[Secure-testing-commits] r3018 - data/CVE

Joey Hess joeyh at costa.debian.org
Mon Dec 12 21:14:26 UTC 2005 

Author: joeyh
Date: 2005-12-12 21:14:20 +0000 (Mon, 12 Dec 2005)
New Revision: 3018

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-12-12 15:54:05 UTC (rev 3017)
+++ data/CVE/list	2005-12-12 21:14:20 UTC (rev 3018)
@@ -327,6 +327,7 @@
 CVE-2005-4008 (SQL injection vulnerability in jax_calendar.php in Jax Calendar 1.34 ...)
 	NOT-FOR-US: Jax Calendar
 CVE-2005-4077 (Multiple off-by-one errors in libcurl 7.11.2 through 7.15.0 and ...)
+	{DSA-919-1}
 	- curl 7.15.1-1 (bug #342339; medium) 
 	[sarge] - curl 7.13.2-2sarge4 (medium)
 	[woody] - curl <not-affected> (Only curl >= 7.11 is vulnerable)
@@ -2863,6 +2864,7 @@
 CVE-2005-XXXX [xscreensaver does not maintain screen locks during upgrade]
 	- xscreensaver 4.23-2 (bug #334193; low)
 CVE-2005-3185 (Stack-based buffer overflow in the ntlm_output function in http-ntlm.c ...)
+	{DSA-919-1}
 	- wget 1.10.2-1 (medium)
 	[sarge] - wget <not-affected> (Does not contain NTML authentication code)
 	[woody] - wget <not-affected> (Does not contain NTML authentication code)
@@ -14247,102 +14249,95 @@
 	- xemacs21 21.4.16-2
 CVE-2005-0099 (The SDL port of abuse (abuse-SDL) before 2.00 does not properly drop ...)
 	{DSA-691-1}
- 	- abuse <removed>
+	- abuse <removed>
 CVE-2005-0098 (Multiple buffer overflows in the SDL port of abuse (abuse-SDL) before ...)
 	{DSA-691-1}
 	TODO: Check, when this was fixed upstream
 	TODO: Check, whether 2.4 is affected
 	[sarge] - kernel-source-2.6.8 2.6.8-14
-CVE-2005-0134 (The X server in SCO UnixWare 7.1.1, 7.1.3, and 7.1.4 does not properly ...)
+CVE-2005-0134
 	NOT-FOR-US: SCO UnixWare
-CVE-2004-1381 (Firefox before 1.0 and Mozilla before 1.7.5 allow inactive ...)
+CVE-2004-1381
 	- mozilla-firefox 1.0
 	- mozilla 2:1.7.5
-CVE-2004-1380 (Firefox before 1.0 and Mozilla before 1.7.5 allows inactive ...)
+CVE-2004-1380
 	- mozilla-firefox 1.0
 	- mozilla 2:1.7.5
-CVE-2005-0133 (ClamAV 0.80 and earlier allows remote attackers to cause a denial of ...)
+CVE-2005-0133
 	- clamav 0.80-0.81rc1-1
 CVE-2005-0132
-	RESERVED
-CVE-2005-0131 (The Quick Connection dialog in Konversation 0.15 inadvertently uses ...)
+	TODO: check
+CVE-2005-0131
 	- konversation 0.15-3
-CVE-2005-0130 (Certain Perl scripts in Konversation 0.15 allow remote attackers to ...)
+CVE-2005-0130
 	- konversation 0.15-3
-CVE-2005-0129 (The Quick Buttons feature in Konversation 0.15 allows remote attackers ...)
+CVE-2005-0129
 	- konversation 0.15-3
 CVE-2005-0128
-	RESERVED
-CVE-2005-0127 (Mail in Mac OS X 10.3.7, when generating a Message-ID header, ...)
+	TODO: check
+CVE-2005-0127
 	NOT-FOR-US: MacOS
-CVE-2005-0126 (ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to execute ...)
+CVE-2005-0126
 	NOT-FOR-US: MacOS
-CVE-2005-0125 (The &quot;at&quot; commands on Mac OS X 10.3.7 and earlier do not properly drop ...)
+CVE-2005-0125
 	NOT-FOR-US: MacOS
-CVE-2005-0124 (The coda_pioctl function in the coda functionality (pioctl.c) for ...)
+CVE-2005-0124
 	TODO: Check, when this was fixed upstream
 	- kernel-source-2.4.27 2.4.27-8
 CVE-2005-0123
-	RESERVED
+	TODO: check
 CVE-2005-0122
-	REJECTED
-CVE-2005-0121 (Multiple buffer overflows in golddig 2.0 and earlier allow local users ...)
+	TODO: check
+CVE-2005-0121
 	NOT-FOR-US: golddig
-CVE-2005-0120 (helvis 1.8h2_1 and earlier allows local users to delete arbitrary ...)
+CVE-2005-0120
 	NOT-FOR-US: helvis
-CVE-2005-0119 (helvis 1.8h2_1 and earlier allows local users to recover and read the ...)
+CVE-2005-0119
 	NOT-FOR-US: helvis
-CVE-2005-0118 (helvis 1.8h2_1 and earlier stores recovery files in world readable ...)
+CVE-2005-0118
 	NOT-FOR-US: helvis
-CVE-2005-0117 (Buffer overflow in XShisen before 1.36 allows local users to execute ...)
+CVE-2005-0117
 	- xshisen 1.51-1-1.1 (bug #289784)
-CVE-2005-0116 (AWStats 6.1, and other versions before 6.3, allows remote attackers to ...)
+CVE-2005-0116
 	- awstats 6.2-1.1
-CVE-2005-0115 (Stack-based buffer overflow in DataRescue Interactive Disassembler ...)
+CVE-2005-0115
 	NOT-FOR-US: DataRescue Interactive Disassembler
-CVE-2005-0114 (vsdatant.sys in Zone Lab ZoneAlarm before 5.5.062.011, ZoneAlarm ...)
+CVE-2005-0114
 	NOT-FOR-US: ZoneAlarm
-CVE-2005-0113 (inpview in SGI IRIX allows local users to execute arbitrary commands ...)
+CVE-2005-0113
 	NOT-FOR-US: IRIX
-CVE-2005-0112 (The web-based administrative interface for 3Com OfficeConnect Wireless ...)
+CVE-2005-0112
 	NOT-FOR-US: 3Com OfficeConnect Wireless 11g Access Point
-CVE-2005-0111 (Stack-based buffer overflow in the websql CGI program in MySQL MaxDB ...)
+CVE-2005-0111
 	- maxdb-7.5.00 7.5.00.18
-CVE-2005-0110 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to ...)
+CVE-2005-0110
 	NOT-FOR-US: MSIE
-CVE-2005-0109 (Hyper-Threading technology, as used in FreeBSD and other operating ...)
+CVE-2005-0109
 	NOTE: According to Linus Torvalds and others on linux-kernel this is a theoretical
 	NOTE: attack, paranoid people should disable hyper threading
 	- kfreebsd5-source 5.3-11
-CVE-2005-0108 (Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote ...)
-	{DSA-659-1}
+CVE-2005-0108
 	- libapache-mod-auth-radius 1.5.7-6
 	- libpam-radius-auth 1.3.16-3
-CVE-2005-0107 (bsmtpd 2.3 and earlier does not properly sanitize e-mail addresses, ...)
-	{DSA-690-1}
+CVE-2005-0107
 	- bsmtpd 2.3pl8b-16
-CVE-2005-0106 (SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file ...)
+CVE-2005-0106
 	- libnet-ssleay-perl 1.25-1.1
-CVE-2005-0105 (Unknown vulnerability in typespeed 0.4.1 and earlier allows local ...)
-	{DSA-684-1}
+CVE-2005-0105
 	- typespeed 0.4.4-8
-CVE-2005-0104 (Cross-site scripting (XSS) vulnerability in webmail.php in ...)
-	{DSA-662-1}
+CVE-2005-0104
 	- squirrelmail 2:1.4.4
-CVE-2005-0103 (PHP remote code injection vulnerability in webmail.php in SquirrelMail ...)
+CVE-2005-0103
 	- squirrelmail 2:1.4.4-1
-CVE-2005-0102 (Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier ...)
-	{DSA-673-1}
+CVE-2005-0102
 	- evolution 2.0.3-1.2 (bug #295548)
-CVE-2005-0101 (Buffer overflow in the socket_getline function in Newspost 2.1.1 and ...)
+CVE-2005-0101
 	- newspost 2.1.1-2
-CVE-2005-0100 (Format string vulnerability in the movemail utility in (1) Emacs 20.x, ...)
-	{DSA-685-1 DSA-671-1 DSA-670-1}
+CVE-2005-0100
 	- emacs21 21.3+1-9
 	- xemacs21 21.4.16-2
-CVE-2005-0099 (The SDL port of abuse (abuse-SDL) before 2.00 does not properly drop ...)
-	{DSA-691-1}
- 	- abuse <removed>
+CVE-2005-0099
+	- abuse <removed>
 CVE-2005-0097 (The NTLM component in Squid 2.5.STABLE7 and earlier allows remote ...)
 	- squid 2.5.7-4
 CVE-2005-0096 (Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and ...)

More information about the Secure-testing-commits mailing list