005-06-23 02:57:40 UTC (rev 1262) @@ -139,34 +139,32 @@ NOTE: reserved CAN-2005-1976 NOTE: reserved -begin claimed by joeyh CAN-2002-1782 (The default configuration of University of Washington IMAP daemon ...) - TODO: check + - uw-imapd (unfixed; bug filed; low) CAN-2002-1781 (Multiple buffer overflows in DeleGate 7.7.0 through 7.8.1 allow remote ...) - TODO: check + NOTE: not-for-us (DeleGate) CAN-2002-1780 (BPM Studio Pro 4.2 by ALCATech GmbH includes a webserver that allows a ...) - TODO: check + NOTE: not-for-us (BPM Studio Pro) CAN-2002-1779 (The "block fragmented IP Packets" option in Symantec Norton Personal ...) - TODO: check + NOTE: not-for-us (Norton) CAN-2002-1778 (Symantec Norton Personal Firewall 2002 allows remote attackers to ...) - TODO: check + NOTE: not-for-us (Norton) CAN-2002-1777 (** DISPUTED ** ...) - TODO: check + NOTE: not-for-us (Symantec) CAN-2002-1776 (** DISPUTED ** ...) - TODO: check + NOTE: not-for-us (Symantec) CAN-2002-1775 (** DISPUTED ** ...) - TODO: check + NOTE: not-for-us (Symantec) CAN-2002-1774 (** DISPUTED ** ...) - TODO: check + NOTE: not-for-us (Symantec) CAN-2002-1773 (Buffer overflow in ICQ 2.6x for MacOS X 10.0 through 10.1.2 allows ...) - TODO: check + NOTE: not-for-us (ICQ for MacOS X) CAN-2002-1772 (Novell Netware 5.0 through 5.1 may allow local users to gain "Domain ...) - TODO: check + NOTE: not-for-us (Novell Netware) CAN-2002-1771 (Matt Wright FormMail 1.9 and earlier allows remote attackers to send ...) - TODO: check + NOTE: not-for-us (FormMail) CAN-2002-1770 (Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary code ...) - TODO: check -end claimed by joeyh + NOTE: not-for-us (Eudora) CAN-2002-1769 (Microsoft Site Server 3.0 prior to SP4 installs a default user, ...) TODO: check CAN-2002-1768 (Cisco IOS 11.1 through 12.2, when HSRP support is not enabled, allows ...) From joeyh@costa.debian.org Thu Jun 23 09:14:23 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Thu, 23 Jun 2005 09:14:23 +0000 Subject: [Secure-testing-commits] r1263 - data/CAN Message-ID: Author: joeyh Date: 2005-06-23 09:14:21 +0000 (Thu, 23 Jun 2005) New Revision: 1263 Modified: data/CAN/list Log: automatic CAN database update Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-23 02:57:40 UTC (rev 1262) +++ data/CAN/list 2005-06-23 09:14:21 UTC (rev 1263) @@ -10,7 +10,7 @@ TODO: Check telnetd from netkit, krb4, krb5, as they all seem to be derived from the same BSD code base - heimdal (unfixed; bug #315065; medium) CAN-2005-2039 (Unknown vulnerability in "various plugins" for NanoBlogger 3.2.1 and ...) - - nanoblogger (unfixed; bug pending) + - nanoblogger (unfixed; bug pending) CAN-2005-2038 (Fortibus CMS 4.0.0 allows remote attackers to modify information of ...) NOTE: not-for-us (Fortibus CMS) CAN-2005-2037 (Multiple SQL injection vulnerabilities in Fortibus CMS 4.0.0 allow ...) @@ -74,7 +74,7 @@ CAN-2005-2009 (Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow ...) NOTE: not-for-us (Ublog Reload) CAN-2005-2008 (Yaws Webserver 1.55 and earlier allows remote attackers to obtain the ...) - - yaws 1.56-1 + - yaws 1.56-1 CAN-2005-2007 (Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier ...) - trac 0.8.4-1 CAN-2005-2006 (JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain ...) @@ -290,7 +290,7 @@ CAN-2002-1708 (Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 ...) NOTE: not-for-us (BasiliX) CAN-2002-1707 (install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and ...) - - phpbb2 2.0.6c-1 + - phpbb2 2.0.6c-1 CAN-2002-1706 (Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and ...) NOTE: not-for-us (Cisco) CAN-2002-1705 (Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to ...) @@ -352,7 +352,7 @@ CAN-2002-1675 (Format string vulnerability in the Cio_PrintF function of cio_main.c ...) TODO: check CAN-2002-1674 (procfs on FreeBSD before 4.5 allows local users to cause a denial of ...) - NOTE: kfreebsd use a much more recent version of the freebsd kernel + NOTE: kfreebsd use a much more recent version of the freebsd kernel NOTE: not-for-us (FreeBSD) CAN-2002-1673 (The web interface for Webmin 0.92 does not properly quote or filter ...) TODO: check @@ -367,14 +367,14 @@ CAN-2002-1668 (HP-UX 11.11 and earlier allows local users to cause a denial of ...) NOTE: not-for-us (HP-UX) CAN-2002-1667 (The virtual memory management system in FreeBSD 4.5-RELEASE and ...) - NOTE: kfreebsd use a much more recent version of the freebsd kernel + NOTE: kfreebsd use a much more recent version of the freebsd kernel NOTE: not-for-us (FreeBSD) CAN-2002-1666 (Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 ...) NOTE: not-for-us (Oracle) CAN-2001-1506 (Unknown vulnerability in the file system protection subsystem in HP ...) TODO: check CAN-2001-1505 (tinc 1.0pre3 and 1.0pre4 allows remote attackers to inject data into ...) - - tinc 1.0pre5-1 + - tinc 1.0pre5-1 CAN-2001-1504 (Lotus Notes R5 Client 4.6 allows remote attackers to execute arbitrary ...) NOTE: not-for-us (Lotus Notes) CAN-2001-1503 (The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS ...) @@ -396,7 +396,7 @@ CAN-2001-1495 (network_query.php in Network Query Tool 1.0 allows remote attackers ...) TODO: check CAN-2001-1494 (script command in the util-linux package before 2.11n allows local ...) - - util-linux 2.11n-1 + - util-linux 2.11n-1 CAN-2001-1492 ( ...) TODO: check CAN-2001-1491 (Opera 5.11 allows remote attackers to cause a denial of service (CPU ...) @@ -414,7 +414,7 @@ CAN-2001-1483 (One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows ...) TODO: check CAN-2001-1482 (SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 ...) - NOTE: phpbb was initially uploaded as version 2 or phpbb has been removed now + NOTE: phpbb was initially uploaded as version 2 or phpbb has been removed now CAN-2001-1481 (Xitami 2.4 through 2.5 b4 stores the Administrator password in ...) NOTE: not-for-us (Xitami) CAN-2001-1480 (Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows ...) @@ -424,7 +424,7 @@ CAN-2001-1478 (Buffer overflow in xlock in UnixWare 7.1.0 and 7.1.1 and Open Unix ...) NOTE: not-for-us (UnixWare) CAN-2000-1226 (Snort 1.6, when running in straight ASCII packet logging mode or IDS ...) - - snort 1.6.1-1 + - snort 1.6.1-1 CAN-2000-1225 (Xitami 2.5b installs the testcgi.exe program by default in the cgi-bin ...) NOTE: not-for-us (Xitami) CAN-2005-XXXX [Tor: Information leak through insufficient length verification of relay calls] From jmm-guest@costa.debian.org Thu Jun 23 09:40:56 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Thu, 23 Jun 2005 09:40:56 +0000 Subject: [Secure-testing-commits] r1264 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-23 09:40:54 +0000 (Thu, 23 Jun 2005) New Revision: 1264 Modified: data/CAN/list Log: new asterisk issue, proper severity ratings requires a second look at it's default config. Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-23 09:14:21 UTC (rev 1263) +++ data/CAN/list 2005-06-23 09:40:54 UTC (rev 1264) @@ -1,3 +1,5 @@ +CAN-2005-XXXX [Buffer overflow in Asterisk's command parser] + - asterisk (unfixed; bug pending) CAN-2005-2044 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 ...) NOTE: not-for-us (ATutor) CAN-2005-2043 (Directory traversal vulnerability in XAMPP before 1.4.14 allows remote ...) From jmm-guest@costa.debian.org Thu Jun 23 09:45:54 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Thu, 23 Jun 2005 09:45:54 +0000 Subject: [Secure-testing-commits] r1265 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-23 09:45:51 +0000 (Thu, 23 Jun 2005) New Revision: 1265 Modified: data/CAN/list Log: new cacti issues already fixed Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-23 09:40:54 UTC (rev 1264) +++ data/CAN/list 2005-06-23 09:45:51 UTC (rev 1265) @@ -1,3 +1,5 @@ +CAN-2005-XXXX Multiple XSS and input validation errors in cacti + - cacti 0.8.6e-1 (high) CAN-2005-XXXX [Buffer overflow in Asterisk's command parser] - asterisk (unfixed; bug pending) CAN-2005-2044 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 ...) From jmm-guest@costa.debian.org Thu Jun 23 09:55:45 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Thu, 23 Jun 2005 09:55:45 +0000 Subject: [Secure-testing-commits] r1266 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-23 09:55:42 +0000 (Thu, 23 Jun 2005) New Revision: 1266 Modified: data/CAN/list Log: two new kernel issues 2.6.12.1, nearly no descriptions. Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-23 09:45:51 UTC (rev 1265) +++ data/CAN/list 2005-06-23 09:55:42 UTC (rev 1266) @@ -561,8 +561,10 @@ NOTE: reserved CAN-2005-1914 NOTE: reserved -CAN-2005-1913 +CAN-2005-1913 [Kernel changelog for 2.6.12.1: Clean up subthread exec] NOTE: reserved + TODO: Check 2.6.8 + - kernel-source-2.6.11 (unfixed) CAN-2005-1912 NOTE: reserved CAN-2005-1911 (The fetchnews NNTP client in leafnode 1.11.2 and earlier can hang ...) @@ -879,8 +881,10 @@ CAN-2005-1762 [Unspecified DoS vulnerability on amd64] NOTE: reserved - kernel-source-2.6.8 (unfixed; unknown) -CAN-2005-1761 +CAN-2005-1761 [Kernel changelog for 2.6.12.1: ia64 ptrace + sigrestore_context] NOTE: reserved + TODO: Check 2.6.8 + - kernel-source-2.6.11 (unfixed) CAN-2005-1760 (sysreport 1.3.15 and earlier includes contents of the up2date file in ...) NOTE: not-for-us (sysreport) CAN-2005-1759 From joeyh@costa.debian.org Thu Jun 23 20:40:10 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Thu, 23 Jun 2005 20:40:10 +0000 Subject: [Secure-testing-commits] r1267 - data/CAN Message-ID: Author: joeyh Date: 2005-06-23 20:40:07 +0000 (Thu, 23 Jun 2005) New Revision: 1267 Modified: data/CAN/list Log: claim Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-23 09:55:42 UTC (rev 1266) +++ data/CAN/list 2005-06-23 20:40:07 UTC (rev 1267) @@ -169,12 +169,13 @@ NOTE: not-for-us (FormMail) CAN-2002-1770 (Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary code ...) NOTE: not-for-us (Eudora) +begin claimed by joeyh CAN-2002-1769 (Microsoft Site Server 3.0 prior to SP4 installs a default user, ...) - TODO: check + NOTE: not-for-us (Mirosoft) CAN-2002-1768 (Cisco IOS 11.1 through 12.2, when HSRP support is not enabled, allows ...) - TODO: check + NOTE: not-for-us (CIsco) CAN-2002-1767 (Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5 for ...) - TODO: check + NOTE: not-for-su (Oracle) CAN-2002-1766 (Buffer overflow in Composer in Netscape 4.77 allows local users to ...) TODO: check CAN-2002-1765 (Evolution 1.0.3 and 1.0.4 allows remote attackers to cause a denial of ...) @@ -247,6 +248,7 @@ TODO: check CAN-2002-1731 (The System Request menu in IBM AS/400 allows local users to list valid ...) TODO: check +end claimed by joeyh CAN-2002-1730 (ASPjar Guestbook 1.00 allows remote attackers to delete arbitrary ...) TODO: check CAN-2002-1729 (Cross-site scripting vulnerability (XSS) in ASPjar Guestbook 1.00 ...) From joeyh@costa.debian.org Thu Jun 23 20:59:35 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Thu, 23 Jun 2005 20:59:35 +0000 Subject: [Secure-testing-commits] r1268 - data/CAN Message-ID: Author: joeyh Date: 2005-06-23 20:59:32 +0000 (Thu, 23 Jun 2005) New Revision: 1268 Modified: data/CAN/list Log: completed block, no new holes Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-23 20:40:07 UTC (rev 1267) +++ data/CAN/list 2005-06-23 20:59:32 UTC (rev 1268) @@ -169,7 +169,6 @@ NOTE: not-for-us (FormMail) CAN-2002-1770 (Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary code ...) NOTE: not-for-us (Eudora) -begin claimed by joeyh CAN-2002-1769 (Microsoft Site Server 3.0 prior to SP4 installs a default user, ...) NOTE: not-for-us (Mirosoft) CAN-2002-1768 (Cisco IOS 11.1 through 12.2, when HSRP support is not enabled, allows ...) @@ -177,78 +176,78 @@ CAN-2002-1767 (Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5 for ...) NOTE: not-for-su (Oracle) CAN-2002-1766 (Buffer overflow in Composer in Netscape 4.77 allows local users to ...) - TODO: check + NOTE: not-for-us (Netscape) + NOTE: didn't check mozilla CAN-2002-1765 (Evolution 1.0.3 and 1.0.4 allows remote attackers to cause a denial of ...) - TODO: check + - evolution 1.0.5 CAN-2002-1764 (acroread in Adobe Acrobat Reader 4.05 on Linux allows local users to ...) - TODO: check + NOTE: not-for-us (acrobat) CAN-2002-1763 (The dtscreen Sun Solaris 8 CDE screensaver crashes when the "Shift" ...) - TODO: check + NOTE: not-for-us (dtscreen Sun Solaris 8 CDE screensaver) CAN-2002-1762 (Microsoft Baseline Security Analyzer (MBSA) 1.0 stores security scans ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2002-1761 (Directory traversal vulnerability in PHProjekt 2.0 through 3.1 allows ...) - TODO: check + NOTE: not-for-us (PHProjekt) CAN-2002-1760 (Multiple SQL injection vulnerabilities in PHProjekt 2.0 through 3.1 ...) - TODO: check + NOTE: not-for-us (PHProjekt) CAN-2002-1759 (The upload function in PHPProjekt 2.0 through 3.1 does not properly ...) - TODO: check + NOTE: not-for-us (PHProjekt) CAN-2002-1758 (PHProjekt 2.0 through 3.1 allows remote attackers to view or modify ...) - TODO: check + NOTE: not-for-us (PHProjekt) CAN-2002-1757 (PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for ...) - TODO: check + NOTE: not-for-us (PHProjekt) CAN-2002-1756 (ACDSee 4.0 allows remote attackers to cause a denial of service ...) - TODO: check + NOTE: not-for-us (ACDSee) CAN-2002-1755 (tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, ...) - TODO: check + - tinc 1.0pre5 CAN-2002-1754 (Buffer overflow in Novell NetWare Client 4.80 through 4.83 allows ...) - TODO: check + NOTE: not-for-us (Novell NetWare) CAN-2002-1753 (csNewsPro.cgi in CGIScript.net csNews Professional (csNewsPro) allows ...) - TODO: check + NOTE: not-for-us (csNews) CAN-2002-1752 (csChatRBox.cgi in CGIScript.net csChat-R-Box allows remote attackers ...) - TODO: check + NOTE: not-for-us (csChat-R-Box) CAN-2002-1751 (csLiveSupport.cgi in CGIScript.net csLiveSupport allows remote ...) - TODO: check + NOTE: not-for-us (csLiveSupport) CAN-2002-1750 (csGuestbook.cgi in CGISCRIPT.NET csGuestbook 1.0 allows remote ...) - TODO: check + NOTE: not-for-us (csGuestbook) CAN-2002-1749 (Windows 2000 Terminal Services, when using the disconnect feature of ...) - TODO: check + NOTE: not-for-us (Windows 2000 Terminal Services) CAN-2002-1748 (Unknown vulnerability in Slash 2.1.x and 2.2 through 2.2.2, as used in ...) - TODO: check + - slash 2.2.3 CAN-2002-1747 (Vtun 2.5b1 does not authenticate forwarded packets, which allows ...) - TODO: check + - vtun 2.5b2 CAN-2002-1746 (Vtun 2.5b1 allows remote attackers to inject data into user sessions ...) - TODO: check + - vtun 2.5b2 CAN-2002-1745 (Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2002-1744 (Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2002-1743 (AOL ICQ 2002a Build 3722 allows remote attackers to cause a denial of ...) - TODO: check + NOTE: not-for-us (AOL ICQ) CAN-2002-1742 (SOAP::Lite 0.50 through 0.52 allows remote attackers to load arbitrary ...) - TODO: check + - libsoap-lite-perl 0.55 CAN-2002-1741 (Directory traversal vulnerability in WorldClient.cgi in WorldClient ...) - TODO: check + NOTE: not-for-us (WorldClient) CAN-2002-1740 (Buffer overflow in WorldClient.cgi in WorldClient in Alt-N ...) - TODO: check + NOTE: not-for-us (WorldClient) CAN-2002-1739 (Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption ...) - TODO: check + NOTE: not-for-us (Alt-N Technologies Mdaemon) CAN-2002-1738 (Alt-N Technologies MDaemon 5.0.5.0 and earlier creates a default ...) - TODO: check + NOTE: not-for-us (Alt-N Technologies Mdaemon) CAN-2002-1737 (Astaro Security Linux 2.016 creates world-writable files and ...) - TODO: check + NOTE: not-for-us (Astaro Security Linux) CAN-2002-1736 (Unknown vulnerability in CGINews before 1.06 allow remote attackers to ...) - TODO: check + NOTE: not-for-us (CGINews) CAN-2002-1735 (Buffer overflow in dlogin 1.0a could allow local users to gain ...) - TODO: check + NOTE: not-for-us (dlogin) CAN-2002-1734 (NewsPro 1.01 allows remote attackers to gain unauthorized ...) - TODO: check + NOTE: not-for-us (NewsPro) CAN-2002-1733 (Cross-site scripting (XSS) vulnerability in the web-based message ...) - TODO: check + NOTE: not-for-us (Prospero MessageBoards) CAN-2002-1732 (Multiple cross-site scripting (XSS) vulnerabilities in Actinic Catalog ...) - TODO: check + NOTE: not-for-us (Actinic Catalog) CAN-2002-1731 (The System Request menu in IBM AS/400 allows local users to list valid ...) - TODO: check -end claimed by joeyh + NOTE: not-for-us (IBM AS/400) CAN-2002-1730 (ASPjar Guestbook 1.00 allows remote attackers to delete arbitrary ...) TODO: check CAN-2002-1729 (Cross-site scripting vulnerability (XSS) in ASPjar Guestbook 1.00 ...) From joeyh@costa.debian.org Thu Jun 23 21:14:24 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Thu, 23 Jun 2005 21:14:24 +0000 Subject: [Secure-testing-commits] r1269 - data/CAN Message-ID: Author: joeyh Date: 2005-06-23 21:14:21 +0000 (Thu, 23 Jun 2005) New Revision: 1269 Modified: data/CAN/list Log: automatic CAN database update Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-23 20:59:32 UTC (rev 1268) +++ data/CAN/list 2005-06-23 21:14:21 UTC (rev 1269) @@ -1,7 +1,7 @@ CAN-2005-XXXX Multiple XSS and input validation errors in cacti - cacti 0.8.6e-1 (high) CAN-2005-XXXX [Buffer overflow in Asterisk's command parser] - - asterisk (unfixed; bug pending) + - asterisk (unfixed; bug pending) CAN-2005-2044 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 ...) NOTE: not-for-us (ATutor) CAN-2005-2043 (Directory traversal vulnerability in XAMPP before 1.4.14 allows remote ...) From joeyh@costa.debian.org Thu Jun 23 23:18:10 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Thu, 23 Jun 2005 23:18:10 +0000 Subject: [Secure-testing-commits] r1270 - data/CAN Message-ID: Author: joeyh Date: 2005-06-23 23:18:07 +0000 (Thu, 23 Jun 2005) New Revision: 1270 Modified: data/CAN/list Log: add a few bug numbers and urgencies Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-23 21:14:21 UTC (rev 1269) +++ data/CAN/list 2005-06-23 23:18:07 UTC (rev 1270) @@ -1,7 +1,7 @@ CAN-2005-XXXX Multiple XSS and input validation errors in cacti - cacti 0.8.6e-1 (high) CAN-2005-XXXX [Buffer overflow in Asterisk's command parser] - - asterisk (unfixed; bug pending) + - asterisk (unfixed; bug #315532; high) CAN-2005-2044 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 ...) NOTE: not-for-us (ATutor) CAN-2005-2043 (Directory traversal vulnerability in XAMPP before 1.4.14 allows remote ...) @@ -14,7 +14,7 @@ TODO: Check telnetd from netkit, krb4, krb5, as they all seem to be derived from the same BSD code base - heimdal (unfixed; bug #315065; medium) CAN-2005-2039 (Unknown vulnerability in "various plugins" for NanoBlogger 3.2.1 and ...) - - nanoblogger (unfixed; bug pending) + - nanoblogger (unfixed; bug #315492; medium) CAN-2005-2038 (Fortibus CMS 4.0.0 allows remote attackers to modify information of ...) NOTE: not-for-us (Fortibus CMS) CAN-2005-2037 (Multiple SQL injection vulnerabilities in Fortibus CMS 4.0.0 allow ...) @@ -78,7 +78,7 @@ CAN-2005-2009 (Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow ...) NOTE: not-for-us (Ublog Reload) CAN-2005-2008 (Yaws Webserver 1.55 and earlier allows remote attackers to obtain the ...) - - yaws 1.56-1 + - yaws 1.56-1 (low) CAN-2005-2007 (Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier ...) - trac 0.8.4-1 CAN-2005-2006 (JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain ...) @@ -2485,7 +2485,7 @@ NOTE: not-for-us (Leafnode2 development branch) CAN-2005-XXXX [Missing input validation in xtradius] NOTE: not shipped in deb - - xtradius 1.2.1-beta2-2 + - xtradius 1.2.1-beta2-2 (low) CAN-2005-XXXX [fai tempfile vulnerability] - fai 2.8.2 CAN-2005-XXXX [nvu uses old version of mozilla] From micah@costa.debian.org Fri Jun 24 01:48:02 2005 From: micah@costa.debian.org (Micah Anderson) Date: Fri, 24 Jun 2005 01:48:02 +0000 Subject: [Secure-testing-commits] r1271 - data/CAN Message-ID: Author: micah Date: 2005-06-24 01:47:59 +0000 (Fri, 24 Jun 2005) New Revision: 1271 Modified: data/CAN/list Log: claiming some todos Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-23 23:18:07 UTC (rev 1270) +++ data/CAN/list 2005-06-24 01:47:59 UTC (rev 1271) @@ -248,6 +248,7 @@ NOTE: not-for-us (Actinic Catalog) CAN-2002-1731 (The System Request menu in IBM AS/400 allows local users to list valid ...) NOTE: not-for-us (IBM AS/400) +begin claimed by micah CAN-2002-1730 (ASPjar Guestbook 1.00 allows remote attackers to delete arbitrary ...) TODO: check CAN-2002-1729 (Cross-site scripting vulnerability (XSS) in ASPjar Guestbook 1.00 ...) @@ -286,6 +287,7 @@ TODO: check CAN-2002-1712 (Microsoft Windows 2000 allows remote attackers to cause a denial of ...) TODO: check +end claimed by micah CAN-2002-1711 (BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX ...) NOTE: not-for-us (BasiliX) CAN-2002-1710 (The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 ...) From micah@costa.debian.org Fri Jun 24 02:12:07 2005 From: micah@costa.debian.org (Micah Anderson) Date: Fri, 24 Jun 2005 02:12:07 +0000 Subject: [Secure-testing-commits] r1272 - data/CAN Message-ID: Author: micah Date: 2005-06-24 02:12:05 +0000 (Fri, 24 Jun 2005) New Revision: 1272 Modified: data/CAN/list Log: Finished my block Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-24 01:47:59 UTC (rev 1271) +++ data/CAN/list 2005-06-24 02:12:05 UTC (rev 1272) @@ -248,46 +248,45 @@ NOTE: not-for-us (Actinic Catalog) CAN-2002-1731 (The System Request menu in IBM AS/400 allows local users to list valid ...) NOTE: not-for-us (IBM AS/400) -begin claimed by micah CAN-2002-1730 (ASPjar Guestbook 1.00 allows remote attackers to delete arbitrary ...) - TODO: check + NOTE: not-fot-us (ASPjar Guestbook) CAN-2002-1729 (Cross-site scripting vulnerability (XSS) in ASPjar Guestbook 1.00 ...) - TODO: check + NOTE: not-for-us (ASPjar Guestbook) CAN-2002-1728 (askSam Web Publisher 1.0 and 4.0 allows remote attackers to determine ...) - TODO: check + NOTE: not-for-us (askSam Web Publisher) CAN-2002-1727 (Cross-site scripting vulnerability (XSS) in (1) as_web.exe and (2) ...) - TODO: check + NOTE: not-for-us (askSam Web Publisher) CAN-2002-1726 (secure_inc.php in PhotoDB 1.4 allows remote attackers to bypass ...) - TODO: check + NOTE: not-for-us (PhotoDB) CAN-2002-1725 (phpimageview.php in PHPImageView 1.0 allows remote attackers to obtain ...) - TODO: check + NOTE: not-for-us (PHPImageView) CAN-2002-1724 (Cross-site scripting vulnerability (XSS) in phpimageview.php for ...) - TODO: check + NOTE: not-for-us (PHPImageView) CAN-2002-1723 (Powerboards 2.2b allows remote attackers to view the full path to the ...) - TODO: check + NOTE: not-for-us (Powerboards) CAN-2002-1722 (Logitech iTouch keyboards allows attackers with physical access to the ...) - TODO: check + NOTE: not-for-us (microsoft) CAN-2002-1721 (Off-by-one error in alterMIME 0.1.10 and 0.1.11 allows remote ...) - TODO: check + NOTE: not-for-us (alterMIME) + TODO: track RFP: #289546 CAN-2002-1720 (SQL injection vulnerability in Spooky Login 2.0 through 2.5 allows ...) - TODO: check + NOTE: not-for-us (Spooky Login) CAN-2002-1719 (Unknown vulnerability in Bavo 0.3 allows remote attackers to modify ...) - TODO: check + NOTE: not-for-us (Bavo) CAN-2002-1718 (Microsoft Internet Information Server (IIS) 5.1 may allow remote ...) - TODO: check + NOTE: not-for-us (microsoft) CAN-2002-1717 (Microsoft Internet Information Server (IIS) 5.1 allows remote ...) - TODO: check + NOTE: not-for-us (microsoft) CAN-2002-1716 (The Host() function in the Microsoft spreadsheet component on ...) - TODO: check + NOTE: not-for-us (microsoft) CAN-2002-1715 (SSH 1 through 3, and possibly other versions, allows local users to ...) TODO: check CAN-2002-1714 (Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to ...) - TODO: check + NOTE: not-for-us (microsoft) CAN-2002-1713 (The Standard security setting for Mandrake-Security package (msec) in ...) - TODO: check + NOTE: not-for-us (msec) CAN-2002-1712 (Microsoft Windows 2000 allows remote attackers to cause a denial of ...) - TODO: check -end claimed by micah + NOTE: not-for-us (microsoft) CAN-2002-1711 (BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX ...) NOTE: not-for-us (BasiliX) CAN-2002-1710 (The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 ...) From jmm-guest@costa.debian.org Fri Jun 24 06:55:42 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Fri, 24 Jun 2005 06:55:42 +0000 Subject: [Secure-testing-commits] r1273 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-24 06:55:38 +0000 (Fri, 24 Jun 2005) New Revision: 1273 Modified: data/CAN/list Log: nanoblogger unaffected Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-24 02:12:05 UTC (rev 1272) +++ data/CAN/list 2005-06-24 06:55:38 UTC (rev 1273) @@ -14,7 +14,7 @@ TODO: Check telnetd from netkit, krb4, krb5, as they all seem to be derived from the same BSD code base - heimdal (unfixed; bug #315065; medium) CAN-2005-2039 (Unknown vulnerability in "various plugins" for NanoBlogger 3.2.1 and ...) - - nanoblogger (unfixed; bug #315492; medium) + NOTE: The nanoblogger 3.1 version in Debian was not affected by this vulnerability CAN-2005-2038 (Fortibus CMS 4.0.0 allows remote attackers to modify information of ...) NOTE: not-for-us (Fortibus CMS) CAN-2005-2037 (Multiple SQL injection vulnerabilities in Fortibus CMS 4.0.0 allow ...) From jmm-guest@costa.debian.org Fri Jun 24 08:22:47 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Fri, 24 Jun 2005 08:22:47 +0000 Subject: [Secure-testing-commits] r1274 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-24 08:22:44 +0000 (Fri, 24 Jun 2005) New Revision: 1274 Modified: data/CAN/list Log: new clamav dos already fixed Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-24 06:55:38 UTC (rev 1273) +++ data/CAN/list 2005-06-24 08:22:44 UTC (rev 1274) @@ -1,3 +1,5 @@ +CAN-2005-XXXX [clamav-milter timeout DoS] + - clamav 0.86-1 (medium) CAN-2005-XXXX Multiple XSS and input validation errors in cacti - cacti 0.8.6e-1 (high) CAN-2005-XXXX [Buffer overflow in Asterisk's command parser] From jmm-guest@costa.debian.org Fri Jun 24 12:16:03 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Fri, 24 Jun 2005 12:16:03 +0000 Subject: [Secure-testing-commits] r1275 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-24 12:16:00 +0000 (Fri, 24 Jun 2005) New Revision: 1275 Modified: data/CAN/list Log: some severity adjustments as proposed in t-s-t Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-24 08:22:44 UTC (rev 1274) +++ data/CAN/list 2005-06-24 12:16:00 UTC (rev 1275) @@ -867,7 +867,7 @@ CAN-2005-1770 (Buffer overflow in the Aavmker4 device driver in Avast! Antivirus 4.6 ...) NOTE: not-for-us (Avast) CAN-2005-1769 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...) - - squirrelmail (unfixed; bug #314374; low) + - squirrelmail (unfixed; bug #314374; medium) CAN-2005-1768 NOTE: reserved CAN-2005-1767 @@ -1001,7 +1001,7 @@ CAN-2005-XXXX [Unspecified issue in moodle's admin/delete.php] - moodle 1.4.4.dfsg.1-3 CAN-2005-XXXX [Minor DoS condition in mutt due to preditable tempfiles] - - mutt (unfixed; bug #311296; medium) + - mutt (unfixed; bug #311296; low) CAN-2005-XXXX [gforge arbitrary code execution through viewFile.php] NOTE: viewFile.php has been removed along with other files in -26, so Debian is NOTE: no longer affected. @@ -2900,10 +2900,10 @@ CAN-2005-1268 NOTE: reserved CAN-2005-1267 (The bgp_update_print function in tcpdump 3.x does not properly handle ...) - - tcpdump 3.9.0.cvs.20050614-1 (low) + - tcpdump 3.9.0.cvs.20050614-1 (medium) CAN-2005-1266 NOTE: reserved - - spamassassin (unfixed; bug #314447; low) + - spamassassin (unfixed; bug #314447; medium) CAN-2005-1265 (The mmap function in the Linux Kernel 2.6.10 can be used to create ...) - kernel-source-2.6.8 (unfixed; medium) CAN-2005-1264 (Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong ...) @@ -3364,7 +3364,7 @@ NOTE: Not part of Sarge due to FTBFS on ia64 and alpha - oops (unfixed; bug #307360) CAN-2005-1120 (Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail ...) - - ilohamail (unfixed; bug #304525; low) + - ilohamail (unfixed; bug #304525; medium) CAN-2005-1119 (Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary ...) - sudo (unfixed; bug #283161; low) CAN-2005-1118 (Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in the ...) @@ -4806,7 +4806,7 @@ - lesstif1-1 1:0.93.94-11.3 - libxpm4 4.3.0.dfsg.1-13 NOTE: openmotif is non-free - - openmotif 2.2.3-1.1 (low) + - openmotif 2.2.3-1.1 (medium) CAN-2005-0604 (lnss.exe in GFI Languard Network Security Scanner 5.0 stores the ...) NOTE: not-for-us (GFI Languard Network Security Scanner) CAN-2005-0603 (viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to ...) @@ -5359,7 +5359,7 @@ NOTE: not-for-us (Tonecast) CAN-2004-1617 (Lynx allows remote attackers to cause a denial of service (infinite ...) NOTE: This is fixed in lynx-cur, maybe a fix can be extracted from there - - lynx (unfixed; bug #296340; medium) + - lynx (unfixed; bug #296340; low) CAN-2004-1616 (Links allows remote attackers to cause a denial of service (memory ...) - links 0.99+1.00pre12-1 CAN-2004-1615 (Opera allows remote attackers to cause a denial of service (invalid ...) @@ -8140,7 +8140,7 @@ NOTE: but lesstif2 did get fixed for this hole.. - lesstif2 1_0.93.94-11.2 NOTE: openmotif is non-free - - openmotif 2.2.3-1.1 (low) + - openmotif 2.2.3-1.1 (medium) CAN-2004-0913 (Unknown vulnerability in ecartis 0.x before ...) {DSA-572-1} - squid 2.5.6-9 From jmm-guest@costa.debian.org Mon Jun 27 08:01:31 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Mon, 27 Jun 2005 08:01:31 +0000 Subject: [Secure-testing-commits] r1276 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-27 08:01:29 +0000 (Mon, 27 Jun 2005) New Revision: 1276 Modified: data/CAN/list Log: ruby issues fixed Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-24 12:16:00 UTC (rev 1275) +++ data/CAN/list 2005-06-27 08:01:29 UTC (rev 1276) @@ -112,7 +112,8 @@ CAN-2005-1993 (Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL ...) - sudo (unfixed; bug #315115; medium) CAN-2005-1992 (The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets ...) - - ruby1.8 (unfixed; bug #315064; medium) + - ruby1.8 1.8.2-8 (medium) + - ruby1.9 1.9.0+20050623-1 (medium) CAN-2005-1991 NOTE: reserved CAN-2005-1990 From jmm-guest@costa.debian.org Mon Jun 27 19:45:28 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Mon, 27 Jun 2005 19:45:28 +0000 Subject: [Secure-testing-commits] r1277 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-27 19:45:25 +0000 (Mon, 27 Jun 2005) New Revision: 1277 Modified: data/CAN/list Log: new issue, not identical to the one fixed in -1 Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-27 08:01:29 UTC (rev 1276) +++ data/CAN/list 2005-06-27 19:45:25 UTC (rev 1277) @@ -1,3 +1,5 @@ +CAN-2005-XXXX [Insecure handling of tempfile for burning the backup in backup-manager] + - backup-manager 0.5.8-2 (low) CAN-2005-XXXX [clamav-milter timeout DoS] - clamav 0.86-1 (medium) CAN-2005-XXXX Multiple XSS and input validation errors in cacti From joeyh@costa.debian.org Mon Jun 27 20:07:11 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Mon, 27 Jun 2005 20:07:11 +0000 Subject: [Secure-testing-commits] r1278 - data Message-ID: Author: joeyh Date: 2005-06-27 20:07:10 +0000 (Mon, 27 Jun 2005) New Revision: 1278 Modified: data/checklist Log: Rework agrument processing, html is now --html. Add a --suite patameter and some limited support for running against other suites. Modified: data/checklist =================================================================== --- data/checklist 2005-06-27 19:45:25 UTC (rev 1277) +++ data/checklist 2005-06-27 20:07:10 UTC (rev 1278) @@ -4,20 +4,15 @@ # To check for un-updated binary kernel packages, also needs grep-dctrl # and a Sources file for the distribution. Set the location of the Sources # file in SOURCES_FILE in the environment. -# use URI::Escape; +use Getopt::Long; my $html=0; -if ($ARGV[0] eq 'html') { - shift; - $html=1; +my $suite="testing"; +if (! GetOptions("html" => \$html, "suite=s" => \$suite) || ! @ARGV) { + die "usage: $0 [--suite suite] [--html] list ...\n"; } -if (! @ARGV) { - die "usage: $0 [html] list\n"; -} - - my %data; my %needkernel=qw/2.4.27 0 2.6.11 0/; my $list_unknown=1; #set to 1 to display kernel images with unknown source version @@ -97,7 +92,7 @@ my @maddy; for (1..5) { - @maddy=`madison -s testing '$package'`; + @maddy=`madison -s '$suite' '$package'`; if ($? & 127 || ($? >> 8 != 0 && $? >> 8 != 1)) { # good old unrelaible newraff, # home of our archive.. @@ -128,7 +123,7 @@ $arches=~s/\s+$//; my $cmp=system("dpkg --compare-versions '$havver' '>=' '$version'"); if ($cmp != 0) { - if ($html) { + if ($html && $suite eq 'testing') { $havver=''.$havver.''; } record($package, "$version needed, have $havver".(@maddy > 1 ? " [$arches]" : ""), $id, $urgency); @@ -146,7 +141,18 @@ if ($html) { - print "testing security issues\n"; + print "$suite security issues\n"; + if ($suite ne 'testing' && $suite ne 'unstable') { + print <<"EOF"; +

    +Warning: This page is the result of running the testing security +check script against the $suite distribution. As data is only gathered for +the testing distribution, results may be innecurate if a package has +changed its name, if a vulnerability affects $suite and not testing, or if a +vulnerability has been fixed in $suite by the $suite security team. +

    +EOF + } print "
      \n"; } @@ -228,7 +234,7 @@ print "
    \n"; print "
    \n"; print "Total holes unfixed: $unfixed
    \n"; - print "Total holes fixed in unstable but not testing: $unprop_all"; + print "Total holes fixed in unstable but not $suite: $unprop_all"; if ($unprop_all != $unprop) { print " (+".($unprop - $unprop_all)." on some arches)"; } From joeyh@costa.debian.org Mon Jun 27 20:15:43 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Mon, 27 Jun 2005 20:15:43 +0000 Subject: [Secure-testing-commits] r1279 - in data: . CAN Message-ID: Author: joeyh Date: 2005-06-27 20:15:40 +0000 (Mon, 27 Jun 2005) New Revision: 1279 Modified: data/CAN/list data/checklist Log: add --output switch Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-27 20:07:10 UTC (rev 1278) +++ data/CAN/list 2005-06-27 20:15:40 UTC (rev 1279) @@ -2636,7 +2636,7 @@ NOTE: In Debian this is only part of the examples in share/doc, any admin will NOTE: have to modify it for his purposes anyway, so there's no security problem CAN-2005-1391 (Buffer overflow in the add_port function in APSIS Pound 1.8.2 and ...) - - pound (unfixed; bug #307852; medium) + - pound 1.8.2-1.1 (bug #307852; medium) CAN-2005-1390 NOTE: rejected CAN-2005-1389 Modified: data/checklist =================================================================== --- data/checklist 2005-06-27 20:07:10 UTC (rev 1278) +++ data/checklist 2005-06-27 20:15:40 UTC (rev 1279) @@ -9,10 +9,39 @@ my $html=0; my $suite="testing"; -if (! GetOptions("html" => \$html, "suite=s" => \$suite) || ! @ARGV) { - die "usage: $0 [--suite suite] [--html] list ...\n"; +my $output; +if (! GetOptions( + "html" => \$html, + "suite=s" => \$suite, + "output=s", \$output) + || ! @ARGV) { + die "usage: $0 [--suite suite] [--html] [--output=file] list ...\n"; } +if (defined $output) { + open (OUT, ">$output.tmp.$$") || die "output.tmp.$$: $!"; +} +else { + open (OUT, ">&STDOUT"); +} + +if ($html) { + print OUT "$suite security issues\n"; + if ($suite ne 'testing' && $suite ne 'unstable') { + print OUT <<"EOF"; +

    +Warning: This page is the result of running the testing security +check script against the $suite distribution. As data is only gathered for +the testing distribution, results may be innecurate if a package has +changed its name, if a vulnerability affects $suite and not testing, or if a +vulnerability has been fixed in $suite by the $suite security team. +

    +EOF + } + print OUT "
      \n"; +} + + my %data; my %needkernel=qw/2.4.27 0 2.6.11 0/; my $list_unknown=1; #set to 1 to display kernel images with unknown source version @@ -140,42 +169,26 @@ } -if ($html) { - print "$suite security issues\n"; - if ($suite ne 'testing' && $suite ne 'unstable') { - print <<"EOF"; -

      -Warning: This page is the result of running the testing security -check script against the $suite distribution. As data is only gathered for -the testing distribution, results may be innecurate if a package has -changed its name, if a vulnerability affects $suite and not testing, or if a -vulnerability has been fixed in $suite by the $suite security team. -

      -EOF - } - print "
        \n"; -} - foreach my $package (sort keys %data) { foreach my $condition (sort keys %{$data{$package}}) { - print "
      • " if $html; - print "$package $condition for "; + print OUT "
      • " if $html; + print OUT "$package $condition for "; my $items=0; foreach my $i (sort @{$data{$package}{$condition}}) { - print ", " if $items > 0; + print OUT ", " if $items > 0; if ($html) { my $color=$colormap{$i->{urgency}}; - print ""; + print OUT ""; } - print $i->{item}; + print OUT $i->{item}; if ($html) { - print ""; + print OUT ""; } $items++; } - print "\n"; + print OUT "\n"; } } @@ -217,11 +230,11 @@ foreach $package (sort keys %images) { if ($images{$package} eq "0") { - print "
      • " if ($html && $list_unknown); - print "$package built from kernel-source-$version $needkernel{$version} needed, current version unknown\n" if $list_unknown; + print OUT "
      • " if ($html && $list_unknown); + print OUT "$package built from kernel-source-$version $needkernel{$version} needed, current version unknown\n" if $list_unknown; } elsif (!system("dpkg --compare-versions $needkernel{$version} gt $images{$package}")) { - print "
      • " if $html; - print "$package built from kernel-source-$version $needkernel{$version} needed, have $images{$package}\n"; + print OUT "
      • " if $html; + print OUT "$package built from kernel-source-$version $needkernel{$version} needed, have $images{$package}\n"; $need_rebuild++; } } @@ -231,17 +244,22 @@ if ($html) { - print "
      \n"; - print "
      \n"; - print "Total holes unfixed: $unfixed
      \n"; - print "Total holes fixed in unstable but not $suite: $unprop_all"; + print OUT "
    \n"; + print OUT "
    \n"; + print OUT "Total holes unfixed: $unfixed
    \n"; + print OUT "Total holes fixed in unstable but not $suite: $unprop_all"; if ($unprop_all != $unprop) { - print " (+".($unprop - $unprop_all)." on some arches)"; + print OUT " (+".($unprop - $unprop_all)." on some arches)"; } - print "
    \n"; - print "Total number of kernel image packages not up to date: $need_rebuild
    \n"; - print "Number of TODO lines in records: $todos
    \n"; - print "Maintained by the testing security team
    \n"; - print "Last update: ".`date`."
    \n"; - print "\n"; + print OUT "
    \n"; + print OUT "Total number of kernel image packages not up to date: $need_rebuild
    \n"; + print OUT "Number of TODO lines in records: $todos
    \n"; + print OUT "Maintained by the testing security team
    \n"; + print OUT "Last update: ".`date`."
    \n"; + print OUT "\n"; } + +close OUT; +if (defined $output) { + rename("$output.tmp.$$", $output) || die "rename: $!"; +} From joeyh@costa.debian.org Mon Jun 27 20:20:46 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Mon, 27 Jun 2005 20:20:46 +0000 Subject: [Secure-testing-commits] r1280 - data Message-ID: Author: joeyh Date: 2005-06-27 20:20:46 +0000 (Mon, 27 Jun 2005) New Revision: 1280 Modified: data/checklist Log: add --debug switch Modified: data/checklist =================================================================== --- data/checklist 2005-06-27 20:15:40 UTC (rev 1279) +++ data/checklist 2005-06-27 20:20:46 UTC (rev 1280) @@ -8,14 +8,16 @@ use Getopt::Long; my $html=0; -my $suite="testing"; +my $debug=0; +y $suite="testing"; my $output; if (! GetOptions( "html" => \$html, + "debug" => \$debug, "suite=s" => \$suite, "output=s", \$output) || ! @ARGV) { - die "usage: $0 [--suite suite] [--html] [--output=file] list ...\n"; + die "usage: $0 [--suite suite] [--html] [--output=file] [--debug] list ...\n"; } if (defined $output) { @@ -77,6 +79,7 @@ open (IN, $list) || die "open $list: $!"; while () { + print STDERR "line: $_" if $debug; chomp; if (/^\[/) { ($id)=m/((?:DSA|CAN|CVE)-[^\s]+) /; From joeyh@costa.debian.org Mon Jun 27 20:22:06 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Mon, 27 Jun 2005 20:22:06 +0000 Subject: [Secure-testing-commits] r1281 - data Message-ID: Author: joeyh Date: 2005-06-27 20:22:06 +0000 (Mon, 27 Jun 2005) New Revision: 1281 Modified: data/checklist Log: typo Modified: data/checklist =================================================================== --- data/checklist 2005-06-27 20:20:46 UTC (rev 1280) +++ data/checklist 2005-06-27 20:22:06 UTC (rev 1281) @@ -9,7 +9,7 @@ my $html=0; my $debug=0; -y $suite="testing"; +my $suite="testing"; my $output; if (! GetOptions( "html" => \$html, From joeyh@costa.debian.org Mon Jun 27 20:41:09 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Mon, 27 Jun 2005 20:41:09 +0000 Subject: [Secure-testing-commits] r1282 - data/CAN Message-ID: Author: joeyh Date: 2005-06-27 20:41:07 +0000 (Mon, 27 Jun 2005) New Revision: 1282 Modified: data/CAN/list Log: typo fix Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-27 20:22:06 UTC (rev 1281) +++ data/CAN/list 2005-06-27 20:41:07 UTC (rev 1282) @@ -2914,7 +2914,7 @@ - kernel-source-2.6.8 2.6.8-16 - kernel-source-2.6.11 2.6.11-5 CAN-2005-1263 (The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to ...) - - kernel-source-2.6.11 2.6.11 2.6.11-4 + - kernel-source-2.6.11 2.6.11-4 - kernel-source-2.6.8 2.6.8-16 - kernel-source-2.4.27 2.4.27-10 NOTE: believed not to be exploitable in 2.6 after all, re Greg K-H From joeyh@costa.debian.org Mon Jun 27 20:55:10 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Mon, 27 Jun 2005 20:55:10 +0000 Subject: [Secure-testing-commits] r1283 - data Message-ID: Author: joeyh Date: 2005-06-27 20:55:09 +0000 (Mon, 27 Jun 2005) New Revision: 1283 Modified: data/checklist Log: don't try to run dpkg --compare-versions for unfixed kernel versions Modified: data/checklist =================================================================== --- data/checklist 2005-06-27 20:41:07 UTC (rev 1282) +++ data/checklist 2005-06-27 20:55:09 UTC (rev 1283) @@ -117,8 +117,10 @@ if ($package=~/kernel-source-([0-9.]+)/) { my $kernversion=$1; - if (exists $needkernel{$kernversion}) { - $needkernel{$kernversion}=$version if !system("dpkg --compare-versions $needkernel{$kernversion} lt $version"); + if (exists $needkernel{$kernversion} && + length $version && + system("dpkg --compare-versions $needkernel{$kernversion} lt $version") != 0) { + $needkernel{$kernversion}=$version; } } From joeyh@costa.debian.org Mon Jun 27 21:05:48 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Mon, 27 Jun 2005 21:05:48 +0000 Subject: [Secure-testing-commits] r1284 - data/CAN Message-ID: Author: joeyh Date: 2005-06-27 21:05:46 +0000 (Mon, 27 Jun 2005) New Revision: 1284 Modified: data/CAN/list Log: wasn't able to upload pound NMU and now ftp-master is down again Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-27 20:55:09 UTC (rev 1283) +++ data/CAN/list 2005-06-27 21:05:46 UTC (rev 1284) @@ -2636,7 +2636,7 @@ NOTE: In Debian this is only part of the examples in share/doc, any admin will NOTE: have to modify it for his purposes anyway, so there's no security problem CAN-2005-1391 (Buffer overflow in the add_port function in APSIS Pound 1.8.2 and ...) - - pound 1.8.2-1.1 (bug #307852; medium) + - pound (unfixed; bug #307852; medium) CAN-2005-1390 NOTE: rejected CAN-2005-1389 From joeyh@costa.debian.org Mon Jun 27 21:06:28 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Mon, 27 Jun 2005 21:06:28 +0000 Subject: [Secure-testing-commits] r1285 - data Message-ID: Author: joeyh Date: 2005-06-27 21:06:27 +0000 (Mon, 27 Jun 2005) New Revision: 1285 Modified: data/checklist Log: typo Modified: data/checklist =================================================================== --- data/checklist 2005-06-27 21:05:46 UTC (rev 1284) +++ data/checklist 2005-06-27 21:06:27 UTC (rev 1285) @@ -34,7 +34,7 @@

    Warning: This page is the result of running the testing security check script against the $suite distribution. As data is only gathered for -the testing distribution, results may be innecurate if a package has +the testing distribution, results may be innacurate if a package has changed its name, if a vulnerability affects $suite and not testing, or if a vulnerability has been fixed in $suite by the $suite security team.

    From joeyh@costa.debian.org Mon Jun 27 22:16:10 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Mon, 27 Jun 2005 22:16:10 +0000 Subject: [Secure-testing-commits] r1286 - data/CAN Message-ID: Author: joeyh Date: 2005-06-27 22:16:08 +0000 (Mon, 27 Jun 2005) New Revision: 1286 Modified: data/CAN/list Log: pound NMU in Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-27 21:06:27 UTC (rev 1285) +++ data/CAN/list 2005-06-27 22:16:08 UTC (rev 1286) @@ -2636,7 +2636,7 @@ NOTE: In Debian this is only part of the examples in share/doc, any admin will NOTE: have to modify it for his purposes anyway, so there's no security problem CAN-2005-1391 (Buffer overflow in the add_port function in APSIS Pound 1.8.2 and ...) - - pound (unfixed; bug #307852; medium) + - pound 1.8.2-1.1 (bug #307852; medium) CAN-2005-1390 NOTE: rejected CAN-2005-1389 From jmm-guest@costa.debian.org Mon Jun 27 23:21:50 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Mon, 27 Jun 2005 23:21:50 +0000 Subject: [Secure-testing-commits] r1287 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-27 23:21:48 +0000 (Mon, 27 Jun 2005) New Revision: 1287 Modified: data/CAN/list Log: new clamav dos already fixed. Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-27 22:16:08 UTC (rev 1286) +++ data/CAN/list 2005-06-27 23:21:48 UTC (rev 1287) @@ -1,5 +1,7 @@ CAN-2005-XXXX [Insecure handling of tempfile for burning the backup in backup-manager] - backup-manager 0.5.8-2 (low) +CAN-2005-XXXX [clamav libmspack decompressor DoS] + - clamav 0.86.1-1 (medium) CAN-2005-XXXX [clamav-milter timeout DoS] - clamav 0.86-1 (medium) CAN-2005-XXXX Multiple XSS and input validation errors in cacti From micah@costa.debian.org Tue Jun 28 04:15:25 2005 From: micah@costa.debian.org (Micah Anderson) Date: Tue, 28 Jun 2005 04:15:25 +0000 Subject: [Secure-testing-commits] r1288 - data/CAN Message-ID: Author: micah Date: 2005-06-28 04:15:22 +0000 (Tue, 28 Jun 2005) New Revision: 1288 Modified: data/CAN/list Log: Checked in some TODOs Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-27 23:21:48 UTC (rev 1287) +++ data/CAN/list 2005-06-28 04:15:22 UTC (rev 1288) @@ -307,17 +307,17 @@ CAN-2002-1706 (Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and ...) NOTE: not-for-us (Cisco) CAN-2002-1705 (Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to ...) - TODO: check + NOTE: not-for-us (microsoft) CAN-2002-1704 (Zeroboard 4.1, when the "allow_url_fopen" and "register_globals" ...) - TODO: check + NOTE: not-for-us (Zeroboard) CAN-2002-1703 (Cross-site scripting vulnerability (XSS) in auction.cgi for Mewsoft ...) - TODO: check + NOTE: not-for-us (NetAuction) CAN-2002-1702 (Cross-site scripting vulnerability (XSS) in DeltaScripts PHP ...) - TODO: check + NOTE: not-for-us (DeltaScripts PHP Classifieds) CAN-2002-1700 (Cross-site scripting vulnerability (XSS) in the missing template ...) - TODO: check + NOTE: not-for-us (ColdFusion) CAN-2002-1699 (SQL injection vulnerability in ASP Client Check (ASPCC) 1.3 and 1.5 ...) - TODO: check + NOTE: not-for-us (ASP Client Check) CAN-2002-1698 (Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 ...) NOTE: not-for-us (Microsoft) CAN-2002-1697 (Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak ...) From jmm-guest@costa.debian.org Tue Jun 28 07:40:50 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Tue, 28 Jun 2005 07:40:50 +0000 Subject: [Secure-testing-commits] r1289 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-28 07:40:47 +0000 (Tue, 28 Jun 2005) New Revision: 1289 Modified: data/CAN/list Log: razor dos fixed Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-28 04:15:22 UTC (rev 1288) +++ data/CAN/list 2005-06-28 07:40:47 UTC (rev 1289) @@ -51,7 +51,7 @@ NOTE: not-for-us (Cisco) CAN-2005-2024 (Vipul Razor Agents (razor-agents) before 2.70 allows remote attackers ...) NOTE: varying and apparently innacurate info about what versions fix it - - razor (unfixed; bug #314433; low) + - razor 2.720-1 (low) CAN-2005-2023 (Unknown vulnerability in gpg2 on SUSE Linux 9.3, when using S/MIME ...) NOTE: insufficient info, possibly SuSE specific TODO: check From jmm-guest@costa.debian.org Tue Jun 28 08:03:59 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Tue, 28 Jun 2005 08:03:59 +0000 Subject: [Secure-testing-commits] r1290 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-28 08:03:56 +0000 (Tue, 28 Jun 2005) New Revision: 1290 Modified: data/CAN/list Log: process some older TODOs Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-28 07:40:47 UTC (rev 1289) +++ data/CAN/list 2005-06-28 08:03:56 UTC (rev 1290) @@ -321,7 +321,7 @@ CAN-2002-1698 (Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 ...) NOTE: not-for-us (Microsoft) CAN-2002-1697 (Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak ...) - TODO: check + - vtun 2.6-1 CAN-2002-1696 (Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently ...) NOTE: not-for-us (Microsoft Outlook plugin) CAN-2002-1695 (Norton Internet Security 2001 opens log files with FILE_SHARE_READ and ...) @@ -343,34 +343,35 @@ CAN-2002-1686 (Buffer overflow in lscfg of unknown versions of AIX has unknown ...) NOTE: not-for-us (AIX) CAN-2002-1685 (Cross-site scripting vulnerability (XSS) in BadBlue Enterprise Edition ...) - TODO: check + NOTE: not-for-us (BadBlue Enterprise Edition) CAN-2002-1684 (Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2) ...) - TODO: check + NOTE: not-for-us (Deerfield D2Gfx) CAN-2002-1683 (Cross-site scripting (XSS) vulnerability in BadBlue Personal Edition ...) - TODO: check + NOTE: not-for-us (BadBlue Personal Edition) CAN-2002-1682 (NewsReactor 1.0 uses a weak encryption scheme, which could allow local ...) - TODO: check + NOTE: not-for-us (NewsReactor) CAN-2002-1681 (Cross-site scripting (XSS) vulnerability in Slashcode CVS releases ...) - TODO: check + NOTE: Only present in intermediate CVS version, not released in Debian CAN-2002-1680 (Cross-site scripting (XSS) vulnerability in CGI Online Worldweb ...) - TODO: check + NOTE: not-for-us (COWS) CAN-2002-1679 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 2.2.0 ...) - TODO: check + NOTE: not-for-us (vBulletin) CAN-2002-1678 (Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft ...) - TODO: check + NOTE: not-for-us (vBulletin) CAN-2002-1677 (14all.cgi 1.1p15 in mrtgconfig allows remote attackers to determine ...) - TODO: check + NOTE: not-for-us (mrtgconfig) CAN-2002-1676 (BindView NetInventory 1.0, when used with NetRC 1.0, allows local ...) - TODO: check + NOTE: not-for-us (BindView NetInventory) CAN-2002-1675 (Format string vulnerability in the Cio_PrintF function of cio_main.c ...) - TODO: check + NOTE: not-for-us (Unreal IRCd) CAN-2002-1674 (procfs on FreeBSD before 4.5 allows local users to cause a denial of ...) NOTE: kfreebsd use a much more recent version of the freebsd kernel NOTE: not-for-us (FreeBSD) CAN-2002-1673 (The web interface for Webmin 0.92 does not properly quote or filter ...) TODO: check CAN-2002-1672 (Webmin 0.92, when installed from an RPM, creates /var/webmin with ...) - TODO: check + NOTE: Packaging flaw of an unknown RPM based distro. Permissions of Debian's + NOTE: webmin package look sane and FHS compliant CAN-2002-1671 (Microsoft Internet Explorer 5.0, 5.01, and 5.5 allows remote attackers ...) NOTE: not-for-us (Microsoft) CAN-2002-1670 (Microsoft Windows XP Professional upgrade edition overwrites ...) @@ -385,7 +386,7 @@ CAN-2002-1666 (Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 ...) NOTE: not-for-us (Oracle) CAN-2001-1506 (Unknown vulnerability in the file system protection subsystem in HP ...) - TODO: check + NOTE: not-for-us (HP Secure OS layer) CAN-2001-1505 (tinc 1.0pre3 and 1.0pre4 allows remote attackers to inject data into ...) - tinc 1.0pre5-1 CAN-2001-1504 (Lotus Notes R5 Client 4.6 allows remote attackers to execute arbitrary ...) @@ -393,11 +394,12 @@ CAN-2001-1503 (The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS ...) NOTE: not-for-us (Sun) CAN-2001-1502 (webcart.cgi in Mountain Network Systems WebCart 8.4 allows remote ...) - TODO: check + NOTE: not-for-us (WebCart) CAN-2001-1501 (The glob functionality in ProFTPD 1.2.1, and possibly other versions ...) - TODO: check + NOTE: Fix went into proftpd CVS on 2002-12-12 + - proftpd 1.2.8-1 CAN-2001-1500 (ProFTPD 1.2.2rc2, and possibly other versions, does not properly ...) - TODO: check + - proftpd 1.2.4-1 CAN-2001-1499 (Check Point VPN-1 4.1SP4 using SecuRemote returns different error ...) NOTE: not-for-us (Check Point) CAN-2001-1498 (Buffer overflow in mod_bf 0.2 allows local users execute arbitrary ...) @@ -407,7 +409,7 @@ CAN-2001-1496 (Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd ...) TODO: check CAN-2001-1495 (network_query.php in Network Query Tool 1.0 allows remote attackers ...) - TODO: check + NOTE: not-for-us (Network Query Tool) CAN-2001-1494 (script command in the util-linux package before 2.11n allows local ...) - util-linux 2.11n-1 CAN-2001-1492 ( ...) @@ -1058,7 +1060,7 @@ CAN-2005-1730 NOTE: reserved CAN-2005-1729 (Novell eDirectory 8.7.3 allows remote attackers to cause a denial of ...) - TODO: check + NOTE: not-for-us (Novell) CAN-2005-1728 (MCX Client for Apple Mac OS X 10.4.x up to 10.4.1 insecurely logs ...) NOTE: not-for-us (Apple) CAN-2005-1727 (Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and ...) @@ -1183,7 +1185,7 @@ CAN-2005-1670 (Unknown vulnerability in Extreme BlackDiamond 10808 and 8800 switches ...) NOTE: not-for-us (Extreme BlackDiamond hardware) CAN-2005-1669 (Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 ...) - TODO: check + NOTE: not-for-us (Opera) CAN-2005-1668 (YusASP Web Asset Manager 1.0 allows remote attackers to gain ...) NOTE: not-for-us (YusASP Web Asset Manager) CAN-2005-1667 (DataTrac Activity Console 1.1 allows remote attackers to cause a ...) @@ -2415,7 +2417,7 @@ - mozilla-firefox 1.0.4-1 TODO: check mozilla too CAN-2005-1475 (The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote ...) - TODO: check + NOTE: not-for-us (Opera) CAN-2005-1474 (Dashboard in Apple Mac OS X 10.4.1 allows remote attackers to install ...) NOTE: not-for-us (Apple) CAN-2005-1473 (SecurityAgent in Apple Mac OS X 10.4.1 allows attackers with physical ...) From joeyh@costa.debian.org Tue Jun 28 09:14:31 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Tue, 28 Jun 2005 09:14:31 +0000 Subject: [Secure-testing-commits] r1291 - data/CAN Message-ID: Author: joeyh Date: 2005-06-28 09:14:28 +0000 (Tue, 28 Jun 2005) New Revision: 1291 Modified: data/CAN/list Log: automatic CAN database update Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-28 08:03:56 UTC (rev 1290) +++ data/CAN/list 2005-06-28 09:14:28 UTC (rev 1291) @@ -1,3 +1,21 @@ +CAN-2005-2053 (Just another flat file (JAF) CMS before 3.0 Final allows remote ...) + TODO: check +CAN-2005-2052 (Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 ...) + TODO: check +CAN-2005-2051 (Buffer overflow in the Backup Exec Web Administration Console (BEWAC) ...) + TODO: check +CAN-2005-2050 (Unknown vulnerability in Tor before 0.1.0.10 allows remote attackers ...) + TODO: check +CAN-2005-2049 (Multiple SQL injection vulnerabilities in DUware DUclassmate 1.2 allow ...) + TODO: check +CAN-2005-2048 (Multiple SQL injection vulnerabilities in DUware DUforum 3.1 allow ...) + TODO: check +CAN-2005-2047 (Multiple SQL injection vulnerabilities in DUware DUpaypal Pro 3.0 ...) + TODO: check +CAN-2005-2046 (Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and ...) + TODO: check +CAN-2005-2045 (Multiple SQL injection vulnerabilities in DUware DUportal PRO 3.4.3 ...) + TODO: check CAN-2005-XXXX [Insecure handling of tempfile for burning the backup in backup-manager] - backup-manager 0.5.8-2 (low) CAN-2005-XXXX [clamav libmspack decompressor DoS] @@ -879,8 +897,8 @@ NOTE: reserved CAN-2005-1767 NOTE: reserved -CAN-2005-1766 - NOTE: reserved +CAN-2005-1766 (Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 ...) + TODO: check CAN-2005-1765 [Unspecified DoS vulnerability on amd64] NOTE: reserved - kernel-source-2.6.8 (unfixed; unknown) @@ -898,8 +916,8 @@ - kernel-source-2.6.11 (unfixed) CAN-2005-1760 (sysreport 1.3.15 and earlier includes contents of the up2date file in ...) NOTE: not-for-us (sysreport) -CAN-2005-1759 - NOTE: reserved +CAN-2005-1759 (Race condition in shtool 2.0.1 and earlier allows local users to ...) + TODO: check CAN-2005-1758 (Buffer overflow in the IMAP command continuation function in Novell ...) NOTE: not-for-us (Novell) CAN-2005-1757 (Buffer overflow in the Modweb agent for Novell NetMail 3.52 before ...) @@ -1571,12 +1589,12 @@ NOTE: reserved CAN-2005-1527 NOTE: reserved -CAN-2005-1526 - NOTE: reserved -CAN-2005-1525 - NOTE: reserved -CAN-2005-1524 - NOTE: reserved +CAN-2005-1526 (PHP file inclusion vulnerability in config_settings.php in Cacti ...) + TODO: check +CAN-2005-1525 (SQL injection vulnerability in config_settings.php for Cacti before ...) + TODO: check +CAN-2005-1524 (PHP file inclusion vulnerability in top_graph_header.php in Cacti ...) + TODO: check CAN-2005-1523 (Format string vulnerability in imap4d server in GNU Mailutils 0.5 and ...) {DSA-732-1} - mailutils 1:0.6.1-3 @@ -2717,7 +2735,7 @@ NOTE: not-for-us (text.cgi) CAN-2005-1357 (text.cgi script allows remote attackers to read arbitrary files via a ...) NOTE: not-for-us (text.cgi) -CAN-2005-1356 (Cross-site scripting (XSS) vulnerability in includer.cgi script allows ...) +CAN-2005-1356 (Cross-site scripting (XSS) vulnerability in includer.cgi script in The ...) NOTE: not-for-us (includer.cgi) CAN-2005-1355 (includer.cgi in The Includer allows remote attackers to read arbitrary ...) NOTE: not-for-us (includer.cgi) @@ -2882,7 +2900,7 @@ CAN-2005-1278 (The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 ...) - tcpdump 3.8.3-4 CAN-2005-1277 - NOTE: reserved + NOTE: rejected CAN-2005-1276 NOTE: reserved CAN-2005-1275 (Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ...) @@ -2908,8 +2926,7 @@ NOTE: reserved CAN-2005-1267 (The bgp_update_print function in tcpdump 3.x does not properly handle ...) - tcpdump 3.9.0.cvs.20050614-1 (medium) -CAN-2005-1266 - NOTE: reserved +CAN-2005-1266 (Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to ...) - spamassassin (unfixed; bug #314447; medium) CAN-2005-1265 (The mmap function in the Linux Kernel 2.6.10 can be used to create ...) - kernel-source-2.6.8 (unfixed; medium) @@ -2948,8 +2965,8 @@ NOTE: not-for-us (IMail) CAN-2005-1251 NOTE: reserved -CAN-2005-1250 - NOTE: reserved +CAN-2005-1250 (SQL injection vulnerability in the logon screen of the web front end ...) + TODO: check CAN-2005-1249 (The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) ...) NOTE: not-for-us (IMail) CAN-2005-1248 (Buffer overflow in Apple iTunes before 4.8 allows remote attackers to ...) @@ -3004,7 +3021,7 @@ NOTE: not-for-us (Coppermine Photo Gallery) CAN-2005-1225 (SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows ...) NOTE: not-for-us (Coppermine Photo Gallery) -CAN-2005-1224 (Multiple SQL injection vulnerabilities in DUportal Pro 3.4 allow ...) +CAN-2005-1224 (Multiple SQL injection vulnerabilities in DUware DUportal Pro 3.4 ...) NOTE: not-for-us (DUPortal) CAN-2005-1223 (Multiple SQL injection vulnerabilities in Ocean12 Calendar manager ...) NOTE: not-for-us (Ocean12 Calender manager) @@ -4266,8 +4283,8 @@ NOTE: not-for-us (PhotoPost) CAN-2005-0773 NOTE: reserved -CAN-2005-0772 - NOTE: reserved +CAN-2005-0772 (NDMLSRVR.DLL in VERITAS Backup Exec 10.0, 10.0 SP1, and possibly ...) + TODO: check CAN-2005-0771 NOTE: reserved CAN-2005-0770 (Format string vulnerability in DataRescue Interactive Disassembler and ...) From jmm-guest@costa.debian.org Tue Jun 28 09:26:25 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Tue, 28 Jun 2005 09:26:25 +0000 Subject: [Secure-testing-commits] r1292 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-28 09:26:22 +0000 (Tue, 28 Jun 2005) New Revision: 1292 Modified: data/CAN/list Log: tor CANified new phpbb2 issue some n-f-u Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-28 09:14:28 UTC (rev 1291) +++ data/CAN/list 2005-06-28 09:26:22 UTC (rev 1292) @@ -1,21 +1,23 @@ +CAN-2005-XXXX [Improper escaping in viewtopic.php in phpbb2] + - phpbb2 (unfixed; bug filed; high) CAN-2005-2053 (Just another flat file (JAF) CMS before 3.0 Final allows remote ...) - TODO: check + NOTE: not-for-us (JAF CMS) CAN-2005-2052 (Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 ...) - TODO: check + NOTE: not-for-us (RealPlayer) CAN-2005-2051 (Buffer overflow in the Backup Exec Web Administration Console (BEWAC) ...) - TODO: check + NOTE: not-for-us (BEWAC) CAN-2005-2050 (Unknown vulnerability in Tor before 0.1.0.10 allows remote attackers ...) - TODO: check + - tor 0.0.9.10-1 (medium) CAN-2005-2049 (Multiple SQL injection vulnerabilities in DUware DUclassmate 1.2 allow ...) - TODO: check + NOTE: not-for-us (Duware) CAN-2005-2048 (Multiple SQL injection vulnerabilities in DUware DUforum 3.1 allow ...) - TODO: check + NOTE: not-for-us (Duware) CAN-2005-2047 (Multiple SQL injection vulnerabilities in DUware DUpaypal Pro 3.0 ...) - TODO: check + NOTE: not-for-us (Duware) CAN-2005-2046 (Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and ...) - TODO: check + NOTE: not-for-us (Duware) CAN-2005-2045 (Multiple SQL injection vulnerabilities in DUware DUportal PRO 3.4.3 ...) - TODO: check + NOTE: not-for-us (Duware) CAN-2005-XXXX [Insecure handling of tempfile for burning the backup in backup-manager] - backup-manager 0.5.8-2 (low) CAN-2005-XXXX [clamav libmspack decompressor DoS] @@ -460,8 +462,6 @@ - snort 1.6.1-1 CAN-2000-1225 (Xitami 2.5b installs the testcgi.exe program by default in the cgi-bin ...) NOTE: not-for-us (Xitami) -CAN-2005-XXXX [Tor: Information leak through insufficient length verification of relay calls] - - tor 0.0.9.10-1 (medium) CAN-2005-1975 (Multiple cross-site scripting (XSS) vulnerabilities in Annuaire 1Two ...) NOTE: not-for-us (Annuaire) CAN-2005-1974 (Unknown vulnerability in Java 2 Platform, Standard Edition (J2SE) 5.0 ...) From jmm-guest@costa.debian.org Tue Jun 28 09:38:58 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Tue, 28 Jun 2005 09:38:58 +0000 Subject: [Secure-testing-commits] r1293 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-28 09:38:56 +0000 (Tue, 28 Jun 2005) New Revision: 1293 Modified: data/CAN/list Log: CANified cacti, some nfu Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-28 09:26:22 UTC (rev 1292) +++ data/CAN/list 2005-06-28 09:38:56 UTC (rev 1293) @@ -24,8 +24,6 @@ - clamav 0.86.1-1 (medium) CAN-2005-XXXX [clamav-milter timeout DoS] - clamav 0.86-1 (medium) -CAN-2005-XXXX Multiple XSS and input validation errors in cacti - - cacti 0.8.6e-1 (high) CAN-2005-XXXX [Buffer overflow in Asterisk's command parser] - asterisk (unfixed; bug #315532; high) CAN-2005-2044 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 ...) @@ -898,7 +896,7 @@ CAN-2005-1767 NOTE: reserved CAN-2005-1766 (Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 ...) - TODO: check + NOTE: not-for-us (RealPlayer) CAN-2005-1765 [Unspecified DoS vulnerability on amd64] NOTE: reserved - kernel-source-2.6.8 (unfixed; unknown) @@ -1590,11 +1588,11 @@ CAN-2005-1527 NOTE: reserved CAN-2005-1526 (PHP file inclusion vulnerability in config_settings.php in Cacti ...) - TODO: check + - cacti 0.8.6e-1 (high) CAN-2005-1525 (SQL injection vulnerability in config_settings.php for Cacti before ...) - TODO: check + - cacti 0.8.6e-1 (high) CAN-2005-1524 (PHP file inclusion vulnerability in top_graph_header.php in Cacti ...) - TODO: check + - cacti 0.8.6e-1 (high) CAN-2005-1523 (Format string vulnerability in imap4d server in GNU Mailutils 0.5 and ...) {DSA-732-1} - mailutils 1:0.6.1-3 @@ -2966,7 +2964,7 @@ CAN-2005-1251 NOTE: reserved CAN-2005-1250 (SQL injection vulnerability in the logon screen of the web front end ...) - TODO: check + NOTE: not-for-us (IpSwitch) CAN-2005-1249 (The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) ...) NOTE: not-for-us (IMail) CAN-2005-1248 (Buffer overflow in Apple iTunes before 4.8 allows remote attackers to ...) @@ -4284,7 +4282,7 @@ CAN-2005-0773 NOTE: reserved CAN-2005-0772 (NDMLSRVR.DLL in VERITAS Backup Exec 10.0, 10.0 SP1, and possibly ...) - TODO: check + NOTE: not-for-us (VERITAS Backup Exec) CAN-2005-0771 NOTE: reserved CAN-2005-0770 (Format string vulnerability in DataRescue Interactive Disassembler and ...) From jmm-guest@costa.debian.org Tue Jun 28 09:49:11 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Tue, 28 Jun 2005 09:49:11 +0000 Subject: [Secure-testing-commits] r1294 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-28 09:49:09 +0000 (Tue, 28 Jun 2005) New Revision: 1294 Modified: data/CAN/list Log: bug# for phpbb Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-28 09:38:56 UTC (rev 1293) +++ data/CAN/list 2005-06-28 09:49:09 UTC (rev 1294) @@ -1,5 +1,5 @@ CAN-2005-XXXX [Improper escaping in viewtopic.php in phpbb2] - - phpbb2 (unfixed; bug filed; high) + - phpbb2 (unfixed; bug #316071; high) CAN-2005-2053 (Just another flat file (JAF) CMS before 3.0 Final allows remote ...) NOTE: not-for-us (JAF CMS) CAN-2005-2052 (Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 ...) From jmm-guest@costa.debian.org Tue Jun 28 22:37:00 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Tue, 28 Jun 2005 22:37:00 +0000 Subject: [Secure-testing-commits] r1295 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-28 22:36:57 +0000 (Tue, 28 Jun 2005) New Revision: 1295 Modified: data/CAN/list Log: sudo fixed new dhcpd dos vuln (already fixed) Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-28 09:49:09 UTC (rev 1294) +++ data/CAN/list 2005-06-28 22:36:57 UTC (rev 1295) @@ -1,3 +1,5 @@ +CAN-2005-XXXX [Unspecified DoS vulnerability in dhcpd] + - 1:1.3.22pl4-22 CAN-2005-XXXX [Improper escaping in viewtopic.php in phpbb2] - phpbb2 (unfixed; bug #316071; high) CAN-2005-2053 (Just another flat file (JAF) CMS before 3.0 Final allows remote ...) @@ -132,7 +134,7 @@ CAN-2005-1994 (Finjan SurfinGate 7.0SP2 and SP3 allows remote attackers to download ...) NOTE: not-for-us (Finjan SurfinGate) CAN-2005-1993 (Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL ...) - - sudo (unfixed; bug #315115; medium) + - sudo 1.6.8p9-1 (medium) CAN-2005-1992 (The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets ...) - ruby1.8 1.8.2-8 (medium) - ruby1.9 1.9.0+20050623-1 (medium) From jmm-guest@costa.debian.org Tue Jun 28 22:45:05 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Tue, 28 Jun 2005 22:45:05 +0000 Subject: [Secure-testing-commits] r1296 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-28 22:45:02 +0000 (Tue, 28 Jun 2005) New Revision: 1296 Modified: data/CAN/list Log: doh, correct syntax now. Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-28 22:36:57 UTC (rev 1295) +++ data/CAN/list 2005-06-28 22:45:02 UTC (rev 1296) @@ -1,5 +1,5 @@ CAN-2005-XXXX [Unspecified DoS vulnerability in dhcpd] - - 1:1.3.22pl4-22 + - dhcpd 1:1.3.22pl4-22 (medium) CAN-2005-XXXX [Improper escaping in viewtopic.php in phpbb2] - phpbb2 (unfixed; bug #316071; high) CAN-2005-2053 (Just another flat file (JAF) CMS before 3.0 Final allows remote ...) From jmm-guest@costa.debian.org Tue Jun 28 22:51:02 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Tue, 28 Jun 2005 22:51:02 +0000 Subject: [Secure-testing-commits] r1297 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-28 22:50:59 +0000 (Tue, 28 Jun 2005) New Revision: 1297 Modified: data/CAN/list Log: new apache2 issue phpbb2 issue does not affect version in Debian. Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-28 22:45:02 UTC (rev 1296) +++ data/CAN/list 2005-06-28 22:50:59 UTC (rev 1297) @@ -1,7 +1,7 @@ +CAN-2005-XXXX [HTTP request smuggling/spooing in apache2's HTTP proxy mode] + - apache (unfixed; bug pending; medium) CAN-2005-XXXX [Unspecified DoS vulnerability in dhcpd] - dhcpd 1:1.3.22pl4-22 (medium) -CAN-2005-XXXX [Improper escaping in viewtopic.php in phpbb2] - - phpbb2 (unfixed; bug #316071; high) CAN-2005-2053 (Just another flat file (JAF) CMS before 3.0 Final allows remote ...) NOTE: not-for-us (JAF CMS) CAN-2005-2052 (Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 ...) From joeyh@costa.debian.org Wed Jun 29 09:14:24 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Wed, 29 Jun 2005 09:14:24 +0000 Subject: [Secure-testing-commits] r1298 - data/CAN Message-ID: Author: joeyh Date: 2005-06-29 09:14:21 +0000 (Wed, 29 Jun 2005) New Revision: 1298 Modified: data/CAN/list Log: automatic CAN database update Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-28 22:50:59 UTC (rev 1297) +++ data/CAN/list 2005-06-29 09:14:21 UTC (rev 1298) @@ -1,3 +1,463 @@ +CAN-2005-2078 (BisonFTP Server V4R1 allows remote authenticated users to cause a ...) + TODO: check +CAN-2005-2077 (Cross-site scripting (XSS) vulnerability in error.asp for Hosting ...) + TODO: check +CAN-2005-2076 (HP Version Control Repository Manager (VCRM) before 2.1.1.730 does not ...) + TODO: check +CAN-2005-2075 (PHP-Fusion 5.0 and 6.0 stores the database file with a predictable ...) + TODO: check +CAN-2005-2074 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.0.105 allows ...) + TODO: check +CAN-2005-2073 (Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through ...) + TODO: check +CAN-2005-2072 (ld.so in Solaris 9 and 10 trusts the LD_AUDIT environment variable in ...) + TODO: check +CAN-2005-2071 (traceroute in Sun Solaris 10 on x86 systems allows local users to ...) + TODO: check +CAN-2005-2070 (The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used ...) + TODO: check +CAN-2005-2069 + NOTE: reserved +CAN-2005-2068 + NOTE: reserved +CAN-2005-2067 (SQL injection vulnerability in article.asp in unknown versions of ...) + TODO: check +CAN-2005-2066 (SQL injection vulnerability in comment_post.asp in ASP Nuke 0.80 ...) + TODO: check +CAN-2005-2065 (HTTP response splitting vulnerability in language_select.asp in ASP ...) + TODO: check +CAN-2005-2064 (Multiple cross-site scripting vulnerabilities in ASP Nuke 0.80 allow ...) + TODO: check +CAN-2005-2063 (Multiple cross-site scripting (XSS) vulnerabilities in ...) + TODO: check +CAN-2005-2062 (Multiple SQL injection vulnerabilities in ActiveBuyAndSell 6.2 allow ...) + TODO: check +CAN-2005-2061 (Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to include ...) + TODO: check +CAN-2005-2060 (Multiple HTTP Response Splitting vulnerabilities in (1) ...) + TODO: check +CAN-2005-2059 (Multiple cross-site request forgery (CSRF) vulnerabilities in (1) ...) + TODO: check +CAN-2005-2058 (Multiple SQL injection vulnerabilities in Infopop UBB.Threads before ...) + TODO: check +CAN-2005-2057 (Multiple cross-site scripting (XSS) vulnerabilities in Infopop ...) + TODO: check +CAN-2005-2056 (The Quantum archive decompressor in Clam AntiVirus (ClamAV) before ...) + TODO: check +CAN-2005-2055 (RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and RealOne ...) + TODO: check +CAN-2005-2054 (Unknown vulnerability in RealPlayer 10 and 10.5 (6.0.12.1040-1069) and ...) + TODO: check +CAN-2002-1986 (Perception LiteServe 2.0 through 2.0.1 allows remote attackers to ...) + TODO: check +CAN-2002-1985 (iSMTP 5.0.1 allows remote attackers to cause a denial of service via a ...) + TODO: check +CAN-2002-1984 (Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or ...) + TODO: check +CAN-2002-1983 (The timer implementation in QNX RTOS 6.1.0 allows local users to cause ...) + TODO: check +CAN-2002-1982 (Directory traversal vulnerability in the list_directory function in ...) + TODO: check +CAN-2002-1981 (Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the ...) + TODO: check +CAN-2002-1980 (Buffer overflow in Volume Manager daemon (vold) of Sun Solaris 2.5.1 ...) + TODO: check +CAN-2002-1979 (WatchGuard SOHO products running firmware 5.1.6 and earlier, and ...) + TODO: check +CAN-2002-1978 (IPFilter 3.1.1 through 3.4.28 allows remote attckers to bypass ...) + TODO: check +CAN-2002-1977 (Network Associates PGP 7.0.4 and 7.1 does not time out according to ...) + TODO: check +CAN-2002-1976 (ifconfig in Linux kernel 2.2 and 2.4 does not report when the network ...) + TODO: check +CAN-2002-1975 (Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt ...) + TODO: check +CAN-2002-1974 (The FTP service in Zaurus PDAs SL-5000D and SL-5500 does not require ...) + TODO: check +CAN-2002-1973 (Buffer overflow in CHttpServer::OnParseError in the ISAPI extension ...) + TODO: check +CAN-2002-1972 (Unknown vulnerability in Parallel port powerSwitch (aka ...) + TODO: check +CAN-2002-1971 (The ping utility in networking_utils.php in Sourcecraft ...) + TODO: check +CAN-2002-1970 (SnortCenter 0.9.5, when configured to push Snort rules, stores the ...) + TODO: check +CAN-2002-1969 (Magic Notebook 1.0b and 1.1b allows remote attackers to cause a denial ...) + TODO: check +CAN-2002-1968 (Com21 DOXport 1100 series cable modem running firmware 2.1.1.106, and ...) + TODO: check +CAN-2002-1967 (Buffer overflow in XiRCON 1.0 Beta 4 allows remote attackers to cause ...) + TODO: check +CAN-2002-1966 (Directory traversal vulnerability in magiccard.cgi in My Postcards ...) + TODO: check +CAN-2002-1965 (Cross-site scripting (XSS) vulnerability in Errors.gsl in Imatix ...) + TODO: check +CAN-2002-1964 (Unknown vulnerability in WesMo phpEventCalendar 1.1 allows remote ...) + TODO: check +CAN-2002-1963 (Linux kernel 2.4.1 through 2.4.19 sets root's NR_RESERVED_FILES limit ...) + TODO: check +CAN-2002-1962 (Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to ...) + TODO: check +CAN-2002-1961 (Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to ...) + TODO: check +CAN-2002-1960 (Cross-site scripting (XSS) vulnerability in Cybozu Share360 1.1 allows ...) + TODO: check +CAN-2002-1959 (Nagios 1.0b1 through 1.0b3 allows remote attackers to execute ...) + TODO: check +CAN-2002-1958 (Cross-site scripting (XSS) vulnerability in kmMail 1.0 through 1.0b ...) + TODO: check +CAN-2002-1957 (Buffer overflow in the netlog function in pen.c for Pen 0.9.1 and ...) + TODO: check +CAN-2002-1956 (ROX Filer 1.1.9 and 1.2 is installed with world writable permissions, ...) + TODO: check +CAN-2002-1955 (Iomega NAS A300U uses cleartext LANMAN authentication when mounting ...) + TODO: check +CAN-2002-1954 (Cross-site scripting (XSS) vulnerability in the phpinfo function in ...) + TODO: check +CAN-2002-1953 (Heap-based buffer overflow in the goim handler of AOL Instant ...) + TODO: check +CAN-2002-1952 (phpRank 1.8 does not properly check the return codes for MySQL ...) + TODO: check +CAN-2002-1951 (Buffer overflow in GoAhead WebServer 2.1 allows remote attackers to ...) + TODO: check +CAN-2002-1950 (Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote ...) + TODO: check +CAN-2002-1949 (The Network Attached Storage (NAS) Administration Web Page for Iomega ...) + TODO: check +CAN-2002-1948 (Multiple buffer overflows in Gringotts 0.5.9 allows local users to ...) + TODO: check +CAN-2002-1947 (Webmin 0.21 through 1.0 uses the same built-in SSL key for all ...) + TODO: check +CAN-2002-1946 (Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software ...) + TODO: check +CAN-2002-1945 (Buffer overflow in SmartMail Server 1.0 Beta 10 allows remote ...) + TODO: check +CAN-2002-1944 (Motorola Surfboard 4200 cable modem allows remote attackers to cause a ...) + TODO: check +CAN-2002-1943 (SafeTP 1.46, when network address translation (NAT) is being used, ...) + TODO: check +CAN-2002-1942 (Imatix Xitami 2.5 b5 does not properly terminate certain Keep-Alive ...) + TODO: check +CAN-2002-1941 (Buffer overflow in RadioBird WebServer 4 Everyone 1.28 allows remote ...) + TODO: check +CAN-2002-1940 (LCC-Win32 3.2 compiler, when running on Windows 95, 98, or ME, writes ...) + TODO: check +CAN-2002-1939 (FlashFXP 1.4 prints FTP passwords in plaintext when there are ...) + TODO: check +CAN-2002-1938 (Virgil CGI Scanner 0.9 allows remote attackers to execute arbitrary ...) + TODO: check +CAN-2002-1937 (Symantec Firewall/VPN Appliance 100 through 200R hardcodes the ...) + TODO: check +CAN-2002-1936 (UTStarcom BAS 1000 3.1.10 creates several default or back door ...) + TODO: check +CAN-2002-1935 (Pingtel Xpressa 1.2.5 through 2.0.1 uses predictable (1) Call-ID, (2) ...) + TODO: check +CAN-2002-1934 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 2.0.1 ...) + TODO: check +CAN-2002-1933 (The terminal services screensaver for Microsoft Windows 2000 does not ...) + TODO: check +CAN-2002-1932 (Microsoft Windows XP and Windows 2000, when configured to send ...) + TODO: check +CAN-2002-1931 (Cross-site scripting (XSS) vulnerability in PHP Arena paFileDB 1.1.3 ...) + TODO: check +CAN-2002-1930 (Buffer overflow in AN HTTPd 1.38 through 1.4.1c allows remote ...) + TODO: check +CAN-2002-1929 (Cross-site scripting (XSS) vulnerability in pafiledb.php in PHP Arena ...) + TODO: check +CAN-2002-1928 (602Pro LAN SUITE 2002 allows remote attackers to view the directory ...) + TODO: check +CAN-2002-1927 (Aquonics File Manager 1.5 allows users with edit privileges to modify ...) + TODO: check +CAN-2002-1926 (Directory traversal vulnerability in source.php in Aquonics File ...) + TODO: check +CAN-2002-1925 (Tiny Personal Firewall 3.0 through 3.0.6 allows remote attackers to ...) + TODO: check +CAN-2002-1924 (PowerChute plus 5.0.2 creates a "Pwrchute" directory during ...) + TODO: check +CAN-2002-1923 (The default configuration in MySQL 3.20.32 through 3.23.52, when ...) + TODO: check +CAN-2002-1922 (Cross-site scripting (XSS) vulnerability in global.php in Jelsoft ...) + TODO: check +CAN-2002-1921 (The default configuration of MySQL 3.20.32 through 3.23.52, when ...) + TODO: check +CAN-2002-1920 (Buffer overflow in FtpXQ 2.5 allows remote attackers to cause a denial ...) + TODO: check +CAN-2002-1919 (SQL injection vulnerability in shopadmin.asp in VP-ASP 4.0 allows ...) + TODO: check +CAN-2002-1918 (Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft ...) + TODO: check +CAN-2002-1917 (CRLF injection vulnerability in the "User Profile: Send Email" feature ...) + TODO: check +CAN-2002-1916 (Pirch and RusPirch, when auto-log is enabled, allows remote attackers ...) + TODO: check +CAN-2002-1915 (tip on multiple BSD-based operating systems allows local users to ...) + TODO: check +CAN-2002-1914 (dump 0.4 b10 through b29 allows local users to cause a denial of ...) + TODO: check +CAN-2002-1913 (phptonuke.php in myPHPNuke 1.8.8 allows remote attackers to read ...) + TODO: check +CAN-2002-1912 (SkyStream EMR5000 1.16 through 1.18 does not drop packets or disable ...) + TODO: check +CAN-2002-1911 (ZoneAlarm Pro 3.0 and 3.1, when configured to block all traffic, ...) + TODO: check +CAN-2002-1910 (Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak ...) + TODO: check +CAN-2002-1909 (Click2Learn Ingenium Learning Management System 5.1 and 6.1 stores the ...) + TODO: check +CAN-2002-1908 (Microsoft IIS 5.0 and 5.1 allows remote attackers to cause a denial of ...) + TODO: check +CAN-2002-1907 (TelCondex SimpleWebServer 2.06.20817 allows remote attackers to cause ...) + TODO: check +CAN-2002-1906 (The web server for Polycom ViaVideo 2.2 and 3.0 allows remote ...) + TODO: check +CAN-2002-1905 (Buffer overflow in the web server of Polycom ViaVideo 2.2 and 3.0 ...) + TODO: check +CAN-2002-1904 (Buffer overflow in the Log function in util.c in GazTek ghttpd 1.4 ...) + TODO: check +CAN-2002-1903 (Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: ...) + TODO: check +CAN-2002-1902 (CGIForum 1.0 through 1.05 allows remote attackers to cause a denial of ...) + TODO: check +CAN-2002-1901 (Cross-site scripting (XSS) vulnerability in Bodo Bauer BBGallery 1.0 ...) + TODO: check +CAN-2002-1900 (Cross-site scripting (XSS) vulnerability in Pinboard 1.0 allows remote ...) + TODO: check +CAN-2002-1899 (Cross-site scripting (XSS) vulnerability in IceWarp Web Mail 3.3.3 and ...) + TODO: check +CAN-2002-1898 (Terminal 1.3 in Apple Mac OS X 10.2 allows remote attackers to execute ...) + TODO: check +CAN-2002-1897 (MyWebServer 1.0.2 allows remote attackers to cause a denial of service ...) + TODO: check +CAN-2002-1896 (Buffer overflow in Alsaplayer 0.99.71, when installed setuid root, ...) + TODO: check +CAN-2002-1895 (The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using ...) + TODO: check +CAN-2002-1894 (Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB ...) + TODO: check +CAN-2002-1893 (Cross-site scripting (XSS) vulnerability in ArGoSoft Mail Server Pro ...) + TODO: check +CAN-2002-1892 (NETGEAR FVS318 running firmware 1.1 stores the username and password ...) + TODO: check +CAN-2002-1891 (Buffer overflow in IRCIT 0.3.1 IRC client allows remote attackers to ...) + TODO: check +CAN-2002-1890 (rhmask 1.0-9 in Red Hat Linux 7.1 allows local users to overwrite ...) + TODO: check +CAN-2002-1889 (Off-by-one buffer overflow in the context_action function in context.c ...) + TODO: check +CAN-2002-1888 (CommonName Toolbar 3.5.2.0 sends unqualified domain name requests to ...) + TODO: check +CAN-2002-1887 (PHP remote code injection vulnerability in customize.php for ...) + TODO: check +CAN-2002-1886 (TightAuction 3.0 stores config.inc under the web document root with ...) + TODO: check +CAN-2002-1885 (PHP remote code injection vulnerability in showhits.php3 for ...) + TODO: check +CAN-2002-1884 (index.php in Py-Membres 3.1 allows remote attackers to log in as an ...) + TODO: check +CAN-2002-1883 (Trolltech Qt Assistant 1.0 in Trolltech Qt 3.0.3, when loaded from the ...) + TODO: check +CAN-2002-1882 (Unknown vulnerability in AolSecurityPrivate.class in Oracle E-Business ...) + TODO: check +CAN-2002-1881 (Macromedia Flash Player 4.0 r12 through 6.0.47.0 allows remote ...) + TODO: check +CAN-2002-1880 (LokwaBB 1.2.2 allows remote attackers to read arbitrary messages by ...) + TODO: check +CAN-2002-1879 (SQL injection vulnerability in LokwaBB 1.2.2 allows remote attackers ...) + TODO: check +CAN-2002-1878 (PHP remote code injection vulnerability in w-Agora 4.1.3 allows remote ...) + TODO: check +CAN-2002-1877 (NETGEAR FM114P allows remote attackers to bypass access restrictions ...) + TODO: check +CAN-2002-1876 (Microsoft Exchange 2000 allows remote authenticated attackers to cause ...) + TODO: check +CAN-2002-1875 (Entercept Agent 2.5 agent for Windows, released before May 21, 2002, ...) + TODO: check +CAN-2002-1874 (astrocam.cgi in AstroCam 1.7.1 through 2.1.2 allows remote attackers ...) + TODO: check +CAN-2002-1873 (Microsoft Exchange 2000, when used with Microsoft Remote Procedure ...) + TODO: check +CAN-2002-1872 (Microsoft SQL Server 6.0 through 2000, with SQL Authentication ...) + TODO: check +CAN-2002-1871 (pkgadd in Sun Solaris 2.5.1 through 8 installs files setuid/setgid ...) + TODO: check +CAN-2002-1870 (Simple Web Server (SWS) 0.0.4 through 0.1.0 does not properly handle ...) + TODO: check +CAN-2002-1869 (Heysoft EventSave 5.1 and 5.2 and Heysoft EventSave+ 5.1 and 5.2 does ...) + TODO: check +CAN-2002-1868 (Dispair 0.1 and 0.2 allows remote attackers to execute arbitrary shell ...) + TODO: check +CAN-2002-1867 (The default configuration of BizDesign ImageFolio 2.23 through 2.26 ...) + TODO: check +CAN-2002-1866 (Simple Web Server (SWS) 0.0.4 through 0.1.0 does not close file ...) + TODO: check +CAN-2002-1865 (Buffer overflow in the Embedded HTTP server, as used in (1) D-Link ...) + TODO: check +CAN-2002-1864 (Directory traversal vulnerability in Simple Web Server (SWS) 0.0.4 ...) + TODO: check +CAN-2002-1863 (Iomega Network Attached Storage (NAS) A300U, and possibly other ...) + TODO: check +CAN-2002-1862 (SmartMail Server 2.0 allows remote attackers to cause a denial of ...) + TODO: check +CAN-2002-1861 (Sybase Enterprise Application Server 4.0, when running on Windows, ...) + TODO: check +CAN-2002-1860 (Pramati Server 3.0, when running on Windows, allows remote attackers ...) + TODO: check +CAN-2002-1859 (Orion Application Server 1.5.3, when running on Windows, allows remote ...) + TODO: check +CAN-2002-1858 (Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through ...) + TODO: check +CAN-2002-1857 (jo! jo Webserver 1.0, when running on Windows, allows remote attackers ...) + TODO: check +CAN-2002-1856 (HP Application Server 8.0, when running on Windows, allows remote ...) + TODO: check +CAN-2002-1855 (Macromedia JRun 3.0 through 4.0, when running on Windows, allows ...) + TODO: check +CAN-2002-1854 (Rlaj whois CGI script (whois.cgi) 1.0 allows remote attackers to ...) + TODO: check +CAN-2002-1853 (Cross-site scripting (XSS) vulnerability in MyNewsGroups 0.4 and 0.4.1 ...) + TODO: check +CAN-2002-1852 (Cross-site scripting (XSS) vulnerability in Monkey 0.5.0 allows remote ...) + TODO: check +CAN-2002-1851 (Buffer overflow in WS_FTP Pro 7.5 allows remote attackers to execute ...) + TODO: check +CAN-2002-1850 (mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly ...) + TODO: check +CAN-2002-1849 (ParaChat Server 4.0 does not log users off if the browser's back ...) + TODO: check +CAN-2002-1848 (TightVNC before 1.2.4 running on Windows stores unencrypted passwords ...) + TODO: check +CAN-2002-1847 (Buffer overflow in mplay32.exe of Microsoft Windows Media Player (WMP) ...) + TODO: check +CAN-2002-1846 (Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require a ...) + TODO: check +CAN-2002-1845 (Cross-site scripting (XSS) vulnerability in index.php in Yet Another ...) + TODO: check +CAN-2002-1844 (Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, ...) + TODO: check +CAN-2002-1843 (Perlbot 1.9.2 allows remote attackers to execute arbitrary commands ...) + TODO: check +CAN-2002-1842 (Perlbot 1.0 beta allows remote attackers to execute arbitrary commands ...) + TODO: check +CAN-2002-1841 (The document management module in NOLA 1.1.1 and 1.1.2 does not ...) + TODO: check +CAN-2002-1840 (irssi IRC client 0.8.4, when downloaded after 14-March-2002, could ...) + TODO: check +CAN-2002-1839 (Trend Micro InterScan VirusWall for Windows NT 3.52 does not record ...) + TODO: check +CAN-2002-1838 (Charities.cron 1.0.2 through 1.6.0 allows local users to write to ...) + TODO: check +CAN-2002-1837 (The getAlbumToDisplay function in idsShared.pm for Image Display ...) + TODO: check +CAN-2002-1836 (The default configuration of Xerox DocuTech 6110 and DocuTech 6115 ...) + TODO: check +CAN-2002-1835 (The default configuration of Xerox DocuTech 6110 and DocuTech 6115 ...) + TODO: check +CAN-2002-1834 (The default configuration of Xerox DocuTech 6110 and DocuTech 6115 ...) + TODO: check +CAN-2002-1833 (The default configurations for DocuTech 6110 and DocuTech 6115 have a ...) + TODO: check +CAN-2002-1832 (Unknown vulnerability in the "ipopts decode" functionality in ...) + TODO: check +CAN-2002-1831 (Microsoft MSN Messenger Service 1.0 through 4.6 allows remote ...) + TODO: check +CAN-2002-1830 (Open Bulletin Board (OpenBB) 1.0.0 RC3 allows remote attackers to ...) + TODO: check +CAN-2002-1829 (Cross-site scripting (XSS) vulnerability in codeparse.php in Open ...) + TODO: check +CAN-2002-1828 (Savant Webserver 3.1 allows remote attackers to cause a denial of ...) + TODO: check +CAN-2002-1827 (Sendmail 8.9.0 through 8.12.3 allows local users to cause a denial of ...) + TODO: check +CAN-2002-1826 (grsecurity 1.9.4 for Linux kernel 2.4.18 allows local users to bypass ...) + TODO: check +CAN-2002-1825 (Format string vulnerability in PerlRTE_example1.pl in WASD 7.1, 7.2.0 ...) + TODO: check +CAN-2002-1824 (Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a ...) + TODO: check +CAN-2002-1823 (Buffer overflow in the HttpGetRequest function in Zeroo HTTP server ...) + TODO: check +CAN-2002-1822 (IBM HTTP Server 1.0 on AS/400 allows remote attackers to obtain the ...) + TODO: check +CAN-2002-1821 (Ultimate PHP Board (UPB) 1.0 and 1.0b allows remote authenticated ...) + TODO: check +CAN-2002-1820 (register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an ...) + TODO: check +CAN-2002-1819 (Directory traversal vulnerability in TinyHTTPD 0.1 .0 allows remote ...) + TODO: check +CAN-2002-1818 (ezhttpbench.php in eZ httpbench 1.1 allows remote attackers to read ...) + TODO: check +CAN-2002-1817 (Unknown vulnerability in Veritas Cluster Server (VCS) 1.2 for ...) + TODO: check +CAN-2002-1816 (Buffer overflow in the sock_gets function in ATPhttpd 0.4b and earlier ...) + TODO: check +CAN-2002-1815 (Directory traversal vulnerability in source.php and source.cgi in ...) + TODO: check +CAN-2002-1814 (Buffer overflow in efstools in Bonobo, when installed setuid, allows ...) + TODO: check +CAN-2002-1813 (Directory traversal vulnerability in AOL Instant Messenger (AIM) ...) + TODO: check +CAN-2002-1812 (Buffer overflow in gdam123 0.933 and 0.942 allows local users to ...) + TODO: check +CAN-2002-1811 (Belkin F5D6130 Wireless Network Access Point running firmware AP14G8 ...) + TODO: check +CAN-2002-1810 (D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to ...) + TODO: check +CAN-2002-1809 (The default configuration of the Windows binary release of MySQL ...) + TODO: check +CAN-2002-1808 (Cross-site scripting (XSS) vulnerability in Meunity Community System ...) + TODO: check +CAN-2002-1807 (Cross-site scripting (XSS) vulnerability in phpWebSite 0.8.3 allows ...) + TODO: check +CAN-2002-1806 (Cross-site scripting (XSS) vulnerability in Drupal 4.0.0 allows remote ...) + TODO: check +CAN-2002-1805 (Cross-site scripting (XSS) vulnerability in DaCode 1.2.0 allows remote ...) + TODO: check +CAN-2002-1804 (Cross-site scripting (XSS) vulnerability in NPDS 4.8 allows remote ...) + TODO: check +CAN-2002-1803 (Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows remote ...) + TODO: check +CAN-2002-1802 (Cross-site scripting (XSS) vulnerability in Xoops 1.0 RC3 allows ...) + TODO: check +CAN-2002-1801 (ImageFolio 2.23 through 2.27 allows remote attackers to obtain ...) + TODO: check +CAN-2002-1800 (phpRank 1.8 stores the administrative password in plaintext on the ...) + TODO: check +CAN-2002-1799 (Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote ...) + TODO: check +CAN-2002-1798 (MidiCart PHP 1 allows remote attackers to (1) upload arbitrary php ...) + TODO: check +CAN-2002-1797 (ChaiVM for HP color LaserJet 4500 and 4550 or HP LaserJet 4100 and ...) + TODO: check +CAN-2002-1796 (ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet ...) + TODO: check +CAN-2002-1795 (Cross-site scripting (XSS) vulnerability in connect.asp in Microsoft ...) + TODO: check +CAN-2002-1794 (Unknown vulnerability in pam_authz in the LDAP-UX Integration product ...) + TODO: check +CAN-2002-1793 (HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS ...) + TODO: check +CAN-2002-1792 (Buffer overflow in Fake Identd 0.9 through 1.4 allows remote attackers ...) + TODO: check +CAN-2002-1791 (SGI IRIX 6.5 through 6.5.17 creates temporary desktop files with ...) + TODO: check +CAN-2002-1790 (The SMTP service in Microsoft Internet Information Services (IIS) 4.0 ...) + TODO: check +CAN-2002-1789 (Format string vulnerability in newsx NNTP client before 1.4.8 allows ...) + TODO: check +CAN-2002-1788 (Format string vulnerability in the nn_exitmsg function in nn 6.6.0 ...) + TODO: check +CAN-2002-1787 (Buffer overflow in uux in eoe.sw.uucp package of SGI IRIX 6.5 through ...) + TODO: check +CAN-2002-1786 (SGI IRIX 6.5 through 6.5.14 applies a umask of 022 to root core dumps, ...) + TODO: check +CAN-2002-1785 (Cross-site scripting (XSS) vulnerability in Zeus Administration Server ...) + TODO: check +CAN-2002-1784 (Unknown vulnerability in inetd in HP Tru64 Unix 4.0f through 5.1a ...) + TODO: check +CAN-2002-1783 (CRLF injection vulnerability in PHP 4.2.1 through 4.2.3, when ...) + TODO: check +CAN-2000-1227 (Windows NT 4.0 and Windows 2000 hosts allow remote attackers to cause ...) + TODO: check CAN-2005-XXXX [HTTP request smuggling/spooing in apache2's HTTP proxy mode] - apache (unfixed; bug pending; medium) CAN-2005-XXXX [Unspecified DoS vulnerability in dhcpd] @@ -6563,8 +7023,8 @@ CAN-2005-0202 (Directory traversal vulnerability in the true_path function in ...) {DSA-674-1} - mailman 2.1.5-6 -CAN-2005-0201 - NOTE: reserved +CAN-2005-0201 (D-BUS (dbus) before 0.22 does not properly restrict access to a ...) + TODO: check CAN-2005-0200 (TikiWiki before 1.8.5 does not properly validate files that have been ...) NOTE: not-for-us (TikiWiki) CAN-2005-0199 (Integer underflow in the Lists_MakeMask() function in lists.c in ...) From jmm-guest@costa.debian.org Wed Jun 29 09:34:28 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Wed, 29 Jun 2005 09:34:28 +0000 Subject: [Secure-testing-commits] r1299 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-29 09:34:25 +0000 (Wed, 29 Jun 2005) New Revision: 1299 Modified: data/CAN/list Log: claim Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-29 09:14:21 UTC (rev 1298) +++ data/CAN/list 2005-06-29 09:34:25 UTC (rev 1299) @@ -1,3 +1,4 @@ +begin claimed by jmm CAN-2005-2078 (BisonFTP Server V4R1 allows remote authenticated users to cause a ...) TODO: check CAN-2005-2077 (Cross-site scripting (XSS) vulnerability in error.asp for Hosting ...) @@ -48,6 +49,7 @@ TODO: check CAN-2005-2054 (Unknown vulnerability in RealPlayer 10 and 10.5 (6.0.12.1040-1069) and ...) TODO: check +end claimed by jmm CAN-2002-1986 (Perception LiteServe 2.0 through 2.0.1 allows remote attackers to ...) TODO: check CAN-2002-1985 (iSMTP 5.0.1 allows remote attackers to cause a denial of service via a ...) From jmm-guest@costa.debian.org Wed Jun 29 09:42:28 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Wed, 29 Jun 2005 09:42:28 +0000 Subject: [Secure-testing-commits] r1300 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-29 09:42:25 +0000 (Wed, 29 Jun 2005) New Revision: 1300 Modified: data/CAN/list Log: processed the recent block, nothing new except CAN assignments for the two clamav issue. claim some older ones as well. Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-29 09:34:25 UTC (rev 1299) +++ data/CAN/list 2005-06-29 09:42:25 UTC (rev 1300) @@ -1,55 +1,54 @@ -begin claimed by jmm CAN-2005-2078 (BisonFTP Server V4R1 allows remote authenticated users to cause a ...) - TODO: check + NOTE: not-for-us (BisonFTP Server) CAN-2005-2077 (Cross-site scripting (XSS) vulnerability in error.asp for Hosting ...) - TODO: check + NOTE: not-for-us (Hosting Controller) CAN-2005-2076 (HP Version Control Repository Manager (VCRM) before 2.1.1.730 does not ...) - TODO: check + NOTE: not-for-us (HP Version Control Repository Manager) CAN-2005-2075 (PHP-Fusion 5.0 and 6.0 stores the database file with a predictable ...) - TODO: check + NOTE: not-for-us (PHP-Fusion) CAN-2005-2074 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.0.105 allows ...) - TODO: check + NOTE: not-for-us (PHP-Fusion) CAN-2005-2073 (Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through ...) - TODO: check + NOTE: not-for-us (DB2) CAN-2005-2072 (ld.so in Solaris 9 and 10 trusts the LD_AUDIT environment variable in ...) - TODO: check + NOTE: not-for-us (Solaris) CAN-2005-2071 (traceroute in Sun Solaris 10 on x86 systems allows local users to ...) - TODO: check + NOTE: not-for-us (Solaris) CAN-2005-2070 (The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used ...) - TODO: check + - clamav 0.86-1 (medium) CAN-2005-2069 NOTE: reserved CAN-2005-2068 NOTE: reserved CAN-2005-2067 (SQL injection vulnerability in article.asp in unknown versions of ...) - TODO: check + NOTE: not-for-us (ASP Nuke) CAN-2005-2066 (SQL injection vulnerability in comment_post.asp in ASP Nuke 0.80 ...) - TODO: check + NOTE: not-for-us (ASP Nuke) CAN-2005-2065 (HTTP response splitting vulnerability in language_select.asp in ASP ...) - TODO: check + NOTE: not-for-us (ASP Nuke) CAN-2005-2064 (Multiple cross-site scripting vulnerabilities in ASP Nuke 0.80 allow ...) - TODO: check + NOTE: not-for-us (ASP Nuke) CAN-2005-2063 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - TODO: check + NOTE: not-for-us (ActiveBuyAndSell) CAN-2005-2062 (Multiple SQL injection vulnerabilities in ActiveBuyAndSell 6.2 allow ...) - TODO: check + NOTE: not-for-us (ActiveBuyAndSell) CAN-2005-2061 (Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to include ...) - TODO: check + NOTE: not-for-us (Infopop UBB.Threads) CAN-2005-2060 (Multiple HTTP Response Splitting vulnerabilities in (1) ...) - TODO: check + NOTE: not-for-us (Infopop UBB.Threads) CAN-2005-2059 (Multiple cross-site request forgery (CSRF) vulnerabilities in (1) ...) - TODO: check + NOTE: not-for-us (Infopop UBB.Threads) CAN-2005-2058 (Multiple SQL injection vulnerabilities in Infopop UBB.Threads before ...) - TODO: check + NOTE: not-for-us (Infopop UBB.Threads) CAN-2005-2057 (Multiple cross-site scripting (XSS) vulnerabilities in Infopop ...) - TODO: check + NOTE: not-for-us (Infopop UBB.Threads) CAN-2005-2056 (The Quantum archive decompressor in Clam AntiVirus (ClamAV) before ...) - TODO: check + - clamav 0.86.1-1 (medium) CAN-2005-2055 (RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and RealOne ...) - TODO: check + NOTE: not-for-us (RealPlayer) CAN-2005-2054 (Unknown vulnerability in RealPlayer 10 and 10.5 (6.0.12.1040-1069) and ...) - TODO: check -end claimed by jmm + NOTE: not-for-us (RealPlayer) +begin claimed by jmm CAN-2002-1986 (Perception LiteServe 2.0 through 2.0.1 allows remote attackers to ...) TODO: check CAN-2002-1985 (iSMTP 5.0.1 allows remote attackers to cause a denial of service via a ...) @@ -120,6 +119,7 @@ TODO: check CAN-2002-1952 (phpRank 1.8 does not properly check the return codes for MySQL ...) TODO: check +end claimed by jmm CAN-2002-1951 (Buffer overflow in GoAhead WebServer 2.1 allows remote attackers to ...) TODO: check CAN-2002-1950 (Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote ...) @@ -484,10 +484,6 @@ NOTE: not-for-us (Duware) CAN-2005-XXXX [Insecure handling of tempfile for burning the backup in backup-manager] - backup-manager 0.5.8-2 (low) -CAN-2005-XXXX [clamav libmspack decompressor DoS] - - clamav 0.86.1-1 (medium) -CAN-2005-XXXX [clamav-milter timeout DoS] - - clamav 0.86-1 (medium) CAN-2005-XXXX [Buffer overflow in Asterisk's command parser] - asterisk (unfixed; bug #315532; high) CAN-2005-2044 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 ...) From djoume-guest@costa.debian.org Wed Jun 29 10:02:09 2005 From: djoume-guest@costa.debian.org (=?UTF-8?Q?SALVETTI_Djoum=C3=A9?=) Date: Wed, 29 Jun 2005 10:02:09 +0000 Subject: [Secure-testing-commits] r1301 - data/CAN Message-ID: Author: djoume-guest Date: 2005-06-29 10:02:07 +0000 (Wed, 29 Jun 2005) New Revision: 1301 Modified: data/CAN/list Log: * claim Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-29 09:42:25 UTC (rev 1300) +++ data/CAN/list 2005-06-29 10:02:07 UTC (rev 1301) @@ -120,6 +120,7 @@ CAN-2002-1952 (phpRank 1.8 does not properly check the return codes for MySQL ...) TODO: check end claimed by jmm +begin claimed by djoume CAN-2002-1951 (Buffer overflow in GoAhead WebServer 2.1 allows remote attackers to ...) TODO: check CAN-2002-1950 (Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote ...) @@ -236,6 +237,7 @@ TODO: check CAN-2002-1894 (Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB ...) TODO: check +end claimed by djoume CAN-2002-1893 (Cross-site scripting (XSS) vulnerability in ArGoSoft Mail Server Pro ...) TODO: check CAN-2002-1892 (NETGEAR FVS318 running firmware 1.1 stores the username and password ...) From jmm-guest@costa.debian.org Wed Jun 29 10:40:44 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Wed, 29 Jun 2005 10:40:44 +0000 Subject: [Secure-testing-commits] r1302 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-29 10:40:42 +0000 (Wed, 29 Jun 2005) New Revision: 1302 Modified: data/CAN/list Log: new proftpd format string issue processed half of my block. Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-29 10:02:07 UTC (rev 1301) +++ data/CAN/list 2005-06-29 10:40:42 UTC (rev 1302) @@ -1,3 +1,5 @@ +CAN-2005-XXXX [proftpd format string vulnerability in ftpshut] + - proftpd 1.2.10-9 CAN-2005-2078 (BisonFTP Server V4R1 allows remote authenticated users to cause a ...) NOTE: not-for-us (BisonFTP Server) CAN-2005-2077 (Cross-site scripting (XSS) vulnerability in error.asp for Hosting ...) @@ -50,47 +52,49 @@ NOTE: not-for-us (RealPlayer) begin claimed by jmm CAN-2002-1986 (Perception LiteServe 2.0 through 2.0.1 allows remote attackers to ...) - TODO: check + NOTE: not-for-us (Perception LiteServe) CAN-2002-1985 (iSMTP 5.0.1 allows remote attackers to cause a denial of service via a ...) - TODO: check + NOTE: not-for-us (iSMTP) CAN-2002-1984 (Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2002-1983 (The timer implementation in QNX RTOS 6.1.0 allows local users to cause ...) - TODO: check + NOTE: not-for-us (QNX) CAN-2002-1982 (Directory traversal vulnerability in the list_directory function in ...) - TODO: check + TODO: check, possibly affected, but sphor currently off, minor issue CAN-2002-1981 (Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2002-1980 (Buffer overflow in Volume Manager daemon (vold) of Sun Solaris 2.5.1 ...) - TODO: check + NOTE: not-for-us (Solaris) CAN-2002-1979 (WatchGuard SOHO products running firmware 5.1.6 and earlier, and ...) - TODO: check + NOTE: not-for-us (Watchguard SOHO) CAN-2002-1978 (IPFilter 3.1.1 through 3.4.28 allows remote attckers to bypass ...) - TODO: check + NOTE: not-for-us (IPFilter) CAN-2002-1977 (Network Associates PGP 7.0.4 and 7.1 does not time out according to ...) - TODO: check + NOTE: not-for-us (Proprietary PGP) CAN-2002-1976 (ifconfig in Linux kernel 2.2 and 2.4 does not report when the network ...) - TODO: check + NOTE: Kernel 2.2 introduced a different way to set promisc mode through setsockopt() + NOTE: instead through an ioctl() as before. + TODO: check, whether current ifconfig handles that correctly, I guess so CAN-2002-1975 (Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt ...) - TODO: check + NOTE: not-for-us (Zaurus hardware) CAN-2002-1974 (The FTP service in Zaurus PDAs SL-5000D and SL-5500 does not require ...) - TODO: check + NOTE: not-for-us (Zaurus hardware) CAN-2002-1973 (Buffer overflow in CHttpServer::OnParseError in the ISAPI extension ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2002-1972 (Unknown vulnerability in Parallel port powerSwitch (aka ...) - TODO: check + NOTE: not-for-us (pp_powerSwitch) CAN-2002-1971 (The ping utility in networking_utils.php in Sourcecraft ...) - TODO: check + NOTE: not-for-us (Sourcecraft Networking Utils) CAN-2002-1970 (SnortCenter 0.9.5, when configured to push Snort rules, stores the ...) - TODO: check + NOTE: not-for-us (SnortCenter) CAN-2002-1969 (Magic Notebook 1.0b and 1.1b allows remote attackers to cause a denial ...) - TODO: check + NOTE: not-for-us (Magic Notebook) CAN-2002-1968 (Com21 DOXport 1100 series cable modem running firmware 2.1.1.106, and ...) - TODO: check + NOTE: not-for-us (Com21 hardware) CAN-2002-1967 (Buffer overflow in XiRCON 1.0 Beta 4 allows remote attackers to cause ...) - TODO: check + NOTE: not-for-us (XiRCON) CAN-2002-1966 (Directory traversal vulnerability in magiccard.cgi in My Postcards ...) - TODO: check + NOTE: not-for-us (My Postcards Platinum) CAN-2002-1965 (Cross-site scripting (XSS) vulnerability in Errors.gsl in Imatix ...) TODO: check CAN-2002-1964 (Unknown vulnerability in WesMo phpEventCalendar 1.1 allows remote ...) From djoume-guest@costa.debian.org Wed Jun 29 15:47:29 2005 From: djoume-guest@costa.debian.org (=?UTF-8?Q?SALVETTI_Djoum=C3=A9?=) Date: Wed, 29 Jun 2005 15:47:29 +0000 Subject: [Secure-testing-commits] r1303 - data/CAN Message-ID: Author: djoume-guest Date: 2005-06-29 15:47:26 +0000 (Wed, 29 Jun 2005) New Revision: 1303 Modified: data/CAN/list Log: * processed my block : lot of not-for-us * claimed some more Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-29 10:40:42 UTC (rev 1302) +++ data/CAN/list 2005-06-29 15:47:26 UTC (rev 1303) @@ -124,124 +124,125 @@ CAN-2002-1952 (phpRank 1.8 does not properly check the return codes for MySQL ...) TODO: check end claimed by jmm -begin claimed by djoume CAN-2002-1951 (Buffer overflow in GoAhead WebServer 2.1 allows remote attackers to ...) - TODO: check + NOTE: not-for-us CAN-2002-1950 (Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote ...) - TODO: check + NOTE: not-for-us CAN-2002-1949 (The Network Attached Storage (NAS) Administration Web Page for Iomega ...) - TODO: check + NOTE: not-for-us CAN-2002-1948 (Multiple buffer overflows in Gringotts 0.5.9 allows local users to ...) - TODO: check + NOTE: not-for-us + NOTE: fixed before Gringotts was in Debian CAN-2002-1947 (Webmin 0.21 through 1.0 uses the same built-in SSL key for all ...) - TODO: check + - webmin (1.000-2) CAN-2002-1946 (Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software ...) - TODO: check + NOTE: not-for-us CAN-2002-1945 (Buffer overflow in SmartMail Server 1.0 Beta 10 allows remote ...) - TODO: check + NOTE: not-for-us CAN-2002-1944 (Motorola Surfboard 4200 cable modem allows remote attackers to cause a ...) - TODO: check + NOTE: not-for-us CAN-2002-1943 (SafeTP 1.46, when network address translation (NAT) is being used, ...) - TODO: check + NOTE: not-for-us CAN-2002-1942 (Imatix Xitami 2.5 b5 does not properly terminate certain Keep-Alive ...) - TODO: check + NOTE: not-for-us CAN-2002-1941 (Buffer overflow in RadioBird WebServer 4 Everyone 1.28 allows remote ...) - TODO: check + NOTE: not-for-us CAN-2002-1940 (LCC-Win32 3.2 compiler, when running on Windows 95, 98, or ME, writes ...) - TODO: check + NOTE: not-for-us CAN-2002-1939 (FlashFXP 1.4 prints FTP passwords in plaintext when there are ...) - TODO: check + NOTE: not-for-us CAN-2002-1938 (Virgil CGI Scanner 0.9 allows remote attackers to execute arbitrary ...) - TODO: check + NOTE: not-for-us CAN-2002-1937 (Symantec Firewall/VPN Appliance 100 through 200R hardcodes the ...) - TODO: check + NOTE: not-for-us CAN-2002-1936 (UTStarcom BAS 1000 3.1.10 creates several default or back door ...) - TODO: check + NOTE: not-for-us CAN-2002-1935 (Pingtel Xpressa 1.2.5 through 2.0.1 uses predictable (1) Call-ID, (2) ...) - TODO: check + NOTE: not-for-us CAN-2002-1934 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 2.0.1 ...) - TODO: check + NOTE: not-for-us CAN-2002-1933 (The terminal services screensaver for Microsoft Windows 2000 does not ...) - TODO: check + NOTE: not-for-us CAN-2002-1932 (Microsoft Windows XP and Windows 2000, when configured to send ...) - TODO: check + NOTE: not-for-us CAN-2002-1931 (Cross-site scripting (XSS) vulnerability in PHP Arena paFileDB 1.1.3 ...) - TODO: check + NOTE: not-for-us CAN-2002-1930 (Buffer overflow in AN HTTPd 1.38 through 1.4.1c allows remote ...) - TODO: check + NOTE: not-for-us CAN-2002-1929 (Cross-site scripting (XSS) vulnerability in pafiledb.php in PHP Arena ...) - TODO: check + NOTE: not-for-us CAN-2002-1928 (602Pro LAN SUITE 2002 allows remote attackers to view the directory ...) - TODO: check + NOTE: not-for-us CAN-2002-1927 (Aquonics File Manager 1.5 allows users with edit privileges to modify ...) - TODO: check + NOTE: not-for-us CAN-2002-1926 (Directory traversal vulnerability in source.php in Aquonics File ...) - TODO: check + NOTE: not-for-us CAN-2002-1925 (Tiny Personal Firewall 3.0 through 3.0.6 allows remote attackers to ...) - TODO: check + NOTE: not-for-us CAN-2002-1924 (PowerChute plus 5.0.2 creates a "Pwrchute" directory during ...) - TODO: check + NOTE: not-for-us CAN-2002-1923 (The default configuration in MySQL 3.20.32 through 3.23.52, when ...) - TODO: check + NOTE: not-for-us (Windows specific) CAN-2002-1922 (Cross-site scripting (XSS) vulnerability in global.php in Jelsoft ...) - TODO: check + NOTE: not-for-us CAN-2002-1921 (The default configuration of MySQL 3.20.32 through 3.23.52, when ...) - TODO: check + NOTE: not-for-us (Windows specific) CAN-2002-1920 (Buffer overflow in FtpXQ 2.5 allows remote attackers to cause a denial ...) - TODO: check + NOTE: not-for-us CAN-2002-1919 (SQL injection vulnerability in shopadmin.asp in VP-ASP 4.0 allows ...) - TODO: check + NOTE: not-for-us CAN-2002-1918 (Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft ...) - TODO: check + NOTE: not-for-us CAN-2002-1917 (CRLF injection vulnerability in the "User Profile: Send Email" feature ...) - TODO: check + NOTE: not-for-us CAN-2002-1916 (Pirch and RusPirch, when auto-log is enabled, allows remote attackers ...) - TODO: check + NOTE: not-for-us CAN-2002-1915 (tip on multiple BSD-based operating systems allows local users to ...) - TODO: check + NOTE: not-for-us CAN-2002-1914 (dump 0.4 b10 through b29 allows local users to cause a denial of ...) - TODO: check + - dump 0.4b31-1 CAN-2002-1913 (phptonuke.php in myPHPNuke 1.8.8 allows remote attackers to read ...) - TODO: check + NOTE: not-for-us CAN-2002-1912 (SkyStream EMR5000 1.16 through 1.18 does not drop packets or disable ...) - TODO: check + NOTE: not-for-us CAN-2002-1911 (ZoneAlarm Pro 3.0 and 3.1, when configured to block all traffic, ...) - TODO: check + NOTE: not-for-us CAN-2002-1910 (Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak ...) - TODO: check + NOTE: not-for-us CAN-2002-1909 (Click2Learn Ingenium Learning Management System 5.1 and 6.1 stores the ...) - TODO: check + NOTE: not-for-us CAN-2002-1908 (Microsoft IIS 5.0 and 5.1 allows remote attackers to cause a denial of ...) - TODO: check + NOTE: not-for-us CAN-2002-1907 (TelCondex SimpleWebServer 2.06.20817 allows remote attackers to cause ...) - TODO: check + NOTE: not-for-us CAN-2002-1906 (The web server for Polycom ViaVideo 2.2 and 3.0 allows remote ...) - TODO: check + NOTE: not-for-us CAN-2002-1905 (Buffer overflow in the web server of Polycom ViaVideo 2.2 and 3.0 ...) - TODO: check + NOTE: not-for-us CAN-2002-1904 (Buffer overflow in the Log function in util.c in GazTek ghttpd 1.4 ...) - TODO: check + NOTE: not-for-us CAN-2002-1903 (Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: ...) - TODO: check + NOTE: not-for-us CAN-2002-1902 (CGIForum 1.0 through 1.05 allows remote attackers to cause a denial of ...) - TODO: check + NOTE: not-for-us CAN-2002-1901 (Cross-site scripting (XSS) vulnerability in Bodo Bauer BBGallery 1.0 ...) - TODO: check + NOTE: not-for-us CAN-2002-1900 (Cross-site scripting (XSS) vulnerability in Pinboard 1.0 allows remote ...) - TODO: check + NOTE: not-for-us CAN-2002-1899 (Cross-site scripting (XSS) vulnerability in IceWarp Web Mail 3.3.3 and ...) - TODO: check + NOTE: not-for-us CAN-2002-1898 (Terminal 1.3 in Apple Mac OS X 10.2 allows remote attackers to execute ...) - TODO: check + NOTE: not-for-us CAN-2002-1897 (MyWebServer 1.0.2 allows remote attackers to cause a denial of service ...) - TODO: check + NOTE: not-for-us CAN-2002-1896 (Buffer overflow in Alsaplayer 0.99.71, when installed setuid root, ...) - TODO: check + - alsaplayer 0.99.72-1 CAN-2002-1895 (The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using ...) - TODO: check + NOTE: not-for-us (Windows specific) CAN-2002-1894 (Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB ...) - TODO: check -end claimed by djoume + NOTE: not-for-us + NOTE: fix before phpbb2 was in Debian. +begin claimed by djoume CAN-2002-1893 (Cross-site scripting (XSS) vulnerability in ArGoSoft Mail Server Pro ...) TODO: check CAN-2002-1892 (NETGEAR FVS318 running firmware 1.1 stores the username and password ...) @@ -336,6 +337,7 @@ TODO: check CAN-2002-1847 (Buffer overflow in mplay32.exe of Microsoft Windows Media Player (WMP) ...) TODO: check +end claimed by djoume CAN-2002-1846 (Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require a ...) TODO: check CAN-2002-1845 (Cross-site scripting (XSS) vulnerability in index.php in Yet Another ...) From jmm-guest@costa.debian.org Wed Jun 29 21:20:47 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Wed, 29 Jun 2005 21:20:47 +0000 Subject: [Secure-testing-commits] r1304 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-29 21:20:44 +0000 (Wed, 29 Jun 2005) New Revision: 1304 Modified: data/CAN/list Log: process more Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-29 15:47:26 UTC (rev 1303) +++ data/CAN/list 2005-06-29 21:20:44 UTC (rev 1304) @@ -50,7 +50,6 @@ NOTE: not-for-us (RealPlayer) CAN-2005-2054 (Unknown vulnerability in RealPlayer 10 and 10.5 (6.0.12.1040-1069) and ...) NOTE: not-for-us (RealPlayer) -begin claimed by jmm CAN-2002-1986 (Perception LiteServe 2.0 through 2.0.1 allows remote attackers to ...) NOTE: not-for-us (Perception LiteServe) CAN-2002-1985 (iSMTP 5.0.1 allows remote attackers to cause a denial of service via a ...) @@ -96,34 +95,33 @@ CAN-2002-1966 (Directory traversal vulnerability in magiccard.cgi in My Postcards ...) NOTE: not-for-us (My Postcards Platinum) CAN-2002-1965 (Cross-site scripting (XSS) vulnerability in Errors.gsl in Imatix ...) - TODO: check + NOTE: not-for-us (Imatix Xitami) CAN-2002-1964 (Unknown vulnerability in WesMo phpEventCalendar 1.1 allows remote ...) - TODO: check + NOTE: not-for-us (phpEventCalender) CAN-2002-1963 (Linux kernel 2.4.1 through 2.4.19 sets root's NR_RESERVED_FILES limit ...) - TODO: check + NOTE: No kernels in Sarge or sid affected CAN-2002-1962 (Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to ...) - TODO: check + NOTE: not-for-us (SurfinGate) CAN-2002-1961 (Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to ...) - TODO: check + NOTE: not-for-us (SurfinGate) CAN-2002-1960 (Cross-site scripting (XSS) vulnerability in Cybozu Share360 1.1 allows ...) - TODO: check + NOTE: not-for-us (Cybozu Share) CAN-2002-1959 (Nagios 1.0b1 through 1.0b3 allows remote attackers to execute ...) - TODO: check + NOTE: Nagios was packaged for Debian after these vulnerable versions have been released CAN-2002-1958 (Cross-site scripting (XSS) vulnerability in kmMail 1.0 through 1.0b ...) - TODO: check + NOTE: not-for-us (kmMail) CAN-2002-1957 (Buffer overflow in the netlog function in pen.c for Pen 0.9.1 and ...) - TODO: check + NOTE: pen was introduced after this old vulnerability CAN-2002-1956 (ROX Filer 1.1.9 and 1.2 is installed with world writable permissions, ...) - TODO: check + - rox 1.3.0-1 CAN-2002-1955 (Iomega NAS A300U uses cleartext LANMAN authentication when mounting ...) - TODO: check + NOTE: not-for-us (Iomega hardware issue) CAN-2002-1954 (Cross-site scripting (XSS) vulnerability in the phpinfo function in ...) TODO: check CAN-2002-1953 (Heap-based buffer overflow in the goim handler of AOL Instant ...) - TODO: check + NOTE: not-for-us (AIM) CAN-2002-1952 (phpRank 1.8 does not properly check the return codes for MySQL ...) - TODO: check -end claimed by jmm + NOTE: not-for-us (phpRank) CAN-2002-1951 (Buffer overflow in GoAhead WebServer 2.1 allows remote attackers to ...) NOTE: not-for-us CAN-2002-1950 (Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote ...) From jmm-guest@costa.debian.org Thu Jun 30 08:40:00 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Thu, 30 Jun 2005 08:40:00 +0000 Subject: [Secure-testing-commits] r1305 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-30 08:39:58 +0000 (Thu, 30 Jun 2005) New Revision: 1305 Modified: data/CAN/list Log: Two issues in high quality blog software: - wordpress already fixed - serendipity not yet in Debian, but let's have an eye on it Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-29 21:20:44 UTC (rev 1304) +++ data/CAN/list 2005-06-30 08:39:58 UTC (rev 1305) @@ -1,3 +1,5 @@ +CAN-2005-XXXX [XSS, SQL injection and other issues in Wordpress] + - wordpress 1.5.1.3-1 CAN-2005-XXXX [proftpd format string vulnerability in ftpshut] - proftpd 1.2.10-9 CAN-2005-2078 (BisonFTP Server V4R1 allows remote authenticated users to cause a ...) @@ -1038,8 +1040,9 @@ NOTE: reserved CAN-2005-1922 NOTE: reserved -CAN-2005-1921 +CAN-2005-1921 [Remote code execution through Serendipity's XMPRPC parser] NOTE: reserved + TODO: Track ITP #312413 CAN-2005-1920 NOTE: reserved CAN-2005-1919 From jmm-guest@costa.debian.org Thu Jun 30 08:48:23 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Thu, 30 Jun 2005 08:48:23 +0000 Subject: [Secure-testing-commits] r1306 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-30 08:48:20 +0000 (Thu, 30 Jun 2005) New Revision: 1306 Modified: data/CAN/list Log: two clamav vulns reported by iDefense that are already fixed in sid, but not yet in testing Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-30 08:39:58 UTC (rev 1305) +++ data/CAN/list 2005-06-30 08:48:20 UTC (rev 1306) @@ -1036,10 +1036,12 @@ NOTE: reserved CAN-2005-1924 NOTE: reserved -CAN-2005-1923 +CAN-2005-1923 [clamav: DoS through malformed CAB archive headers] NOTE: reserved -CAN-2005-1922 + - clamav 0.86-1 (medium) +CAN-2005-1922 [clamav: DoS through file descriptor leaks in cli_msexpand()] NOTE: reserved + - clamav 0.86-1 (medium) CAN-2005-1921 [Remote code execution through Serendipity's XMPRPC parser] NOTE: reserved TODO: Track ITP #312413 From jmm-guest@costa.debian.org Thu Jun 30 09:00:30 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Thu, 30 Jun 2005 09:00:30 +0000 Subject: [Secure-testing-commits] r1307 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-30 09:00:27 +0000 (Thu, 30 Jun 2005) New Revision: 1307 Modified: data/CAN/list Log: added new proftpd issue fixed typo in previous proftpd entry Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-30 08:48:20 UTC (rev 1306) +++ data/CAN/list 2005-06-30 09:00:27 UTC (rev 1307) @@ -1,7 +1,9 @@ +CAN-2005-XXXX [proftpd: format string vulnerability in mod_sql's SQLShowInfo] + - proftpd 1.2.10-20 CAN-2005-XXXX [XSS, SQL injection and other issues in Wordpress] - wordpress 1.5.1.3-1 CAN-2005-XXXX [proftpd format string vulnerability in ftpshut] - - proftpd 1.2.10-9 + - proftpd 1.2.10-19 CAN-2005-2078 (BisonFTP Server V4R1 allows remote authenticated users to cause a ...) NOTE: not-for-us (BisonFTP Server) CAN-2005-2077 (Cross-site scripting (XSS) vulnerability in error.asp for Hosting ...) From jmm-guest@costa.debian.org Thu Jun 30 09:22:33 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Thu, 30 Jun 2005 09:22:33 +0000 Subject: [Secure-testing-commits] r1308 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-30 09:22:30 +0000 (Thu, 30 Jun 2005) New Revision: 1308 Modified: data/CAN/list Log: fix another typo Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-30 09:00:27 UTC (rev 1307) +++ data/CAN/list 2005-06-30 09:22:30 UTC (rev 1308) @@ -472,8 +472,8 @@ TODO: check CAN-2005-XXXX [HTTP request smuggling/spooing in apache2's HTTP proxy mode] - apache (unfixed; bug pending; medium) -CAN-2005-XXXX [Unspecified DoS vulnerability in dhcpd] - - dhcpd 1:1.3.22pl4-22 (medium) +CAN-2005-XXXX [Unspecified DoS vulnerability in dhcpcd] + - dhcpcd 1:1.3.22pl4-22 (medium) CAN-2005-2053 (Just another flat file (JAF) CMS before 3.0 Final allows remote ...) NOTE: not-for-us (JAF CMS) CAN-2005-2052 (Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 ...) From jmm-guest@costa.debian.org Thu Jun 30 13:58:38 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Thu, 30 Jun 2005 13:58:38 +0000 Subject: [Secure-testing-commits] r1309 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-30 13:58:35 +0000 (Thu, 30 Jun 2005) New Revision: 1309 Modified: data/CAN/list Log: mono xss issue has been fixed prios for proftpd Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-30 09:22:30 UTC (rev 1308) +++ data/CAN/list 2005-06-30 13:58:35 UTC (rev 1309) @@ -1,9 +1,9 @@ CAN-2005-XXXX [proftpd: format string vulnerability in mod_sql's SQLShowInfo] - - proftpd 1.2.10-20 + - proftpd 1.2.10-20 (medium) CAN-2005-XXXX [XSS, SQL injection and other issues in Wordpress] - wordpress 1.5.1.3-1 CAN-2005-XXXX [proftpd format string vulnerability in ftpshut] - - proftpd 1.2.10-19 + - proftpd 1.2.10-19 (medium) CAN-2005-2078 (BisonFTP Server V4R1 allows remote authenticated users to cause a ...) NOTE: not-for-us (BisonFTP Server) CAN-2005-2077 (Cross-site scripting (XSS) vulnerability in error.asp for Hosting ...) @@ -5622,9 +5622,8 @@ CAN-2005-0510 (The daemon for fallback-reboot before 0.995 allows attackers to cause ...) NOTE: not-for-us (fallback-reboot) CAN-2005-0509 (Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 ...) - - mono (unfixed; bug #296659) NOTE: default config of Mono not vulnerable - NOTE: Mono wont be in Sarge according to http://wiki.debian.net/?MonoDebianPlan + - mono 1.1.6-4 (medium) CAN-2005-0508 (Unknown vulnerability in Squiggle for Batik before 1.5.1 allows ...) - batik 1.5.1-1 CAN-2005-0507 (Directory traversal vulnerability in SD Server 4.0.70 and earlier ...) From jmm-guest@costa.debian.org Thu Jun 30 14:03:59 2005 From: jmm-guest@costa.debian.org (Moritz Muehlenhoff) Date: Thu, 30 Jun 2005 14:03:59 +0000 Subject: [Secure-testing-commits] r1310 - data/CAN Message-ID: Author: jmm-guest Date: 2005-06-30 14:03:56 +0000 (Thu, 30 Jun 2005) New Revision: 1310 Modified: data/CAN/list Log: bugnums Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-30 13:58:35 UTC (rev 1309) +++ data/CAN/list 2005-06-30 14:03:56 UTC (rev 1310) @@ -471,7 +471,7 @@ CAN-2000-1227 (Windows NT 4.0 and Windows 2000 hosts allow remote attackers to cause ...) TODO: check CAN-2005-XXXX [HTTP request smuggling/spooing in apache2's HTTP proxy mode] - - apache (unfixed; bug pending; medium) + - apache (unfixed; bug #316173; medium) CAN-2005-XXXX [Unspecified DoS vulnerability in dhcpcd] - dhcpcd 1:1.3.22pl4-22 (medium) CAN-2005-2053 (Just another flat file (JAF) CMS before 3.0 Final allows remote ...) @@ -639,7 +639,7 @@ CAN-2005-1976 NOTE: reserved CAN-2002-1782 (The default configuration of University of Washington IMAP daemon ...) - - uw-imapd (unfixed; bug filed; low) + - uw-imapd (unfixed; bug #315499; low) CAN-2002-1781 (Multiple buffer overflows in DeleGate 7.7.0 through 7.8.1 allow remote ...) NOTE: not-for-us (DeleGate) CAN-2002-1780 (BPM Studio Pro 4.2 by ALCATech GmbH includes a webserver that allows a ...) From joeyh@costa.debian.org Thu Jun 30 20:12:25 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Thu, 30 Jun 2005 20:12:25 +0000 Subject: [Secure-testing-commits] r1311 - data/CAN Message-ID: Author: joeyh Date: 2005-06-30 20:12:22 +0000 (Thu, 30 Jun 2005) New Revision: 1311 Modified: data/CAN/list Log: CAN-2005-0356 does not affect linux Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-30 14:03:56 UTC (rev 1310) +++ data/CAN/list 2005-06-30 20:12:22 UTC (rev 1311) @@ -6409,8 +6409,7 @@ CAN-2005-0357 NOTE: reserved CAN-2005-0356 (Multiple TCP implementations with Protection Against Wrapped Sequence ...) - - kernel-source-2.6.8 (unfixed; bug #310804; medium) - TODO: 2.4? + NOTE: linux is not vulnerable, see #310804 CAN-2005-0355 NOTE: reserved CAN-2005-0354 From joeyh@costa.debian.org Thu Jun 30 20:25:09 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Thu, 30 Jun 2005 20:25:09 +0000 Subject: [Secure-testing-commits] r1312 - data/CAN Message-ID: Author: joeyh Date: 2005-06-30 20:25:07 +0000 (Thu, 30 Jun 2005) New Revision: 1312 Modified: data/CAN/list Log: CAN-2005-0756 fixed in svn Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-30 20:12:22 UTC (rev 1311) +++ data/CAN/list 2005-06-30 20:25:07 UTC (rev 1312) @@ -4792,7 +4792,7 @@ CAN-2005-0757 (The xattr file system code, as backported in Red Hat Enterprise Linux ...) - kernel-source-2.4.27 (unfixed; bug #311164; medium) CAN-2005-0756 (ptrace 2.6.8.1 does not properly verify addresses on the amd64 ...) - - kernel-source-2.6.8 (unfixed; medium) + - kernel-source-2.6.8 2.6.8-17 (medium) - kernel-source-2.6.11 2.6.11-7 (medium) CAN-2005-0755 (Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player ...) - helix-player 1.0.4-1 From joeyh@costa.debian.org Thu Jun 30 20:50:46 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Thu, 30 Jun 2005 20:50:46 +0000 Subject: [Secure-testing-commits] r1313 - data/DSA Message-ID: Author: joeyh Date: 2005-06-30 20:50:46 +0000 (Thu, 30 Jun 2005) New Revision: 1313 Modified: data/DSA/list Log: OMG, a new DSA Modified: data/DSA/list =================================================================== --- data/DSA/list 2005-06-30 20:25:07 UTC (rev 1312) +++ data/DSA/list 2005-06-30 20:50:46 UTC (rev 1313) @@ -1,3 +1,7 @@ +[30 Jun 2005] DSA-733-1 crip - insecure temporary files + {CAN-2005-0393} + - crip 3.5-1sarge2 (low) + NOTE: not fixed in testing in time of DSA (reserved) [03 Jun 2005] DSA-732-1 mailutils - several {CAN-2005-1520 CAN-2005-1521 CAN-2005-1522 CAN-2005-1523} - mailutils 0.6.1-4 From joeyh@costa.debian.org Thu Jun 30 21:14:17 2005 From: joeyh@costa.debian.org (Joey Hess) Date: Thu, 30 Jun 2005 21:14:17 +0000 Subject: [Secure-testing-commits] r1314 - data/CAN Message-ID: Author: joeyh Date: 2005-06-30 21:14:14 +0000 (Thu, 30 Jun 2005) New Revision: 1314 Modified: data/CAN/list Log: automatic CAN database update Modified: data/CAN/list =================================================================== --- data/CAN/list 2005-06-30 20:50:46 UTC (rev 1313) +++ data/CAN/list 2005-06-30 21:14:14 UTC (rev 1314) @@ -6330,6 +6330,7 @@ NOTE: reserved CAN-2005-0393 NOTE: reserved + {DSA-733-1} CAN-2005-0392 (ppxp does not drop root privileges before opening log files, which ...) {DSA-725-1} CAN-2005-0391 (geneweb 4.10 and earlier does not properly check file permissions and ...)