[Secure-testing-commits] r3062 - data/CVE

Joey Hess joeyh at costa.debian.org
Thu Dec 15 21:14:28 UTC 2005 

Author: joeyh
Date: 2005-12-15 21:14:22 +0000 (Thu, 15 Dec 2005)
New Revision: 3062

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-12-15 18:51:01 UTC (rev 3061)
+++ data/CVE/list	2005-12-15 21:14:22 UTC (rev 3062)
@@ -1,3 +1,71 @@
+CVE-2005-4266 (WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a ...)
+	TODO: check
+CVE-2005-4265 (Alt-N MDaemon and WorldClient 8.1.3 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2005-4264 (Multiple SQL injection vulnerabilities in index.php in PHP Support ...)
+	TODO: check
+CVE-2005-4263 (SQL injection vulnerability in the News module in Envolution allows ...)
+	TODO: check
+CVE-2005-4262 (Cross-site scripting (XSS) vulnerability in the News module in ...)
+	TODO: check
+CVE-2005-4261 (Unspecified vulnerability in Positive Software Corporation CP+ ...)
+	TODO: check
+CVE-2005-4260 (Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and ...)
+	TODO: check
+CVE-2005-4259 (Multiple SQL injection vulnerabilities in ASPBB 0.4 allow remote ...)
+	TODO: check
+CVE-2005-4258 (Unspecified Cisco Catalyst Switches allow remote attackers to cause a ...)
+	TODO: check
+CVE-2005-4257 (Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial ...)
+	TODO: check
+CVE-2005-4256 (Cross-site scripting (XSS) vulnerability in forum.asp in ASP-DEV XM ...)
+	TODO: check
+CVE-2005-4255 (Cross-site scripting (XSS) vulnerability in TextSearch in WikkaWiki ...)
+	TODO: check
+CVE-2005-4254 (SQL injection vulnerability in view_Results.php in DreamLevels ...)
+	TODO: check
+CVE-2005-4253 (Cross-site scripting (XSS) vulnerability in getdox.php in Torrential ...)
+	TODO: check
+CVE-2005-4252 (Cross-site scripting (XSS) vulnerability in mcGallery PRO 2.2 and ...)
+	TODO: check
+CVE-2005-4251 (Multiple SQL injection vulnerabilities in mcGallery PRO 2.2 and ...)
+	TODO: check
+CVE-2005-4250 (Directory traversal vulnerability in mcGallery PRO 2.2 and earlier ...)
+	TODO: check
+CVE-2005-4249 (ADP Forum 2.0 through 2.0.3 stores sensitive information in plaintext ...)
+	TODO: check
+CVE-2005-4248 (Multiple cross-site scripting (XSS) vulnerabilities in QuickPayPro 3.1 ...)
+	TODO: check
+CVE-2005-4247 (Cross-site scripting (XSS) vulnerability in index.php in Plogger Beta ...)
+	TODO: check
+CVE-2005-4246 (SQL injection vulnerability in Plogger Beta 2 and earlier allows ...)
+	TODO: check
+CVE-2005-4245 (Cross-site scripting (XSS) vulnerability in search.php in Snipe ...)
+	TODO: check
+CVE-2005-4244 (SQL injection vulnerability in Snipe Gallery 3.1.4 and earlier allows ...)
+	TODO: check
+CVE-2005-4243 (Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote ...)
+	TODO: check
+CVE-2005-4241 (Cross-site scripting (XSS) vulnerability in the category page in ...)
+	TODO: check
+CVE-2005-4240 (SQL injection vulnerability in search.php in VCD-db 0.98 and earlier ...)
+	TODO: check
+CVE-2005-4239 (Cross-site scripting (XSS) vulnerability in Search/DisplayResults.php ...)
+	TODO: check
+CVE-2005-4238 (Cross-site scripting (XSS) vulnerability in view_filters_page.php in ...)
+	TODO: check
+CVE-2005-4237 (Cross-site scripting (XSS) vulnerability in MySQL Auction 3.0 and ...)
+	TODO: check
+CVE-2005-4236 (Cross-site scripting (XSS) vulnerability in search.php in CKGOLD ...)
+	TODO: check
+CVE-2005-4235 (Cross-site scripting (XSS) vulnerability in knowledgebase.php in ...)
+	TODO: check
+CVE-2005-4234 (SQL injection vulnerability in gallery.php in EncapsGallery 1.0.0 and ...)
+	TODO: check
+CVE-2005-4233 (SQL injection vulnerability in advertiser_statistic.php in Ad Manager ...)
+	TODO: check
+CVE-2005-4232 (SQL injection vulnerability in index.php in Jamit Job Board 2.4.1 and ...)
+	TODO: check
 CVE-2005-4231 (Cross-site scripting (XSS) vulnerability in Link Up Gold 2.5 and ...)
 	NOT-FOR-US: Link Up Gold
 CVE-2005-4230 (SQL injection vulnerability in poll.php in Link Up Gold 2.5 and ...)
@@ -32,7 +100,7 @@
 	NOT-FOR-US: Macromedia Flash Media Server
 CVE-2005-4215 (Motorola SB5100E Cable Modem allows remote attackers to cause a denial ...)
 	NOT-FOR-US: Motorola hardware
-CVE-2005-4214 (phpCOIN 1.2.2 allows remote attackers obtain the installation path via ...)
+CVE-2005-4214 (phpCOIN 1.2.2 allows remote attackers to obtain the installation path ...)
 	NOT-FOR-US: phpCOIN
 CVE-2005-4213 (SQL injection vulnerability in mod.php in phpCOIN 1.2.2 allows remote ...)
 	NOT-FOR-US: phpCOIN
@@ -76,13 +144,13 @@
 	NOT-FOR-US: Sights 'n Sounds Streaming Media Server
 CVE-2005-4193 (Cross-site scripting (XSS) vulnerability in UseBB before 0.7 allows ...)
 	NOT-FOR-US: UseBB
-CVE-2005-4242 [XSS in Turba]
+CVE-2005-4242 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Turba H3 ...)
 	- turba2 <unfixed> (bug #342946; medium)
 CVE-2005-4192 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	- mnemo2 <unfixed> (bug #342944; medium)
 CVE-2005-4191 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	- nag2 <unfixed> (bug #342945; medium)
-CVE-2005-4190 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Framework ...)
+CVE-2005-4190 (Multiple cross-site scripting (XSS) vulnerabilities in Horde ...)
 	- horde3 <unfixed> (bug #342942; medium)
 CVE-2005-4189 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith ...)
 	- kronolith <unfixed> (bug #342943; medium)
@@ -2419,12 +2487,12 @@
 	REJECTED
 CVE-2005-3361 (Cross-site scripting (XSS) vulnerability in forum/index.php in ...)
 	NOT-FOR-US: FlatNuke
-CVE-2005-3360
-	RESERVED
+CVE-2005-3360 (The installation of Trend Micro PC-Cillin Internet Security 2005 12.00 ...)
+	TODO: check
 CVE-2005-3359
 	RESERVED
-CVE-2005-3358
-	RESERVED
+CVE-2005-3358 (Linux kernel 2.6.x, possibly before 2.6.11, allows local users to ...)
+	TODO: check
 CVE-2005-3357
 	RESERVED
 CVE-2005-3356
@@ -2772,23 +2840,28 @@
 	- pound 1.9.4-1 (low)
 	NOTE: see http://www.apsis.ch/pound/pound_list/archive/2005/2005-10/1129827166000/index_html?fullMode=1#1129827166000
 CVE-2005-3276 (The sys_get_thread_area function in process.c in Linux 2.6 before ...)
+	{DSA-922-1}
 	- linux-2.6 2.6.12-2
 	- kernel-source-2.4.27 <not-affected>
 CVE-2005-3275 (The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in ...)
-	{DSA-921-1}
+	{DSA-922-1 DSA-921-1}
 	- linux-2.6 2.6.13-1 (low)
 	- kernel-source-2.4.27 2.4.27-11 (low)
 CVE-2005-3274 (Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 ...)
+	{DSA-922-1}
 	- linux-2.6 2.6.13-1 (low)
 	TODO: Check, whether the 2.4 fix was included in the DSA
 	[sarge] - kernel-source-2.4.27 2.4.27-10sarge1 (low)
 CVE-2005-3273 (The rose_rt_ioctl function in rose_route.c for Radionet Open Source ...)
+	{DSA-922-1}
 	- linux-2.6 2.6.12-1
 	- kernel-source-2.4.27 <not-affected>
 CVE-2005-3272 (Linux kernel before 2.6.12 allows remote attackers to poison the ...)
+	{DSA-922-1}
 	- linux-2.6 2.6.12-1
 	- kernel-source-2.4.27 <not-affected>
 CVE-2005-3271 (Exec in Linux kernel 2.6 does not properly clear posix-timers in ...)
+	{DSA-922-1}
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.9)
 	- kernel-source-2.4.27 <not-affected>
 CVE-2005-3270 (Untrusted search path vulnerability in DiskMountNotify for Symantec ...)
@@ -2856,7 +2929,7 @@
 	RESERVED
 CVE-2005-3238 (Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket Option ...)
 	NOT-FOR-US: Solaris
-CVE-2005-3257 (The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12 allows local ...)
+CVE-2005-3257 (The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and ...)
 	- linux-2.6 2.6.14-4 (bug #334113; medium)
 	- kernel-source-2.4.27 <unfixed> (medium)
 CVE-2005-3237 (Cross-site scripting (XSS) vulnerability in Cyphor 0.19 allows remote ...)
@@ -3172,20 +3245,26 @@
 CVE-2005-3112 (The &quot;reset password&quot; feature in Macromedia Breeze 5.0 stores passwords ...)
 	NOT-FOR-US: Macromedia Breeze
 CVE-2005-3110 (Race condition in ebtables netfilter module (ebtables.c) in Linux 2.6, ...)
+	{DSA-922-1}
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.11)
 	- kernel-source-2.4.27 <not-affected>
 CVE-2005-3109 (The HFS and HFS+ (hfsplus) modules in Linux 2.6 allow attackers to ...)
+	{DSA-922-1}
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.12)
 	- kernel-source-2.4.27 <unfixed> (low)
 CVE-2005-3108 (mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local users to ...)
+	{DSA-922-1}
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.12)
 	- kernel-source-2.4.27 <not-affected>
 CVE-2005-3107 (fs/exec.c in Linux 2.6, when one thread is tracing another thread that ...)
+	{DSA-922-1}
 	- linux-2.6 <not-affected> (Fixed before upload into archive; in 2.6.11)
 	- kernel-source-2.4.27 <not-affected>
 CVE-2005-3106 (Race condition in Linux 2.6, when threads are sharing memory mapping ...)
+	{DSA-922-1}
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
 CVE-2005-3105 (The mprotect code (mprotect.c) in Linux 2.6 on Itanium IA64 Montecito ...)
+	{DSA-922-1}
 	- kernel-source-2.4.27 <unfixed> (bug #332569; medium)
 	- linux-2.6 2.6.12-1
 CVE-2005-XXXX [Minor local DoS as libldap]
@@ -4258,7 +4337,7 @@
 	{DSA-793-1}
 	- courier 0.47-8 (medium; bug #325631)
 CVE-2005-2801 (xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 ...)
-	{DSA-921-1}
+	{DSA-922-1 DSA-921-1}
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
 	TODO: When was this fixed in sid for 2.4?
 CVE-2005-2873 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and ...)
@@ -4268,7 +4347,7 @@
 	NOTE: Dave Miller didn't like the proposed fix and considers a complete rewrite
 	NOTE: of ipt_recent the best solution, which seems to occur soon
 CVE-2005-2872 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel before ...)
-	{DSA-921-1}
+	{DSA-922-1 DSA-921-1}
 	- kernel-source-2.4.27 2.4.27-11 (bug #322237; medium)
 	- linux-2.6 2.6.12-1
 CVE-2005-2761 (Cross-site scripting (XSS) vulnerability in phpGroupWare 0.9.16.000 ...)
@@ -5152,7 +5231,7 @@
 	- linux-2.6 2.6.12-7 (bug #327416; medium)
 	- kernel-source-2.6.8 2.6.8-16sarge2
 CVE-2004-2302 (Race condition in the sysfs_read_file and sysfs_write_file functions ...)
-	{DTSA-16-1}
+	{DSA-922-1 DTSA-16-1}
 	- linux-2.6 <not-affected> (Fixed before upload into archive)
 	TODO: Check, when this was fixed upstream
 	- kernel-source-2.4.27 <not-affected>
@@ -5170,7 +5249,7 @@
 	NOTE: unknown if really a bug; if it is it's different than the previous ssh delay bugs
 	- ssh <unfixed> (bug #314645; low)
 CVE-2005-2548 (vlan_dev.c in the VLAN code for Linux kernel 2.6.8 allows remote ...)
-	{DTSA-16-1}
+	{DSA-922-1 DTSA-16-1}
 	NOTE: Will appear in next kernel DSA, fixed in 2.6 since 2.6.9-rc2
 	- kernel-source-2.6.8 2.6.8-16sarge1 (bug #309308; low)
 	NOTE: 2.6.12-1 contained a partially broken fix
@@ -5221,11 +5300,11 @@
 CVE-2005-2469 (Stack-based buffer overflow in the NMAP Agent for Novell NetMail 3.52C ...)
 	NOT-FOR-US: Novell NetMail
 CVE-2005-2459 (The huft_build function in inflate.c in the zlib routines in the Linux ...)
-	{DSA-921-1 DTSA-16-1}
+	{DSA-922-1 DSA-921-1 DTSA-16-1}
 	- linux-2.6 2.6.12-3 (bug #323173)
 	- kernel-source-2.4.27 2.4.27-12 (medium)
 CVE-2005-2458 (inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 ...)
-	{DSA-921-1 DTSA-16-1}
+	{DSA-922-1 DSA-921-1 DTSA-16-1}
 	- linux-2.6 2.6.12-3 (bug #323173; medium)
 	- kernel-source-2.4.27 2.4.27-12 (medium)
 CVE-2004-2301 (Eudora before 6.1.1 allows remote attackers to cause a denial of ...)
@@ -5376,7 +5455,7 @@
 	[sarge] - kernel-source-2.6.8 2.6.8-16sarge2 (medium)
 	[sarge] - kernel-source-2.4.27 2.4.27-10sarge2 (medium)
 CVE-2005-2456 (Array index overflow in the xfrm_sk_policy_insert function in ...)
-	{DSA-921-1 DTSA-16-1}
+	{DSA-922-1 DSA-921-1 DTSA-16-1}
 	- linux-2.6 2.6.12-2 (bug #321401; medium)
 	- kernel-source-2.4.27 2.4.27-11 (medium)
 CVE-2005-2455 (Greasemonkey before 0.3.5 allows remote web servers to (1) read ...)
@@ -7990,12 +8069,12 @@
 CVE-2005-1934 (Gaim before 1.3.1 allows remote attackers to cause a denial of service ...)
 	{DSA-734-1}
 	- gaim 1:1.3.1-1 (bug #315356; low)
-CVE-2005-1930
-	RESERVED
-CVE-2005-1929
-	RESERVED
-CVE-2005-1928
-	RESERVED
+CVE-2005-1930 (Directory traversal vulnerability in the Crystal Report component ...)
+	TODO: check
+CVE-2005-1929 (Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) ...)
+	TODO: check
+CVE-2005-1928 (Trend Micro ServerProtect EarthAgent for Windows Management Console ...)
+	TODO: check
 CVE-2005-1927
 	RESERVED
 CVE-2005-1926
@@ -8364,7 +8443,7 @@
 	{DSA-921-1}
 	- kernel-source-2.4.27 2.4.27-11 (medium; bug #319629)
 CVE-2005-1767 (traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment ...)
-	{DSA-921-1}
+	{DSA-922-1 DSA-921-1}
 	- linux-2.6 <not-affected> (Fixed before upload into archive)
 	TODO: Add which revision fixed this
 	- kernel-source-2.4.27 2.4.27-11 (unknown)
@@ -8374,20 +8453,21 @@
 	NOTE: Helix Player is affected according to:
 	NOTE: <http://service.real.com/help/faq/security/050623_player/EN/>
 CVE-2005-1765 (syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, ...)
-	{DTSA-16-1}
+	{DSA-922-1 DTSA-16-1}
 	- linux-2.6 2.6.12-1 (medium)
 	- kernel-source-2.4.27 <not-affected>
 CVE-2005-1764 (Linux 2.6.11 on 64-bit x86 (x86_64) platforms does not use a guard ...)
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
 	- kernel-source-2.4.27 <not-affected>
 CVE-2005-1763 (Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures ...)
+	{DSA-922-1}
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc5)
 CVE-2005-1762 (The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 ...)
-	{DSA-921-1 DTSA-16-1}
+	{DSA-922-1 DSA-921-1 DTSA-16-1}
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc5)
 	- kernel-source-2.4.27 2.4.27-11
 CVE-2005-1761 (Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users ...)
-	{DTSA-16-1}
+	{DSA-922-1 DTSA-16-1}
 	- linux-2.6 2.6.12-1 (medium)
 	- kernel-source-2.4.27 <unfixed> (low)
 CVE-2005-1760 (sysreport 1.3.15 and earlier includes contents of the up2date file in ...)
@@ -10425,6 +10505,7 @@
 	{DSA-736-2 DSA-736-1}
 	- spamassassin 3.0.4-1 (bug #314447; medium)
 CVE-2005-1265 (The mmap function in the Linux Kernel 2.6.10 can be used to create ...)
+	{DSA-922-1}
 	TODO: This needs to be double-checked, added to the kernel tracker
 CVE-2005-1264 (Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong ...)
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.10)
@@ -11827,12 +11908,12 @@
 	- gzip 1.3.5-10
 	- bzip2 1.0.2-8.1 (bug #321286; medium)
 CVE-2005-0757 (The xattr file system code, as backported in Red Hat Enterprise Linux ...)
-	{DSA-921-1}
+	{DSA-922-1 DSA-921-1}
 	- kernel-source-2.4.27 2.4.27-11 (bug #311164)
 	- linux-2.6 <not-affected> (Fixed before upload in archive)
 	TODO: Check, when this was fixed upstream
 CVE-2005-0756 (ptrace 2.6.8.1 does not properly verify addresses on the amd64 ...)
-	{DSA-921-1}
+	{DSA-922-1 DSA-921-1}
 	- kernel-source-2.4.27 2.4.27-11 (medium)
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc5)
 CVE-2005-0755 (Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player ...)

More information about the Secure-testing-commits mailing list