[Secure-testing-commits] r4105 - data/CVE

Joey Hess joeyh at costa.debian.org
Wed May 31 21:14:31 UTC 2006 

Author: joeyh
Date: 2006-05-31 21:14:28 +0000 (Wed, 31 May 2006)
New Revision: 4105

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-05-31 19:36:23 UTC (rev 4104)
+++ data/CVE/list	2006-05-31 21:14:28 UTC (rev 4105)
@@ -8094,7 +8094,7 @@
 CVE-2005-3864 (SQL injection vulnerability in index.php in SourceWell 1.1.2 and ...)
 	NOT-FOR-US: SourceWell
 CVE-2005-3863 (Stack-based buffer overflow in kkstrtext.h in ktools library 0.3 and ...)
-	{DTSA-23-1}
+	{DSA-1083-1 DTSA-23-1}
 	- centericq 4.21.0-6 (bug #340959; medium)
 	- orpheus <unfixed> (bug #368402; medium)
 	- motor 2:3.4.0-6 (bug #368400; medium)
@@ -20063,7 +20063,7 @@
 	TODO: check, when this was fixed in 2.6
 CVE-2005-0528 [mremap kernel issue]
 	RESERVED
-	{DSA-1070-1 DSA-1069-1 DSA-1067-1}
+	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
 	TODO: Fixed for Woody, check 2.4 and 2.6
 CVE-2005-0527 (Firefox 1.0 allows remote attackers to execute arbitrary code via ...)
 	- mozilla-firefox 1.0.1
@@ -20121,7 +20121,7 @@
 CVE-2005-0505 (Unknown vulnerability in Information Resource Manager (IRM) before ...)
 	- irm 1.5.3.1-1
 CVE-2005-0504 (Buffer overflow in the MoxaDriverIoctl function for the moxa serial ...)
-	{DSA-1070-1 DSA-1069-1 DSA-1067-1}
+	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
 	- kernel-source-2.6.8 2.6.8-12
 	- kernel-source-2.6.9 2.6.9-5
 	- kernel-source-2.6.10 2.6.10-2
@@ -20156,7 +20156,7 @@
 	- curl 7.13.0-2
 CVE-2005-0489
 	RESERVED
-	{DSA-1070-1 DSA-1069-1 DSA-1067-1}
+	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
 CVE-2004-1702 (The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to ...)
 	- cfengine2 2.1.8-1
 CVE-2004-1701 (Heap-based buffer overflow in the AuthenticationDialogue function in ...)
@@ -20859,7 +20859,7 @@
 	{DSA-693-1}
 	- luxman 0.41-20 (bug #299857)
 CVE-2005-0384 (Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 ...)
-	{DSA-1070-1 DSA-1069-1 DSA-1067-1}
+	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
 	- linux-2.6 <not-affected> (Fixed before upload into archive)
 	TODO: Check, when this was fixed upstream
 	- kernel-source-2.4.27 2.4.27-9
@@ -21743,7 +21743,7 @@
 	TODO: Check, whether 2.4 is affected
 	[sarge] - kernel-source-2.6.8 2.6.8-14
 CVE-2005-0135 (The unw_unwind_to_user function in unwind.c on Itanium (ia64) ...)
-	{DSA-1070-1 DSA-1069-1 DSA-1067-1}
+	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
 	TODO: Check, when this was fixed upstream
 	TODO: Check, whether 2.4 is affected
 	[sarge] - kernel-source-2.6.8 2.6.8-14
@@ -21774,7 +21774,7 @@
 CVE-2005-0125 (The &quot;at&quot; commands on Mac OS X 10.3.7 and earlier do not properly drop ...)
 	NOT-FOR-US: MacOS
 CVE-2005-0124 (The coda_pioctl function in the coda functionality (pioctl.c) for ...)
-	{DSA-1070-1 DSA-1069-1 DSA-1067-1 DSA-1017-1}
+	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1 DSA-1017-1}
 	TODO: Check, when this was fixed upstream
 CVE-2005-0123
 	RESERVED
@@ -22173,14 +22173,14 @@
 	- mysql-dfsg-4.1 4.1.8a-6
 	- mysql-dfsg 4.0.23-3
 CVE-2005-0003 (The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit ...)
-	{DSA-1070-1 DSA-1069-1 DSA-1067-1}
+	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
 	- kernel-source-2.4.27 2.4.27-9
 	[sarge] - kernel-source-2.6.8 2.6.8-9
 CVE-2005-0002 (poppassd_pam 1.0 and earlier, when changing a user password, does not ...)
 	NOT-FOR-US: poppassd_pam
 CVE-2005-0001 (Race condition in the page fault handler (fault.c) for Linux kernel ...)
-	{DSA-1070-1 DSA-1069-1 DSA-1067-1}
+	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
 	NOTE: i386 and smp specific
 	TODO: Check, when this was fixed upstream
 	- linux-2.6 <not-affected> (Fixed before upload into archive)
@@ -22197,7 +22197,7 @@
 CVE-2004-1336 (The xdvizilla script in tetex-bin 2.0.2 creates temporary files with ...)
 	- tetex-bin 2.0.2-25
 CVE-2004-1335 (Memory leak in the ip_options_get function in the Linux kernel before ...)
-	{DSA-1070-1 DSA-1069-1 DSA-1067-1}
+	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
 	[sarge] - kernel-source-2.6.8 2.6.8-11
 	- kernel-source-2.4.27 2.4.27-9
@@ -22206,7 +22206,7 @@
 	[sarge] - kernel-source-2.6.8 2.6.8-11
 	- kernel-source-2.4.27 <not-affected>
 CVE-2004-1333 (Integer overflow in the vc_resize function in the Linux kernel 2.4 and ...)
-	{DSA-1070-1 DSA-1069-1 DSA-1067-1}
+	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
 	[sarge] - kernel-source-2.6.8 2.6.8-11
 	- kernel-source-2.4.27 2.4.27-9
@@ -22415,12 +22415,12 @@
 CVE-2004-1236 (Buffer overflow in the LDAP component for Netscape Directory Server ...)
 	NOT-FOR-US: Netscape Directory Server on HP-UX
 CVE-2004-1235 (Race condition in the (1) load_elf_library and (2) binfmt_aout ...)
-	{DSA-1070-1 DSA-1069-1 DSA-1067-1}
+	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
 	- linux-2.6 <not-affected> (Fixed before upload into archive)
 	TODO: Check, when this was fixed
 	- kernel-source-2.4.27 2.4.27-8 (bug #289202; bug #289708; bug #291053; high)
 CVE-2004-1234 (load_elf_binary in Linux before 2.4.26 allows local users to cause a ...)
-	{DSA-1070-1 DSA-1069-1 DSA-1067-1}
+	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
 	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26)
 CVE-2004-1233 (Integer overflow in Gadu-Gadu allows remote attackers to cause a ...)
 	NOT-FOR-US: Gadu-Gadu
@@ -22801,28 +22801,28 @@
 CVE-2004-1075 (Cross-site scripting (XSS) vulnerability in standard_error_message.dtml ...)
 	- zope-zwiki 0.37.0-1
 CVE-2004-1074 (The binfmt functionality in the Linux kernel, when &quot;memory overcommit&quot; ...)
-	{DSA-1070-1 DSA-1069-1 DSA-1067-1}
+	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
 	- linux-2.6 <not-affected> (Fixed before upload into archive)
 	TODO: Check, which version fixed this
 	[sarge] - kernel-source-2.6.8 2.6.8-11
 	- kernel-source-2.4.27 2.4.27-7
 CVE-2004-1073 (The open_exec function in the execve functionality (exec.c) in Linux ...)
-	{DSA-1070-1 DSA-1069-1 DSA-1067-1}
+	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
 	- linux-2.6 <not-affected> (Fixed before upload into archive)
 	TODO: Check, which version fixed this
 	- kernel-source-2.4.27 2.4.27-6
 CVE-2004-1072 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to ...)
-	{DSA-1070-1 DSA-1069-1 DSA-1067-1}
+	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
 	- linux-2.6 <not-affected> (Fixed before upload into archive)
 	TODO: Check, which version fixed this
 	- kernel-source-2.4.27 2.4.27-6
 CVE-2004-1071 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to ...)
-	{DSA-1070-1 DSA-1069-1 DSA-1067-1}
+	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
 	- linux-2.6 <not-affected> (Fixed before upload into archive)
 	TODO: Check, which version fixed this
 	- kernel-source-2.4.27 2.4.27-6
 CVE-2004-1070 (The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) ...)
-	{DSA-1070-1 DSA-1069-1 DSA-1067-1}
+	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
 	- linux-2.6 <not-affected> (Fixed before upload into archive)
 	TODO: Check, which version fixed this
 	- kernel-source-2.4.27 2.4.27-6
@@ -22832,7 +22832,7 @@
 	- kernel-source-2.4.27 <not-affected> (2.6 only issue)
 	[sarge] - kernel-source-2.6.8 2.6.8-11
 CVE-2004-1068 (A &quot;missing serialization&quot; error in the unix_dgram_recvmsg function in ...)
-	{DSA-1070-1 DSA-1069-1 DSA-1067-1}
+	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.9)
 	- kernel-source-2.4.27 2.4.27-7
 	[sarge] - kernel-source-2.6.8 2.6.8-11
@@ -22954,10 +22954,10 @@
 	- php4 4:4.3.10-1
 	- php3 3:3.0.18-29
 CVE-2004-1017 (Multiple &quot;overflows&quot; in the io_edgeport driver for Linux kernel 2.4.x ...)
-	{DSA-1070-1 DSA-1069-1 DSA-1067-1 DSA-1017-1}
+	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1 DSA-1017-1}
 	- linux-2.6 <not-affected> (2.4 specific vulnerability)
 CVE-2004-1016 (The scm_send function in the scm layer for Linux kernel 2.4.x up to ...)
-	{DSA-1070-1 DSA-1069-1 DSA-1067-1}
+	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
 	- linux-2.6 <not-affected> (Fixed before upload into archive)
 	- kernel-source-2.4.27 2.4.27-7
 CVE-2004-1015 (Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, ...)
@@ -23024,7 +23024,7 @@
 	- netkit-telnet-ssl 0.17.24+0.1-6
 CVE-2004-0997
 	RESERVED
-	{DSA-1070-1 DSA-1069-1 DSA-1067-1}
+	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
 CVE-2004-0996 (main.c in cscope 15-4 and 15-5 creates temporary files with ...)
 	{DSA-610-1}
 	- cscope 15.5-1.1 (bug #282815)
@@ -23155,7 +23155,7 @@
 CVE-2004-0950 (NetOp Host before 7.65 build 2004278 allows remote attackers to obtain ...)
 	NOT-FOR-US: NetOp Host
 CVE-2004-0949 (The smb_recv_trans2 function call in the samba filesystem (smbfs) in ...)
-	{DSA-1070-1 DSA-1069-1 DSA-1067-1}
+	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.9)
 	- kernel-source-2.4.27 <unfixed>
 CVE-2004-0948
@@ -23341,7 +23341,7 @@
 	- cyrus-sasl <removed>
 	- cyrus-sasl2 2.1.19-1.3 (bug #275431; bug #276865; bug #275432; bug #275553)
 CVE-2004-0883 (Multiple vulnerabilities in the samba filesystem (smbfs) in Linux ...)
-	{DSA-1070-1 DSA-1069-1 DSA-1067-1}
+	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
 	- linux-2.6 <not-affected> (Fixed before upload into archive)
 	TODO: Check, when this was fixed
 	- kernel-source-2.4.27 2.4.27-6
@@ -23844,7 +23844,7 @@
 CVE-2004-0686 (Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the ...)
 	- samba 3.0.5 (bug #260839; bug #260838)
 CVE-2004-0685 (Certain USB drivers in the Linux 2.4 kernel use the copy_to_user ...)
-	{DSA-1070-1 DSA-1069-1 DSA-1067-1}
+	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
 	- kernel-source-2.4.27 2.4.27-1
 CVE-2004-0684 (WebSphere Edge Component Caching Proxy in WebSphere Edge Server 5.02, ...)
 	NOT-FOR-US: WebSphere Edge Server
@@ -24130,7 +24130,7 @@
 CVE-2004-0566 (Integer overflow in imgbmp.cxx for Windows 2000 allows remote ...)
 	NOT-FOR-US: Windows
 CVE-2004-0565 (Floating point information leak in the context switch code for Linux ...)
-	{DSA-1070-1 DSA-1069-1 DSA-1067-1}
+	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
 	- kernel-source-2.4.27 2.4.27-1
 	TODO: Check 2.6
 CVE-2004-0564 (Roaring Penguin pppoe (rp-ppoe), if installed or configured to run ...)
@@ -24165,7 +24165,7 @@
 	{DSA-643-1}
 	- queue 1.30.1-5
 CVE-2004-0554 (Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a ...)
-	{DSA-1070-1 DSA-1069-1 DSA-1067-1}
+	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
 	- kernel-source-2.4.27 2.4.27-1 
 	- linux-2.6 2.6.12-1 (bug #261521)
 	TODO: Check 2.6, entries look flaky
@@ -24407,7 +24407,7 @@
 	{DSA-510}
 	- jftpgw 0.13.4-1
 CVE-2004-0447 (Unknown vulnerability in Linux before 2.4.26 for IA64 allows local ...)
-	{DSA-1070-1 DSA-1069-1 DSA-1067-1}
+	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
 	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26)
 CVE-2004-0446
 	RESERVED
@@ -24450,7 +24450,7 @@
 CVE-2004-0428 (Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS ...)
 	NOT-FOR-US: Mac OS X)
 CVE-2004-0427 (The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before ...)
-	{DSA-1070-1 DSA-1069-1 DSA-1067-1}
+	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
 	- linux-2.6 <not-affected> (Fixed before upload of linux-2.6 package into the archive; 2.6.6)
 	- kernel-source-2.4.27 <not-affected> (Fixed before upload of package into the archive; 2.4.26)
 CVE-2004-0426 (rsync before 2.6.1 does not properly sanitize paths when running a ...)
@@ -24546,7 +24546,7 @@
 	{DSA-509}
 	- gatos 0.0.5-12
 CVE-2004-0394 (A &quot;potential&quot; buffer overflow exists in the panic() function in Linux ...)
-	{DSA-1070-1 DSA-1069-1 DSA-1067-1}
+	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
 	- linux-2.6 <not-affected>
 	NOTE: patch: http://www.ultramonkey.org/bugs/cve-patch/CVE-2004-0394.patch
 	TODO: not fixed in 2.4.27 by inspection, didn't bother with a bug
@@ -25041,7 +25041,7 @@
 	NOT-FOR-US: SGI IRIX
 CVE-2004-0138
 	RESERVED
-	{DSA-1070-1 DSA-1069-1 DSA-1067-1}
+	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
 CVE-2004-0137 (Unknown vulnerability in init for IRIX 6.5.20 through 6.5.24 allows ...)
 	NOT-FOR-US: IRIX init
 CVE-2004-0136 (The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows ...)
@@ -25397,7 +25397,7 @@
 CVE-2003-0986 (Various routines for the ppc64 architecture on Linux kernel 2.6 prior ...)
 	TODO: check
 CVE-2003-0984 (Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do ...)
-	{DSA-1070-1 DSA-1069-1 DSA-1067-1}
+	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.2)
 	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.24-rc1)
 CVE-2003-0983 (Cisco Unity on IBM servers is shipped with default settings that ...)

More information about the Secure-testing-commits mailing list