[Secure-testing-commits] r8959 - data/CVE
fw at alioth.debian.org
fw at alioth.debian.org
Mon Jun 2 18:21:39 UTC 2008
Author: fw
Date: 2008-06-02 18:21:36 +0000 (Mon, 02 Jun 2008)
New Revision: 8959
Modified:
data/CVE/list
Log:
Replace binary package names with source package names
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-06-02 18:20:36 UTC (rev 8958)
+++ data/CVE/list 2008-06-02 18:21:36 UTC (rev 8959)
@@ -454,7 +454,7 @@
CVE-2008-2281 (Cross-zone scripting vulnerability in the Print Table of Links feature ...)
NOT-FOR-US: Internet Explorer
CVE-2005-4875 (TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive ...)
- - typo3 4.0.2-1
+ - typo3-src 4.0.2-1
CVE-2008-2280 (Cross-site scripting (XSS) vulnerability in admin/index.php in Script ...)
NOT-FOR-US: PHP PicEngine
CVE-2008-2279 (Freelance Auction Script 1.0 stores user passwords in plaintext in the ...)
@@ -2365,7 +2365,7 @@
CVE-2008-1430 (SQL injection vulnerability in links.asp in ASPapp allows remote ...)
NOT-FOR-US: ASPapp
CVE-2008-1429 (Secure Internet Live Conferencing (SILC) Server before 1.1.1 allows ...)
- - silcd 1.1.1-1 (medium)
+ - silc-server 1.1.1-1 (medium)
CVE-2008-1428 (Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart ...)
NOT-FOR-US: Ubercart
CVE-2008-1427 (SQL injection vulnerability in the Joobi Acajoom (com_acajoom) 1.1.5 ...)
@@ -8322,7 +8322,7 @@
CVE-2007-5687 (Multiple buffer overflows in the rich text processing functionality in ...)
NOT-FOR-US: JustSystems Ichitaro
CVE-2007-5686 (initscripts in rPath Linux 1 sets insecure permissions for the ...)
- - login <unfixed> (unimportant)
+ - shadow <unfixed> (unimportant)
NOTE: See #290803, on Debian LOG_UNKFAIL_ENAB in login.defs is set to no so
NOTE: unknown usernames are not recorded on login failures
CVE-2007-5685 (The safe_path function in shttp before 0.0.5 allows remote attackers ...)
@@ -10136,7 +10136,7 @@
CVE-2004-2723 (NessusWX 1.4.4 stores account passwords in plaintext in .session ...)
NOT-FOR-US: NessusWXdd
CVE-2004-2722 (** DISPUTED ** ...)
- - nessus <unfixed> (unimportant)
+ - nessus-core <unfixed> (unimportant)
NOTE: this is no security issue assuming correct permissions
CVE-2004-2721 (The CheckGroup function in openSkat VTMF before 2.1 generates public ...)
NOT-FOR-US: openSkat
@@ -10693,8 +10693,8 @@
[etch] - mp <no-dsa> (Minor issue)
NOTE: Can be fixed in a point update
CVE-2007-5019 (Buffer overflow in the Sun Java Web Start ActiveX control in Java ...)
- - sun-java6-jre <unfixed> (unimportant)
- - sun-java5-jre <unfixed> (unimportant)
+ - sun-java6 <unfixed> (unimportant)
+ - sun-java5 <unfixed> (unimportant)
NOTE: exploiting this would not work under Linux
CVE-2007-5018 (Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote ...)
NOT-FOR-US: Pegasus Mail Mercury
@@ -11410,8 +11410,8 @@
CVE-2007-4725 (Stack consumption vulnerability in AkkyWareHOUSE 7-zip32.dll before ...)
NOT-FOR-US: AkkyWareHOUSE
CVE-2007-4724 (Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the ...)
- - tomcat5.5-webapps <not-affected> (Version already ships fixed files)
- - tomcat5-webapps <unfixed> (unimportant; bug #441205)
+ - tomcat5.5 <not-affected> (Version already ships fixed files)
+ - tomcat5 <unfixed> (unimportant; bug #441205)
- libservlet2.4-java 5.0.30-6 (unimportant)
NOTE: DSA should not be required, minor issue, jsp just present as example
CVE-2007-4723 (Directory traversal vulnerability in Ragnarok Online Control Panel ...)
@@ -12596,7 +12596,7 @@
CVE-2007-4230 (** DISPUTED ** ...)
NOT-FOR-US: BellaBiblio
CVE-2007-4229 (Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier allows ...)
- - konqueror <unfixed> (unimportant)
+ - kdebase <unfixed> (unimportant)
NOTE: Browser DoS not treated as vulnerabilities
CVE-2007-4228 (rmpvc on IBM AIX 4.3 allows local users to cause a denial of service ...)
NOT-FOR-US: AIX
@@ -12974,9 +12974,9 @@
- drupal5 5.2-1 (low)
NOTE: DRUPAL-SA-2007-017
CVE-2007-4062 (The SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll in Nessus ...)
- - nessus <not-affected> (Windows only)
+ - nessus-core <not-affected> (Windows only)
CVE-2007-4061 (Directory traversal vulnerability in a certain ActiveX control in ...)
- - nessus <not-affected> (Windows only)
+ - nessus-core <not-affected> (Windows only)
CVE-2007-4060 (Multiple buffer overflows in the HttpSprockMake function in http.c in ...)
NOT-FOR-US: corehttp
CVE-2007-4059 (Absolute path traversal vulnerability in a certain ActiveX control in ...)
@@ -13006,7 +13006,7 @@
- phpsysinfo 2.5.1-6.1 (unimportant; bug #435935)
- phpgroupware 0.9.16.012-1 (low; bug #435936)
[etch] - phpgroupware <not-affected> (Affected code is not used in phpgroupware)
- - egroupware-phpsysinfo 1.2.107-2.dfsg-1.1 (low; bug #435937)
+ - egroupware 1.2.107-2.dfsg-1.1 (low; bug #435937)
NOTE: phpsysinfo alone doesn't maintain any data, which makes this an issue
CVE-2007-4047 (geoBlog (aka BitDamaged) 1 does not require authentication for (1) ...)
NOT-FOR-US: geoBlog
@@ -15351,7 +15351,7 @@
{DSA-1342-1}
- xfs 1:1.0.4-2
CVE-2007-3102 (Unspecified vulnerability in the linux_audit_record_event function in ...)
- - openssh-server <not-affected> (This is a redhat/fedora specific issue)
+ - openssh <not-affected> (This is a redhat/fedora specific issue)
NOTE: this issue was introduced by a patch of redhat (openssh-4.3p1-audit.patch)
NOTE: The patch fixing this (openssh-4.3p2-cve-2007-3102.patch) can be found on:
NOTE: http://mirror.linux.duke.edu/pub/fedora/linux/core/updates/6/SRPMS/openssh-4.3p2-25.fc6.src.rpm
@@ -20574,7 +20574,7 @@
NOTE: Doesn't affect a standard Debian installation, only users, which install
NOTE: proprietary apps, it should be fixed for sanity, but not a direct vulnerability
CVE-2006-XXXX [pure-ftpd-mysql: any problems with a home dir will allow rw to the entire filesystem]
- - pure-ftpd-mysql 1.0.21-1 (low)
+ - pure-ftpd 1.0.21-1 (low)
NOTE: oldstable is affected
CVE-2007-XXXX [MediaWiki XSS based on Microsoft Internet Explorer's UTF-7 charset autodetection]
- mediawiki1.7 1.7.1-9 (low)
@@ -21191,7 +21191,7 @@
CVE-2007-0823 (xterm on Slackware Linux 10.2 stores information that had been ...)
- xterm <not-affected> (Not a security problem)
CVE-2007-0822 (umount, when running with the Linux 2.6.15 kernel on Slackware Linux ...)
- - mount <not-affected> (Not a security problem)
+ - util-linux <not-affected> (Not a security problem)
CVE-2007-0821 (Multiple directory traversal vulnerabilities in Cedric CLAIRE ...)
NOT-FOR-US: PortailPhp
CVE-2007-0820 (Multiple PHP remote file inclusion vulnerabilities in Cedric CLAIRE ...)
@@ -23738,7 +23738,7 @@
CVE-2006-6691 (Multiple PHP remote file inclusion vulnerabilities in Valdersoft ...)
NOT-FOR-US: Valdersoft Shopping Cart
CVE-2006-6690 (rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through ...)
- - typo3 4.0.2+debian-2 (high; bug #403906)
+ - typo3-src 4.0.2+debian-2 (high; bug #403906)
NOTE: http://typo3.org/news-single-view/?tx_newsimporter_pi1%5BshowItem%5D=0&cHash=e4a40a11a9
CVE-2006-6689 (Multiple PHP remote file inclusion vulnerabilities in Paristemi 0.8.3 ...)
NOT-FOR-US: Paristemi
@@ -27405,7 +27405,7 @@
CVE-2006-5070 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: faceStones Personal
CVE-2006-5069 (Cross-site scripting (XSS) vulnerability in class.tx_indexedsearch.php ...)
- - typo3 <not-affected> (only versions 4.0.0+4.0.1 affected)
+ - typo3-src <not-affected> (only versions 4.0.0+4.0.1 affected)
CVE-2006-5068 (PHP remote file inclusion vulnerability in admin/index.php in ...)
NOT-FOR-US: BrudaNews
CVE-2006-5067 (** DISPUTED ** ...)
@@ -30112,7 +30112,7 @@
CVE-2006-3880 (** DISPUTED ** ...)
NOT-FOR-US: Zen Cart
CVE-2006-3879 (Integer overflow in the loadChunk function in loaders/load_gt2.c in ...)
- - libmikmod2 <not-affected> (Debian's 3.1.1 version doesn't have GT2 support)
+ - libmikmod <not-affected> (Debian's 3.1.1 version doesn't have GT2 support)
CVE-2006-3878 (Opsware Network Automation System (NAS) 6.0 installs /etc/init.d/mysql ...)
NOT-FOR-US: Opsware Network Automation System
CVE-2006-3877 (Unspecified vulnerability in PowerPoint in Microsoft Office 2000, ...)
@@ -31930,10 +31930,10 @@
- gnupg2 1.9.20-1.1 (bug #375053; low)
CVE-2006-3081 (mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x ...)
{DSA-1112}
- - mysql-server-5.0 5.0.19-1 (bug #373913; high)
+ - mysql-dfsg-5.0 5.0.19-1 (bug #373913; high)
CVE-2006-3100 [termnetd buffer overflow]
RESERVED
- - termnetd 3.3-7 (bug #358028; medium)
+ - termpkg 3.3-7 (bug #358028; medium)
CVE-2006-3085 (xt_sctp in netfilter for Linux kernel before 2.6.17.1 allows attackers ...)
- linux-2.6 2.6.16-15
CVE-2006-XXXX [webalizer-stonesteps XSS]
@@ -32107,7 +32107,7 @@
CVE-2006-3006 (Cross-site scripting (XSS) vulnerability in iFoto 0.20, and possibly ...)
NOT-FOR-US: iFoto
CVE-2006-3005 (The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is ...)
- - libjpeg62 <not-affected> (--maxmem is set during configure)
+ - libjpeg6b <not-affected> (--maxmem is set during configure)
- libjpeg-mmx <removed> (bug #373672; low)
[sarge] - libjpeg-mmx <no-dsa> (If this poses a threat, the admin can apply resource limits)
CVE-2006-3004 (Multiple cross-site scripting (XSS) vulnerabilities in Ez Ringtone ...)
@@ -35375,7 +35375,7 @@
CVE-2006-1665 (Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal ...)
NOT-FOR-US: Arab Portal
CVE-2006-1664 (Buffer overflow in xine_list_delete_current in libxine 1.14 and ...)
- - libxine1 <not-affected> (Not reproducible with Debian version, see bug #363127)
+ - xine-lib <not-affected> (Not reproducible with Debian version, see bug #363127)
CVE-2006-1663
REJECTED
CVE-2006-1662 (The frontpage option in Limbo CMS 1.0.4.2 and 1.0.4.1 allows remote ...)
@@ -36862,7 +36862,7 @@
CVE-2006-1056 (The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running ...)
{DSA-1103 DSA-1097-1}
- linux-2.6 2.6.16-9
- - kfreebsd-source-5.4 5.4-17
+ - kfreebsd-5 5.4-17
- xen-3.0 3.0.2+hg9656-1
CVE-2006-1055 (The fill_write_buffer function in sysfs/file.c in Linux kernel 2.6.12 ...)
- linux-2.6 2.6.16-6
@@ -37204,7 +37204,7 @@
CVE-2006-0906 (SQL injection vulnerability in D3Jeeb Pro 3 allows remote attackers to ...)
NOT-FOR-US: D3Jeeb Pro
CVE-2006-0905 (A "programming error" in fast_ipsec in FreeBSD 4.8-RELEASE through ...)
- - kfreebsd-source-5.4 5.4-16
+ - kfreebsd-5 5.4-16
CVE-2006-0904
RESERVED
CVE-2006-0903 (MySQL 5.0.18 and earlier allows local users to bypass logging ...)
@@ -45717,9 +45717,9 @@
CVE-2005-XXXX [downloads.ini writable by group users, world-readable]
- mldonkey 2.5.28.1-1 (bug #300560; low)
CVE-2005-XXXX [Should include "UNRESTRICTED access to your computer" warning somewhere]
- - gcjwebplugin 2:0.92-1 (bug #267040; bug #301134; high)
+ - classpath 2:0.92-1 (bug #267040; bug #301134; high)
CVE-2005-XXXX [Inconsistent escaping of user supplied data in dbauthpgsql.c]
- - dbmail-pgsql 2.2.1-1 (bug #290833; medium)
+ - dbmail 2.2.1-1 (bug #290833; medium)
CVE-2005-2548 (vlan_dev.c in the VLAN code for Linux kernel 2.6.8 allows remote ...)
{DSA-922-1 DTSA-16-1}
NOTE: Will appear in next kernel DSA, fixed in 2.6 since 2.6.9-rc2
@@ -45828,7 +45828,7 @@
CVE-2002-2103 (Apache before 1.3.24, when writing to the log file, records a spoofed ...)
- apache 1.3.24 (low)
CVE-2002-2102 (InfBlocks.java in JCraft JZlib before 0.0.7 allow remote attackers to ...)
- - libjzlib-java 0.0.7 (low)
+ - jzlib 0.0.7 (low)
CVE-2002-2101 (Microsoft Outlook 2002 allows remote attackers to execute arbitrary ...)
NOT-FOR-US: Microsoft
CVE-2002-2100 (Microsoft Outlook 2002 allows remote attackers to embed bypass the ...)
@@ -48299,7 +48299,7 @@
CVE-2002-1743 (AOL ICQ 2002a Build 3722 allows remote attackers to cause a denial of ...)
NOT-FOR-US: AOL ICQ
CVE-2002-1742 (SOAP::Lite 0.50 through 0.52 allows remote attackers to load arbitrary ...)
- - libsoap-lite-perl 0.55
+ - soap-lite 0.55
CVE-2002-1741 (Directory traversal vulnerability in WorldClient.cgi in WorldClient ...)
NOT-FOR-US: WorldClient
CVE-2002-1740 (Buffer overflow in WorldClient.cgi in WorldClient in Alt-N ...)
@@ -48786,7 +48786,7 @@
- gopher 3.0.8 (low)
CVE-2005-1852 (Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 ...)
{DSA-767-1 DTSA-4-1}
- - kopete 4:3.3.2-5 (bug #319443; unimportant)
+ - kdenetwork 4:3.3.2-5 (bug #319443; unimportant)
NOTE: Kopete embeds the vulnerable code, but it's only used as a fallback when
NOTE: no shared lib version is found. As the Debian package has a dependency on
NOTE: it the maintainer does not intent to fix it, see # 319443
@@ -49815,11 +49815,11 @@
CVE-2005-1516 (DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass ...)
NOT-FOR-US: DMail
CVE-2005-1515 (Integer signedness error in the qmail_put and substdio_put functions ...)
- - qmail-src 1.03-38
+ - qmail 1.03-38
CVE-2005-1514 (commands.c in qmail, when running on 64 bit platforms with a large ...)
- - qmail-src 1.03-38
+ - qmail 1.03-38
CVE-2005-1513 (Integer overflow in the stralloc_readyplus function in qmail, when ...)
- - qmail-src 1.03-38
+ - qmail 1.03-38
CVE-2004-2067 (SQL injection vulnerability in controlpanel.php in Jaws Framework and ...)
NOT-FOR-US: JAWS
CVE-2004-2066 (SQL injection vulnerability in session.php in LinPHA 0.9.4 allows ...)
@@ -53442,7 +53442,7 @@
CVE-2004-1654 (SQL injection vulnerability in the calendar module in phpWebsite ...)
NOT-FOR-US: phpWebsite
CVE-2004-1653 (The default configuration for OpenSSH enables AllowTcpForwarding, ...)
- - ssh <not-affected> (Documented SSH protocol behaviour, cannot be "fixed")
+ - openssh <not-affected> (Documented SSH protocol behaviour, cannot be "fixed")
NOTE: See bug #296547 for details
CVE-2004-1652 (phpScheduleIt 1.0.0 RC1 does not clear administrative privileges if ...)
NOT-FOR-US: phpScheduleIt
@@ -54002,7 +54002,7 @@
- mozilla-firefox 1.0.2-1
- mozilla-thunderbird 1.0.2-1
CVE-2005-0398 (The KAME racoon daemon in ipsec-tools before 0.5 allows remote ...)
- - racoon 1:0.5-5
+ - ipsec-tools 1:0.5-5
CVE-2005-0397 (Format string vulnerability in the SetImageInfo function in image.c ...)
{DSA-702-1}
- imagemagick 6:6.0.6.2-2.2 (bug #297990)
@@ -54136,7 +54136,7 @@
- inetutils <not-affected> (inetutils 2:1.4.2+20040207-4; not vulnerable and its tftpd is not shipped)
- atftp <not-affected> (atftp checks h_length)
- netkit-tftp <not-affected> (netkit-tftp not vulnerable)
- - tftpd-hpa <not-affected> (bug #295297; not exploitable)
+ - tftp-hpa <not-affected> (bug #295297; not exploitable)
NOTE: The address length comes from libc, not the network.
CVE-2004-1484 (Format string vulnerability in the _msg function in error.c in socat ...)
- socat 1.4.0.3-1
@@ -55751,9 +55751,9 @@
{DSA-612-1}
- a2ps 1:4.13b-4.2 (bug #283134)
CVE-2004-1169 (MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to cause ...)
- - maxdb-webtools 7.5.00.19-1
+ - maxdb-7.5.00 7.5.00.19-1
CVE-2004-1168 (Stack-based buffer overflow in the WebDav handler in MaxDB WebTools ...)
- - maxdb-webtools 7.5.00.19-1
+ - maxdb-7.5.00 7.5.00.19-1
CVE-2004-1167 (mirrorselect before 0.89 creates temporary files in a world-writable ...)
NOT-FOR-US: gentoo mirrorselect
CVE-2004-1166 (CRLF injection vulnerability in Microsoft Internet Explorer ...)
@@ -56068,7 +56068,7 @@
CVE-2004-1036 (Cross-site scripting (XSS) vulnerability in the decoding of encoded ...)
- squirrelmail 2:1.4.3a-3
CVE-2004-1035 (Multiple integer signedness errors in (1) imapcommon.c, (2) main.c, ...)
- - imapproxy 1.2.2+1.2.3rc2-1
+ - up-imapproxy 1.2.2+1.2.3rc2-1
CVE-2004-1034 (Buffer overflow in the http_open function in Kaffeine before 0.5, ...)
- kaffeine 0.4.3.1-3
- gxine 0.4-rc1
@@ -56396,7 +56396,7 @@
NOTE: Previous -9 fix had some issues of its own
- xfree86 4.3.0.dfsg.1-14 (bug #309143)
NOTE: lesstif1 and 2 have to be fixed separately
- - lesstif1 1:0.93.94-11.3 (bug #294099)
+ - lesstif1-1 1:0.93.94-11.3 (bug #294099)
NOTE: but lesstif2 did get fixed for this hole..
- lesstif2 1:0.93.94-11.2
- openmotif 2.2.3-1.1 (bug #309819; medium)
@@ -56473,9 +56473,8 @@
- koffice 1:1.3.4-1
- tetex-bin 2.0.2-23
- xpdf 3.00-9
- - kpdf 4:3.3.1-1 (bug #278173)
- gpdf 2.8.0-1
- - kfax 4:3.3.1-1 (bug #280373)
+ - kdegraphics 4:3.3.1-1 (bug #280373)
- cupsys 1.1.22-6 (bug #324460)
NOTE: cupsys switched to an xpdf-utils wrapper in version 1.1.22-6.
NOTE: In version 1.1.20final+rc1-10, the dormant code in the source
@@ -57175,7 +57174,7 @@
CVE-2004-0608 (The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation ...)
NOT-FOR-US: Unreal Engine
CVE-2004-0607 (The eay_check_x509cert function in KAME Racoon successfully verifies ...)
- - racoon 0.3.3-1
+ - ipsec-tools 0.3.3-1
CVE-2004-0606 (Cross-site scripting (XSS) vulnerability in Infoblox DNS One running ...)
NOT-FOR-US: Infoblox DNS One
CVE-2004-0605 (Non-registered IRC users using (1) ircd-hybrid 7.0.1 and earlier, (2) ...)
@@ -57226,7 +57225,7 @@
CVE-2004-0588 (Cross-site scripting (XSS) vulnerability in the web mail module for ...)
- usermin 1.090-1
CVE-2004-0587 (Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in ...)
- - qla2x00-source 7.01.01-1
+ - qla2x00 7.01.01-1
CVE-2004-0586 (acpRunner ActiveX 1.2.5.0 allows remote attackers to execute arbitrary ...)
NOT-FOR-US: Windows
CVE-2004-0585
@@ -57657,7 +57656,7 @@
{DSA-488}
- logcheck 1.1.1-13.2
CVE-2004-0403 (Racoon before 20040408a allows remote attackers to cause a denial of ...)
- - racoon 0.3.1-3
+ - ipsec-tools 0.3.1-3
CVE-2004-0402 (Buffer overflow in xpcd-svga in xpcd before 2.08, and possibly other ...)
{DSA-508}
- xpcd 2.08-10
@@ -58147,7 +58146,7 @@
{DSA-485}
- ssmtp 2.60.7
CVE-2004-0155 (The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, ...)
- - racoon 0.2.5-2
+ - ipsec-tools 0.2.5-2
CVE-2004-0154 (rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers ...)
- nfs-utils 1:1.0.5-3
CVE-2004-0153 (Multiple format string vulnerabilities in emil 2.1.0 and earlier may ...)
@@ -58966,9 +58965,9 @@
CVE-2003-0788 (Unknown vulnerability in the Internet Printing Protocol (IPP) ...)
- cupsys 1.1.19
CVE-2003-0787 (The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets ...)
- - ssh 1:3.7.1p2
+ - openssh 1:3.7.1p2
CVE-2003-0786 (The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and ...)
- - ssh 1:3.7.1p2
+ - openssh 1:3.7.1p2
CVE-2003-0785 (ipmasq before 3.5.12, in certain configurations, may forward packets ...)
{DSA-389}
- ipmasq 3.5.12
@@ -59109,7 +59108,7 @@
CVE-2003-0724 (ssh on HP Tru64 UNIX 5.1B and 5.1A does not properly handle RSA ...)
NOT-FOR-US: HP Tru64
CVE-2003-0723 (Buffer overflow in gkrellmd for gkrellm 2.1.x before 2.1.14 may allow ...)
- - gkrellmd 2.1.14
+ - gkrellm 2.1.14
CVE-2003-0722 (The default installation of sadmind on Solaris uses weak ...)
NOT-FOR-US: solaris
CVE-2003-0721 (Integer signedness error in rfc2231_get_param from strings.c in PINE ...)
@@ -59773,9 +59772,9 @@
{DSA-325}
- eldav 0.7.2-1
CVE-2003-0437 (Buffer overflow in search.cgi for mnoGoSearch 3.2.10 allows remote ...)
- - mnogosearch-common 3.2.11
+ - mnogosearch 3.2.11
CVE-2003-0436 (Buffer overflow in search.cgi for mnoGoSearch 3.1.20 allows remote ...)
- - mnogosearch-common 3.2.11
+ - mnogosearch 3.2.11
CVE-2003-0435 (Buffer overflow in net_swapscore for typespeed 0.4.1 and earlier ...)
{DSA-322}
- typespeed 0.4.4
@@ -59915,11 +59914,11 @@
CVE-2003-0375 (Cross-site scripting (XSS) vulnerability in member.php of XMBforum XMB ...)
NOT-FOR-US: XMBforum aka Partagium)
CVE-2003-0374 (Multiple unknown vulnerabilities in Nessus before 2.0.6, in libnessus ...)
- - nessus 2.0.6
+ - nessus-core 2.0.6
CVE-2003-0373 (Multiple buffer overflows in libnasl in Nessus before 2.0.6 allow ...)
- - nessus 2.0.6
+ - nessus-core 2.0.6
CVE-2003-0372 (Signed integer vulnerability in libnasl in Nessus before 2.0.6 allows ...)
- - nessus 2.0.6
+ - nessus-core 2.0.6
CVE-2003-0371 (Buffer overflow in Prishtina FTP client 1.x allows remote FTP servers ...)
NOT-FOR-US: Prishtina FTP client
CVE-2003-0370 (Konqueror Embedded and KDE 2.2.2 and earlier does not validate the ...)
@@ -60185,7 +60184,7 @@
CVE-2003-0257 (Format string vulnerability in the printer capability for IBM AIX .3, ...)
NOT-FOR-US: AIX
CVE-2003-0256 (The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the ...)
- - kopete 3.2.0
+ - kdenetwork 3.2.0
CVE-2003-0255 (The key validation code in GnuPG before 1.2.2 does not properly ...)
- gnupg 1.2.2
CVE-2003-0254 (Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers ...)
@@ -60341,7 +60340,7 @@
CVE-2003-0192 (Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache ...)
- apache2 2.0.47
CVE-2003-0190 (OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support ...)
- - ssh 1:3.8.1p1-8.sarge.4 (bug #196413)
+ - openssh 1:3.8.1p1-8.sarge.4 (bug #196413)
CVE-2003-0189 (The authentication module for Apache 2.0.40 through 2.0.45 on Unix ...)
- apache2 2.0.46
CVE-2003-0188 (lv reads a .lv file from the current working directory, which allows ...)
@@ -60950,7 +60949,7 @@
CVE-2002-1351 (Buffer overflow in Melange Chat System 1.10 allows remote attackers to ...)
NOT-FOR-US: Melange Chat System
CVE-2002-1347 (Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier ...)
- - libsasl2 2.1.10-1
+ - cyrus-sasl2 2.1.10-1
CVE-2002-1346
RESERVED
CVE-2002-1345 (Directory traversal vulnerabilities in multiple FTP clients on UNIX ...)
@@ -61256,7 +61255,7 @@
CVE-2002-1094 (Information leaks in Cisco VPN 3000 Concentrator 2.x.x and 3.x.x ...)
NOT-FOR-US: Cisco
CVE-2002-1090 (Buffer overflow in read_smtp_response of protocol.c in libesmtp before ...)
- - libesmtp5 0.8.11-1
+ - libesmtp 0.8.11-1
CVE-2002-1089 (rwcgi60 CGI program in Oracle Reports Server, by design, provides ...)
NOT-FOR-US: Oracle
CVE-2002-1087 (The scripts (1) createdir.php, (2) removedir.php and (3) ...)
@@ -61830,9 +61829,9 @@
CVE-2004-0273 (Directory traversal vulnerability in RealOne Player, RealOne Player ...)
NOT-FOR-US: realone player
CVE-2004-0270 (libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a ...)
- - libclamav1 0.80
+ - clamav 0.80
CVE-2004-0263 (PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global ...)
- - libapache-mod-php4 4.3.9
+ - php4 4.3.9
CVE-2004-0261 (oj.cgi in OpenJournal 2.0 through 2.0.5 allows remote attackers to ...)
NOT-FOR-US: openjournal, not in debian
CVE-2004-0257 (OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to cause a ...)
@@ -62616,7 +62615,7 @@
CVE-2002-1153 (IBM Websphere 4.0.3 allows remote attackers to cause a denial of ...)
NOT-FOR-US: IBM Websphere
CVE-2002-1152 (Konqueror in KDE 3.0 through 3.0.2 does not properly detect the ...)
- - konqueror 3.03
+ - kdebase 3.03
CVE-2002-1151 (The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 ...)
{DSA-167}
- kdelibs 4:2.2.2-14
@@ -62822,7 +62821,7 @@
CVE-2002-0916 (Format string vulnerability in the allowuser code for the Stellar-X ...)
- squid 2.4.7
CVE-2002-0914 (Double Precision Courier e-mail MTA allows remote attackers to cause a ...)
- - courier-mta 0.46
+ - courier 0.46
CVE-2002-0911 (Caldera Volution Manager 1.1 stores the Directory Administrator ...)
NOT-FOR-US: Caldera Volution Manager
CVE-2002-0906 (Buffer overflow in Sendmail before 8.12.5, when configured to use a ...)
More information about the Secure-testing-commits
mailing list