Author: joeyh
Date: 2006-03-24 09:14:27 +0000 (Fri, 24 Mar 2006)
New Revision: 3678
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-03-24 09:08:25 UTC (rev 3677)
+++ data/CVE/list 2006-03-24 09:14:27 UTC (rev 3678)
@@ -1,3 +1,81 @@
+CVE-2006-1378 (PasswordSafe 3.0, when running on Windows before XP, uses a
weak ...)
+ TODO: check
+CVE-2006-1377 (Cross-site scripting (XSS) vulnerability in img.php in (1)
EasyMoblog ...)
+ TODO: check
+CVE-2006-1376 (The installation of Debian GNU/Linux 3.1r1 from the network
install CD ...)
+ TODO: check
+CVE-2006-1375 (AdMan 1.0.20051221 and earlier allows remote attackers to
obtain the ...)
+ TODO: check
+CVE-2006-1374 (SQL injection vulnerability in viewStatement.php in AdMan
1.0.20051221 ...)
+ TODO: check
+CVE-2006-1373 (Cross-site scripting (XSS) vulnerability in status_image.php in
PHP ...)
+ TODO: check
+CVE-2006-1372 (Multiple SQL injection vulnerabilities in 1WebCalendar 4.0 and
earlier ...)
+ TODO: check
+CVE-2006-1371 (Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier
allows ...)
+ TODO: check
+CVE-2006-1370 (Buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1040
through ...)
+ TODO: check
+CVE-2006-1369 (Cross-site scripting (XSS) vulnerability in Invision Power
Board (IPB) ...)
+ TODO: check
+CVE-2006-1368 (Buffer overflow in the USB Gadget RNDIS implementation in the
Linux ...)
+ TODO: check
+CVE-2006-1367 (The Motorola PEBL U6 08.83.76R, the Motorola V600, and possibly
the ...)
+ TODO: check
+CVE-2006-1366 (Buffer overflow in the Motorola PEBL U6 08.83.76R, and possibly
other ...)
+ TODO: check
+CVE-2006-1365 (The Motorola PEBL U6, the Motorola V600, and possibly the
Motorola ...)
+ TODO: check
+CVE-2006-1364 (Microsoft w3wp (aka w3wp.exe) does not properly handle when the
...)
+ TODO: check
+CVE-2006-1363 (images.php in Justin White (aka YTZ) Free Web Publishing System
...)
+ TODO: check
+CVE-2006-1362 (Multiple SQL injection vulnerabilities in Mini-Nuke CMS System
1.8.2 ...)
+ TODO: check
+CVE-2006-1361 (Cross-site scripting (XSS) vulnerability in OSWiki before 0.3.1
allows ...)
+ TODO: check
+CVE-2006-1360 (Multiple SQL injection vulnerabilities in MusicBox 2.3 Beta 2
allow ...)
+ TODO: check
+CVE-2006-1359 (Microsoft Internet Explorer 6 and 7 Beta 2 allows remote
attackers to ...)
+ TODO: check
+CVE-2006-1358 (Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5
causes ...)
+ TODO: check
+CVE-2006-1357 (Cross-site scripting (XSS) vulnerability in my.support.php3 in
F5 ...)
+ TODO: check
+CVE-2006-1356 (Stack-based buffer overflow in the count_vcards function in
LibVC 3, ...)
+ TODO: check
+CVE-2006-1355 (avast! Antivirus 4.6.763 and earlier sets
"BUILTIN\Everyone" ...)
+ TODO: check
+CVE-2006-1354 (Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0
allows ...)
+ TODO: check
+CVE-2006-1353 (Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and
earlier ...)
+ TODO: check
+CVE-2006-1352 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier,
7.0 SP6 ...)
+ TODO: check
+CVE-2006-1351 (BEA WebLogic Server 6.1 SP7 and earlier allows remote ...)
+ TODO: check
+CVE-2006-1350 (PHP remote file include vulnerability in index.php in
99Articles.com ...)
+ TODO: check
+CVE-2006-1349 (Multiple cross-site scripting (XSS) vulnerabilities in Musicbox
2.3 ...)
+ TODO: check
+CVE-2006-1348 (Cross-site scripting (XSS) vulnerability in index.php in Greg
...)
+ TODO: check
+CVE-2006-1347 (SQL injection vulnerability in loginfunction.php in Greg
Neustaetter ...)
+ TODO: check
+CVE-2006-1346 (Directory traversal vulnerability in inc/setLang.php in Greg
...)
+ TODO: check
+CVE-2006-1345 (polls.php in MyBB (aka MyBulletinBoard) 1.10 allows remote
attackers ...)
+ TODO: check
+CVE-2006-1344 (Cross-site scripting (XSS) vulnerability in VeriSign haydn.exe,
as ...)
+ TODO: check
+CVE-2006-1343 (net/ipv4/netfilter/ip_conntrack_core.c in Linux kernel 2.4 and
2.6, ...)
+ TODO: check
+CVE-2006-1342 (net/ipv4/af_inet.c in Linux kernel 2.4 does not clear ...)
+ TODO: check
+CVE-2003-1298 (Multiple directory traversal vulnerabilities in siteman.php3 in
...)
+ TODO: check
+CVE-2000-1240 (Unspecified vulnerability in siteman.php3 in AnyPortal(php)
before 22 ...)
+ TODO: check
CVE-2006-1341 (SQL injection vulnerability in events.php in Maian Events 1.0
allows ...)
NOT-FOR-US: Maian Events
CVE-2006-1340 (CuteNews 1.4.1 and possibly other versions allows remote
attackers to ...)
@@ -110,8 +188,8 @@
CVE-2006-1284 (The installation of SQLAnywhere in Symantec Ghost 8.0 and 8.2,
as used ...)
TODO: check
end claimed by jmm
-CVE-2006-1283
- RESERVED
+CVE-2006-1283 (opiepasswd in One-Time Passwords in Everything (OPIE) in
FreeBSD ...)
+ TODO: check
CVE-2006-1282 (CRLF injection vulnerability in inc/function.php in
MyBulletinBoard ...)
TODO: check
CVE-2006-1281 (Cross-site scripting (XSS) in member.php in MyBulletinBoard
(MyBB) ...)
@@ -130,7 +208,7 @@
TODO: check
CVE-2006-1274 (Classic Planer in AntiVir PersonalEdition Classic 7 does not
drop ...)
TODO: check
-CVE-2006-1273 (Mozilla Firefox 1.0.7 and 1.5.0.1 allows remote attackers to
cause a ...)
+CVE-2006-1273 (** DISPUTED ** ...)
TODO: check
CVE-2006-1272 (Multiple cross-site scripting (XSS) vulnerabilities in
member.php in ...)
TODO: check
@@ -605,6 +683,7 @@
NOT-FOR-US: VXWorks
CVE-2006-1066
RESERVED
+ {DSA-1017-1}
CVE-2006-1065 (SQL injection vulnerability in search.php in MyBulletinBoard
(MyBB) ...)
NOT-FOR-US: MyBulletinBoard
CVE-2006-1064 (Multiple cross-site scripting (XSS) vulnerabilities in Lurker
2.0 and ...)
@@ -748,12 +827,12 @@
NOT-FOR-US: LanSuite LanParty Intranet System
CVE-2006-1000 (Multiple SQL injection vulnerabilities in Pentacle In-Out Board
3.0 ...)
NOT-FOR-US: Pentacle In-Out Board
-CVE-2006-0999
- RESERVED
-CVE-2006-0998
- RESERVED
-CVE-2006-0997
- RESERVED
+CVE-2006-0999 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5
and ...)
+ TODO: check
+CVE-2006-0998 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5
and ...)
+ TODO: check
+CVE-2006-0997 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5
and ...)
+ TODO: check
CVE-2006-0996
RESERVED
CVE-2006-0995 (EMC Dantz Retrospect 7 backup client 7.0.107, and other
versions ...)
@@ -958,8 +1037,8 @@
TODO: check
CVE-2006-0906 (SQL injection vulnerability in D3Jeeb Pro 3 allows remote
attackers to ...)
TODO: check
-CVE-2006-0905
- RESERVED
+CVE-2006-0905 (A "programming error" in fast_ipsec in FreeBSD
4.8-RELEASE through ...)
+ TODO: check
CVE-2006-0904
RESERVED
CVE-2006-0903 (MySQL 5.0.18 and earlier allows local users to bypass logging
...)
@@ -1920,6 +1999,7 @@
CVE-2006-0483 (Cisco VPN 3000 series concentrators running software 4.7.0
through ...)
NOT-FOR-US: Cisco VPN 3000
CVE-2006-0482 (Linux kernel 2.6.15.1 and earlier, when running on SPARC ...)
+ {DSA-1017-1}
- linux-2.6 2.6.15-4
CVE-2006-0481 (Heap-based buffer overflow in the alpha strip capability in
libpng ...)
- libpng 1.2.8rel-3 (bug #352902; bug #352918)
@@ -2349,8 +2429,8 @@
NOT-FOR-US: Etomite CMS
CVE-2006-0324 (SQL injection vulnerability in WebspotBlogging 3.0 allows
remote ...)
NOT-FOR-US: WebspotBlogging
-CVE-2006-0323
- RESERVED
+CVE-2006-0323 (Buffer overflow in multiple RealNetworks products and versions
...)
+ TODO: check
CVE-2006-0322 (Unspecified vulnerability the edit comment formatting
functionality in ...)
- mediawiki <unfixed> (low)
CVE-2005-4666 (Cross-site scripting (XSS) vulnerability in PHlyMail before 3.3
Beta1 ...)
@@ -2947,9 +3027,11 @@
- php4 <not-affected> (Windows specific)
- php5 <not-affected> (Windows specific)
CVE-2006-0096 (wan/sdla.c in Linux kernel 2.6.x before 2.6.11 and 2.4.x before
2.4.29 ...)
+ {DSA-1017-1}
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
- kernel-source-2.4.27 2.4.27-8
CVE-2006-0095 (dm-crypt in Linux kernel 2.6.15 and earlier does not clear a
structure ...)
+ {DSA-1017-1}
- linux-2.6 <unfixed>
- kernel-source-2.4.27 <not-affected> (2.4 doesn't have dm-crypt)
CVE-2006-0094 (PHP remote file include vulnerability in forum.php in oaBoard
1.0 ...)
@@ -3009,6 +3091,7 @@
CVE-2005-4619 (SQL injection vulnerability in index.php in phpoutsourcing
Zorum Forum ...)
NOT-FOR-US: phpoutsourcing Zorum Forum
CVE-2005-4618 (Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15
allows ...)
+ {DSA-1018-1 DSA-1017-1}
- linux-2.6 2.6.15-1
CVE-2006-0083 (Format string vulnerability in the logging code of SMS Server
Tools ...)
{DSA-930-2 DSA-930-1}
@@ -3089,6 +3172,7 @@
CVE-2005-4606 (SQL injection vulnerability in check_user.asp in multiple Web
Wiz ...)
NOT-FOR-US: Web Wiz
CVE-2005-4605 (The procfs code (proc_misc.c) in Linux 2.6.14.3 and other
versions ...)
+ {DSA-1017-1}
- linux-2.6 2.6.15-1
- kernel-source-2.4.27 <not-affected> (2.4's proc_file_lseek contains a
sanity check)
CVE-2005-XXXX [xshisen follows symlinks for shared gid games files]
@@ -3104,8 +3188,7 @@
RESERVED
CVE-2006-0059
RESERVED
-CVE-2006-0058 [sendmail sighandler attacks]
- RESERVED
+CVE-2006-0058 (Signal handler race condition in Sendmail 8.13.x before 8.13.6
allows ...)
{DSA-1015-1}
- sendmail 8.13.6-1 (high)
CVE-2006-0057 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote
attackers ...)
@@ -3171,8 +3254,7 @@
RESERVED
CVE-2006-0051
RESERVED
-CVE-2006-0050 [insecure temp file in snmptrapfmt]
- RESERVED
+CVE-2006-0050 (snmptrapfmt in Debian 3.0 allows local users to overwrite
arbitrary ...)
{DSA-1013-1}
- snmptrapfmt 1.10
CVE-2006-0049 (gpg in GnuPG before 1.4.2.2 does not properly verify
non-detached ...)
@@ -3450,8 +3532,8 @@
- evolution <unfixed>
CVE-2006-0039
RESERVED
-CVE-2006-0038
- RESERVED
+CVE-2006-0038 (Integer overflow in the do_replace function in netfilter for
Linux ...)
+ TODO: check
CVE-2006-0037 (ip_nat_pptp in the PPTP NAT helper
(netfilter/ip_nat_helper_pptp.c) in ...)
- linux-2.6 2.6.15-3
[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not
present)
@@ -3734,12 +3816,10 @@
CVE-2005-4348 (fetchmail before 6.3.1 and before 6.2.5.5, when configured for
...)
{DSA-939-1}
- fetchmail 6.3.1-1 (bug #343836; bug #345944; low)
-CVE-2005-4418 [Default policy in util-vserver prior to 0.30.208 trusted
unknown capabilities]
- RESERVED
+CVE-2005-4418 (util-vserver before 0.30.208-1 with kernel-patch-vserver before
...)
{DSA-1011-1}
- util-vserver 0.30.208-1
-CVE-2005-4347 [Improper barrier code allows for chroot escape]
- RESERVED
+CVE-2005-4347 (The Linux 2.4 kernel patch in kernel-patch-vserver before
1.9.5.5 and ...)
{DSA-1011-1}
- util-vserver 0.30.208-1 (bug #329090; medium)
- kernel-patch-vserver 2.3 (bug #329087; medium)
@@ -4643,6 +4723,7 @@
CVE-2003-1288 (Multiple race conditions in Linux-VServer 1.22 with Linux
kernel ...)
- kernel-patch-ctx 1:1.29-1
CVE-2004-2607 (A numeric casting discrepancy in sdla_xfer in Linux kernel
2.6.x up to ...)
+ {DSA-1018-1}
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.6)
CVE-2005-3962 (Integer overflow in the format string functionality
(Perl_sv_vcatpvfn) ...)
{DSA-943-1}
@@ -4904,6 +4985,7 @@
CVE-2005-3859 (PHP remote file inclusion vulnerability in q-news.php in Q-News
2.0 ...)
NOT-FOR-US: Q-News
CVE-2005-3858 (Memory leak in the ip6_input_finish function in ip6_input.c in
Linux ...)
+ {DSA-1018-1 DSA-1017-1}
- linux-2.6 2.6.12-6
CVE-2005-3856 (The Popular URL capability (popularurls.cpp) in Krusader 1.60.0
and ...)
- krusader <unfixed> (bug #336169; low)
@@ -4992,6 +5074,7 @@
CVE-2005-3811 (Directory traversal vulnerability in admin/main.php in AMAX
Magic ...)
NOT-FOR-US: AMAX Magic Winmail Server
CVE-2005-3806 (The IPv6 flow label handling code (ip6_flowlabel.c) in Linux
kernels ...)
+ {DSA-1018-1 DSA-1017-1}
- linux-2.6 2.6.14-1 (medium)
CVE-2005-3805 (A locking problem in POSIX timer cleanup handling on exit in
Linux ...)
- linux-2.6 <unfixed> (medium)
@@ -5039,9 +5122,11 @@
CVE-2005-3785 (Second-order symlink vulnerability in eix-sync.in in Ebuild
IndeX ...)
NOT-FOR-US: Ebuild IndeX
CVE-2005-3784 (The auto-reap of child processes in Linux kernel 2.6 before
2.6.15 ...)
+ {DSA-1017-1}
- linux-2.6 <unfixed> (medium)
- kernel-source-2.4.27 <not-affected>
CVE-2005-3783 (The ptrace functionality (ptrace.c) in Linux kernel 2.6 before
...)
+ {DSA-1018-1 DSA-1017-1}
- linux-2.6 2.6.14-3 (medium)
CVE-2005-3782
RESERVED
@@ -5116,8 +5201,10 @@
CVE-2004-2573 (PHP remote file inclusion vulnerability in
tables_update.inc.php in ...)
- phpgroupware 0.9.14.007
CVE-2005-3848 (Memory leak in the icmp_push_reply function in Linux 2.6 before
...)
+ {DSA-1018-1 DSA-1017-1}
- linux-2.6 2.6.13-1
CVE-2005-3847 (The handle_stop_signal function in signal.c in Linux kernel
2.6.11 up ...)
+ {DSA-1017-1}
- linux-2.6 2.6.13-1
CVE-2005-3849 (Cross-site scripting (XSS) vulnerability in the Search module
in ...)
- pmwiki <itp> (bug #330117)
@@ -6194,6 +6281,7 @@
CVE-2005-3807 (Memory leak in the VFS file lease handling in locks.c in Linux
kernels ...)
- linux-2.6 2.6.14-4
CVE-2005-3857 (The time_out_leases function in locks.c for Linux kernel before
...)
+ {DSA-1018-1 DSA-1017-1}
- linux-2.6 2.6.14-4 (low)
CVE-2005-XXXX [user logout in drupal has no effect]
[sarge] - drupal <not-affected> (bug was introduced after 4.5.3)
@@ -6489,11 +6577,13 @@
CVE-2005-3359 (The atm module in Linux kernel 2.6 before 2.6.14 allows local
users to ...)
TODO: check
CVE-2005-3358 (Linux kernel before 2.6.15 allows local users to cause a denial
of ...)
+ {DSA-1017-1}
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
TODO: check 2.4
CVE-2005-3357 (mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL
vhost ...)
- apache2 2.0.55-4 (bug #351246)
CVE-2005-3356 (The mq_open system call in Linux kernel 2.6.9, in certain
situations, ...)
+ {DSA-1017-1}
- linux-2.6 2.6.15-4
CVE-2005-3355 (Directory traversal vulnerability in GNU Gnump3d before 2.9.8
has ...)
{DSA-901-1}
@@ -6961,6 +7051,7 @@
CVE-2005-3238 (Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket
Option ...)
NOT-FOR-US: Solaris
CVE-2005-3257 (The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and
...)
+ {DSA-1018-1 DSA-1017-1}
- linux-2.6 2.6.14-4 (bug #334113; medium)
CVE-2005-3237 (Cross-site scripting (XSS) vulnerability in Cyphor 0.19 allows
remote ...)
NOT-FOR-US: Cyphor
@@ -7125,12 +7216,14 @@
{DSA-887-1 DTSA-21-1}
- clamav 0.87.1-1 (bug #333566; medium)
CVE-2005-3181 (The audit system in Linux kernel before 2.6.13.4, when ...)
+ {DSA-1017-1}
- linux-2.6 2.6.13+2.6.14-rc4-0experimental1 (low)
- kernel-source-2.4.27 <not-affected> (2.4 kernels don't have
CONFIG_AUDITSYSCALL)
CVE-2005-XXXX [Missing safemode checks in PHP's _php_image_output functions]
- php5 5.0.5-2 (low)
- php4 4:4.4.0-3 (low)
CVE-2005-3180 (The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and
earlier does ...)
+ {DSA-1017-1}
- linux-2.6 2.6.13+2.6.14-rc4-0experimental.1 (medium)
CVE-2005-3119 (Memory leak in the request_key_auth_destroy function in ...)
- linux-2.6 2.6.13-2 (low)
@@ -7532,12 +7625,14 @@
RESERVED
- twiki 20040902-2 (bug #330733; high)
CVE-2005-3055 (Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a
denial ...)
+ {DSA-1017-1}
- linux-2.6 <unfixed> (bug #330287; bug #332587; medium)
- kernel-source-2.4.27 <not-affected>
CVE-2005-3054 (fopen_wrappers.c in PHP 4.4.0, and possibly other versions,
does not ...)
- php4 4:4.4.0-3 (bug #353585; bug #354685; medium)
- php5 5.0.5-2 (bug #353585; medium)
CVE-2005-3053 (The sys_set_mempolicy function in mempolicy.c in Linux kernel
2.6.x ...)
+ {DSA-1017-1}
- linux-2.6 2.6.12-3 (bug #330343; bug #330353; medium)
CVE-2005-3052 (SQL injection vulnerability in module/down.inc.php in jportal
2.3.1 ...)
NOT-FOR-US: jportal
@@ -7730,6 +7825,7 @@
{DSA-890-1}
- libungif4 4.1.3-4 (bug #337972; medium)
CVE-2005-2973 (The udp_v6_get_port function in udp.c in Linux 2.6 before
2.6.14-rc5, ...)
+ {DSA-1018-1 DSA-1017-1}
- linux-2.6 2.6.13+2.6.14-rc4-0experimental.1 (low)
CVE-2005-2972 (Multiple stack-based buffer overflows in the RTF import feature
in ...)
{DSA-894-1}
@@ -7854,8 +7950,8 @@
RESERVED
CVE-2005-2923 (The IMAP server in IMail Server 8.20 in Ipswitch Collaboration
Suite ...)
NOT-FOR-US: Ipswitch Collaboration Suite
-CVE-2005-2922
- RESERVED
+CVE-2005-2922 (Heap-based buffer overflow in the embedded player in multiple
...)
+ TODO: check
CVE-2005-2921
RESERVED
CVE-2005-2916 (Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other
versions ...)
@@ -7959,6 +8055,7 @@
{DSA-822-1}
- gtkdiskfree 1.9.3-4sarge1 (bug #328566; low)
CVE-2005-3044 (Multiple vulnerabilities in Linux kernel before 2.6.13.2 allow
local ...)
+ {DSA-1017-1}
- linux-2.6 2.6.12-7 (medium)
- kernel-source-2.4.27 <not-affected> (code is vulnerable but there is
no amd64 for 2.4 in Sarge)
CVE-2005-2877 (The history (revision control) function in TWiki 02-Sep-2004
and ...)
@@ -8130,6 +8227,7 @@
[sarge] - hiki <not-affected> (code not present in sarge)
- hiki 0.8.3-1
CVE-2005-2800 (Memory leak in the seq_file implemenetation in the SCSI procfs
...)
+ {DSA-1017-1}
- linux-2.6 2.6.12-6 (low)
- kernel-source-2.4.27 <not-affected> (seq_file introduced in 2.6)
CVE-2005-2799 (Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6,
and ...)
@@ -8321,13 +8419,14 @@
TODO: check
CVE-2005-2712 (The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1,
6.5.5, ...)
TODO: check
-CVE-2005-2711
- RESERVED
+CVE-2005-2711 (ISS BlackIce 3.6, as used in multiple products including
BlackICE PC ...)
+ TODO: check
CVE-2005-2710 (Format string vulnerability in Real HelixPlayer and RealPlayer
10 ...)
{DSA-826-1}
NOTE: see http://www.open-security.org/advisories/13
- helix-player 1.0.6-1 (bug #330364; high)
CVE-2005-2709 (The sysctl functionality (sysctl.c) in Linux kernel before
2.6.14.1 ...)
+ {DSA-1018-1 DSA-1017-1}
- linux-2.6 2.6.14-3
CVE-2005-2708 (The search_binary_handler function in exec.c in Linux 2.4
kernel on ...)
- kernel-source-2.4.27 <not-affected> (amd64/2.4 not supported)
@@ -8937,7 +9036,7 @@
{DSA-778-1}
- mantis 0.19.2-4 (medium)
CVE-2005-2555 (Linux kernel 2.6.x does not properly restrict socket policy
access to ...)
- {DTSA-16-1}
+ {DSA-1018-1 DSA-1017-1 DTSA-16-1}
- linux-2.6 2.6.12-6 (medium)
CVE-2004-2388 (rexecd for AIX 4.3.3 does not properly use a local copy of the
pwd ...)
NOT-FOR-US: rexecd
@@ -9287,6 +9386,7 @@
- python2.2 2.2.3dfsg-4 (medium)
- python2.3 2.3.5-8 (medium)
CVE-2005-2490 (Stack-based buffer overflow in the sendmsg function call in the
Linux ...)
+ {DSA-1017-1}
- linux-2.6 2.6.12-7 (bug #327416; medium)
CVE-2004-2302 (Race condition in the sysfs_read_file and sysfs_write_file
functions ...)
{DSA-922-1 DTSA-16-1}
@@ -9514,7 +9614,7 @@
CVE-2005-XXXX [Crypto weakness in Tor's handshaking process]
- tor 0.1.0.14-1 (medium)
CVE-2005-2457 (The driver for compressed ISO file systems (zisofs) in the
Linux ...)
- {DTSA-16-1}
+ {DSA-1018-1 DSA-1017-1 DTSA-16-1}
- linux-2.6 2.6.12-3 (medium)
CVE-2005-2456 (Array index overflow in the xfrm_sk_policy_insert function in
...)
{DSA-922-1 DSA-921-1 DTSA-16-1}
@@ -11083,7 +11183,7 @@
NOTE: tomcat5 in experimental has this fix as well
CVE-2005-2089 (Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the
web ...)
NOT-FOR-US: Microsoft
-CVE-2005-2088 (Apache 2.0.45 and 1.3.29, when acting as an HTTP proxy, allows
remote ...)
+CVE-2005-2088 (The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55,
when ...)
{DSA-805-1 DSA-803-1}
- apache 1.3.33-8 (bug #322607; medium)
- apache2 2.0.54-5 (bug #316173; medium)
@@ -12576,7 +12676,7 @@
- linux-2.6 <not-affected> (Fixed before upload into archive;
2.6.12-rc5)
- kernel-source-2.4.27 2.4.27-11
CVE-2005-1761 (Linux kernel 2.6 and 2.4 on the IA64 architecture allows local
users ...)
- {DSA-922-1 DTSA-16-1}
+ {DSA-1018-1 DSA-922-1 DTSA-16-1}
- linux-2.6 2.6.12-1 (medium)
CVE-2005-1760 (sysreport 1.3.15 and earlier includes contents of the up2date
file in ...)
NOT-FOR-US: sysreport
@@ -17466,6 +17566,7 @@
CVE-2005-0450 (Directory traversal vulnerability in Sami HTTP Server 1.0.5
allows ...)
NOT-FOR-US: Sami HTTP Server
CVE-2005-0449 (The netfilter/iptables module in Linux before 2.6.8.1 allows
remote ...)
+ {DSA-1018-1 DSA-1017-1}
- linux-2.6 <not-affected> (Vulnerable code was removed betwen 2.6.11
and 2.6.12)
CVE-2005-0448 (Race condition in the rmtree function in File::Path.pm in Perl
before ...)
{DSA-696-1}
@@ -18532,6 +18633,7 @@
CVE-2005-0125 (The "at" commands on Mac OS X 10.3.7 and earlier do
not properly drop ...)
NOT-FOR-US: MacOS
CVE-2005-0124 (The coda_pioctl function in the coda functionality (pioctl.c)
for ...)
+ {DSA-1017-1}
TODO: Check, when this was fixed upstream
CVE-2005-0123
RESERVED
@@ -19600,6 +19702,7 @@
CVE-2004-1059 (Multiple cross-site scripting (XSS) vulnerabilities in
mnoGoSearch ...)
- mnogosearch 3.2.18-2.2
CVE-2004-1058 (Race condition in Linux kernel 2.6 allows local users to read
the ...)
+ {DSA-1018-1}
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2004-1057 (Multiple drivers in Linux kernel 2.4.19 and earlier do not
properly ...)
@@ -19698,6 +19801,7 @@
- php4 4:4.3.10-1
- php3 3:3.0.18-29
CVE-2004-1017 (Multiple "overflows" in the io_edgeport driver for
Linux kernel 2.4.x ...)
+ {DSA-1017-1}
- linux-2.6 <not-affected> (2.4 specific vulnerability)
CVE-2004-1016 (The scm_send function in the scm layer for Linux kernel 2.4.x
up to ...)
- linux-2.6 <not-affected> (Fixed before upload into archive)
@@ -20066,6 +20170,7 @@
NOTE: In version 1.1.20final+rc1-10, the dormant code in the source
NOTE: package was fixed.
CVE-2004-0887 (SUSE Linux Enterprise Server 9 on the S/390 platform does not
properly ...)
+ {DSA-1018-1}
- linux-2.6 <not-affected> (Fixed before upload into archive)
- kernel-source-2.6.8 2.6.8-10
CVE-2004-0886 (Multiple integer overflows in libtiff 3.6.1 and earlier allow
remote ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
