[Secure-testing-commits] r4012 - data/CVE
Joey Hess
joeyh at costa.debian.org
Sat May 20 21:14:35 UTC 2006
Author: joeyh
Date: 2006-05-20 21:14:31 +0000 (Sat, 20 May 2006)
New Revision: 4012
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-05-20 21:00:32 UTC (rev 4011)
+++ data/CVE/list 2006-05-20 21:14:31 UTC (rev 4012)
@@ -1893,6 +1893,7 @@
CVE-2006-1696 (Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 ...)
- gallery 1.5.3-1 (bug #361758)
CVE-2006-1695 (The fbgs script in the fbi package 2.01-1.4, when the TMPDIR ...)
+ {DSA-1068-1}
- fbi <unfixed> (bug #361370)
CVE-2006-1694 (SQL injection vulnerability in members.php in XBrite Members 1.1 and ...)
NOT-FOR-US: XBrite Members
@@ -19670,6 +19671,7 @@
TODO: check, when this was fixed in 2.6
CVE-2005-0528 [mremap kernel issue]
RESERVED
+ {DSA-1067-1}
TODO: Fixed for Woody, check 2.4 and 2.6
CVE-2005-0527 (Firefox 1.0 allows remote attackers to execute arbitrary code via ...)
- mozilla-firefox 1.0.1
@@ -19727,6 +19729,7 @@
CVE-2005-0505 (Unknown vulnerability in Information Resource Manager (IRM) before ...)
- irm 1.5.3.1-1
CVE-2005-0504 (Buffer overflow in the MoxaDriverIoctl function for the moxa serial ...)
+ {DSA-1067-1}
- kernel-source-2.6.8 2.6.8-12
- kernel-source-2.6.9 2.6.9-5
- kernel-source-2.6.10 2.6.10-2
@@ -19761,6 +19764,7 @@
- curl 7.13.0-2
CVE-2005-0489
RESERVED
+ {DSA-1067-1}
CVE-2004-1702 (The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to ...)
- cfengine2 2.1.8-1
CVE-2004-1701 (Heap-based buffer overflow in the AuthenticationDialogue function in ...)
@@ -20463,6 +20467,7 @@
{DSA-693-1}
- luxman 0.41-20 (bug #299857)
CVE-2005-0384 (Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 ...)
+ {DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive)
TODO: Check, when this was fixed upstream
- kernel-source-2.4.27 2.4.27-9
@@ -21346,6 +21351,7 @@
TODO: Check, whether 2.4 is affected
[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0135 (The unw_unwind_to_user function in unwind.c on Itanium (ia64) ...)
+ {DSA-1067-1}
TODO: Check, when this was fixed upstream
TODO: Check, whether 2.4 is affected
[sarge] - kernel-source-2.6.8 2.6.8-14
@@ -21376,7 +21382,7 @@
CVE-2005-0125 (The "at" commands on Mac OS X 10.3.7 and earlier do not properly drop ...)
NOT-FOR-US: MacOS
CVE-2005-0124 (The coda_pioctl function in the coda functionality (pioctl.c) for ...)
- {DSA-1017-1}
+ {DSA-1067-1 DSA-1017-1}
TODO: Check, when this was fixed upstream
CVE-2005-0123
RESERVED
@@ -21775,12 +21781,14 @@
- mysql-dfsg-4.1 4.1.8a-6
- mysql-dfsg 4.0.23-3
CVE-2005-0003 (The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit ...)
+ {DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
- kernel-source-2.4.27 2.4.27-9
[sarge] - kernel-source-2.6.8 2.6.8-9
CVE-2005-0002 (poppassd_pam 1.0 and earlier, when changing a user password, does not ...)
NOT-FOR-US: poppassd_pam
CVE-2005-0001 (Race condition in the page fault handler (fault.c) for Linux kernel ...)
+ {DSA-1067-1}
NOTE: i386 and smp specific
TODO: Check, when this was fixed upstream
- linux-2.6 <not-affected> (Fixed before upload into archive)
@@ -21797,6 +21805,7 @@
CVE-2004-1336 (The xdvizilla script in tetex-bin 2.0.2 creates temporary files with ...)
- tetex-bin 2.0.2-25
CVE-2004-1335 (Memory leak in the ip_options_get function in the Linux kernel before ...)
+ {DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
[sarge] - kernel-source-2.6.8 2.6.8-11
- kernel-source-2.4.27 2.4.27-9
@@ -21805,6 +21814,7 @@
[sarge] - kernel-source-2.6.8 2.6.8-11
- kernel-source-2.4.27 <not-affected>
CVE-2004-1333 (Integer overflow in the vc_resize function in the Linux kernel 2.4 and ...)
+ {DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
[sarge] - kernel-source-2.6.8 2.6.8-11
- kernel-source-2.4.27 2.4.27-9
@@ -22013,10 +22023,12 @@
CVE-2004-1236 (Buffer overflow in the LDAP component for Netscape Directory Server ...)
NOT-FOR-US: Netscape Directory Server on HP-UX
CVE-2004-1235 (Race condition in the (1) load_elf_library and (2) binfmt_aout ...)
+ {DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive)
TODO: Check, when this was fixed
- kernel-source-2.4.27 2.4.27-8 (bug #289202; bug #289708; bug #291053; high)
CVE-2004-1234 (load_elf_binary in Linux before 2.4.26 allows local users to cause a ...)
+ {DSA-1067-1}
- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26)
CVE-2004-1233 (Integer overflow in Gadu-Gadu allows remote attackers to cause a ...)
NOT-FOR-US: Gadu-Gadu
@@ -22397,23 +22409,28 @@
CVE-2004-1075 (Cross-site scripting (XSS) vulnerability in standard_error_message.dtml ...)
- zope-zwiki 0.37.0-1
CVE-2004-1074 (The binfmt functionality in the Linux kernel, when "memory overcommit" ...)
+ {DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive)
TODO: Check, which version fixed this
[sarge] - kernel-source-2.6.8 2.6.8-11
- kernel-source-2.4.27 2.4.27-7
CVE-2004-1073 (The open_exec function in the execve functionality (exec.c) in Linux ...)
+ {DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive)
TODO: Check, which version fixed this
- kernel-source-2.4.27 2.4.27-6
CVE-2004-1072 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to ...)
+ {DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive)
TODO: Check, which version fixed this
- kernel-source-2.4.27 2.4.27-6
CVE-2004-1071 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to ...)
+ {DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive)
TODO: Check, which version fixed this
- kernel-source-2.4.27 2.4.27-6
CVE-2004-1070 (The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) ...)
+ {DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive)
TODO: Check, which version fixed this
- kernel-source-2.4.27 2.4.27-6
@@ -22423,6 +22440,7 @@
- kernel-source-2.4.27 <not-affected> (2.6 only issue)
[sarge] - kernel-source-2.6.8 2.6.8-11
CVE-2004-1068 (A "missing serialization" error in the unix_dgram_recvmsg function in ...)
+ {DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.9)
- kernel-source-2.4.27 2.4.27-7
[sarge] - kernel-source-2.6.8 2.6.8-11
@@ -22544,9 +22562,10 @@
- php4 4:4.3.10-1
- php3 3:3.0.18-29
CVE-2004-1017 (Multiple "overflows" in the io_edgeport driver for Linux kernel 2.4.x ...)
- {DSA-1017-1}
+ {DSA-1067-1 DSA-1017-1}
- linux-2.6 <not-affected> (2.4 specific vulnerability)
CVE-2004-1016 (The scm_send function in the scm layer for Linux kernel 2.4.x up to ...)
+ {DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive)
- kernel-source-2.4.27 2.4.27-7
CVE-2004-1015 (Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, ...)
@@ -22613,6 +22632,7 @@
- netkit-telnet-ssl 0.17.24+0.1-6
CVE-2004-0997
RESERVED
+ {DSA-1067-1}
CVE-2004-0996 (main.c in cscope 15-4 and 15-5 creates temporary files with ...)
{DSA-610-1}
- cscope 15.5-1.1 (bug #282815)
@@ -22743,6 +22763,7 @@
CVE-2004-0950 (NetOp Host before 7.65 build 2004278 allows remote attackers to obtain ...)
NOT-FOR-US: NetOp Host
CVE-2004-0949 (The smb_recv_trans2 function call in the samba filesystem (smbfs) in ...)
+ {DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.9)
- kernel-source-2.4.27 <unfixed>
CVE-2004-0948
@@ -22928,6 +22949,7 @@
- cyrus-sasl <removed>
- cyrus-sasl2 2.1.19-1.3 (bug #275431; bug #276865; bug #275432; bug #275553)
CVE-2004-0883 (Multiple vulnerabilities in the samba filesystem (smbfs) in Linux ...)
+ {DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive)
TODO: Check, when this was fixed
- kernel-source-2.4.27 2.4.27-6
@@ -23430,6 +23452,7 @@
CVE-2004-0686 (Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the ...)
- samba 3.0.5 (bug #260839; bug #260838)
CVE-2004-0685 (Certain USB drivers in the Linux 2.4 kernel use the copy_to_user ...)
+ {DSA-1067-1}
- kernel-source-2.4.27 2.4.27-1
CVE-2004-0684 (WebSphere Edge Component Caching Proxy in WebSphere Edge Server 5.02, ...)
NOT-FOR-US: WebSphere Edge Server
@@ -23715,6 +23738,7 @@
CVE-2004-0566 (Integer overflow in imgbmp.cxx for Windows 2000 allows remote ...)
NOT-FOR-US: Windows
CVE-2004-0565 (Floating point information leak in the context switch code for Linux ...)
+ {DSA-1067-1}
- kernel-source-2.4.27 2.4.27-1
TODO: Check 2.6
CVE-2004-0564 (Roaring Penguin pppoe (rp-ppoe), if installed or configured to run ...)
@@ -23749,6 +23773,7 @@
{DSA-643-1}
- queue 1.30.1-5
CVE-2004-0554 (Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a ...)
+ {DSA-1067-1}
- kernel-source-2.4.27 2.4.27-1
- linux-2.6 2.6.12-1 (bug #261521)
TODO: Check 2.6, entries look flaky
@@ -23990,6 +24015,7 @@
{DSA-510}
- jftpgw 0.13.4-1
CVE-2004-0447 (Unknown vulnerability in Linux before 2.4.26 for IA64 allows local ...)
+ {DSA-1067-1}
- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26)
CVE-2004-0446
RESERVED
@@ -24032,6 +24058,7 @@
CVE-2004-0428 (Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS ...)
NOT-FOR-US: Mac OS X)
CVE-2004-0427 (The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before ...)
+ {DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload of linux-2.6 package into the archive; 2.6.6)
- kernel-source-2.4.27 <not-affected> (Fixed before upload of package into the archive; 2.4.26)
CVE-2004-0426 (rsync before 2.6.1 does not properly sanitize paths when running a ...)
@@ -24127,6 +24154,7 @@
{DSA-509}
- gatos 0.0.5-12
CVE-2004-0394 (A "potential" buffer overflow exists in the panic() function in Linux ...)
+ {DSA-1067-1}
- linux-2.6 <not-affected>
NOTE: patch: http://www.ultramonkey.org/bugs/cve-patch/CVE-2004-0394.patch
TODO: not fixed in 2.4.27 by inspection, didn't bother with a bug
@@ -24621,6 +24649,7 @@
NOT-FOR-US: SGI IRIX
CVE-2004-0138
RESERVED
+ {DSA-1067-1}
CVE-2004-0137 (Unknown vulnerability in init for IRIX 6.5.20 through 6.5.24 allows ...)
NOT-FOR-US: IRIX init
CVE-2004-0136 (The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows ...)
@@ -24976,6 +25005,7 @@
CVE-2003-0986 (Various routines for the ppc64 architecture on Linux kernel 2.6 prior ...)
TODO: check
CVE-2003-0984 (Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do ...)
+ {DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.2)
- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.24-rc1)
CVE-2003-0983 (Cisco Unity on IBM servers is shipped with default settings that ...)
More information about the Secure-testing-commits
mailing list