[Secure-testing-commits] r2249 - in data: CAN CVE
Joey Hess
joeyh at costa.debian.org
Fri Sep 30 09:14:22 UTC 2005
Author: joeyh
Date: 2005-09-30 09:14:18 +0000 (Fri, 30 Sep 2005)
New Revision: 2249
Modified:
data/CAN/list
data/CVE/list
Log:
automatic CAN database update
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-09-30 08:48:54 UTC (rev 2248)
+++ data/CAN/list 2005-09-30 09:14:18 UTC (rev 2249)
@@ -722,12 +722,10 @@
CAN-2005-2797 (OpenSSH 4.0, and other versions before 4.2, does not properly handle ...)
- openssh 1:4.2p1-1 (bug #326065; medium)
CAN-2005-2796 (The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and ...)
- {DSA-809-1}
- squid 2.5.10-5 (medium)
CAN-2005-2795
RESERVED
CAN-2005-2794 (store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to ...)
- {DSA-809-1}
- squid 2.5.10-5 (medium)
CAN-2005-2793 (PHP remote code injection vulnerability in welcome.php in phpLDAPadmin ...)
- phpldapadmin 0.9.6c-7 (bug #325785; medium)
@@ -862,7 +860,6 @@
CAN-2005-2729 (The HTTP proxy in Astaro Security Linux 6.0 does not properly filter ...)
NOT-FOR-US: Astato specific
CAN-2005-2728 (The byte-range filter in Apache 2.0 before 2.0.54 allows remote ...)
- {DSA-805-1}
NOTE: The CVE description is wrong, this has been merged for 2.0.55
- apache2 2.0.54-5 (bug #326435; medium)
CAN-2005-2727 (Home Ftp Server 1.0.7 stores sensitive user information and server ...)
@@ -884,7 +881,6 @@
CAN-2005-2718 (Buffer overflow in ad_pcm.c in MPlayer 1.0pre7 and earlier allows ...)
NOT-FOR-US: MPlayer
CAN-2005-2717 (PHP remote file inclusion vulnerability in WebCalendar before 1.0.1 ...)
- {DSA-799-1}
- webcalendar 0.9.45-7 (bug #326223; medium)
CAN-2005-2715
RESERVED
@@ -925,7 +921,6 @@
- mozilla-firefox 1.0.7-1 (bug #329778; medium)
- mozilla <unfixed> (bug #329778; medium)
CAN-2005-2700 (ssl_engine_kernel.c in mod_ssl before 2.8.24, when using ...)
- {DSA-807-1 DSA-805-1}
- libapache-mod-ssl 2.8.24-1 (medium)
- apache2 2.0.54-5 (bug #327210; medium)
CAN-2005-2699 (admin/admin.php in PHPKit 1.6.1 allows remote authenticated ...)
@@ -950,7 +945,6 @@
NOTE: This is not the same as -13
- osh 1.7-14 (bug #323424; bug #323482; medium)
CAN-2005-2724 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows ...)
- {DSA-793-1}
- courier 0.47-8 (medium; bug #325631)
CAN-2005-2801 (xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 ...)
- kernel-source-2.4.27 2.4.27-11 (medium)
@@ -965,15 +959,12 @@
CAN-2005-2872 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel before ...)
- kernel-source-2.4.27 2.4.27-11 (bug #322237; medium)
CAN-2005-2761 (Cross-site scripting (XSS) vulnerability in phpGroupWare 0.9.16.000 ...)
- {DSA-798-1}
- phpgroupware 0.9.16.008-1 (unknown)
CAN-2005-2716 (The event_pin_code_request function in the btsrv daemon (btsrv.c) in ...)
- {DSA-796-1}
- affix 2.1.2-3 (bug #325444; medium)
CAN-2005-XXXX [Insecure tempfile usage in tleds]
- tleds 1.05beta10-9 (bug #276789; low)
CAN-2005-2693 (cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, ...)
- {DSA-806-1 DSA-802-1}
NOTE: cvs: not shipped in binary package
- cvs 1:1.12.9-15 (bug #325106; unimportant)
- gcvs 1.0final-8 (bug #324969; low)
@@ -1046,19 +1037,16 @@
CAN-2005-2659
RESERVED
CAN-2005-2658 (Buffer overflow in utility.cpp in Turquoise SuperStat (turqstat) 2.2.4 ...)
- {DSA-812-1}
- turqstat 2.2.4-1 (medium)
CAN-2005-2657 (Unknown vulnerability in common-lisp-controller 4.18 and earlier ...)
- {DSA-811-1}
+ TODO: check
CAN-2005-2656 (Polygen before 1.0.6 generates precompiled grammar objects with ...)
- {DSA-794-1}
NOTE: Fix in -8 had problems
- polygen 1.0.6-9 (bug #325468; low)
CAN-2005-2655 (lockmail in maildrop before 1.5.3 does not drop privileges before ...)
- {DSA-791-1 DTSA-11-1}
+ {DTSA-11-1}
- maildrop 1.5.3-2 (bug #325135; medium)
CAN-2005-2654 (phpldapadmin before 0.9.6c allows remote attackers to gain anonymous ...)
- {DSA-790-1}
- phpldapadmin 0.9.6c-5 (medium)
CAN-2005-XXXX [cplay - still unsafe temporary file handling vulnerable to symlink attacks]
- cplay 1.49-8 (bug #324913; low)
@@ -1093,7 +1081,6 @@
- mutt <unfixed> (bug #323956; high)
NOTE: Status is not clear; upstream is unresponsive.
CAN-2005-2641 (Unknown vulnerability in pam_ldap before 180 does not properly handle ...)
- {DSA-785-1}
- libpam-ldap 178-1sarge1 (bug #324899; unknown)
CAN-2004-2483 (Kerio WinRoute Firewall before 6.0.9 uses information from PTR queries ...)
NOT-FOR-US: Kerio WinRoute Firewall
@@ -1136,10 +1123,10 @@
CAN-2005-2628
RESERVED
CAN-2005-2627 (Multiple integer underflows in Kismet before 2005-08-R1 allow remote ...)
- {DSA-788-1 DTSA-1-1}
+ {DTSA-1-1}
- kismet 2005.08.R1-0.1etch1 (bug #323386; high)
CAN-2005-2626 (Unspecified vulnerability in Kismet before 2005-08-R1 allows remote ...)
- {DSA-788-1 DTSA-1-1}
+ {DTSA-1-1}
- kismet 2005.08.R1-0.1etch1 (bug #323386; high)
CAN-2004-2476 (Microsoft Internet Explorer 6.0 allows remote attackers to cause a ...)
NOT-FOR-US: MS IE
@@ -1378,7 +1365,6 @@
CAN-2005-2601 (SQL injection vulnerability in MidiCart allows remote attackers to ...)
NOT-FOR-US: MidiCart
CAN-2005-2600 (FUDForum 2.6.15 with "Tree View" enabled, as used in other products ...)
- {DSA-798-1}
- egroupware-fudforum <unfixed> (bug #323928; medium)
- phpgroupware 0.9.16.008-1 (bug #323929; medium)
CAN-2005-2599 (Hummingbird FTP for Connectivity 10.0 uses weak encryption (trivial ...)
@@ -1472,10 +1458,8 @@
- mysql-dfsg-5.0 5.0.7beta-1 (medium)
- mysql-dfsg <unfixed> (bug #322133; medium)
CAN-2005-2557 (Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis ...)
- {DSA-778-1}
- mantis 0.19.2-4 (low)
CAN-2005-2556 (core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with ...)
- {DSA-778-1}
- mantis 0.19.2-4 (medium)
CAN-2005-2555 (Linux kernel 2.6.x does not properly restrict socket policy access to ...)
{DTSA-16-1}
@@ -1686,7 +1670,7 @@
CAN-2005-2551 (Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 ...)
NOT-FOR-US: Novell eDirectory
CAN-2005-2547 (security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote ...)
- {DSA-782-1 DTSA-9-1}
+ {DTSA-9-1}
- bluez-utils 2.19-0.1etch1 (bug #323365; medium)
CAN-2005-2546 (Arab Portal 2.0 allows remote attackers to obtain sensitive ...)
NOT-FOR-US: Arab Portal
@@ -1711,7 +1695,6 @@
CAN-2005-2537 (FlatNuke 2.5.5 and possibly earlier versions allows remote attackers ...)
NOT-FOR-US: FlatNuke
CAN-2005-2536 (pstotext before 1.8g does not properly use the "-dSAFER" option when ...)
- {DSA-792-1}
- pstotext 1.9-2 (medium)
CAN-2005-2535 (Buffer overflow in the Discovery Service in BrightStor ARCserve Backup ...)
NOT-FOR-US: ARCserve Backup
@@ -1788,7 +1771,7 @@
CAN-2005-2499 (slocate before 2.7 does not properly process very long paths, which ...)
- slocate <unfixed> (bug #324951; low)
CAN-2005-2498 (Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR ...)
- {DSA-798-1 DSA-789-1 DTSA-15-1}
+ {DTSA-15-1}
- drupal 4.5.5-1 (bug #323347; high)
- phpgroupware 0.9.16.008-1 (bug #323349; high)
- egroupware 1.0.0.009.dfsg-1 (bug #323350; high)
@@ -1799,7 +1782,6 @@
CAN-2005-2497
RESERVED
CAN-2005-2496 (The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option ...)
- {DSA-801-1}
NOTE: I suspect DSA-801 is fixed by the non-root patches from Ubuntu??
- ntp 1:4.2.0a+stable-2sarge1 (medium)
CAN-2005-2495 (Multiple integer overflows in XFree86 before 4.3.0 allow ...)
@@ -1811,7 +1793,7 @@
CAN-2005-2492 (The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 ...)
- linux-2.6 2.6.12-7 (bug #327416; medium)
CAN-2005-2491 (Integer overflow in pcre_compile.c in Perl Compatible Regular ...)
- {DSA-800-1 DTSA-10-1}
+ {DTSA-10-1}
- pcre3 6.3-0.1etch1 (bug #324531; medium)
- gnumeric <unfixed> (bug #326628; unimportant)
- goffice <unfixed> (unimportant)
@@ -2063,12 +2045,12 @@
CAN-2005-2451 (Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, ...)
NOT-FOR-US: IOS
CAN-2005-2450 (Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file ...)
- {DSA-776-1 DTSA-3-1}
+ {DTSA-3-1}
- clamav 0.86.2-1 (medium)
CAN-2005-2449 (Race condition in sandbox before 1.2.11 allows local users to create ...)
NOT-FOR-US: sandbox
CAN-2005-2448 (Multiple "endianness errors" in libgadu in ekg before 1.6rc2 allow ...)
- {DSA-813-1 DTSA-2-1 DTSA-4-1}
+ {DTSA-2-1 DTSA-4-1}
- ekg 1:1.5+20050718+1.6rc3-1 (low)
- centericq 4.20.0-8etch1 (bug #323185; medium)
CAN-2005-2447
@@ -2148,7 +2130,6 @@
CAN-2005-2412 (PHP remote file inclusion vulnerability in block.php in PHP FirstPost ...)
NOT-FOR-US: First Post
CAN-2005-2411 (Cross-Site Request Forgery (CSRF) vulnerability in tDiary 2.1.1, and ...)
- {DSA-808-1}
- tdiary 2.0.2-1 (bug #319315; medium)
CAN-2005-2410 (Format string vulnerability in the nm_info_handler function in Network ...)
NOT-FOR-US: Network Manager
@@ -2228,7 +2209,6 @@
CAN-2005-2391 (Unknown vulnerability in 3Com OfficeConnect Wireless 11g Access Point ...)
NOT-FOR-US: 3Com OfficeConnect Wireless 11g AP
CAN-2005-2390 (Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 ...)
- {DSA-795-2}
- proftpd 1.2.10-20 (low)
NOTE: ftpshut fixed in -19, SQLShowInfo in -20
CAN-2005-2389 (NDMP server in Veritas NetBackup 5.1 allows attackers to cause a ...)
@@ -2270,11 +2250,11 @@
CAN-2005-2371 (Unknown vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows ...)
NOT-FOR-US: Oracle Reports
CAN-2005-2370 (Multiple "memory alignment errors" in libgadu, as used in ekg before ...)
- {DSA-813-1 DSA-769-1 DTSA-2-1 DTSA-5-1}
+ {DTSA-2-1 DTSA-5-1}
- gaim 1:1.4.0-5 (low)
- centericq 4.20.0-8etch1 (bug #323185; low)
CAN-2005-2369 (Multiple integer signedness errors in libgadu, as used in ekg before ...)
- {DSA-813-1 DTSA-2-1}
+ {DTSA-2-1}
TODO: check gaim and others that embed libgadu in source tree
- centericq 4.20.0-8etch1 (bug #323185; medium)
CAN-2005-2368 (vim 6.3 before 6.3.082, with modelines enabled, allows external ...)
@@ -2395,10 +2375,8 @@
REJECTED
NOT-FOR-US: Microsoft
CAN-2005-2302 (PowerDNS before 2.9.18, when allowing recursion to a restricted range ...)
- {DSA-771-1}
- pdns 2.9.18-1 (medium; bug #318798)
CAN-2005-2301 (PowerDNS before 2.9.18, when running with an LDAP backend, does not ...)
- {DSA-771-1}
- pdns 2.9.18-1 (medium; bug #318798)
CAN-2005-2300 (Skype 1.1.0.20 and earlier allows local users to overwrite arbitrary ...)
NOT-FOR-US: Skype
@@ -2447,7 +2425,6 @@
CAN-2005-2278 (Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable ...)
NOT-FOR-US: MailEnable
CAN-2005-2277 (Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows ...)
- {DSA-762-1}
- affix 2.1.2-2 (medium)
CAN-2005-2276 (Cross-site scripting (XSS) vulnerability in Novell Groupwise WebAccess ...)
NOT-FOR-US: Novell Groupwise WebAccess
@@ -2613,12 +2590,10 @@
CAN-2005-XXXX [xemeraldia games file overwrite]
- xemeraldia 0.4-1 (low)
CAN-2005-2335 (Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows ...)
- {DSA-774-1}
NOTE: previous fix in -15 was broken
- fetchmail 6.2.5-16 (bug #320357; medium)
NOTE: woody is not affected according to the bug report.
CAN-2005-2320 (WebCalendar before 1.0.0 does not properly restrict access to ...)
- {DSA-766-1}
- webcalendar 0.9.45-7 (bug #315671; medium)
CAN-2005-2437 (Website Baker Project does not properly verify the file extensions of ...)
NOT-FOR-US: Website Baker
@@ -2637,49 +2612,49 @@
CAN-2005-2271 (iCab 2.9.8 does not clearly associate a Javascript dialog box with the ...)
NOT-FOR-US: iCab
CAN-2005-2270 (Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone ...)
- {DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
+ {DTSA-8-2 DTSA-14-1}
- mozilla-firefox 1.0.4-2sarge3 (high)
- mozilla 2:1.7.8-1sarge2 (high)
- mozilla-thunderbird 1.0.6-1 (high)
CAN-2005-2269 (Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does ...)
- {DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
+ {DTSA-8-2 DTSA-14-1}
- mozilla-firefox 1.0.4-2sarge3 (high)
- mozilla 2:1.7.8-1sarge2 (medium)
- mozilla-thunderbird 1.0.6-1 (medium)
CAN-2005-2268 (Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly ...)
- {DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1}
+ {DTSA-8-2 DTSA-14-1}
- mozilla-firefox 1.0.4-2sarge3 (medium)
- mozilla 2:1.7.8-1sarge2 (medium)
CAN-2005-2267 (Firefox before 1.0.5 allows remote attackers to steal information and ...)
- {DSA-779-2 DSA-779-1 DTSA-8-2}
+ {DTSA-8-2}
- mozilla-firefox 1.0.4-2sarge3 (medium)
CAN-2005-2266 (Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to ...)
- {DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
+ {DTSA-8-2 DTSA-14-1}
- mozilla-firefox 1.0.4-2sarge3 (medium)
- mozilla 2:1.7.8-1sarge2 (medium)
- mozilla-thunderbird 1.0.6-1 (low)
CAN-2005-2265 (Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 ...)
- {DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
+ {DTSA-8-2 DTSA-14-1}
- mozilla-firefox 1.0.4-2sarge3 (high)
- mozilla 2:1.7.8-1sarge2 (medium)
- mozilla-thunderbird 1.0.6-1 (medium)
CAN-2005-2264 (Firefox before 1.0.5 allows remote attackers to steal sensitive ...)
- {DSA-779-2 DSA-779-1 DTSA-8-2}
+ {DTSA-8-2}
- mozilla-firefox 1.0.4-2sarge3 (medium)
CAN-2005-2263 (The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla ...)
- {DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1}
+ {DTSA-8-2 DTSA-14-1}
- mozilla-firefox 1.0.4-2sarge3 (medium)
- mozilla 2:1.7.8-1sarge2 (medium)
CAN-2005-2262 (Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers ...)
- {DSA-779-2 DSA-779-1 DTSA-8-2}
+ {DTSA-8-2}
- mozilla-firefox 1.0.4-2sarge3 (medium)
CAN-2005-2261 (Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, ...)
- {DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
+ {DTSA-8-2 DTSA-14-1}
- mozilla-firefox 1.0.4-2sarge3 (medium)
- mozilla 2:1.7.8-1sarge2 (medium)
- mozilla-thunderbird 1.0.6-1 (medium)
CAN-2005-2260 (The browser user interface in Firefox before 1.0.5, Mozilla before ...)
- {DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1}
+ {DTSA-8-2 DTSA-14-1}
- mozilla-firefox 1.0.4-2sarge3 (medium)
- mozilla 2:1.7.8-1sarge2 (medium)
CAN-2002-2086 (Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of ...)
@@ -3062,7 +3037,6 @@
CAN-2005-2257 (The saveProfile function in PhpSlash 0.8.0 allows remote attackers to ...)
NOT-FOR-US: PhpSlash
CAN-2005-2256 (Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 ...)
- {DSA-759-1}
- phppgadmin 3.5.4-1 (medium)
CAN-2005-2255 (Directory traversal vulnerability in PhpAuction 2.5 allows remote ...)
NOT-FOR-US: PhpAuction
@@ -3075,7 +3049,6 @@
CAN-2005-2251 (PHP remote file inclusion vulnerability in secure.php in ...)
NOT-FOR-US: PHPSecurePages (phpSP)
CAN-2005-2250 (Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 ...)
- {DSA-762-1}
- affix 2.1.2-2 (medium)
CAN-2005-2249 (Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown impact ...)
- jinzora <itp> (bug #289487)
@@ -3118,7 +3091,6 @@
CAN-2005-2232 (Buffer overflow in invscout in IBM AIX 5.1.0 through 5.3.0 might allow ...)
NOT-FOR-US: AIX
CAN-2005-2231 (High Availability Linux Project Heartbeat 1.2.3 allows local users to ...)
- {DSA-761-2}
- heartbeat 1.2.3-12 (medium)
CAN-2005-2230 (Electronic Mail Operator (elmo) 1.3.2-r1 and earlier creates the ...)
- elmo <unfixed> (bug #318291; medium)
@@ -3377,7 +3349,6 @@
CAN-2005-2162 (PHP remote file inclusion vulnerability in form.inc.php3 in ...)
NOT-FOR-US: MyGuestbook
CAN-2005-2161 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.16 allows remote ...)
- {DSA-768-1}
- phpbb2 2.0.13-6sarge1 (bug #317739; high)
CAN-2005-2160 (IMail stores usernames and passwords in cleartext in a cookie, which ...)
NOT-FOR-US: IMail
@@ -3398,15 +3369,12 @@
CAN-2005-2152 (SQL injection vulnerability in Geeklog before 1.3.11 allows remote ...)
NOT-FOR-US: Geeklog
CAN-2005-2151 (spf.c in Courier Mail Server does not properly handle DNS failures ...)
- {DSA-784-1}
- courier 0.47-6 (low)
CAN-2005-2150 (Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does ...)
NOT-FOR-US: Microsoft
CAN-2005-2149 (config.php in Cacti 0.8.6e and earlier allows remote attackers to set ...)
- {DSA-764-1}
- cacti 0.8.6f-1 (high)
CAN-2005-2148 (Cacti 0.8.6e and earlier does not perform proper input validation to ...)
- {DSA-764-1}
- cacti 0.8.6f-1 (high)
CAN-2005-2147 (Trac before 0.8.4 allows remote attackers to read or upload arbitrary ...)
TODO: Check, whether this was covered by DSA-739 as well
@@ -3475,7 +3443,6 @@
- cupsys 1.1.20final+rc1-1 (low)
CAN-2005-2116
REJECTED
- {DSA-745-1}
CAN-2005-2115 (Soldier of Fortune II 1.02x and 1.03 allows remote attackers to cause ...)
NOT-FOR-US: Soldier of Fortune
CAN-2005-2114 (Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and ...)
@@ -3497,7 +3464,6 @@
CAN-2005-2107 (Multiple cross-site scripting (XSS) vulnerabilities in post.php in ...)
- wordpress 1.5.1.3-1
CAN-2005-2106 (Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 ...)
- {DSA-745-1}
- drupal 4.5.4-1 (bug #316362)
CAN-2005-2105 (Cisco IOS 12.2T through 12.4 allows remote attackers to bypass ...)
NOT-FOR-US: IOS
@@ -3522,7 +3488,6 @@
NOTE: 2.6.8 and 2.4.27 not affected
- linux-2.6 2.6.12-3 (bug #323039; medium)
CAN-2005-2097 (xpdf and kpdf do not properly validate the "loca" table in PDF files, ...)
- {DSA-780-1}
- kdegraphics 4:3.4.2-1 (bug #322458; low)
- xpdf 3.00-15 (bug #322462; low)
NOTE: tetex-bin not affected re bug #322467
@@ -3531,7 +3496,6 @@
- cupsys <unfixed> (bug #324464; unimportant)
- poppler 0.4.0-1 (low)
CAN-2005-2096 (Buffer overflow in zlib 1.2 and later versions allows remote attackers ...)
- {DSA-797-1 DSA-740-1}
NOTE: Several packages ship embedded copies of zlib, there are a lot probably more
NOTE: Florian Weimer is doing a comprehensive audit using clamav
NOTE: to search for static zlib signatures in binaries in Debian
@@ -3555,7 +3519,6 @@
- zlib 1:1.2.2-7 (medium)
NOTE: fixed in experimental in 1:1.0.5.6-1, not yet in sid
CAN-2005-2095 (SquirrelMail 1.4.4 and earlier does not properly handle the $_POST ...)
- {DSA-756-1}
- squirrelmail 2:1.4.4-6
CAN-2005-2094 (Sun SunONE web server 6.1 SP1 allows remote attackers to poison the ...)
NOT-FOR-US: Sun
@@ -3571,7 +3534,6 @@
CAN-2005-2089 (Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web ...)
NOT-FOR-US: Microsoft
CAN-2005-2088 (Apache 2.0.45 and 1.3.29, when acting as an HTTP proxy, allows remote ...)
- {DSA-805-1 DSA-803-1}
- apache 1.3.33-8 (bug #322607; medium)
- apache2 2.0.54-5 (bug #316173; medium)
CAN-2005-2087 (Internet Explorer 6.0.2900.2180 on Windows XP allows remote attackers ...)
@@ -3647,10 +3609,9 @@
CAN-2005-2071 (traceroute in Sun Solaris 10 on x86 systems allows local users to ...)
NOT-FOR-US: Solaris
CAN-2005-2070 (The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used ...)
- {DSA-737-1 DTSA-3-1}
+ {DTSA-3-1}
- clamav 0.86.1 (medium)
CAN-2005-2069 (pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a ...)
- {DSA-785-1}
- openldap2.2 2.2.26-3 (medium)
- openldap2 2.1.30-11 (medium)
- libpam-ldap 178-1sarge1 (bug #316972; medium)
@@ -3680,7 +3641,7 @@
CAN-2005-2057 (Multiple cross-site scripting (XSS) vulnerabilities in Infopop ...)
NOT-FOR-US: Infopop UBB.Threads
CAN-2005-2056 (The Quantum archive decompressor in Clam AntiVirus (ClamAV) before ...)
- {DSA-737-1 DTSA-3-1}
+ {DTSA-3-1}
- clamav 0.86.1-1 (medium)
CAN-2005-2055 (RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and RealOne ...)
- helix-player 1.0.5-1 (bug #316276; high)
@@ -4132,7 +4093,6 @@
CAN-2005-2041 (Buffer overflow in addschup in HAURI ViRobot 2.0, and possibly other ...)
NOT-FOR-US: ViRobot
CAN-2005-2040 (Multiple buffer overflows in the getterminaltype function in telnetd ...)
- {DSA-758-1}
TODO: Check telnetd from netkit, krb4, krb5, as they all seem to be derived from the same BSD code base
- heimdal 0.6.3-11 (high)
CAN-2005-2039 (Unknown vulnerability in "various plugins" for NanoBlogger 3.2.1 and ...)
@@ -4166,7 +4126,6 @@
CAN-2005-2025 (Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to ...)
NOT-FOR-US: Cisco
CAN-2005-2024 (Vipul Razor Agents (razor-agents) before 2.70 allows remote attackers ...)
- {DSA-738-1}
NOTE: varying and apparently innacurate info about what versions fix it
- razor 2.720-1 (low)
CAN-2005-2023 (The send_pinentry_environment function in asshelp.c in gpg2 on SUSE ...)
@@ -4203,7 +4162,6 @@
CAN-2005-2008 (Yaws Webserver 1.55 and earlier allows remote attackers to obtain the ...)
- yaws 1.56-1 (low)
CAN-2005-2007 (Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier ...)
- {DSA-739-1}
- trac 0.8.4-1
CAN-2005-2006 (JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain ...)
NOT-FOR-US: JBOSS
@@ -4232,10 +4190,8 @@
CAN-2005-1994 (Finjan SurfinGate 7.0SP2 and SP3 allows remote attackers to download ...)
NOT-FOR-US: Finjan SurfinGate
CAN-2005-1993 (Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL ...)
- {DSA-735-2 DSA-735-1}
- sudo 1.6.8p9-1 (bug #315718; bug #315115; medium)
CAN-2005-1992 (The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets ...)
- {DSA-748-1}
- ruby1.8 1.8.2-8 (medium)
- ruby1.9 1.9.0+20050623-1 (medium)
CAN-2005-1991
@@ -4641,7 +4597,7 @@
CAN-2005-1938
REJECTED
CAN-2005-1937 (A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote ...)
- {DSA-810-1 DSA-777-1 DSA-775-1 DTSA-7-1 DTSA-8-2 DTSA-14-1}
+ {DTSA-7-1 DTSA-8-2 DTSA-14-1}
- mozilla-firefox 1.0.4-2sarge3 (medium)
- mozilla 2:1.7.8-1sarge1 (medium)
CAN-2004-2137 (Outlook Express 6.0, when sending multipart e-mail messages using the ...)
@@ -4653,7 +4609,6 @@
CAN-2005-1933 (Dashboard in Apple Mac OS X Tiger 10.4 allows attackers to execute ...)
NOT-FOR-US: Apple
CAN-2005-1934 (Gaim before 1.3.1 allows remote attackers to cause a denial of service ...)
- {DSA-734-1}
- gaim 1:1.3.1-1 (low)
CAN-2005-1930
RESERVED
@@ -4670,13 +4625,13 @@
CAN-2005-1924
RESERVED
CAN-2005-1923 (The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, ...)
- {DSA-737-1 DTSA-3-1}
+ {DTSA-3-1}
- clamav 0.86.1 (bug #316401; bug #316462; medium)
CAN-2005-1922 (The MS-Expand file handling in Clam AntiVirus (ClamAV) before 0.86 ...)
- {DSA-737-1 DTSA-3-1}
+ {DTSA-3-1}
- clamav 0.86.1-1 (low)
CAN-2005-1921 (Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka ...)
- {DSA-789-1 DSA-746-1 DSA-747-1 DSA-745-1 DTSA-15-1}
+ {DTSA-15-1}
- serendipity <itp> (bug #312413)
- drupal 4.5.4-1 (high; bug #316362)
- phpgroupware 0.9.16.006-1 (high)
@@ -4685,7 +4640,6 @@
- php4 4:4.3.10-16etch1 (high; bug #316447)
NOTE: horde3 is not affected by this issue, they ship different XMLRPC code
CAN-2005-1920 (The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through ...)
- {DSA-804-1}
- kdelibs 4:3.4.2-1 (bug #319016; medium)
CAN-2005-1919
RESERVED
@@ -4695,12 +4649,12 @@
NOT-FOR-US: kpopper
NOTE: there is a kpopper in kerberos4kth-servers, but this is not the same one
CAN-2005-1916 (linki.py in ekg 2005-06-05 and earlier allows local users to overwrite ...)
- {DSA-760-1 DTSA-4-1}
+ {DTSA-4-1}
- ekg 1:1.5+20050712+1.6rc2-1 (low)
CAN-2005-1915 (The log4sh_readProperties function in log4sh 1.2.5 and earlier allows ...)
NOT-FOR-US: log4sh
CAN-2005-1914 (CenterICQ 4.20.0 and earlier creates temporary files with predictable ...)
- {DSA-754-1 DTSA-2-1}
+ {DTSA-2-1}
- centericq 4.20.0-7 (medium)
CAN-2005-1913 (The Linux kernel 2.6 before 2.6.12.1 allows local users to cause a ...)
{DTSA-16-1}
@@ -4819,36 +4773,31 @@
CAN-2005-1859 (Unknown vulnerability in arshell in the Array Service (arrayd) for SGI ...)
NOT-FOR-US: arshell
CAN-2005-1857 (Format string vulnerability in simpleproxy before 3.4 allows remote ...)
- {DSA-786-1}
+ TODO: check
CAN-2005-1856 (The CD-burning feature in backup-manager 0.5.8 and earlier uses a ...)
- {DSA-787-1}
- backup-manager 0.5.8-2 (low)
CAN-2005-1855 (Backup Manager (backup-manager) before 0.5.8 creates backup files with ...)
- {DSA-787-1}
- backup-manager 0.5.8-2 (medium)
CAN-2005-1854 (Unknown vulnerability in apt-cacher in Debian 3.1, related to "missing ...)
- {DSA-772-1}
+ TODO: check
CAN-2005-1853 (gopher.c in the Gopher client 3.0.5 does not properly create temporary ...)
- {DSA-770-1}
- gopher 3.0.8 (low)
CAN-2005-1852 (Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 ...)
- {DSA-767-1 DTSA-4-1}
+ {DTSA-4-1}
NOTE: Kopete embeds the vulnerable code, but it's only used as a fallback when
NOTE: no shared lib version is found. As the Debian package has a dependency on
NOTE: it the maintainer does not intent to fix it, see # 319443
- ekg 1:1.5+20050712+1.6rc3-1 (medium)
CAN-2005-1851 (A certain contributed script for ekg Gadu Gadu client 1.5 and earlier ...)
- {DSA-760-1 DTSA-4-1}
+ {DTSA-4-1}
- ekg 1:1.5+20050712+1.6rc2-1 (low)
CAN-2005-1850 (Certain contributed scripts for ekg Gadu Gadu client 1.5 and earlier ...)
- {DSA-760-1 DTSA-4-1}
+ {DTSA-4-1}
- ekg 1:1.5+20050712+1.6rc2-1 (low)
CAN-2005-1849 (inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of ...)
- {DSA-797-1 DSA-763-1}
NOTE: This is only contrib code not built in the binary packages AFAIK
- zlib 1:1.2.3-1 (low)
CAN-2005-1848 (The dhcpcd DHCP client before 1.3.22 allows remote attackers to cause ...)
- {DSA-750-1}
- dhcpcd 1:1.3.22pl4-22 (medium)
CAN-2005-1847 (Multiple buffer overflows in YaMT before 0.5_2 allow attackers to ...)
NOT-FOR-US: YaMT
@@ -4865,7 +4814,6 @@
CAN-2005-1841 (The control for Adobe Reader 5.0.9 and 5.0.10 on Linux, Solaris, ...)
NOT-FOR-US: acroread
CAN-2005-1858 (FUSE 2.x before 2.3.0 does not properly clear previously used memory ...)
- {DSA-744-1}
- fuse 2.3.0-1
CAN-2005-2349 [Directory traversal in zoo]
RESERVED
@@ -4967,7 +4915,6 @@
CAN-2005-1797 (The design of Advanced Encryption Standard (AES), aka Rijndael, allows ...)
NOTE: Cryptographic attack on AES, cannot be fixed
CAN-2005-1796 (Format string vulnerability in the curses_msg function in the Ncurses ...)
- {DSA-749-1}
- ettercap 1:0.7.1-1.1 (bug #311615)
CAN-2005-1795 (The filecopy function in misc.c in Clam AntiVirus (ClamAV) before ...)
NOT-FOR-US: ClamAV on Mac OS X
@@ -5022,7 +4969,6 @@
CAN-2005-1770 (Buffer overflow in the Aavmker4 device driver in Avast! Antivirus 4.6 ...)
NOT-FOR-US: Avast
CAN-2005-1769 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...)
- {DSA-756-1}
- squirrelmail 2:1.4.4-6 (bug #314374; medium)
CAN-2005-1768 (Race condition in the ia32 compatibility code for the execve system ...)
- kernel-source-2.4.27 2.4.27-11 (medium; bug #319629)
@@ -5074,7 +5020,7 @@
CAN-2005-1756 (Cross-site scripting (XSS) vulnerability in the ModWeb agent for ...)
NOT-FOR-US: Novell
CAN-2005-1751 (Race condition in shtool 2.0.1 and earlier allows local users to ...)
- {DSA-789-1 DTSA-15-1}
+ {DTSA-15-1}
- shtool 2.0.1-2 (low)
- mysql-ocaml 1.0.3-6 (low)
- php4 4:4.3.10-16etch1 (low)
@@ -5315,7 +5261,6 @@
CAN-2005-1690
REJECTED
CAN-2005-1689 (Double-free vulnerability in the krb5_recvauth function in MIT ...)
- {DSA-757-1}
- krb5 1.3.6-4 (medium)
CAN-2005-1688 (Wordpress 1.5 and earlier allows remote attackers to obtain sensitive ...)
NOTE: Removed from Sarge due to intransparent handling of security issues by upstream
@@ -5324,7 +5269,6 @@
NOTE: Removed from Sarge due to intransparent handling of security issues by upstream
- wordpress 1.5.1-1
CAN-2005-1686 (Format string vulnerability in gedit 2.10.2 may allow attackers to ...)
- {DSA-753-1}
NOTE: Only exploitable under rare circumstances
- gedit 2.10.3-1 (low)
CAN-2005-1685 (episodex guestbook allows remote attackers to bypass authentication ...)
@@ -5508,7 +5452,6 @@
CAN-2005-1637 (Multiple SQL injection vulnerabilities in NPDS 4.8 and 5.0 allow ...)
NOT-FOR-US: NPDS
CAN-2005-1636 (mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 ...)
- {DSA-783-1}
- mysql-dfsg 4.0.12-2 (bug #319526; low)
CAN-2005-1635 (JGS-XA JGS-Portal 3.0.2 and earlier allows remote attackers to obtain ...)
NOT-FOR-US: JGS-Portal
@@ -5705,13 +5648,10 @@
CAN-2005-1547 (Heap-based buffer overflow in the demo version of Bakbone Netvault, ...)
NOT-FOR-US: Bakbone Netvault
CAN-2005-1546 (Buffer overflow in the PE parser in HT Editor before 0.8.0 allows ...)
- {DSA-743-1}
- ht 0.8.0-2
CAN-2005-1545 (Integer overflow in the ELF parser in HT Editor before 0.8.0 allows ...)
- {DSA-743-1}
- ht 0.8.0-3
CAN-2005-1544 (Stack-based buffer overflow in libTIFF before 3.7.2 allows remote ...)
- {DSA-755-1}
NOTE: CVE info about vulnerable version number is bogus
- tiff 3.7.2-3
NOTE: tiff3g not in testing
@@ -5738,7 +5678,6 @@
CAN-2005-1533
RESERVED
CAN-2005-1532 (Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly ...)
- {DSA-781-1}
- mozilla-firefox 1.0.4
- mozilla 2:1.7.8
- mozilla-thunderbird 1.0.6-1 (high)
@@ -5754,28 +5693,20 @@
CAN-2005-1527 (Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, ...)
- awstats 6.4-1.1 (bug #322591; medium)
CAN-2005-1526 (PHP file inclusion vulnerability in config_settings.php in Cacti ...)
- {DSA-764-1}
- cacti 0.8.6e-1 (high)
CAN-2005-1525 (SQL injection vulnerability in config_settings.php for Cacti before ...)
- {DSA-764-1}
- cacti 0.8.6e-1 (high)
CAN-2005-1524 (PHP file inclusion vulnerability in top_graph_header.php in Cacti ...)
- {DSA-764-1}
- cacti 0.8.6e-1 (high)
CAN-2005-1523 (Format string vulnerability in imap4d server in GNU Mailutils 0.5 and ...)
- {DSA-732-1}
- mailutils 1:0.6.1-3
CAN-2005-1522 (The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions ...)
- {DSA-732-1}
- mailutils 1:0.6.1-3
CAN-2005-1521 (Integer overflow in the fetch_io function of the imap4d server in GNU ...)
- {DSA-732-1}
- mailutils 1:0.6.1-3
CAN-2005-1520 (Buffer overflow in the header_get_field_name function in header.c for ...)
- {DSA-732-1}
- mailutils 1:0.6.1-3
CAN-2005-1519 (Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered ...)
- {DSA-751-1}
- squid 2.5.9-9
CAN-2005-1518 (Unknown vulnerability in Solaris 7 through 9, when using Federated ...)
NOT-FOR-US: Solaris
@@ -6923,7 +6854,6 @@
CAN-2005-1350 (The ad.cgi script allows remote attackers to read arbitrary files via ...)
NOT-FOR-US: ad.cgi
CAN-2005-1349 (Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows ...)
- {DSA-727-1}
- libconvert-uulib-perl 1.0.5.1
CAN-2005-1348 (Buffer overflow in HTTPMail in MailEnable Enterprise 1.04 and earlier ...)
NOT-FOR-US: MailEnable
@@ -6932,7 +6862,6 @@
CAN-2005-1346 (Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 ...)
NOT-FOR-US: Symantec
CAN-2005-1345 (Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it ...)
- {DSA-721-1}
- squid 2.5.9-7
CAN-2005-1344 (Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to ...)
- apache2 2.0.54-3
@@ -7095,17 +7024,14 @@
CAN-2005-XXXX [Unspecified buffer overflow in Convert::UUlib perl module]
- libconvert-uulib-perl 1.0.5.1-1
CAN-2005-1269 (Gaim before 1.3.1 allows remote attackers to cause a denial of service ...)
- {DSA-734-1}
- gaim 1:1.3.1-1 (low)
CAN-2005-1268 (Off-by-one error in the mod_ssl Certificate Revocation List (CRL) ...)
- {DSA-805-1}
NOTE: This is from latest Trustix advisory, exploitation would require to trick
NOTE: someone into using a maliciously crafted certificate revocation list
- apache2 2.0.54-5 (bug #320048; low)
CAN-2005-1267 (The bgp_update_print function in tcpdump 3.x does not properly handle ...)
- tcpdump 3.9.0.cvs.20050614-1 (medium)
CAN-2005-1266 (Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to ...)
- {DSA-736-2 DSA-736-1}
- spamassassin 3.0.4-1 (bug #314447; medium)
CAN-2005-1265 (The mmap function in the Linux Kernel 2.6.10 can be used to create ...)
- kernel-source-2.6.8 2.6.8-17
@@ -7125,7 +7051,6 @@
NOTE: see http://gaim.sourceforge.net/security/
- gaim 1:1.2.1-1.1
CAN-2005-1260 (bzip2 allows remote attackers to cause a denial of service (hard drive ...)
- {DSA-741-1}
- bzip2 1.0.2-7
CAN-2005-1259
RESERVED
@@ -7195,7 +7120,6 @@
CAN-2005-1229 (Directory traversal vulnerability in cpio 2.6 and earlier allows ...)
- cpio 2.6-6 (bug #306693; medium)
CAN-2005-1228 (Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through ...)
- {DSA-752-1}
- gzip 1.3.5-10
CAN-2005-1227 (Cross-site scripting (XSS) vulnerability in PHProjekt 4.2 and earlier ...)
NOT-FOR-US: PHPProjekt
@@ -7446,11 +7370,9 @@
CAN-2005-1176 (Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file while ...)
NOT-FOR-US: AIX
CAN-2005-1175 (Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT ...)
- {DSA-757-1}
TODO: check krb4
- krb5 1.3.6-4 (medium)
CAN-2005-1174 (MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) ...)
- {DSA-757-1}
TODO: check krb4
- krb5 1.3.6-4 (medium)
CAN-2004-1774 (Buffer overflow in the SDO_CODE_SIZE peocedure of the MD2 package ...)
@@ -7482,12 +7404,10 @@
CAN-2005-1161 (Multiple SQL injection vulnerabilities in OneWorldStore allow remote ...)
NOT-FOR-US: OneWorldStore
CAN-2005-1160 (The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla ...)
- {DSA-781-1}
- mozilla-firefox 1.0.3-1
- mozilla 2:1.7.7-1
- mozilla-thunderbird 1.0.6-1 (high)
CAN-2005-1159 (The native implementations of InstallTrigger and other functions in ...)
- {DSA-781-1}
- mozilla-firefox 1.0.3-1
- mozilla 2:1.7.7-1
- mozilla-thunderbird 1.0.6-1 (medium)
@@ -7509,10 +7429,8 @@
- mozilla-firefox 1.0.3-1
- mozilla 2:1.7.7-1
CAN-2005-1152 (popauth.c in qpopper 4.0.5 and earlier does not properly set the ...)
- {DSA-728-1}
- qpopper 4.0.5-4sarge1
CAN-2005-1151 (qpopper 4.0.5 and earlier does not properly drop privileges before ...)
- {DSA-728-1}
- qpopper 4.0.5-4sarge1
CAN-2005-1150 (Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and ...)
NOT-FOR-US: Sun Java
@@ -7574,7 +7492,6 @@
CAN-2005-1122 (Format string vulnerability in cgi.c for Monkey daemon (monkeyd) ...)
NOT-FOR-US: monkeyd
CAN-2005-1121 (Format string vulnerability in the my_xlog function in lib.c for Oops! ...)
- {DSA-726-1}
NOTE: Not part of Sarge due to FTBFS on ia64 and alpha
- oops <unfixed> (bug #307360; high)
CAN-2005-1120 (Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail ...)
@@ -7600,12 +7517,10 @@
CAN-2005-1110 (Stack-based buffer overflow in the RespondeHTTPPendiente function in ...)
NOT-FOR-US: Sumus web server
CAN-2005-1109 (The filtering of URLs in JunkBuster before 2.0.2-r3 allows remote ...)
- {DSA-713-1}
NOTE: only part of Woody, has been removed from Sarge and sid
NOT-FOR-US: Junkbuster
NOTE: checked privoxy, is not vulnerable
CAN-2005-1108 (The ij_untrusted_url function in JunkBuster 2.0.2-r2, with ...)
- {DSA-713-1}
NOTE: only part of Woody, has been removed from Sarge and sid
NOT-FOR-US: Junkbuster
NOTE: checked privoxy, is not vulnerable
@@ -7739,7 +7654,6 @@
CAN-2005-1047 (Meilad File upload script (up.php) mod for phpBB 2.0.x does not ...)
NOT-FOR-US: PunBB
CAN-2005-1046 (Buffer overflow in the kimgio library for KDE 3.4.0 allows remote ...)
- {DSA-714-1}
- kdelibs 4:3.3.2-6
CAN-2005-1045 (OpenText FirstClass 8.0 client does not properly sanitize strings ...)
NOT-FOR-US: OpenText
@@ -7872,12 +7786,10 @@
CAN-2005-0990 (unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite ...)
- sharutils 1:4.2.1-13
CAN-2005-0989 (The find_replen function in jsstr.c in the the Javascript engine for ...)
- {DSA-781-1}
- mozilla 2:1.7.7-1
- mozilla-firefox 1.0.2-3
- mozilla-thunderbird 1.0.6-1 (medium)
CAN-2005-0988 (Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a ...)
- {DSA-752-1}
- gzip 1.3.5-10
NOTE: Essentially the same as CAN-2005-0953
CAN-2005-0987 (Unknown vulnerability in IRC Services NickServ LISTLINKS before 5.0.50 ...)
@@ -7952,7 +7864,6 @@
CAN-2005-0954 (Windows Explorer and Internet Explorer in Windows 2000 SP1 allows ...)
NOT-FOR-US: Windows
CAN-2005-0953 (Race condition in bzip2 1.0.2 and earlier allows local users to modify ...)
- {DSA-730-1}
- bzip2 1.0.2-6
NOTE: This "vulnerability" is only exploitable under rarest circumstances: A (local)
NOTE: attacker would have to exploit the minimal time span between uncompressing
@@ -8087,7 +7998,6 @@
- smail <unfixed> (bug #301428; medium)
NOTE: no patch known at this time.
CAN-2005-0892 (Buffer overflow in smail 3.2.0.120 allows remote attackers or local ...)
- {DSA-722-1}
- smail 3.2.0.115-7
CAN-2005-0891 (Double-free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote ...)
NOTE: The description is wrong; 2.6 is affected as well
@@ -8197,7 +8107,6 @@
CAN-2005-0871 (calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when ...)
NOT-FOR-US: Topic Calendar phpbb2 plugin
CAN-2005-0870 (Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, ...)
- {DSA-724-1}
- phpsysinfo 2.3-3
CAN-2005-0869 (phpSysInfo 2.3 allows remote attackers to obtain sensitive information ...)
NOTE: phpsysinfo maintainer does not consider path disclosure to
@@ -8398,7 +8307,6 @@
- linux-2.6 2.6.12-1 (bug #300783; medium)
NOTE: Fixed upstream in 2.6.12-rc1
CAN-2005-0814 (Unknown vulnerability in lshd in Lysator LSH 1.x and 2.x before 2.0.1 ...)
- {DSA-717-1}
- lsh-utils 2.0.1-1
CAN-2005-0813 (Buffer overflow in Initial Redirect (ir) Squid Proxy Plug-In 0.1 and ...)
NOT-FOR-US: ir
@@ -8494,19 +8402,16 @@
CAN-2005-0764 (Buffer overflow in command.C for rxvt-unicode before 5.3 allows remote ...)
- rxvt-unicode 5.3-1
CAN-2005-0763 (Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier may ...)
- {DSA-698-1}
+ TODO: check
CAN-2005-0762 (Heap-based buffer overflow in the SGI parser in ImageMagick before 6.0 ...)
- {DSA-702-1}
- imagemagick 5:6.0.0-1
NOTE: Does only affect imagemagick releases prior to 6
CAN-2005-0761 (Unknown vulnerability in ImageMagick before 6.1.8 allows remote ...)
- imagemagick 5:6.0.2.5 (bug #301110)
CAN-2005-0760 (The TIFF decoder in ImageMagick before 6.0 allows remote attackers to ...)
- {DSA-702-1}
- imagemagick 5:6.0.0-1
NOTE: Does only affect imagemagick releases prior to 6
CAN-2005-0759 (ImageMagick before 6.0 allows remote attackers to cause a denial of ...)
- {DSA-702-1}
- imagemagick 5:6.0.0-1
NOTE: Does only affect imagemagick releases prior to 6
CAN-2005-0758 (zgrep in gzip before 1.3.5 does not properly sanitize arguments, which ...)
@@ -8528,7 +8433,6 @@
CAN-2005-0754 (Kommander in KDE 3.2 through KDE 3.4.0 executes data files without ...)
- kdewebdev 4:3.3.2-6
CAN-2005-0753 (Buffer overflow in CVS before 1.11.20 allows remote attackers to ...)
- {DSA-742-1}
- cvs 1:1.12.9-13
CAN-2005-0752 (The Plugin Finder Service (PFS) in Firefox before 1.0.3 allows remote ...)
- mozilla-firefox 1.0.3-1
@@ -8592,7 +8496,6 @@
CAN-2005-0740 (The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote ...)
NOT-FOR-US: OpenBSD
CAN-2005-0739 (The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does ...)
- {DSA-718-1}
- ethereal 0.9.10
CAN-2005-0738 (Stack overflow in Microsoft Exchange Server 2003 SP1 allows users to ...)
NOT-FOR-US: Microsoft
@@ -8651,15 +8554,12 @@
CAN-2005-0712 (Mac OS X before 10.3.8 users world-writable permissions for certain ...)
NOT-FOR-US: Mac OS
CAN-2005-0711 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable ...)
- {DSA-707-1}
- mysql-dfsg 4.0.24
- mysql-dfsg-4.1 4.1.10a
CAN-2005-0710 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote ...)
- {DSA-707-1}
- mysql-dfsg 4.0.24
- mysql-dfsg-4.1 4.1.10a
CAN-2005-0709 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote ...)
- {DSA-707-1}
- mysql-dfsg 4.0.24
- mysql-dfsg-4.1 4.1.10a
CAN-2005-0708 (The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 ...)
@@ -8892,7 +8792,6 @@
CAN-2005-0665 (Format string vulnerability in xv before 3.10a allows remote attackers ...)
NOT-FOR-US: XV
CAN-2005-0664 (Buffer overflow in the EXIF library (libexif) 0.6.9 does not properly ...)
- {DSA-709-1}
- libexif 0.6.9-5
CAN-2005-0663 (SQL injection vulnerability in index.php for MercuryBoard 1.1.2 allows ...)
NOT-FOR-US: Mercury Board
@@ -8943,11 +8842,9 @@
CAN-2005-0640 (Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not ...)
NOT-FOR-US: Computer Associates UAM
CAN-2005-0639 (Multiple vulnerabilities in xli before 1.17 may allow remote attackers ...)
- {DSA-695-1 DSA-694-1}
- xloadimage 4.1-14.2
- xli 1.17.0-17
CAN-2005-0638 (xloadimage before 4.1-r2, and xli before 1.17, allows attackers to ...)
- {DSA-695-1 DSA-694-1}
- xli 1.17.0-18
- xloadimage 4.1-14.1
CAN-2005-0637 (The copy functions in locore.s such as copyout in OpenBSD 3.5 and 3.6, ...)
@@ -9024,7 +8921,6 @@
CAN-2005-0606 (Cross-site scripting (XSS) vulnerability in settings.inc.php for ...)
NOT-FOR-US: CubeCert
CAN-2005-0605 (scan.c for LibXPM may allow attackers to execute arbitrary code via a ...)
- {DSA-723-1}
NOTE: lesstif2
- lesstif1-1 1:0.93.94-11.1
NOTE: lesstif1
@@ -9317,14 +9213,12 @@
CAN-2005-0526 (Multiple cross-site scripting (XSS) vulnerabilities in PBLang 4.65 ...)
NOT-FOR-US: PBLang
CAN-2005-0525 (The php_next_marker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 ...)
- {DSA-729-1 DSA-708-1}
- php4 4:4.3.10-10
- php3 3:3.0.18-31
CAN-2005-0524 (The php_handle_iff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 ...)
NOTE: php3 not affected
- php4 4:4.3.10-10
CAN-2005-0523 (Format string vulnerability in ProZilla 1.3.7.3 and earlier allows ...)
- {DSA-719-1}
- prozilla 1:1.3.7.4-1
CAN-2005-0522 (Chat Anywhere 2.72a stores sensitive information such as passwords in ...)
NOT-FOR-US: Chat Anywhere
@@ -9769,19 +9663,16 @@
CAN-2005-0473 (The HTML parsing functions in Gaim before 1.1.3 allow remote attackers ...)
- gaim 1:1.1.3-1
CAN-2005-0472 (Gaim before 1.1.3 allows remote attackers to cause a denial of service ...)
- {DSA-716-1}
- gaim 1:1.1.3-1
CAN-2005-0471 (Sun Java JRE 1.1.x through 1.4.x writes temporary files with long ...)
NOT-FOR-US: SUN JRE
CAN-2005-0470 (Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers ...)
- wpasupplicant 0.3.8-1
CAN-2005-0469 (Buffer overflow in the slc_add_reply function in various BSD-based ...)
- {DSA-765-1 DSA-731-1 DSA-703-1 DSA-699-1 DSA-697-1}
- krb4 1.2.2-11.2
- krb5 1.3.6-2
- heimdal 0.6.3-10
CAN-2005-0468 (Heap-based buffer overflow in the env_opt_add function in telnet.c for ...)
- {DSA-731-1 DSA-703-1}
- krb5 1.3.6-2
- krb4 1.2.2-11.2
TODO: check netkit-telnet, netkit-telnet-ssl
@@ -9943,14 +9834,12 @@
- kernel-source-2.6.8 <unfixed> (bug #295949; high)
- linux-2.6 <not-affected> (Vulnerable code was removed betwen 2.6.11 and 2.6.12)
CAN-2005-0448 (Race condition in the rmtree function in File::Path.pm in Perl before ...)
- {DSA-696-1}
- perl 5.8.4-7
CAN-2005-0430 (The Quake 3 engine, as used in multiple game packages, allows remote ...)
NOT-FOR-US: Quake3
CAN-2005-0447 (Solaris 7, 8, and 9 allows remote attackers to cause a denial of ...)
NOT-FOR-US: Solaris
CAN-2005-0446 (Squid 2.5.STABLE8 and earlier allows remote attackers to cause a ...)
- {DSA-688-1}
- squid 2.5.8-3
CAN-2005-0445 (Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows ...)
NOTE: Not in testing, only sid
@@ -10059,7 +9948,6 @@
CAN-2005-0398 (The KAME racoon daemon in ipsec-tools before 0.5 allows remote ...)
- racoon 1:0.5-5
CAN-2005-0397 (Format string vulnerability in the SetImageInfo function in image.c ...)
- {DSA-702-1}
- imagemagick 6:6.0.6.2-2.2
CAN-2005-0396 (Desktop Communication Protocol (DCOP) daemon, aka dcopserver, in KDE ...)
NOTE: fix in -4 was broken
@@ -10069,26 +9957,23 @@
CAN-2005-0394
RESERVED
CAN-2005-0393 (The helper scripts for crip 3.5 do not properly use temporary files, ...)
- {DSA-733-1}
+ TODO: check
CAN-2005-0392 (ppxp does not drop root privileges before opening log files, which ...)
- {DSA-725-2 DSA-725-1}
+ TODO: check
CAN-2005-0391 (geneweb 4.10 and earlier does not properly check file permissions and ...)
- {DSA-712-1}
+ TODO: check
CAN-2005-0390 (Buffer overflow in the HTTP redirection capability in conn.c for Axel ...)
- {DSA-706-1}
- axel 1.0b-1
CAN-2005-0389
REJECTED
CAN-2005-0388 (Unknown vulnerability in the remoteping service in remstats 1.0.13 and ...)
- {DSA-704-1}
- remstats 1.0.13a-5
CAN-2005-0387 (remstats 1.0.13 and earlier, when processing uptime data, allows local ...)
- {DSA-704-1}
- remstats 1.0.13a-5
CAN-2005-0386 (Cross-site scripting (XSS) vulnerability in network.cgi in mailreader ...)
- {DSA-700-1}
+ TODO: check
CAN-2005-0385 (Buffer overflow in luxman before 0.41, if used with certain insecure ...)
- {DSA-693-1}
+ TODO: check
CAN-2005-0384 (Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 ...)
- kernel-source-2.6.8 2.6.8-15
- kernel-source-2.4.27 2.4.27-9
@@ -10122,7 +10007,7 @@
NOTE: cyrus-sasl2 already has patch applied
NOTE: cyrus-sasl code seems too old for any of the problems to apply
CAN-2005-0372 (Directory traversal vulnerability in gftp 2.0.18 and earlier for GTK+ ...)
- {DSA-686-1}
+ TODO: check
CAN-2005-0371 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and ...)
- armagetron <unfixed> (bug #296840; low)
CAN-2005-0370 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and ...)
@@ -10366,7 +10251,6 @@
CAN-2005-0365 (The dcopidlng script in KDE 3.2.x and 3.3.x creates temporary files ...)
- kdelibs 4:3.3.2-2
CAN-2005-0363 (awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute ...)
- {DSA-682-1}
- awstats 6.2-1.2
CAN-2005-0362 (awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary ...)
- awstats 6.2-1.2
@@ -10557,7 +10441,6 @@
CAN-2005-0257
RESERVED
CAN-2005-0256 (The wu_fnmatch function in wu_fnmatch.c for wu-fptd 2.6.1 and 2.6.2 ...)
- {DSA-705-1}
- wu-ftpd 2.6.2-19
CAN-2005-0255 (String handling functions in Mozilla 1.7.3, Firefox 1.0, and ...)
- mozilla-firefox 1.0.1
@@ -10578,12 +10461,10 @@
CAN-2005-0248 (The Solaris Management Console (SMC) GUI for Solaris 8 and 9, when ...)
NOT-FOR-US: Solaris
CAN-2005-0247 (Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier ...)
- {DSA-683-1}
- postgresql 7.4.7-2
CAN-2005-0246 (The intagg contrib module for PostgreSQL 8.0.0 and earlier allows ...)
- postgresql 7.4.7-1
CAN-2005-0245 (Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow ...)
- {DSA-683-1}
- postgresql 7.4.7-1
CAN-2005-0244 (PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE ...)
- postgresql 7.4.7-1
@@ -10705,7 +10586,7 @@
CAN-2005-0228
REJECTED
CAN-2005-0227 (PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local users ...)
- {DSA-668-1}
+ TODO: check
CAN-2005-0226 (Format string vulnerability in the Log_Resolver function in log.c for ...)
NOT-FOR-US: ngIRCd
CAN-2005-0225 (firehol.sh in FireHOL before 1.224 creates temporary files with ...)
@@ -10735,7 +10616,7 @@
CAN-2005-0212 (The Amp II engine as used by Gore: Ultimate Soldier 1.50 and earlier ...)
NOT-FOR-US: The Amp II engine as used by Gore: Ultimate Soldier
CAN-2005-0211 (Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows ...)
- {DSA-667-1}
+ TODO: check
CAN-2005-0210 (Netfilter in the Linux kernel 2.6.8.1 allows local users to cause a ...)
NOTE: fixed in ubuntu kernels
NOTE: 2.6.11 is not affected, apparantly 2.6.10 is no longer relevant
@@ -10759,7 +10640,6 @@
NOTE: found this: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=135393
NOTE: gpdf ok, all implementations seem ok
CAN-2005-0205 (KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain ...)
- {DSA-692-1}
- kppp 4:3.1.6
CAN-2005-0204 (Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T ...)
NOTE: According to a question on linux-kernel 2.6 is not vulnerable
@@ -10767,7 +10647,6 @@
CAN-2005-0203
REJECTED
CAN-2005-0202 (Directory traversal vulnerability in the true_path function in ...)
- {DSA-674-1}
- mailman 2.1.5-6
CAN-2005-0201 (D-BUS (dbus) before 0.22 does not properly restrict access to a ...)
- dbus 0.22
@@ -10782,7 +10661,7 @@
CAN-2005-0195 (Cisco IOS 12.0S through 12.3YH allows remote attackers to cause a ...)
NOT-FOR-US: Cisco
CAN-2005-0194 (Squid 2.5, when processing the configuration file, parses empty Access ...)
- {DSA-667-1}
+ TODO: check
CAN-2005-0193 (Buffer overflow in the (1) -v and (2) -a switches in mRouter in iSync ...)
NOT-FOR-US: mRouter in iSync in OS X
CAN-2005-0192 (Directory traversal vulnerability in the parsing of Skin file names in ...)
@@ -10864,11 +10743,11 @@
CAN-2005-0198 (A logic error in the CRAM-MD5 code for the University of Washington ...)
- uw-imap 7:2002edebian1-6
CAN-2005-0175 (Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the ...)
- {DSA-667-1}
+ TODO: check
CAN-2005-0174 (Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the ...)
- squid 2.5.7-6
CAN-2005-0173 (squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated ...)
- {DSA-667-1}
+ TODO: check
CAN-2005-0172
RESERVED
CAN-2005-0171
@@ -10897,11 +10776,11 @@
CAN-2005-0160 (Multiple buffer overflows in unace 1.2b allow attackers to execute ...)
- unace 1.2b-3
CAN-2005-0159 (The tpkg-* scripts in the toolchain-source 3.0.4 package on Debian ...)
- {DSA-679-1}
+ TODO: check
CAN-2005-0158 (Format string vulnerability in bidwatcher before 1.3.17 allows remote ...)
- {DSA-687-1}
+ TODO: check
CAN-2005-0157 (The confirm add-on in SmartList 3.15 and earlier allows attackers to ...)
- {DSA-720-1}
+ TODO: check
CAN-2005-0156 (Buffer overflow in the PerlIO implementation in Perl 5.8.0, when ...)
- perl 5.8.4-6
CAN-2005-0155 (The PerlIO implementation in Perl 5.8.0, when installed with setuid ...)
@@ -10912,7 +10791,7 @@
CAN-2005-0153
RESERVED
CAN-2005-0152 (PHP remote code injection vulnerability in Squirrelmail 1.2.6 allows ...)
- {DSA-662-1}
+ TODO: check
CAN-2005-0151 (Unknown vulnerability in the installation of Adobe License Management ...)
NOT-FOR-US: Adobe License Management Software
CAN-2005-0150 (Firefox before 1.0 allows the user to store a (1) javascript: or (2) ...)
@@ -11019,41 +10898,36 @@
NOTE: attack, paranoid people should disable hyper threading
- kfreebsd5-source 5.3-11
CAN-2005-0108 (Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote ...)
- {DSA-659-1}
- libapache-mod-auth-radius 1.5.7-6
- libpam-radius-auth 1.3.16-3
CAN-2005-0107 (bsmtpd 2.3 and earlier does not properly sanitize e-mail addresses, ...)
- {DSA-690-1}
+ TODO: check
CAN-2005-0106 (SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file ...)
- libnet-ssleay-perl 1.25-1.1
CAN-2005-0105 (Unknown vulnerability in typespeed 0.4.1 and earlier allows local ...)
- {DSA-684-1}
+ TODO: check
CAN-2005-0104 (Cross-site scripting (XSS) vulnerability in webmail.php in ...)
- {DSA-662-1}
+ TODO: check
CAN-2005-0103 (PHP remote code injection vulnerability in webmail.php in SquirrelMail ...)
- squirrelmail 2:1.4.4-1
CAN-2005-0102 (Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier ...)
- {DSA-673-1}
- evolution 2.0.3-1.2
CAN-2005-0101 (Buffer overflow in the socket_getline function in Newspost 2.1.1 and ...)
- newspost 2.1.1-2
CAN-2005-0100 (Format string vulnerability in the movemail utility in (1) Emacs 20.x, ...)
- {DSA-685-1 DSA-671-1 DSA-670-1}
- emacs21 21.3+1-9
- xemacs21 21.4.16-2
CAN-2005-0099 (The SDL port of abuse (abuse-SDL) before 2.00 does not properly drop ...)
- {DSA-691-1}
+ TODO: check
CAN-2005-0098 (Multiple buffer overflows in the SDL port of abuse (abuse-SDL) before ...)
- {DSA-691-1}
+ TODO: check
CAN-2005-0097 (The NTLM component in Squid 2.5.STABLE7 and earlier allows remote ...)
- squid 2.5.7-4
CAN-2005-0096 (Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and ...)
- squid 2.5.7-4
CAN-2005-0095 (The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows ...)
- {DSA-651-1}
- squid 2.5.7-4
CAN-2005-0094 (Buffer overflow in the gopherToHTML function in the Gopher reply ...)
- {DSA-651-1}
- squid 2.5.7-4
CAN-2005-0093
REJECTED
@@ -11064,9 +10938,8 @@
CAN-2005-0090 (A regression error in the Red Hat Enterprise Linux 4 kernel 4GB/4GB ...)
NOTE: apparently specific to redhat hugemem kernel
CAN-2005-0089 (The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, ...)
- {DSA-666-1}
+ TODO: check
CAN-2005-0088 (The publisher handler for mod_python 2.7.8 and earlier allows remote ...)
- {DSA-689-1}
- libapache2-mod-python 3.1.3-3
CAN-2005-0087 (The alsa-lib package in Red Hat Linux 4 disables stack protection for ...)
NOTE: debian does not have stack protection, but it's fixed anyway since 1.0.9
@@ -11074,10 +10947,8 @@
CAN-2005-0086 (Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 ...)
NOT-FOR-US: redhat specific less bug
CAN-2005-0085 (Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before ...)
- {DSA-680-1}
- htdig 1:3.1.6-11
CAN-2005-0084 (Buffer overflow in the X11 dissector in Ethereal 0.8.10 through 0.10.8 ...)
- {DSA-653-1}
- ethereal 0.10.9-1
CAN-2005-0083 (MySQL MaxDB 7.5.00 for Windows, and possibly earlier versions and ...)
NOTE: advisory is vague but implies non-Windows platforms may be vulnerable.
@@ -11086,7 +10957,6 @@
CAN-2005-0081 (MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote ...)
- maxdb-7.5.00 7.5.00.21-1
CAN-2004-1379 (Heap-based buffer overflow in the DVD subpicture decoder in xine ...)
- {DSA-657-1}
- xine-lib 1-rc6a-1
CAN-2004-1378 (The expat XML parser code, as used in the open source Jabber (jabberd) ...)
- jabber 1.4.3-3
@@ -11100,25 +10970,25 @@
CAN-2005-0080 (The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 ...)
- mailman 2.1.5-5
CAN-2005-0079 (Buffer overflow in xtrlock 2.0 allows local users to cause a denial of ...)
- {DSA-649-1}
+ TODO: check
CAN-2005-0078 (The KDE screen saver in KDE before 3.0.5 does not properly check the ...)
- {DSA-660-1}
+ TODO: check
CAN-2005-0077 (The DBI library (libdbi-perl) for Perl allows local users to overwrite ...)
- {DSA-658-1}
+ TODO: check
CAN-2005-0076 (Multiple buffer overflows in the XView library 3.2 may allow local ...)
- {DSA-672-1}
+ TODO: check
CAN-2005-0075 (prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, ...)
- squirrelmail 2:1.4.4-1
CAN-2005-0074 (Buffer overflow in pcdsvgaview in xpcd 2.08 allows local users to ...)
- {DSA-676-1}
+ TODO: check
CAN-2005-0073 (Buffer overflow in queue.c in a support script for sympa 3.3.3, when ...)
- {DSA-677-1}
+ TODO: check
CAN-2005-0072 (zhcon before 0.2 does not drop privileges before reading a user ...)
- {DSA-655-1}
+ TODO: check
CAN-2005-0071 (vdr before 1.2.6 does not securely create files, which allows ...)
- {DSA-656-1}
+ TODO: check
CAN-2005-0070 (Synaesthesia 2.1 and earlier, and possibly other versions, when ...)
- {DSA-681-1}
+ TODO: check
CAN-2005-0069 (The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local ...)
- vim 1:6.3-058+1
CAN-2005-0068 (The original design of ICMP does not require authentication for ...)
@@ -11130,7 +11000,6 @@
CAN-2005-0065 (The original design of TCP does not check that the TCP sequence number ...)
NOTE: general tcp design error
CAN-2005-0064 (Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc ...)
- {DSA-648-1 DSA-645-1}
- xpdf 3.00-13
- gpdf 2.8.2-1.2
- pdftohtml 0.36-11
@@ -11270,15 +11139,12 @@
CAN-2004-1344
RESERVED
CAN-2004-1343 (CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when ...)
- {DSA-715-1}
- cvs 1:1.12.9-11
CAN-2004-1342 (CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid ...)
- {DSA-715-1}
- cvs 1:1.12.9-11
CAN-2004-1341 (Cross-site scripting (XSS) vulnerability in info2www before 1.2.2.9 ...)
- {DSA-711-1}
+ TODO: check
CAN-2004-1340 (Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the ...)
- {DSA-659-1}
- libpam-radius-auth 1.3.16-1.1
CAN-2005-0032
RESERVED
@@ -11303,25 +11169,22 @@
CAN-2005-0022 (Buffer overflow in the spa_base64_to_bits function in Exim before ...)
- exim4 4.34-10
CAN-2005-0021 (Multiple buffer overflows in Exim before 4.43 may allow attackers to ...)
- {DSA-637-1 DSA-635-1}
+ TODO: check
CAN-2005-0020 (Buffer overflow in playmidi before 2.4 allows local users to execute ...)
- {DSA-641-1}
+ TODO: check
CAN-2005-0019 (Unknown vulnerability in hztty 2.0 and earlier allows local users to ...)
- {DSA-675-1}
+ TODO: check
CAN-2005-0018 (The f2 shell script in the f2c package 3.1 allows local users to read ...)
- {DSA-661-2}
- f2c 20020621-3.4 (bug #292792)
CAN-2005-0017 (The f2c translator in the f2c package 3.1 allows local users to read ...)
- {DSA-661-2}
- f2c 20020621-3.4 (bug #292792)
CAN-2005-0016 (Buffer overflow in the exported_display function in xatitv in gatos ...)
- {DSA-640-1}
+ TODO: check
CAN-2005-0015 (diatheke.pl in Sword 1.5.7a allows remote attackers to execute ...)
- {DSA-650-1}
+ TODO: check
CAN-2005-0014 (Buffer overflow in ncplogin in ncpfs before 2.2.6 allows remote ...)
- ncpfs 2.2.6-1
CAN-2005-0013 (nwclient.c in ncpfs before 2.2.6 does not drop root privileges before ...)
- {DSA-665-1}
- ncpfs 2.2.6-1
CAN-2005-0012 (Format string vulnerability in the a_Interface_msg function in Dillo ...)
- dillo 0.8.3-1
@@ -11338,10 +11201,8 @@
CAN-2005-0006 (The COPS dissector in Ethereal 0.10.6 through 0.10.8 allows remote ...)
- ethereal 0.10.9-1
CAN-2005-0005 (Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and ...)
- {DSA-646-1}
- imagemagick 6:6.0.6.2-2.1
CAN-2005-0004 (The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before ...)
- {DSA-647-1}
- mysql-dfsg-4.1 4.1.8a-6
- mysql-dfsg 4.0.23-3
CAN-2005-0003 (The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit ...)
@@ -11412,7 +11273,6 @@
CAN-2004-1319 (The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject ...)
NOT-FOR-US: MSIE
CAN-2004-1318 (Cross-site scripting (XSS) vulnerability in namazu.cgi for Namazu ...)
- {DSA-627-1}
- namazu2 2.0.14
CAN-2004-1317 (Stack-based buffer overflow in doexec.c in Netcat for Windows 1.1, ...)
NOTE: apparently only affects netcat in windows
@@ -11474,12 +11334,10 @@
CAN-2004-1290 (Buffer overflow in the process_moves function in pgn2web.c for pgn2web ...)
NOT-FOR-US: pgn2web
CAN-2004-1289 (Multiple buffer overflows in (1) the getline function in pcalutil.c ...)
- {DSA-625-1}
- pcal 4.8.0-1
CAN-2004-1288 (Buffer overflow in the parse_html function in o3read.c for o3read ...)
NOT-FOR-US: o3read
CAN-2004-1287 (Buffer overflow in the error function in preproc.c for NASM 0.98.38 ...)
- {DSA-623-1}
- nasm 0.98.38-1.1
CAN-2004-1286 (Buffer overflow in the auto_filter_extern function in auto.c for ...)
NOT-FOR-US: NapShare
@@ -11492,7 +11350,6 @@
CAN-2004-1283 (Buffer overflow in the Mesh::type method in mesh.c for the mview ...)
NOT-FOR-US: mview
CAN-2004-1282 (Buffer overflow in the strexpand function in string.c for LinPopUp ...)
- {DSA-632-1}
- linpopup 1.2.0-7
CAN-2004-1281 (The ftp_retr function in junkie 0.3.1 allows remote malicious FTP ...)
NOT-FOR-US: junkie
@@ -11531,7 +11388,6 @@
CAN-2004-1265 (Buffer overflow in the readObjectChunk function in 3dsimp.cpp for the ...)
NOT-FOR-US: Convex
CAN-2004-1264 (Buffer overflow in the simplify_path function in config.c for ChBg 1.5 ...)
- {DSA-644-1}
- chbg 1.5-4
CAN-2004-1263 (changepassword.cgi in ChangePassword 0.8, when installed setuid, ...)
NOT-FOR-US: ChangePassword
@@ -11695,40 +11551,37 @@
NOTE: 2.6.10 is actually fixed, but 2.6.8 is not
- kernel-source-2.6.8 2.6.8-14
CAN-2004-1189 (The add_to_history function in svr_principal.c in libkadm5srv for MIT ...)
- {DSA-629-1}
+ TODO: check
CAN-2004-1188 (The pnm_get_chunk function in xine 0.99.2 and earlier, and other ...)
- xine-lib 1-rc8-1
CAN-2004-1187 (Heap-based buffer overflow in the pnm_get_chunk function for xine ...)
- xine-lib 1-rc8-1
CAN-2004-1186 (Multiple buffer overflows in enscript 1.6.3 allow remote attackers or ...)
- {DSA-654-1}
+ TODO: check
CAN-2004-1185 (Enscript 1.6.3 does not sanitize filenames, which allows remote ...)
- {DSA-654-1}
+ TODO: check
CAN-2004-1184 (The EPSF pipe support in enscript 1.6.3 allows remote attackers or ...)
- {DSA-654-1}
+ TODO: check
CAN-2004-1183 (Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier ...)
- {DSA-626-1}
- libtiff-tools 3.6.1-5
CAN-2004-1182 (hfaxd in HylaFAX before 4.2.1, when installed with a "weak" ...)
- {DSA-634-1}
+ TODO: check
CAN-2004-1181 (htmlheadline before 21.8 allows local users to overwrite arbitrary ...)
- {DSA-622-1}
NOTE: htmlheadline not in unstable
CAN-2004-1180 (Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on ...)
- {DSA-678-1}
+ TODO: check
CAN-2004-1179 (The debstd script in debmake 3.6.x before 3.6.10 and 3.7.x before ...)
{DSA-615-1}
CAN-2004-1178
RESERVED
CAN-2004-1177 (Cross-site scripting (XSS) vulnerability in the driver script in ...)
- {DSA-674-1}
- mailman 2.1.5-5
CAN-2004-1176 (Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and ...)
- {DSA-639-1}
+ TODO: check
CAN-2004-1175 (fish.c in midnight commander allows remote attackers execute arbitrary ...)
- {DSA-639-1}
+ TODO: check
CAN-2004-1174 (direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows ...)
- {DSA-639-1}
+ TODO: check
CAN-2004-1173 (Internet Explorer 6 allows remote attackers to bypass the popup ...)
NOT-FOR-US: MSIE
CAN-2004-1172 (Stack-based buffer overflow in the Agent Browser in Veritas Backup ...)
@@ -11748,7 +11601,7 @@
CAN-2004-1166 (Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote ...)
NOT-FOR-US: Microsoft
CAN-2004-1165 (Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP ...)
- {DSA-631-1}
+ TODO: check
CAN-2004-1164 (The lock manager in Cisco CNS Network Registrar 6.0 through 6.1.1.3 ...)
NOT-FOR-US: Cisco
CAN-2004-1163 (Cisco CNS Network Registrar Central Configuration Management (CCM) ...)
@@ -11772,7 +11625,6 @@
CAN-2004-1155 (Internet Explorer 5.01 through 6 allows remote attackers to spoof ...)
NOT-FOR-US: Microsoft MSIE
CAN-2004-1154 (Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x ...)
- {DSA-701-1}
- samba 3.0.10-1
CAN-2004-1153 (Format string vulnerability in Adobe Acrobat Reader 6.0.0 through ...)
NOT-FOR-US: Adobe Acrobat Reader
@@ -11835,7 +11687,7 @@
CAN-2004-1126
RESERVED
CAN-2004-1125 (Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, ...)
- {DSA-621-1 DSA-619-1}
+ {DSA-619-1}
- xpdf 3.00-11
- cupsys 1.1.22-2
- tetex-bin 2.0.2-25
@@ -11850,7 +11702,6 @@
CAN-2004-1121 (Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the ...)
NOT-FOR-US: Safari
CAN-2004-1120 (Mulitple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c ...)
- {DSA-663-1}
- prozilla 1:1.3.7.3-1
CAN-2004-1119 (Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and ...)
NOT-FOR-US: Winamp
@@ -11880,7 +11731,6 @@
CAN-2004-1107 (dispatch-conf in Portage 2.0.51-r2 and earlier allows local users to ...)
NOT-FOR-US: Portage
CAN-2004-1106 (Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and ...)
- {DSA-642-1}
- gallery 1.4.4-pl4-1
CAN-2004-1105 (Nortel Networks Contivity VPN Client displays a different error ...)
NOT-FOR-US: Nortel Networks Contivity VPN Client
@@ -11908,13 +11758,13 @@
CAN-2004-1094 (Buffer overflow in DUNZIP32.DLL in RealPlayer 10 through RealPlayer ...)
NOT-FOR-US: RealPlayer
CAN-2004-1093 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...)
- {DSA-639-1}
+ TODO: check
CAN-2004-1092 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...)
- {DSA-639-1}
+ TODO: check
CAN-2004-1091 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...)
- {DSA-639-1}
+ TODO: check
CAN-2004-1090 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...)
- {DSA-639-1}
+ TODO: check
CAN-2004-1089 (Unknown vulnerability in Apple Mac OS X 10.3.6 server, when using ...)
NOT-FOR-US: Apple MacOS
CAN-2004-1088 (Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows ...)
@@ -12064,10 +11914,9 @@
CAN-2004-1028 (Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, ...)
NOT-FOR-US: AIX
CAN-2004-1027 (Directory traversal vulnerability in the -x (extract) command line ...)
- {DSA-652-1}
NOTE: sarge's unarj is from a different code base, probably not vulnerable
CAN-2004-1026 (Multiple integer overflows in the image handler for imlib 1.9.14 and ...)
- {DSA-628-1 DSA-618-1}
+ {DSA-618-1}
- imlib 1.9.14-17.1
- imlib+png2 1.9.14-16.1
- imlib2 1.1.2-2.1
@@ -12111,10 +11960,9 @@
NOTE: cyrus-imapd not vulnerable
NOTE: cyrus21-imapd not vulnetale
CAN-2004-1010 (Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when ...)
- {DSA-624-1}
- zip 2.30-8
CAN-2004-1009 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...)
- {DSA-639-1}
+ TODO: check
CAN-2004-1008 (Integer signedness error in the ssh2_rdpkt function in PuTTY before ...)
- putty 0.56-1
CAN-2004-1007 (The quoted-printable decoder in bogofilter 0.17.4 to 0.92.7 allows ...)
@@ -12123,9 +11971,9 @@
{DSA-584-1}
- dhcp 2.0pl5-19.1
CAN-2004-1005 (Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and ...)
- {DSA-639-1}
+ TODO: check
CAN-2004-1004 (Multiple format string vulnerabilities in Midnight Commander (mc) ...)
- {DSA-639-1}
+ TODO: check
CAN-2004-1003 (Trend ScanMail allows remote attackers to obtain potentially sensitive ...)
NOT-FOR-US: Trend ScanMail
CAN-2004-1002 (Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote ...)
@@ -12136,7 +11984,6 @@
NOTE: apparently the fix was lost from sarge somehow, see #309587
- shadow 1:4.0.3-31sarge5
CAN-2004-1000 (lintian 1.23 and earlier removes the working directory even if it was ...)
- {DSA-630-1}
- lintian 1.23.6 (bug #286379; low)
CAN-2004-0999 (zgv 5.5.3 allows remote attackers to cause a denial of service ...)
{DSA-608-1}
@@ -12224,7 +12071,6 @@
CAN-2004-0969 (The groffer script in the Groff package 1.18 and later versions, as ...)
- groff 1.18.1.1-2
CAN-2004-0968 (The catchsegv script in glibc 2.3.2 and earlier allows local users to ...)
- {DSA-636-1}
- libc6 2.3.2.ds1-19
CAN-2004-0967 (The (1) pj-gs.sh, (2) ps2epsi , (3) pv.sh, and (4) sysvlp.sh scripts ...)
- gs-common 0.3.6-0.1
@@ -12252,7 +12098,6 @@
CAN-2004-0958 (php_variables.c in PHP before 5.0.2 allows remote attackers to read ...)
- php4 4:4.3.9
CAN-2004-0957 (Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user ...)
- {DSA-707-1}
- mysql-dfsg-4.1 4.1.10a-6
- mysql-dfsg 4.0.24-5
CAN-2004-0956 (MySQL before 4.0.20 allows remote attackers to cause a denial of ...)
@@ -12276,7 +12121,6 @@
CAN-2004-0948
REJECTED
CAN-2004-0947 (Buffer overflow in unarj before 2.63a-r2 allows remote attackers to ...)
- {DSA-652-1}
NOTE: see http://lwn.net/Alerts/110733/
NOTE: sarge's unarj is from a different code base, probably not vulnerable
CAN-2004-0946 (rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit ...)
@@ -12810,7 +12654,7 @@
CAN-2004-0719 (Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, ...)
NOTE: not-fos-us (Microsoft)
CAN-2004-0718 (The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) ...)
- {DSA-810-1 DSA-777-1 DSA-775-1 DTSA-7-1 DTSA-8-2 DTSA-14-1}
+ {DTSA-7-1 DTSA-8-2 DTSA-14-1}
NOTE: This has been fixed in mozilla-firefox 0.8 and mozilla 1.6, but recent
NOTE: upstream versions became vulnerable again, see
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=296850
@@ -13080,9 +12924,9 @@
CAN-2004-0596 (The Equalizer Load-balancer for serial network interfaces (eql.c) in ...)
NOTE: Fixed in upstream ( <= 2.6.7)
CAN-2004-0595 (The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to ...)
- {DSA-669-1 DSA-531}
+ {DSA-531}
CAN-2004-0594 (The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to ...)
- {DSA-669-1 DSA-531}
+ {DSA-531}
CAN-2004-0593 (Sygate Enforcer 3.5MR1 and earlier passes broadcast traffic before ...)
NOT-FOR-US: Sygate Enforcer
CAN-2004-0592
@@ -13153,9 +12997,9 @@
CAN-2004-0562
RESERVED
CAN-2004-0561 (Format string vulnerability in the log routine for gopher daemon ...)
- {DSA-638-1}
+ TODO: check
CAN-2004-0560 (Integer overflow in gopher daemon (gopherd) 3.0.3 allows remote ...)
- {DSA-638-1}
+ TODO: check
CAN-2004-0559 (The maketemp.pl script in Usermin 1.070 and 1.080 allows local users ...)
{DSA-544-1}
CAN-2004-0558 (The Internet Printing Protocol (IPP) implementation in CUPS before ...)
@@ -13165,7 +13009,7 @@
CAN-2004-0556
RESERVED
CAN-2004-0555 (Buffer overflow in (1) queue.c and (2) queued.c in queue before 1.30.1 ...)
- {DSA-643-1}
+ TODO: check
CAN-2004-0554 (Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a ...)
NOTE: this was a big deal and is fixed in all current kernels
CAN-2004-0553
@@ -14581,7 +14425,6 @@
CAN-2003-0855 (Pan 0.13.3 and earlier allows remote attackers to cause a denial of ...)
- pan 0.13.4-1
CAN-2003-0854 (ls in the fileutils or coreutils packages allows local users to ...)
- {DSA-705-1}
- coreutils 5.2.1-1
CAN-2003-0853 (An integer overflow in ls in the fileutils or coreutils packages may ...)
- coreutils 5.2.1-1
@@ -14647,7 +14490,6 @@
CAN-2003-0827 (The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote ...)
NOT-FOR-US: IBM DB2
CAN-2003-0826 (lsh daemon (lshd) does not properly return from certain functions in ...)
- {DSA-717-1}
- lsh-server 1.4.2-6
CAN-2003-0824 (Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in ...)
NOT-FOR-US: microsoft
@@ -15232,7 +15074,6 @@
- apache2 2.0.48
- apache 1.3.29
CAN-2003-0541 (gtkhtml before 1.1.10, as used in Evolution, allows remote attackers ...)
- {DSA-710-1}
NOTE: does not affect evolution on debian
- gtkhtml 1.0.4-6.2
CAN-2003-0540 (The address parser code in Postfix 1.1.12 and earlier allows remote ...)
@@ -16197,7 +16038,7 @@
CAN-2003-0025 (Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow ...)
{DSA-229}
CAN-2003-0014 (gsinterf.c in bmv 1.2 and earlier allows local users to overwrite ...)
- {DSA-633-1}
+ TODO: check
CAN-2003-0011 (Unknown vulnerability in the DNS intrusion detection application ...)
NOT-FOR-US: Microsoft
CAN-2003-0010 (Integer overflow in JsArrayFunctionHeapSort function used by Windows ...)
@@ -17111,7 +16952,7 @@
CAN-2002-0857 (Format string vulnerabilities in Oracle Listener Control utility ...)
NOT-FOR-US: Oracle
CAN-2002-0855 (Cross-site scripting vulnerability in Mailman before 2.0.12 allows ...)
- {DSA-147}
+ TODO: check
CAN-2002-0854 (Buffer overflows in ISDN Point to Point Protocol (PPP) daemon (ipppd) ...)
NOT-FOR-US: SuSE specific
CAN-2002-0852 (Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 ...)
@@ -17253,7 +17094,7 @@
CAN-2002-0730 (Cross-site scripting vulnerability in guestbook.pl for Philip ...)
NOT-FOR-US: guestbook
CAN-2002-0728 (Buffer overflow in the progressive reader for libpng 1.2.x before ...)
- {DSA-140}
+ TODO: check
CAN-2002-0725 (NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local ...)
NOT-FOR-US: windows
CAN-2002-0724 (Buffer overflow in SMB (Server Message Block) protocol in Microsoft ...)
@@ -17319,15 +17160,15 @@
CAN-2002-0661 (Directory traversal vulnerability in Apache 2.0 through 2.0.39 on ...)
- apache2 2.0.40
CAN-2002-0660 (Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 ...)
- {DSA-140}
+ TODO: check
CAN-2002-0659 (The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and ...)
- {DSA-136}
+ TODO: check
CAN-2002-0657 (Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos ...)
- {DSA-136}
+ TODO: check
CAN-2002-0656 (Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and ...)
- {DSA-136}
+ TODO: check
CAN-2002-0655 (OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not ...)
- {DSA-136}
+ TODO: check
STOP: this is approximatly the release of woody, so we can stop here
CAN-2002-0654 (Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote ...)
- apache2 2.0.40
@@ -17509,7 +17350,6 @@
CAN-2002-0390
RESERVED
CAN-2002-0388 (Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow ...)
- {DSA-147}
CAN-2002-0386 (The administration module for Oracle Web Cache in Oracle9iAS (9i ...)
CAN-2002-0385 (Vignette Story Server 4.1 and 6.0 allows remote attackers to obtain ...)
CAN-2002-0383
@@ -18000,7 +17840,6 @@
CAN-2001-1040 (HP LaserJet, and possibly other JetDirect devices, resets the admin ...)
CAN-2001-1039 (The JetAdmin web interface for HP JetDirect does not set a password ...)
CAN-2001-1034 (Format string vulnerability in Hylafax on FreeBSD allows local users ...)
- {DSA-148}
CAN-2001-1033 (Compaq TruCluster 1.5 allows remote attackers to cause a denial of ...)
CAN-2001-1031 (Directory traversal vulnerability in Meteor FTP 1.0 allows remote ...)
CAN-2001-1026 (Trend Micro InterScan AppletTrap 2.0 does not properly filter URLs ...)
@@ -18165,7 +18004,6 @@
CAN-2001-0777 (Omnicron OmniHTTPd 2.0.8 allows remote attackers to cause a denial of ...)
CAN-2001-0776 (Buffer overflow in DynFX MailServer version 2.10 allows remote ...)
CAN-2001-0775 (Buffer overflow in xloadimage 4.1 (aka xli 1.16 and 1.17) in Linux ...)
- {DSA-695-1}
- xli 1.17.0-17
CAN-2001-0772 (Buffer overflows and other vulnerabilities in multiple Common Desktop ...)
CAN-2001-0771 (Spytech SpyAnywhere 1.50 allows remote attackers to gain administrator ...)
@@ -18951,7 +18789,6 @@
CAN-2000-0008 (FTPPro allows local users to read sensitive information, which is ...)
CAN-2000-0005 (HP-UX aserver program allows local users to gain privileges via a ...)
CAN-1999-1572 (cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other ...)
- {DSA-664-1}
CAN-1999-1571 (Buffer overflow in sar for SCO OpenServer 5.0.0 through 5.0.5 may ...)
CAN-1999-1570 (Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain ...)
CAN-1999-1569 (Quake 1 and NetQuake servers allow remote attackers to cause a denial ...)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-09-30 08:48:54 UTC (rev 2248)
+++ data/CVE/list 2005-09-30 09:14:18 UTC (rev 2249)
@@ -1,5 +1,4 @@
CVE-2002-1412
- {DSA-138}
TODO: check
- gallery 1.3-3
CVE-2004-0356
@@ -491,7 +490,6 @@
CVE-2002-1430
NOTE: not-for-us (Sympoll not in Debian)
CVE-2002-1425
- {DSA-141}
- mpack 1.5-9
CVE-2002-1424
- mpack 1.5-9
@@ -902,9 +900,9 @@
CVE-2002-1051
{DSA-254}
CVE-2002-1050
- {DSA-148}
+ TODO: check
CVE-2002-1049
- {DSA-148}
+ TODO: check
CVE-2002-1046
NOTE: not-for-us (Watchguard Firebox firmware)
CVE-2002-1039
@@ -1040,7 +1038,7 @@
CVE-2002-0848
NOTE: not-for-us (Cisco)
CVE-2002-0847
- {DSA-145}
+ TODO: check
CVE-2002-0846
- flashplugin-nonfree 6.0.47
CVE-2002-0845
@@ -1072,9 +1070,9 @@
CVE-2002-0823
NOTE: not-for-us (Windows)
CVE-2002-0818
- {DSA-144}
+ TODO: check
CVE-2002-0817
- {DSA-139}
+ TODO: check
CVE-2002-0816
NOTE: not-for-us (HP Tru64)
CVE-2002-0814
@@ -1226,7 +1224,7 @@
CVE-2002-0662
{DSA-160}
CVE-2002-0658
- {DSA-137}
+ TODO: check
CVE-2002-0653
TODO: check
STOP: This is apporixmatly where woody was released.
@@ -1322,7 +1320,7 @@
CVE-2002-0392
- apache2 2.0.37
CVE-2002-0391
- {DSA-333 DSA-149 DSA-146 DSA-143 DSA-142}
+ {DSA-333 DSA-149}
CVE-2002-0389
CVE-2002-0387
CVE-2002-0384
More information about the Secure-testing-commits
mailing list