[Secure-testing-commits] r2572 - data/CVE
Micah Anderson
micah at costa.debian.org
Tue Oct 25 21:26:17 UTC 2005
Author: micah
Date: 2005-10-25 21:26:13 +0000 (Tue, 25 Oct 2005)
New Revision: 2572
Modified:
data/CVE/list
Log:
a whole bunch of NFUs converted
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-10-25 21:14:21 UTC (rev 2571)
+++ data/CVE/list 2005-10-25 21:26:13 UTC (rev 2572)
@@ -880,7 +880,8 @@
CVE-2005-2973 [Kernel 2.6 ipv6 local DoS vulnerability]
RESERVED
- linux-2.6 <unfixed>
- NOTE: Pinged Horms as usual
+ - kernel-source-2.6.8 2.6.8-16sarge1
+ - kernel-source-2.4.27 2.4.27-10sarge1
CVE-2005-2972 (Multiple stack-based buffer overflows in the RTF import feature in ...)
- abiword 2.4.1-1 (bug #333740; medium)
CVE-2005-2971 (Heap-based buffer overflow in the KWord RTF importer for KOffice 1.2.0 ...)
@@ -18813,7 +18814,7 @@
{DSA-196}
- bind 1:8.3.3-3
CVE-2002-1214 (Buffer overflow in Microsoft PPTP Service on Windows XP and Windows ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CVE-2002-1211 (Prometheus 6.0 and earlier allows remote attackers to execute ...)
NOTE: not-for-us (Prometheus not in Debian)
CVE-2002-1200 (Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when ...)
@@ -18840,23 +18841,23 @@
CVE-2002-1189 (The default configuration of Cisco Unity 2.x and 3.x does not block ...)
NOTE: not-for-us (CISCO)
CVE-2002-1188 (Internet Explorer 5.01 through 6.0 allows remote attackers to identify ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CVE-2002-1187 (Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CVE-2002-1186 (Internet Explorer 5.01 through 6.0 does not properly perform security ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CVE-2002-1185 (Internet Explorer 5.01 through 6.0 does not properly check certain ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CVE-2002-1184 (The system root folder of Microsoft Windows 2000 has default ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CVE-2002-1183 (Microsoft Windows 98 and Windows NT 4.0 do not properly verify the ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CVE-2002-1182 (IIS 5.0 and 5.1 allows remote attackers to cause a denial of service ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CVE-2002-1180 (A typographical error in the script source access permissions for ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CVE-2002-1179 (Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CVE-2002-1178 (Directory traversal vulnerability in the CGIServlet for Jetty HTTP ...)
- jetty 4.1.0
CVE-2002-1170 (The handle_var_requests function in snmp_agent.c for the SNMP daemon ...)
@@ -18891,17 +18892,17 @@
- glibc 2.3
- bind 1:8.3.3
CVE-2002-1142 (Heap-based buffer overflow in the Remote Data Services (RDS) component ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CVE-2002-1141 (An input validation error in the Sun Microsystems RPC library Services ...)
NOTE: not-for-us (Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP)
CVE-2002-1140 (The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as ...)
NOTE: not-for-us (Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP)
CVE-2002-1139 (The Compressed Folders feature in Microsoft Windows 98 with Plus! ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CVE-2002-1138 (Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CVE-2002-1137 (Buffer overflow in the Database Console Command (DBCC) that handles ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CVE-2002-1135 (modsecurity.php 1.10 and earlier, in phpWebSite 0.8.2 and earlier, ...)
NOTE: not-for-us (phpWebSite)
CVE-2002-1132 (SquirrelMail 1.2.7 and earlier allows remote attackers to determine ...)
@@ -18909,9 +18910,9 @@
CVE-2002-1126 (Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape ...)
- mozilla 2:1.2
CVE-2002-1123 (Buffer overflow in the authentication function for Microsoft SQL ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CVE-2002-1122 (Buffer overflow in the parsing mechanism for ISS Internet Scanner ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CVE-2002-1119 (os._execvpe from os.py in Python 2.2.1 and earlier creates temporary ...)
{DSA-159}
CVE-2002-1118 (TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and ...)
@@ -18971,7 +18972,7 @@
CVE-2002-1057 (Buffer overflow in SmartMax MailMax POP3 daemon (popmax) 4.8 allows ...)
NOTE: not-for-us (SmartMax MailMax POP3 daemon)
CVE-2002-1056 (Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CVE-2002-1054 (Directory traversal vulnerability in Pablo FTP server 1.0 build 9 and ...)
NOTE: not-for-us (Pablo FTP server)
CVE-2002-1053 (Cross-site scripting (XSS) vulnerability in W3C Jigsaw Proxy Server ...)
@@ -19097,17 +19098,17 @@
CVE-2002-0871 (xinetd 2.3.4 leaks file descriptors for the signal pipe to services ...)
{DSA-151}
CVE-2002-0867 (Microsoft Virtual Machine (VM) up to and including build 5.0.3805 ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CVE-2002-0866 (Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CVE-2002-0865 (A certain class that supports XML (Extensible Markup Language) in ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CVE-2002-0864 (The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CVE-2002-0860 (The LoadText method in the spreadsheet component in Microsoft Office ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CVE-2002-0859 (Buffer overflow in the OpenDataSource function of the Jet engine on ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CVE-2002-0856 (SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote ...)
NOTE: not-for-us (Oracle)
CVE-2002-0853 (Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows ...)
@@ -19226,25 +19227,25 @@
CVE-2002-0737 (Sambar web server before 5.2 beta 1 allows remote attackers to obtain ...)
NOTE: not-for-us (Sambar web server)
CVE-2002-0736 (Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CVE-2002-0734 (b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly ...)
NOTE: not-for-us (B2)
CVE-2002-0733 (Cross-site scripting vulnerability in thttpd 2.20 and earlier allows ...)
- thttpd 2.21
CVE-2002-0729 (Microsoft SQL Server 2000 allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CVE-2002-0727 (The Host function in Microsoft Office Web Components (OWC) 2000 and ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CVE-2002-0726 (Buffer overflow in Microsoft Terminal Services Advanced Client (TSAC) ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CVE-2002-0722 (Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CVE-2002-0720 (A handler routine for the Network Connection Manager (NCM) in Windows ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CVE-2002-0719 (SQL injection vulnerability in the function that services for ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CVE-2002-0718 (Web authoring command in Microsoft Content Management Server (MCMS) ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CVE-2002-0716 (Format string vulnerability in crontab for SCO OpenServer 5.0.5 and ...)
NOTE: not-for-us (SCO OpenServer)
CVE-2002-0714 (FTP proxy in Squid before 2.4.STABLE6 does not compare the IP ...)
@@ -19262,35 +19263,35 @@
CVE-2002-0701 (ktrace in BSD-based operating systems allows the owner of a process ...)
NOTE: not-for-us (BSD)
CVE-2002-0700 (Buffer overflow in a system function that performs user authentication ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CVE-2002-0698 (Buffer overflow in Internet Mail Connector (IMC) for Microsoft ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CVE-2002-0697 (Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CVE-2002-0696 (Microsoft Visual FoxPro 6.0 does not register its associated files ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CVE-2002-0695 (Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CVE-2002-0694 (The HTML Help facility in Microsoft Windows 98, 98 Second Edition, ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CVE-2002-0692 (Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CVE-2002-0691 (Microsoft Internet Explorer 5.01 and 5.5 allows remote attackers to ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CVE-2002-0688 (ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 ...)
{DSA-490}
CVE-2002-0687 (The "through the web code" capability for Zope 2.0 through 2.5.1 b1 ...)
- zope 2.5.1b2
CVE-2002-0685 (Heap-based buffer overflow in the message decoding functionality for ...)
- NOTE: not-for-us (PGP Outlook Encryption Plug-In)
+ NOT-FOR-US: PGP Outlook Encryption Plug-In
CVE-2002-0682 (Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows ...)
- tomcat 4.0.4
CVE-2002-0679 (Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC ...)
- NOTE: not-for-us (CDE)
+ NOT-FOR-US: CDE
CVE-2002-0678 (CDE ToolTalk database server (ttdbserver) allows local users to ...)
- NOTE: not-for-us (CDE ToolTalk)
+ NOT-FOR-US: CDE ToolTalk
CVE-2002-0676 (SoftwareUpdate for MacOS 10.1.x does not use authentication when ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CVE-2002-0674 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...)
NOTE: not-for-us (Pingtel xpressa SIP-based voice-over-IP phone)
CVE-2002-0673 (The enrollment process for Pingtel xpressa SIP-based voice-over-IP ...)
@@ -19302,9 +19303,9 @@
CVE-2002-0668 (The web interface for Pingtel xpressa SIP-based voice-over-IP phone ...)
NOTE: not-for-us (Pingtel xpressa SIP-based voice-over-IP phone)
CVE-2002-0665 (Macromedia JRun Administration Server allows remote attackers to ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CVE-2002-0663 (Buffer overflow in HTTP Proxy for Symantec Norton Personal Internet ...)
- NOTE: not-for-us (Norton)
+ NOT-FOR-US: Norton
CVE-2002-0662 (scrollkeeper-get-cl in ScrollKeeper 0.3 to 0.3.11 allows local users ...)
{DSA-160}
CVE-2002-0658 (OSSP mm library (libmm) before 1.2.0 allows the local Apache user to ...)
More information about the Secure-testing-commits
mailing list