[Secure-testing-commits] r3678 - data/CVE
Joey Hess
joeyh at costa.debian.org
Fri Mar 24 09:14:35 UTC 2006
Author: joeyh
Date: 2006-03-24 09:14:27 +0000 (Fri, 24 Mar 2006)
New Revision: 3678
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-03-24 09:08:25 UTC (rev 3677)
+++ data/CVE/list 2006-03-24 09:14:27 UTC (rev 3678)
@@ -1,3 +1,81 @@
+CVE-2006-1378 (PasswordSafe 3.0, when running on Windows before XP, uses a weak ...)
+ TODO: check
+CVE-2006-1377 (Cross-site scripting (XSS) vulnerability in img.php in (1) EasyMoblog ...)
+ TODO: check
+CVE-2006-1376 (The installation of Debian GNU/Linux 3.1r1 from the network install CD ...)
+ TODO: check
+CVE-2006-1375 (AdMan 1.0.20051221 and earlier allows remote attackers to obtain the ...)
+ TODO: check
+CVE-2006-1374 (SQL injection vulnerability in viewStatement.php in AdMan 1.0.20051221 ...)
+ TODO: check
+CVE-2006-1373 (Cross-site scripting (XSS) vulnerability in status_image.php in PHP ...)
+ TODO: check
+CVE-2006-1372 (Multiple SQL injection vulnerabilities in 1WebCalendar 4.0 and earlier ...)
+ TODO: check
+CVE-2006-1371 (Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows ...)
+ TODO: check
+CVE-2006-1370 (Buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1040 through ...)
+ TODO: check
+CVE-2006-1369 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) ...)
+ TODO: check
+CVE-2006-1368 (Buffer overflow in the USB Gadget RNDIS implementation in the Linux ...)
+ TODO: check
+CVE-2006-1367 (The Motorola PEBL U6 08.83.76R, the Motorola V600, and possibly the ...)
+ TODO: check
+CVE-2006-1366 (Buffer overflow in the Motorola PEBL U6 08.83.76R, and possibly other ...)
+ TODO: check
+CVE-2006-1365 (The Motorola PEBL U6, the Motorola V600, and possibly the Motorola ...)
+ TODO: check
+CVE-2006-1364 (Microsoft w3wp (aka w3wp.exe) does not properly handle when the ...)
+ TODO: check
+CVE-2006-1363 (images.php in Justin White (aka YTZ) Free Web Publishing System ...)
+ TODO: check
+CVE-2006-1362 (Multiple SQL injection vulnerabilities in Mini-Nuke CMS System 1.8.2 ...)
+ TODO: check
+CVE-2006-1361 (Cross-site scripting (XSS) vulnerability in OSWiki before 0.3.1 allows ...)
+ TODO: check
+CVE-2006-1360 (Multiple SQL injection vulnerabilities in MusicBox 2.3 Beta 2 allow ...)
+ TODO: check
+CVE-2006-1359 (Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to ...)
+ TODO: check
+CVE-2006-1358 (Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes ...)
+ TODO: check
+CVE-2006-1357 (Cross-site scripting (XSS) vulnerability in my.support.php3 in F5 ...)
+ TODO: check
+CVE-2006-1356 (Stack-based buffer overflow in the count_vcards function in LibVC 3, ...)
+ TODO: check
+CVE-2006-1355 (avast! Antivirus 4.6.763 and earlier sets "BUILTIN\Everyone" ...)
+ TODO: check
+CVE-2006-1354 (Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows ...)
+ TODO: check
+CVE-2006-1353 (Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier ...)
+ TODO: check
+CVE-2006-1352 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 ...)
+ TODO: check
+CVE-2006-1351 (BEA WebLogic Server 6.1 SP7 and earlier allows remote ...)
+ TODO: check
+CVE-2006-1350 (PHP remote file include vulnerability in index.php in 99Articles.com ...)
+ TODO: check
+CVE-2006-1349 (Multiple cross-site scripting (XSS) vulnerabilities in Musicbox 2.3 ...)
+ TODO: check
+CVE-2006-1348 (Cross-site scripting (XSS) vulnerability in index.php in Greg ...)
+ TODO: check
+CVE-2006-1347 (SQL injection vulnerability in loginfunction.php in Greg Neustaetter ...)
+ TODO: check
+CVE-2006-1346 (Directory traversal vulnerability in inc/setLang.php in Greg ...)
+ TODO: check
+CVE-2006-1345 (polls.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers ...)
+ TODO: check
+CVE-2006-1344 (Cross-site scripting (XSS) vulnerability in VeriSign haydn.exe, as ...)
+ TODO: check
+CVE-2006-1343 (net/ipv4/netfilter/ip_conntrack_core.c in Linux kernel 2.4 and 2.6, ...)
+ TODO: check
+CVE-2006-1342 (net/ipv4/af_inet.c in Linux kernel 2.4 does not clear ...)
+ TODO: check
+CVE-2003-1298 (Multiple directory traversal vulnerabilities in siteman.php3 in ...)
+ TODO: check
+CVE-2000-1240 (Unspecified vulnerability in siteman.php3 in AnyPortal(php) before 22 ...)
+ TODO: check
CVE-2006-1341 (SQL injection vulnerability in events.php in Maian Events 1.0 allows ...)
NOT-FOR-US: Maian Events
CVE-2006-1340 (CuteNews 1.4.1 and possibly other versions allows remote attackers to ...)
@@ -110,8 +188,8 @@
CVE-2006-1284 (The installation of SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used ...)
TODO: check
end claimed by jmm
-CVE-2006-1283
- RESERVED
+CVE-2006-1283 (opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD ...)
+ TODO: check
CVE-2006-1282 (CRLF injection vulnerability in inc/function.php in MyBulletinBoard ...)
TODO: check
CVE-2006-1281 (Cross-site scripting (XSS) in member.php in MyBulletinBoard (MyBB) ...)
@@ -130,7 +208,7 @@
TODO: check
CVE-2006-1274 (Classic Planer in AntiVir PersonalEdition Classic 7 does not drop ...)
TODO: check
-CVE-2006-1273 (Mozilla Firefox 1.0.7 and 1.5.0.1 allows remote attackers to cause a ...)
+CVE-2006-1273 (** DISPUTED ** ...)
TODO: check
CVE-2006-1272 (Multiple cross-site scripting (XSS) vulnerabilities in member.php in ...)
TODO: check
@@ -605,6 +683,7 @@
NOT-FOR-US: VXWorks
CVE-2006-1066
RESERVED
+ {DSA-1017-1}
CVE-2006-1065 (SQL injection vulnerability in search.php in MyBulletinBoard (MyBB) ...)
NOT-FOR-US: MyBulletinBoard
CVE-2006-1064 (Multiple cross-site scripting (XSS) vulnerabilities in Lurker 2.0 and ...)
@@ -748,12 +827,12 @@
NOT-FOR-US: LanSuite LanParty Intranet System
CVE-2006-1000 (Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 ...)
NOT-FOR-US: Pentacle In-Out Board
-CVE-2006-0999
- RESERVED
-CVE-2006-0998
- RESERVED
-CVE-2006-0997
- RESERVED
+CVE-2006-0999 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and ...)
+ TODO: check
+CVE-2006-0998 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and ...)
+ TODO: check
+CVE-2006-0997 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and ...)
+ TODO: check
CVE-2006-0996
RESERVED
CVE-2006-0995 (EMC Dantz Retrospect 7 backup client 7.0.107, and other versions ...)
@@ -958,8 +1037,8 @@
TODO: check
CVE-2006-0906 (SQL injection vulnerability in D3Jeeb Pro 3 allows remote attackers to ...)
TODO: check
-CVE-2006-0905
- RESERVED
+CVE-2006-0905 (A "programming error" in fast_ipsec in FreeBSD 4.8-RELEASE through ...)
+ TODO: check
CVE-2006-0904
RESERVED
CVE-2006-0903 (MySQL 5.0.18 and earlier allows local users to bypass logging ...)
@@ -1920,6 +1999,7 @@
CVE-2006-0483 (Cisco VPN 3000 series concentrators running software 4.7.0 through ...)
NOT-FOR-US: Cisco VPN 3000
CVE-2006-0482 (Linux kernel 2.6.15.1 and earlier, when running on SPARC ...)
+ {DSA-1017-1}
- linux-2.6 2.6.15-4
CVE-2006-0481 (Heap-based buffer overflow in the alpha strip capability in libpng ...)
- libpng 1.2.8rel-3 (bug #352902; bug #352918)
@@ -2349,8 +2429,8 @@
NOT-FOR-US: Etomite CMS
CVE-2006-0324 (SQL injection vulnerability in WebspotBlogging 3.0 allows remote ...)
NOT-FOR-US: WebspotBlogging
-CVE-2006-0323
- RESERVED
+CVE-2006-0323 (Buffer overflow in multiple RealNetworks products and versions ...)
+ TODO: check
CVE-2006-0322 (Unspecified vulnerability the edit comment formatting functionality in ...)
- mediawiki <unfixed> (low)
CVE-2005-4666 (Cross-site scripting (XSS) vulnerability in PHlyMail before 3.3 Beta1 ...)
@@ -2947,9 +3027,11 @@
- php4 <not-affected> (Windows specific)
- php5 <not-affected> (Windows specific)
CVE-2006-0096 (wan/sdla.c in Linux kernel 2.6.x before 2.6.11 and 2.4.x before 2.4.29 ...)
+ {DSA-1017-1}
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
- kernel-source-2.4.27 2.4.27-8
CVE-2006-0095 (dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure ...)
+ {DSA-1017-1}
- linux-2.6 <unfixed>
- kernel-source-2.4.27 <not-affected> (2.4 doesn't have dm-crypt)
CVE-2006-0094 (PHP remote file include vulnerability in forum.php in oaBoard 1.0 ...)
@@ -3009,6 +3091,7 @@
CVE-2005-4619 (SQL injection vulnerability in index.php in phpoutsourcing Zorum Forum ...)
NOT-FOR-US: phpoutsourcing Zorum Forum
CVE-2005-4618 (Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15 allows ...)
+ {DSA-1018-1 DSA-1017-1}
- linux-2.6 2.6.15-1
CVE-2006-0083 (Format string vulnerability in the logging code of SMS Server Tools ...)
{DSA-930-2 DSA-930-1}
@@ -3089,6 +3172,7 @@
CVE-2005-4606 (SQL injection vulnerability in check_user.asp in multiple Web Wiz ...)
NOT-FOR-US: Web Wiz
CVE-2005-4605 (The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions ...)
+ {DSA-1017-1}
- linux-2.6 2.6.15-1
- kernel-source-2.4.27 <not-affected> (2.4's proc_file_lseek contains a sanity check)
CVE-2005-XXXX [xshisen follows symlinks for shared gid games files]
@@ -3104,8 +3188,7 @@
RESERVED
CVE-2006-0059
RESERVED
-CVE-2006-0058 [sendmail sighandler attacks]
- RESERVED
+CVE-2006-0058 (Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows ...)
{DSA-1015-1}
- sendmail 8.13.6-1 (high)
CVE-2006-0057 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers ...)
@@ -3171,8 +3254,7 @@
RESERVED
CVE-2006-0051
RESERVED
-CVE-2006-0050 [insecure temp file in snmptrapfmt]
- RESERVED
+CVE-2006-0050 (snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary ...)
{DSA-1013-1}
- snmptrapfmt 1.10
CVE-2006-0049 (gpg in GnuPG before 1.4.2.2 does not properly verify non-detached ...)
@@ -3450,8 +3532,8 @@
- evolution <unfixed>
CVE-2006-0039
RESERVED
-CVE-2006-0038
- RESERVED
+CVE-2006-0038 (Integer overflow in the do_replace function in netfilter for Linux ...)
+ TODO: check
CVE-2006-0037 (ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in ...)
- linux-2.6 2.6.15-3
[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not present)
@@ -3734,12 +3816,10 @@
CVE-2005-4348 (fetchmail before 6.3.1 and before 6.2.5.5, when configured for ...)
{DSA-939-1}
- fetchmail 6.3.1-1 (bug #343836; bug #345944; low)
-CVE-2005-4418 [Default policy in util-vserver prior to 0.30.208 trusted unknown capabilities]
- RESERVED
+CVE-2005-4418 (util-vserver before 0.30.208-1 with kernel-patch-vserver before ...)
{DSA-1011-1}
- util-vserver 0.30.208-1
-CVE-2005-4347 [Improper barrier code allows for chroot escape]
- RESERVED
+CVE-2005-4347 (The Linux 2.4 kernel patch in kernel-patch-vserver before 1.9.5.5 and ...)
{DSA-1011-1}
- util-vserver 0.30.208-1 (bug #329090; medium)
- kernel-patch-vserver 2.3 (bug #329087; medium)
@@ -4643,6 +4723,7 @@
CVE-2003-1288 (Multiple race conditions in Linux-VServer 1.22 with Linux kernel ...)
- kernel-patch-ctx 1:1.29-1
CVE-2004-2607 (A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to ...)
+ {DSA-1018-1}
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.6)
CVE-2005-3962 (Integer overflow in the format string functionality (Perl_sv_vcatpvfn) ...)
{DSA-943-1}
@@ -4904,6 +4985,7 @@
CVE-2005-3859 (PHP remote file inclusion vulnerability in q-news.php in Q-News 2.0 ...)
NOT-FOR-US: Q-News
CVE-2005-3858 (Memory leak in the ip6_input_finish function in ip6_input.c in Linux ...)
+ {DSA-1018-1 DSA-1017-1}
- linux-2.6 2.6.12-6
CVE-2005-3856 (The Popular URL capability (popularurls.cpp) in Krusader 1.60.0 and ...)
- krusader <unfixed> (bug #336169; low)
@@ -4992,6 +5074,7 @@
CVE-2005-3811 (Directory traversal vulnerability in admin/main.php in AMAX Magic ...)
NOT-FOR-US: AMAX Magic Winmail Server
CVE-2005-3806 (The IPv6 flow label handling code (ip6_flowlabel.c) in Linux kernels ...)
+ {DSA-1018-1 DSA-1017-1}
- linux-2.6 2.6.14-1 (medium)
CVE-2005-3805 (A locking problem in POSIX timer cleanup handling on exit in Linux ...)
- linux-2.6 <unfixed> (medium)
@@ -5039,9 +5122,11 @@
CVE-2005-3785 (Second-order symlink vulnerability in eix-sync.in in Ebuild IndeX ...)
NOT-FOR-US: Ebuild IndeX
CVE-2005-3784 (The auto-reap of child processes in Linux kernel 2.6 before 2.6.15 ...)
+ {DSA-1017-1}
- linux-2.6 <unfixed> (medium)
- kernel-source-2.4.27 <not-affected>
CVE-2005-3783 (The ptrace functionality (ptrace.c) in Linux kernel 2.6 before ...)
+ {DSA-1018-1 DSA-1017-1}
- linux-2.6 2.6.14-3 (medium)
CVE-2005-3782
RESERVED
@@ -5116,8 +5201,10 @@
CVE-2004-2573 (PHP remote file inclusion vulnerability in tables_update.inc.php in ...)
- phpgroupware 0.9.14.007
CVE-2005-3848 (Memory leak in the icmp_push_reply function in Linux 2.6 before ...)
+ {DSA-1018-1 DSA-1017-1}
- linux-2.6 2.6.13-1
CVE-2005-3847 (The handle_stop_signal function in signal.c in Linux kernel 2.6.11 up ...)
+ {DSA-1017-1}
- linux-2.6 2.6.13-1
CVE-2005-3849 (Cross-site scripting (XSS) vulnerability in the Search module in ...)
- pmwiki <itp> (bug #330117)
@@ -6194,6 +6281,7 @@
CVE-2005-3807 (Memory leak in the VFS file lease handling in locks.c in Linux kernels ...)
- linux-2.6 2.6.14-4
CVE-2005-3857 (The time_out_leases function in locks.c for Linux kernel before ...)
+ {DSA-1018-1 DSA-1017-1}
- linux-2.6 2.6.14-4 (low)
CVE-2005-XXXX [user logout in drupal has no effect]
[sarge] - drupal <not-affected> (bug was introduced after 4.5.3)
@@ -6489,11 +6577,13 @@
CVE-2005-3359 (The atm module in Linux kernel 2.6 before 2.6.14 allows local users to ...)
TODO: check
CVE-2005-3358 (Linux kernel before 2.6.15 allows local users to cause a denial of ...)
+ {DSA-1017-1}
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
TODO: check 2.4
CVE-2005-3357 (mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost ...)
- apache2 2.0.55-4 (bug #351246)
CVE-2005-3356 (The mq_open system call in Linux kernel 2.6.9, in certain situations, ...)
+ {DSA-1017-1}
- linux-2.6 2.6.15-4
CVE-2005-3355 (Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has ...)
{DSA-901-1}
@@ -6961,6 +7051,7 @@
CVE-2005-3238 (Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket Option ...)
NOT-FOR-US: Solaris
CVE-2005-3257 (The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and ...)
+ {DSA-1018-1 DSA-1017-1}
- linux-2.6 2.6.14-4 (bug #334113; medium)
CVE-2005-3237 (Cross-site scripting (XSS) vulnerability in Cyphor 0.19 allows remote ...)
NOT-FOR-US: Cyphor
@@ -7125,12 +7216,14 @@
{DSA-887-1 DTSA-21-1}
- clamav 0.87.1-1 (bug #333566; medium)
CVE-2005-3181 (The audit system in Linux kernel before 2.6.13.4, when ...)
+ {DSA-1017-1}
- linux-2.6 2.6.13+2.6.14-rc4-0experimental1 (low)
- kernel-source-2.4.27 <not-affected> (2.4 kernels don't have CONFIG_AUDITSYSCALL)
CVE-2005-XXXX [Missing safemode checks in PHP's _php_image_output functions]
- php5 5.0.5-2 (low)
- php4 4:4.4.0-3 (low)
CVE-2005-3180 (The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does ...)
+ {DSA-1017-1}
- linux-2.6 2.6.13+2.6.14-rc4-0experimental.1 (medium)
CVE-2005-3119 (Memory leak in the request_key_auth_destroy function in ...)
- linux-2.6 2.6.13-2 (low)
@@ -7532,12 +7625,14 @@
RESERVED
- twiki 20040902-2 (bug #330733; high)
CVE-2005-3055 (Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial ...)
+ {DSA-1017-1}
- linux-2.6 <unfixed> (bug #330287; bug #332587; medium)
- kernel-source-2.4.27 <not-affected>
CVE-2005-3054 (fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not ...)
- php4 4:4.4.0-3 (bug #353585; bug #354685; medium)
- php5 5.0.5-2 (bug #353585; medium)
CVE-2005-3053 (The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x ...)
+ {DSA-1017-1}
- linux-2.6 2.6.12-3 (bug #330343; bug #330353; medium)
CVE-2005-3052 (SQL injection vulnerability in module/down.inc.php in jportal 2.3.1 ...)
NOT-FOR-US: jportal
@@ -7730,6 +7825,7 @@
{DSA-890-1}
- libungif4 4.1.3-4 (bug #337972; medium)
CVE-2005-2973 (The udp_v6_get_port function in udp.c in Linux 2.6 before 2.6.14-rc5, ...)
+ {DSA-1018-1 DSA-1017-1}
- linux-2.6 2.6.13+2.6.14-rc4-0experimental.1 (low)
CVE-2005-2972 (Multiple stack-based buffer overflows in the RTF import feature in ...)
{DSA-894-1}
@@ -7854,8 +7950,8 @@
RESERVED
CVE-2005-2923 (The IMAP server in IMail Server 8.20 in Ipswitch Collaboration Suite ...)
NOT-FOR-US: Ipswitch Collaboration Suite
-CVE-2005-2922
- RESERVED
+CVE-2005-2922 (Heap-based buffer overflow in the embedded player in multiple ...)
+ TODO: check
CVE-2005-2921
RESERVED
CVE-2005-2916 (Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions ...)
@@ -7959,6 +8055,7 @@
{DSA-822-1}
- gtkdiskfree 1.9.3-4sarge1 (bug #328566; low)
CVE-2005-3044 (Multiple vulnerabilities in Linux kernel before 2.6.13.2 allow local ...)
+ {DSA-1017-1}
- linux-2.6 2.6.12-7 (medium)
- kernel-source-2.4.27 <not-affected> (code is vulnerable but there is no amd64 for 2.4 in Sarge)
CVE-2005-2877 (The history (revision control) function in TWiki 02-Sep-2004 and ...)
@@ -8130,6 +8227,7 @@
[sarge] - hiki <not-affected> (code not present in sarge)
- hiki 0.8.3-1
CVE-2005-2800 (Memory leak in the seq_file implemenetation in the SCSI procfs ...)
+ {DSA-1017-1}
- linux-2.6 2.6.12-6 (low)
- kernel-source-2.4.27 <not-affected> (seq_file introduced in 2.6)
CVE-2005-2799 (Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and ...)
@@ -8321,13 +8419,14 @@
TODO: check
CVE-2005-2712 (The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1, 6.5.5, ...)
TODO: check
-CVE-2005-2711
- RESERVED
+CVE-2005-2711 (ISS BlackIce 3.6, as used in multiple products including BlackICE PC ...)
+ TODO: check
CVE-2005-2710 (Format string vulnerability in Real HelixPlayer and RealPlayer 10 ...)
{DSA-826-1}
NOTE: see http://www.open-security.org/advisories/13
- helix-player 1.0.6-1 (bug #330364; high)
CVE-2005-2709 (The sysctl functionality (sysctl.c) in Linux kernel before 2.6.14.1 ...)
+ {DSA-1018-1 DSA-1017-1}
- linux-2.6 2.6.14-3
CVE-2005-2708 (The search_binary_handler function in exec.c in Linux 2.4 kernel on ...)
- kernel-source-2.4.27 <not-affected> (amd64/2.4 not supported)
@@ -8937,7 +9036,7 @@
{DSA-778-1}
- mantis 0.19.2-4 (medium)
CVE-2005-2555 (Linux kernel 2.6.x does not properly restrict socket policy access to ...)
- {DTSA-16-1}
+ {DSA-1018-1 DSA-1017-1 DTSA-16-1}
- linux-2.6 2.6.12-6 (medium)
CVE-2004-2388 (rexecd for AIX 4.3.3 does not properly use a local copy of the pwd ...)
NOT-FOR-US: rexecd
@@ -9287,6 +9386,7 @@
- python2.2 2.2.3dfsg-4 (medium)
- python2.3 2.3.5-8 (medium)
CVE-2005-2490 (Stack-based buffer overflow in the sendmsg function call in the Linux ...)
+ {DSA-1017-1}
- linux-2.6 2.6.12-7 (bug #327416; medium)
CVE-2004-2302 (Race condition in the sysfs_read_file and sysfs_write_file functions ...)
{DSA-922-1 DTSA-16-1}
@@ -9514,7 +9614,7 @@
CVE-2005-XXXX [Crypto weakness in Tor's handshaking process]
- tor 0.1.0.14-1 (medium)
CVE-2005-2457 (The driver for compressed ISO file systems (zisofs) in the Linux ...)
- {DTSA-16-1}
+ {DSA-1018-1 DSA-1017-1 DTSA-16-1}
- linux-2.6 2.6.12-3 (medium)
CVE-2005-2456 (Array index overflow in the xfrm_sk_policy_insert function in ...)
{DSA-922-1 DSA-921-1 DTSA-16-1}
@@ -11083,7 +11183,7 @@
NOTE: tomcat5 in experimental has this fix as well
CVE-2005-2089 (Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web ...)
NOT-FOR-US: Microsoft
-CVE-2005-2088 (Apache 2.0.45 and 1.3.29, when acting as an HTTP proxy, allows remote ...)
+CVE-2005-2088 (The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when ...)
{DSA-805-1 DSA-803-1}
- apache 1.3.33-8 (bug #322607; medium)
- apache2 2.0.54-5 (bug #316173; medium)
@@ -12576,7 +12676,7 @@
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc5)
- kernel-source-2.4.27 2.4.27-11
CVE-2005-1761 (Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users ...)
- {DSA-922-1 DTSA-16-1}
+ {DSA-1018-1 DSA-922-1 DTSA-16-1}
- linux-2.6 2.6.12-1 (medium)
CVE-2005-1760 (sysreport 1.3.15 and earlier includes contents of the up2date file in ...)
NOT-FOR-US: sysreport
@@ -17466,6 +17566,7 @@
CVE-2005-0450 (Directory traversal vulnerability in Sami HTTP Server 1.0.5 allows ...)
NOT-FOR-US: Sami HTTP Server
CVE-2005-0449 (The netfilter/iptables module in Linux before 2.6.8.1 allows remote ...)
+ {DSA-1018-1 DSA-1017-1}
- linux-2.6 <not-affected> (Vulnerable code was removed betwen 2.6.11 and 2.6.12)
CVE-2005-0448 (Race condition in the rmtree function in File::Path.pm in Perl before ...)
{DSA-696-1}
@@ -18532,6 +18633,7 @@
CVE-2005-0125 (The "at" commands on Mac OS X 10.3.7 and earlier do not properly drop ...)
NOT-FOR-US: MacOS
CVE-2005-0124 (The coda_pioctl function in the coda functionality (pioctl.c) for ...)
+ {DSA-1017-1}
TODO: Check, when this was fixed upstream
CVE-2005-0123
RESERVED
@@ -19600,6 +19702,7 @@
CVE-2004-1059 (Multiple cross-site scripting (XSS) vulnerabilities in mnoGoSearch ...)
- mnogosearch 3.2.18-2.2
CVE-2004-1058 (Race condition in Linux kernel 2.6 allows local users to read the ...)
+ {DSA-1018-1}
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2004-1057 (Multiple drivers in Linux kernel 2.4.19 and earlier do not properly ...)
@@ -19698,6 +19801,7 @@
- php4 4:4.3.10-1
- php3 3:3.0.18-29
CVE-2004-1017 (Multiple "overflows" in the io_edgeport driver for Linux kernel 2.4.x ...)
+ {DSA-1017-1}
- linux-2.6 <not-affected> (2.4 specific vulnerability)
CVE-2004-1016 (The scm_send function in the scm layer for Linux kernel 2.4.x up to ...)
- linux-2.6 <not-affected> (Fixed before upload into archive)
@@ -20066,6 +20170,7 @@
NOTE: In version 1.1.20final+rc1-10, the dormant code in the source
NOTE: package was fixed.
CVE-2004-0887 (SUSE Linux Enterprise Server 9 on the S/390 platform does not properly ...)
+ {DSA-1018-1}
- linux-2.6 <not-affected> (Fixed before upload into archive)
- kernel-source-2.6.8 2.6.8-10
CVE-2004-0886 (Multiple integer overflows in libtiff 3.6.1 and earlier allow remote ...)
More information about the Secure-testing-commits
mailing list