[Secure-testing-commits] r3599 - data
Micah Anderson
micah at costa.debian.org
Sat Mar 11 22:53:41 UTC 2006
Author: micah
Date: 2006-03-11 22:53:41 +0000 (Sat, 11 Mar 2006)
New Revision: 3599
Added:
data/ID_pending
Log:
This is a list of the current CVE-XXXX issues that need to be assigned
Added: data/ID_pending
===================================================================
--- data/ID_pending 2006-03-11 21:52:33 UTC (rev 3598)
+++ data/ID_pending 2006-03-11 22:53:41 UTC (rev 3599)
@@ -0,0 +1,437 @@
+CVE-2006-XXXX [runit local privilege escalation]
+ - runit <unfixed> (bug #356016; medium)
+ [sarge] - runit <not-affected>
+CVE-2006-XXXX [minor bypass of rssh sanitising]
+ - rssh <unfixed> (bug #346322; low)
+ [sarge] - rssh <not-affected> (Problem has been introduced in 2.3.0)
+CVE-2006-XXXX [buffer overflow in netcat example]
+ - netcat 1.10-30 (bug #352369; unimportant)
+ NOTE: Only an example, not in the binary package
+CVE-2006-XXXX [webcheck XSS]
+ - webcheck 1.9.6
+CVE-2006-XXXX [the usual gallery2 XSS]
+ - gallery2 2.0.3-1
+CVE-2006-XXXX [Insecure rpath in amaya]
+ - amaya 9.4-1 (bug #341424)
+CVE-2006-XXXX [cherrypy2 information disclosure]
+ - cherrypy2 2.1.1-1 (bug #353542)
+CVE-2006-XXXX [sa-exim: deletion of files]
+ - sa-exim <unfixed> (bug #345071)
+CVE-2006-XXXX [imagemagick: array index overflow in DisplayImageCommand]
+ - imagemagick 6:6.2.4.5-0.6 (bug #345595)
+CVE-2006-XXXX [imagemagick's display(1) deletes arbitrary files]
+ - imagemagick 6:6.2.4.5-0.7 (bug #352575; medium)
+ - graphicsmagick <not-affected> (Vulnerable code not present)
+ [woody] - imagemagick <not-affected> (Vulnerable code not present)
+ [sarge] - imagemagick <not-affected> (Vulnerable code not present)
+CVE-2006-XXXX [dpkg-sig: insecure temp file bug]
+ - dpkg-sig <unfixed> (bug #352723; medium)
+CVE-2006-XXXX [Wordpress XSS]
+ - wordpress 2.0.1-1 (bug #328909)
+CVE-2006-XXXX [pioneers meta-server DoS]
+ - pioneers 0.9.55-1 (bug #351986; medium)
+ [sarge] - gnocatan <not-affected> (Not exploitable in Sarge per maintainer)
+CVE-2006-XXXX [kphone creates world-readable config file with passwords]
+ - kphone <unfixed> (bug #337830; low)
+CVE-2006-XXXX [knowledgetree information disclosure]
+ - knowledgetree <unfixed> (bug #348306; medium)
+CVE-2006-XXXX [php5 response splitting]
+ - php5 5.1.2-1 (bug #347894)
+ - php4 <not-affected> (vulnerable code was introduced in PHP5)
+CVE-2006-XXXX [php5 mysqli format string issue]
+ - php5 5.1.2-1 (bug #347894)
+ - php4 <not-affected> (vulnerable code was introduced in PHP5)
+CVE-2005-XXXX [World-readable config file with sensitive data in b2evolution]
+ - b2evolution 0.9.1b-4 (bug #344000)
+CVE-2005-XXXX [xshisen follows symlinks for shared gid games files]
+ - xshisen 1.51-1-1.2 (bug #291613)
+CVE-2005-XXXX [phpbb2 bbcode xss ie-only fixed in 2.0.19]
+ - phpbb2 <not-affected> (Fixed through a more complete fix in previous 2.0.13+1-6sarge1 update)
+CVE-2005-XXXX [snort: DoS in verbose mode]
+ - snort 2.3.3-2 (bug #328134; low)
+ [woody] - snort <no-dsa> (Only exploitable in obscure setups not used in production environments, see #328134)
+ [sarge] - snort <no-dsa> (Only exploitable in obscure setups not used in production environments, see #328134)
+CVE-2005-XXXX [Insecure tempfile in libjpeg6b's exifautotran]
+ - libjpeg6b 6b-11 (bug #340079; low)
+ [woody] - libjpeg6b <not-affected> (Does not include exifautotran)
+CVE-2005-XXXX [SQL Injection in server_privileges.php]
+ - phpmyadmin <unfixed> (bug #343858; unimportant)
+ NOTE: Attack only works for authenticated users and after all "SQL injection" is
+ NOTE: phpmyadmin's primary use case :-)
+CVE-2005-XXXX [rageirc IRC daemon always allows login with empty password]
+ - rageircd <unfixed> (bug #343543; medium)
+CVE-2003-XXXX [Insecure tempfile in x-face-el]
+ - x-face-el 1.3.6.23-1
+ NOTE: DSA-340
+CVE-2005-XXXX [Unspecified new Real/Helix createProcess() issue, no details yet]
+ - helix-player <unfixed> (unknown)
+ NOTE: http://service.real.com/help/faq/security/security111605.html
+CVE-2005-XXXX [maradns risk mitigation against AES side channel attacks by Shamir et al.]
+ - maradns 1.0.35-1 (unimportant)
+CVE-2005-XXXX [unsafe file permissions in vpnc]
+ - vpnc <unfixed> (bug #340105; medium)
+CVE-2005-XXXX [user logout in drupal has no effect]
+ [sarge] - drupal <not-affected> (bug was introduced after 4.5.3)
+ - drupal 4.5.5-3 (bug #336719; medium)
+CVE-2005-XXXX [double free() in libungif]
+ - libungif4 4.1.4-1 (bug #338542; medium)
+CVE-2005-XXXX [webcalendar's password visible to local users through debconf]
+ - webcalendar <unfixed> (bug #337624)
+CVE-2005-XXXX [Insecure temp files in note]
+ - note 1.3.1-3 (bug #337492; low)
+CVE-2005-XXXX [ntop format string vulnerability]
+ - ntop <unfixed> (bug #335996; unimportant)
+ NOTE: Not exploitable
+CVE-2005-XXXX [Firefox IFRAME DoS]
+ - mozilla-firefox <unfixed> (bug #336171; low)
+ - firefox 1.4.99+1.5rc3.dfsg-2 (bug #336171; low)
+ NOTE: Only a DoS attack, see http://bugzilla.mozilla.org/show_bug.cgi?id=303433
+CVE-2005-XXXX [libxaw6: passwords visible in widgets]
+ NOTE: fixed in libxaw7
+ - xorg-x11 <unfixed> (bug #172890; low)
+ - xfree86 <removed>
+CVE-2005-XXXX [kernel: Signedness problems in net/core/filter]
+ - linux-2.6 2.6.12-2
+ [sarge] - kernel-source-2.4.27 <not-affected>
+ [sarge] - kernel-source-2.6.8 <not-affected>
+ NOTE: http://www.kernel.org/git/?p=linux/kernel/git/chrisw/linux-2.6.12.y.git;a=commit;h=4717ecd49ce5c556d38e8c7b6fdc9fac5d35c00e
+CVE-2005-XXXX [Insecure temp file usage in thttpd's syslogtocern]
+ - thttpd 2.23beta1-4 (low)
+CVE-2005-XXXX [adduser's deluser creates backup files with world readable permissions]
+ - adduser 3.77 (bug #331720; low)
+ NOTE: Woody and Sarge affected
+CVE-2005-XXXX [Pavuk Digest Authentication Buffer Overflow]
+ - pavuk 0.9.33-1 (bug #264684; high)
+ NOTE: second hole mentioned in bug report
+CVE-2005-XXXX [libmad: Assertion failed; buffer overflow]
+ - libmad <unfixed> (bug #287519; low)
+ - mad <removed>
+CVE-2005-XXXX [unsafe temporary file creation in flexbackup default config]
+ - flexbackup <unfixed> (bug #334350; low)
+CVE-2005-XXXX [xscreensaver does not maintain screen locks during upgrade]
+ - xscreensaver 4.23-2 (bug #334193; low)
+CVE-2005-XXXX [Minor DoS vulnerability in msg id parsing of spampd]
+ - spampd 2.30-1 (bug #332259; low)
+ [sarge] - spampd <no-dsa> (Only exploitable to let single messages pass through)
+CVE-2005-XXXX [Minor local DoS as libldap]
+ - openldap <unfixed> (bug #253838; low)
+ TODO: Check, whether openldap2.2 is affected as well
+CVE-2005-XXXX [Insecure bounds checking in mpack's content parser]
+ - mpack 1.6-1 (bug #216566)
+CVE-2005-XXXX [coreutils ignores umask when using -m in mkdir, mkfifo and mknod]
+ - coreutils 5.93-1 (bug #306076; low)
+ [sarge] - coreutils <no-dsa> (Minor issue, hardly exploitable)
+ [woody] - coreutils <no-dsa> (Minor issue, hardly exploitable)
+CVE-2005-XXXX [tar's rmt command may have undesired side effects]
+ - tar <unfixed> (bug #290435; low)
+CVE-2005-XXXX [clamav's VERSION command does not return the currently loaded version]
+ NOTE: no exploit vector, just bad info
+ - clamav <unfixed> (bug #323803; unimportant)
+CVE-2005-XXXX [smbmount doesn't honor gid/uid with kernel 2.4]
+ - kernel-source-2.4.27 <unfixed> (bug #310982; low)
+ NOTE: probably already fixed in testing, wrote for confirmation
+CVE-2004-XXXX [Minor dialog box origin spoofing vulnerability in Konqueror]
+ - kdebase 4:3.3.1-1 (bug #278002; low)
+ TODO: According to http://secunia.com/secunia_research/2004-10/advisory/ Firefox and Mozilla aff. as well
+CVE-2003-XXXX [Incomplete reporting of failed logins in login]
+ - login 1:4.0.3-36 (bug #192849)
+CVE-2004-XXXX [slapd debconfage writes password to world readable file under certain circumstances]
+ - openldap2.2 2.2.26-5 (bug #260204; low)
+CVE-2004-XXXX [Unspecified buffer overflow in libmng]
+ - libmng 1.0.8-1 (bug #250106)
+CVE-2004-XXXX [Multiple buffer overflows in isoqlog]
+ - isoqlog 2.2-0.1 (bug #254101; bug #202634)
+CVE-2002-XXXX [libnss-ldap: DoS through truncated DNS queries]
+ - libnss-ldap 199-1 (bug #169793)
+CVE-2004-XXXX [Firefox doesn't clear all cookies]
+ - mozilla-firefox <unfixed> (bug #203034; bug #235932; low)
+CVE-2004-XXXX [Insecure temp files in amanda's chg-manual]
+ - amanda 1:2.4.5p1-1 (bug #226139; low)
+ NOTE: Woody and Sarge affected
+CVE-2004-XXXX [Buffer overflow in wdm's login]
+ - wdm <unfixed> (bug #276218; low)
+CVE-2005-3752 (Unspecified vulnerability in ldapdiff before 1.1.1 has unknown impact ...)
+ - ldapdiff <not-affected> (The version in Debian doesn't contain the vulnerable code, see #306878)
+CVE-2005-XXXX [apt-cache doesn't differentiate sources which share several properties]
+ - apt <unfixed> (bug #329814; low)
+ - apt <no-dsa> (Unsupported use case)
+ NOTE: I tend to remove this completely, if you're using apt sources which include vulnerable
+ NOTE: versions of Debian packages with higher version numbers you're screwed anyway, no matter
+ NOTE: what apt display in this case
+CVE-2004-XXXX [asciijump: /var/games/asciijump world writable]
+ - asciijump 0.0.6-1.2 (bug #269186)
+CVE-2004-XXXX [Barrendero spool world-readable]
+ - barrendero 1.1-1 (bug #279163)
+CVE-2005-XXXX [hdup inproperly preserves permissions on directories]
+ - hdup <unfixed> (bug #302790; low)
+CVE-2001-XXXX [crypt++ passes passwords through the command line]
+ - crypt++el <unfixed> (bug #105562; low)
+ NOTE: Sarge and Woody are affected
+CVE-2004-XXXX [Two vulnerabilities in sredird]
+ - sredird 2.2.1-1.1 (bug #267098)
+CVE-2003-XXXX [fuzz: Insecure temp file usage]
+ - fuzz 0.6-7.1 (bug #183047)
+CVE-2005-XXXX [DoS triggering endless loops in findutils -follow option]
+ - findutils 4.2.22-1 (bug #313081)
+CVE-2005-XXXX [Serendipity account hijacking through CSRF]
+ - serendipity <itp> (bug #312413)
+ NOTE: Fixed in 0.8.5
+CVE-2005-XXXX [Insecure temp files in linux-wlan-ng]
+ - linux-wlan-ng 0.2.0+0.2.1pre21-1.1 (bug #290047; low)
+CVE-2004-XXXX [kmail may send out sensitive information when used on NFS homes]
+ - kdepim <unfixed> (bug #280287; low)
+ NOTE: kmail was once part of kdenetwork.
+CVE-2002-XXXX [sanitizer bypassal through quoted file names]
+ - sanitizer 1.76-1 (bug #149799; medium)
+CVE-2005-XXXX [Heap overflow in libosip URI parsing]
+ - libosip2 2.0.9-1 (bug #308737)
+CVE-2005-XXXX [rkhunter: Insecure temporary file]
+ - rkhunter 1.2.7-14 (bug #330627; medium)
+CVE-2005-XXXX [fprobe-ng: Insecure default hash]
+ - fprobe-ng <unfixed> (bug #322699; low)
+CVE-2005-XXXX [microcode.ctl downloads microcode w/o user confirmation]
+ - microcode.ctl <unfixed> (bug #282583; unimportant)
+ NOTE: The validity of the microcode is ensure inside the CPU
+CVE-2005-XXXX [Unsafe user of snprintf() in icebreaker's highscore list]
+ - icebreaker 1.21-9.1 (bug #297644; low)
+CVE-2001-XXXX [gnupg: inproper flagging of signatures as being local]
+ - gnupg 1.0.7-1 (bug #107374)
+CVE-2003-XXXX [libsafe: does not prevent some exploit types]
+ - libsafe <removed>
+CVE-2003-XXXX [Insecure temp files in lilo]
+ - lilo 1:22.4-1 (bug #173238; bug #292073; low)
+CVE-2005-XXXX [Multiple security issues when using distcc without ssh auth]
+ - distcc 2.18.3-3 (bug #298929; low)
+ [sarge] - distcc <no-dsa> (Only affects distcc in a very non-standard way not recommended for unstrusted environments)
+CVE-2004-XXXX [phpwiki shares a cookie for all wikis on a host]
+ - phpwiki <unfixed> (bug #282565; medium)
+CVE-2005-XXXX [Possibly incorrect virtualisation in php4]
+ - php4 <unfixed> (bug #317577; bug #330419; low)
+ NOTE: Maintainer can't reproduce
+CVE-1999-XXXX [Insecure access control on GNU Mach's IO ports]
+ - gnumach <unfixed> (bug #46709)
+ NOTE: Nearly six years old :-)
+CVE-2005-XXXX [egroupware unsafe use of /tmp for storing a log file]
+ - egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low)
+ NOTE: Sarge is affected (package doesn't exist in Woody)
+CVE-2005-XXXX [SQL injection vulnerability in egroupware in account deletion]
+ - egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low)
+ NOTE: Sarge is affected (package doesn't exist in Woody)
+CVE-2005-XXXX [Insecure pidfile handling in mailleds]
+ - mailleds 0.93-11.1 (bug #329365; low)
+CVE-2005-XXXX [kdebase uses urandom as an entropy source]
+ - kdebase <unfixed> (bug #325369; unimportant)
+ NOTE: Only affects the unofficial BSD/Hurd ports or 2.2 kernels
+ NOTE: on Linux urandom should provide sufficient entropy
+CVE-2005-XXXX [imview: Possible buffer overflow with FITS images]
+ - imview <unfixed> (bug #326971; unknown)
+ TODO: Needs further evaluation
+CVE-2005-XXXX [freeradius buffer overflows and SQL injection]
+ - freeradius 1.0.5-1 (medium)
+CVE-2005-XXXX [user password file created by gajim is world-redable]
+ - gajim 0.8.2-1 (bug #325080; low)
+CVE-2005-XXXX [mkzopeinstance.py creates world-readable inituser file]
+ - zope2.7 2.7.8-1 (bug #313644; bug #313621; low)
+ NOTE: first patch was incorrect
+CVE-2005-XXXX [wine-safe does not prompt the user/is registered in mailcap]
+ - wine 0.0.20050830-1 (bug #327261; bug #327262; high)
+CVE-2005-XXXX [Four potentially DoS exploitable deadlocks and leaks in kernel 2.6]
+ - linux-2.6 2.6.12-6 (low)
+CVE-2005-XXXX [osh buffer overflow in handlers.c]
+ NOTE: This is not the same as -13
+ - osh 1.7-14 (bug #323424; bug #323482; bug #311369; medium)
+CVE-2005-XXXX [Insecure tempfile usage in tleds]
+ - tleds 1.05beta10-9 (bug #276789; low)
+CVE-2005-XXXX [Insecure temp files in firehol]
+ - firehol 1.231-4 (low)
+CVE-2005-XXXX [cplay - still unsafe temporary file handling vulnerable to symlink attacks]
+ - cplay 1.49-8 (bug #324913; low)
+ [woody] - cplay <not-affected> (CPLAY_TMP doesn't exist in this version)
+ NOTE: Sarge is affected
+CVE-2005-XXXX [$servers[$i]['disable_anon_bind'] = true doesn't prevent anonymous to access ldap directory]
+ - phpldapadmin 0.9.6c-5 (bug #322423; low)
+CVE-2005-XXXX [DoS against clamav through infinite loop in cli_rmdirs]
+ - clamav 0.86.2-1 (low)
+ NOTE: suspect this also affects Sarge, not enough info to know what this is
+CVE-2005-XXXX [Buffer overflow in Description parsing]
+ - bidwatcher <removed> (bug #319489; low)
+ NOTE: Sarge and Woody affected
+ NOTE: Package is totally broken due to Ebay changes, so risk is low
+CVE-2005-XXXX [Does not do escaping in mysql version - both a worrying flaw and stops adduser working]
+ - dbmail <unfixed> (bug #303991; medium)
+CVE-2005-XXXX [downloads.ini writable by group users, world-readable]
+ - mldonkey 2.5.28.1-1 (bug #300560; low)
+CVE-2005-XXXX [Should include "UNRESTRICTED access to your computer" warning somewhere]
+ - gcjwebplugin <unfixed> (bug #267040; bug #301134; high)
+CVE-2005-XXXX [Inconsistent escaping of user supplied data in dbauthpgsql.c]
+ - dbmail-pgsql <unfixed> (bug #290833; medium)
+CVE-2005-XXXX [time delay of password check proves account existence to attackers]
+ NOTE: unknown if really a bug; if it is it's different than the previous ssh delay bugs
+ - ssh <unfixed> (bug #314645; low)
+CVE-2005-XXXX [Unspecified buffer overflow in metar]
+ - metar 20050807.1-1 (unknown)
+CVE-2005-XXXX [wine: Unsafe use of temporary files in winelauncher]
+ - wine 0.0.20050830-1 (bug #321470; low)
+CVE-2005-XXXX [DoS to users to prevent usage of showpartial through _hard_ links]
+ - metamail 2.7-48 (bug #321473; low)
+CVE-2005-XXXX [Insecure usage of temporary files in x11perfcomp and other security issues]
+ - xfree86 <unfixed> (bug #321447; low)
+ [woody] - xfree86 <no-dsa> (Hardly exploitable)
+ [sarge] - xfree86 <no-dsa> (Hardly exploitable)
+ - xorg-x11 <unfixed> (bug #321447; low)
+CVE-2005-XXXX [gs-esp: Insecure usage of /tmp in source code]
+ - gs-esp <unfixed> (bug #291452; unimportant)
+ NOTE: Not included in the binary package
+CVE-2005-XXXX [Format string bug in sysklogd's syslog_tst sources]
+ NOTE: binary not shipped
+ - sysklogd <unfixed> (bug #281448; unimportant)
+CVE-2005-XXXX [fftw3-dev: Insecure tempfile usage in fftw-wisdom-to-conf script]
+ - fftw3 3.0.1-12 (low; bug #321566)
+CVE-2005-XXXX [clamav-getfile: Insecure use of temporary files]
+ - clamav-getfiles 0.5-1 (bug #321446; medium)
+ NOTE: Sarge is affected
+CVE-2005-XXXX [libnet-ssleay-perl: /tmp/entropy insecure]
+ - libnet-ssleay-perl 1.25-1.1 (bug #296112; low)
+CVE-2005-XXXX [nvi: init.d recover file security bugs]
+ - nvi 1.79-22 (bug #298114; medium)
+CVE-2005-XXXX [bugzilla: Maintainer's postinst script use temporary files in an unsafe way]
+ [woody] - bugzilla <not-affected> (Vulnerable script is not present)
+ [sarge] - bugzilla <not-affected> (Vulnerable script is not present)
+ - bugzilla 2.18.3-2 (bug #321567; low)
+CVE-2005-XXXX [Crypto weakness in Tor's handshaking process]
+ - tor 0.1.0.14-1 (medium)
+CVE-2005-XXXX [DoS against rsync in embedded zlib copy]
+ NOTE: This is distinct from CVE-2005-2096, please see rsync's 2.6.6 announcement
+ NOTE: It refers to one the the two vaguely described fixes from zlib 1.2.3
+ NOTE: I haven't verified this with source so far, but it looks like a DoS
+ NOTE: This is fixed in zlib 1.2.3, we could check if other apps embedding
+ NOTE: zlib 1.2 are affected as well
+ - rsync 2.6.6-1 (low)
+CVE-2005-XXXX [SQL injecton vulnerabilities in vpopmail prior to 5.4.6]
+ NOTE: see http://archives.neohapsis.com/archives/bugtraq/2004-08/0286.html
+ NOTE: maintainer says does not apply to debian, see #320608
+CVE-2005-XXXX [strobe reads file from unsafe directory]
+ - netdiag 0.7-7.1 (bug #206905; low)
+CVE-2005-XXXX [Integer overflow in ffmpeg's MPEG encoding]
+ - ffmpeg 0.cvs20050811-1 (bug #320150; medium)
+CVE-2005-XXXX [xgalaga score file segfault]
+ - xgalaga 2.0.34-31 (bug #319686; low)
+CVE-2005-XXXX [xemeraldia games file overwrite]
+ - xemeraldia 0.4-1 (bug #319661; low)
+CVE-2005-XXXX [fiaif: Package provided cron job updates conf files with access definitions]
+ NOTE: This doesn't look like a real security issue as cron.daily should only be
+ NOTE: writable by root, but lets include it as the maintainer considers it an issue
+ - fiaif 1.19.2-14 (low)
+CVE-2005-XXXX [oftpd port DOS]
+ - oftpd <removed> (bug #307957; low)
+ NOTE: CVE id requested from mitre
+CVE-2005-XXXX [Unspecified issue in moodle's admin/delete.php]
+ - moodle 1.4.4.dfsg.1-3
+CVE-2005-XXXX [gforge arbitrary code execution through viewFile.php]
+ NOTE: viewFile.php has been removed along with other files in -26, so Debian is
+ NOTE: no longer affected.
+ - gforge 3.1-26
+CVE-2005-XXXX [osh buffer overflow]
+ - osh 1.7-13 (bug #311369)
+CVE-2005-XXXX [xile buffer overrun in terminal code]
+ - zile 2.0.4-2
+CVE-2005-XXXX [Two DoS condition in ekg]
+ - ekg 1:1.5+20050411-3
+CVE-2005-XXXX [lcrash affected by libbfd integer overflows]
+ - lcrash 7.0.0.pre.cvs.20050322-3
+CVE-2005-XXXX [Multiple security problems in lbreakout2]
+ - lbreakout2 2.5.2-2
+CVE-2005-XXXX [clamav: DoS through multiple empty Content-Disposition header lines]
+ - clamav 0.85.1-1 (low)
+ NOTE: Suspect Sarge is affected, not enough information to certify
+CVE-2005-XXXX [libxpm4: new s_popen() function is insecure garbage]
+ - xfree86 4.3.0.dfsg.1-14 (bug #308783)
+ - xorg-x11 <not-affected> (Xfree-specific, inspected the Subversion tree)
+CVE-2005-XXXX [Buffer overflow in libotr]
+ - libotr 2.0.2-1
+CVE-2005-XXXX [vpnc: config file path security hole]
+ - vpnc 0.3.2+SVN20050326-2
+CVE-2005-XXXX [Several buffer overflows in termpkg]
+ - termpkg 3.3-2
+CVE-2005-XXXX [Integer overflow in binutils' ELF parsing]
+ NOTE: 2.16.1cvs20050902-1 mentions this in the changelog as well, but it's
+ NOTE: already fixed since 2.15-6
+ - binutils 2.15-6
+CVE-2005-XXXX [kmd affected by binutils's ELF parser vulnerability]
+ - kmd 0.9.19-1.1
+CVE-2005-XXXX [unrar: opens /tmp/debug_unrar.txt]
+ NOTE: Source package has been renamed from unrar to unrar-free
+ - unrar-free 1:0.0.1-2
+CVE-2005-XXXX [race condition with a buffered temp file]
+ - pysvn 1.1.2-3
+CVE-2005-XXXX [mailutils: sql injection vulnerability in sql authentication module]
+ - mailutils 1:0.6.1-2
+CVE-2005-XXXX [maradns: More frequent rekeying to mitigate possible AES attacks]
+ - maradns 1.0.27-1
+CVE-2005-XXXX [Possible SQL injection in freeradius]
+ - freeradius 1.0.2-4
+CVE-2005-XXXX [Directory traversal in unzoo]
+ - unzoo 4.4-4
+CVE-2005-XXXX [Logging bypassing through SIGHUP in syslog-ng]
+ - syslog-ng 1.6.5-2.1
+CVE-2005-XXXX [trackballs: Follows symlinks as gid games]
+ - trackballs 1.1.1-1 (bug #302454; medium)
+ NOTE: CVE request sent to mitre (who sent this? any response?)
+ NOTE: Trackballs doesn't run as gid games anymore, high-score files are
+ NOTE: stored in user's home directories instead.
+ TODO: check possibility of exploitation via scripting language,
+ TODO: as mentioned in the bug report as a separate issue
+CVE-2005-XXXX [Less secure default setting in pwgen or the lack documentation about it]
+ - pwgen 2.04-1
+CVE-2005-XXXX [Insecure handling of gpg passphrases in gabber]
+ - gabber <unfixed> (bug #177776; low)
+CVE-2005-XXXX [Missing input validation in xtradius]
+ - xtradius 1.2.1-beta2-2 (bug #307796; unimportant)
+CVE-2005-XXXX [fai tempfile vulnerability]
+ - fai 2.8.2
+CVE-2005-XXXX [eskuel: arbitrary file retrieving]
+ - eskuel 1.0.5-3.1 (bug #307270; low)
+CVE-2005-XXXX [Buffer overflow in elog's header buffer]
+ - elog 2.5.7+r1558-3 (bug #349528; high)
+CVE-2005-XXXX [Unspeficied security issue in ipsec-tool's single DES support]
+ - ipsec-tools 1:0.5.2-1
+CVE-2005-XXXX [Insecure mailbox generation in passwd's useradd]
+ - shadow 4.0.8
+ [sarge] - shadow <not-affected> (was introduced after version 4.0.3)
+ [woody] - shadow <not-affected> (was introduced after version 4.0.3)
+CVE-2005-XXXX [Insecure tempfile generation in shadow's vipw]
+ - shadow 1:4.0.3-33
+CVE-2005-XXXX [Unspecified buffer overflow in Convert::UUlib perl module]
+ - libconvert-uulib-perl 1.0.5.1-1
+CVE-2005-XXXX [libpam-ssh: Inproper caching of pwd data with potential security implications]
+ - libpam-ssh 1.91.0-9
+CVE-2005-XXXX [Remote DoS vulnerabilities in postgrey]
+ - postgrey 1.21-1
+CVE-2005-XXXX [Some security issues in mod_security]
+ NOTE: I don't understand mod_security fully, so I'm not entirely sure which of
+ NOTE: the changelog entries matches the security criteria, but the changelog
+ NOTE: claims so.
+ - libapache-mod-security 1.8.7-1
+CVE-2005-XXXX [imms: Arbitrary command execution through inproper filename escaping]
+ NOTE: Already fixed in 2.0.1-3.1, but 2.0.3 claims to have a better fix
+ - imms 2.0.3-1
+CVE-2005-XXXX [Variable function calls in Smarty allow bypassing security settings]
+ - smarty 2.6.9-1
+CVE-2005-XXXX [Possible problem with insecure usage of sscanf in obexftp client]
+ - obexftp 0.10.7-3
+CVE-2005-XXXX [Insecure tempfile handling in openwebmail CGI scripts]
+ - openwebmail <removed>
+CVE-2005-XXXX [Several DoS possibilities of clients against the server in Freeciv]
+ - freeciv 2.0.1-1
+CVE-2005-XXXX [mailscanner: lock/pid file location symlink attack]
+ - mailscanner 4.40.11-1
+CVE-2005-XXXX [KDE Kopete ICQ remote DoS]
+ - kdenetwork 4:3.3.2-2
+CVE-2005-XXXX [Various /tmp related security issues in cernlib]
+ - cernlib 2004.11.04-3
+CVE-2005-XXXX [Connection related DoS possibility in OmniORB 4]
+ - omniorb4 4.0.5-2
+CVE-2002-XXXX [Cross-Site-Scripting in Bugzilla]
+ - bugzilla 2.16.2-1
+CVE-2002-XXXX [Multiple buffer overflows in gtetrinet]
+ - gtetrinet 0.4.4-1
More information about the Secure-testing-commits
mailing list