[Secure-testing-commits] r8284 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Thu Mar 6 21:14:11 UTC 2008
Author: joeyh
Date: 2008-03-06 21:14:09 +0000 (Thu, 06 Mar 2008)
New Revision: 8284
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-03-06 19:06:39 UTC (rev 8283)
+++ data/CVE/list 2008-03-06 21:14:09 UTC (rev 8284)
@@ -166,6 +166,7 @@
NOT-FOR-US: nukestyles.com addon for PHP-Nuke
CVE-2008-1111 [lighttpd sends cgi source if it fails to fork the cgi handler]
RESERVED
+ {DSA-1513-1}
- lighttpd <unfixed> (low; bug #469307)
CVE-2008-1142 [insecure default behaviour in rxvt for handling DISPLAY variable]
- rxvt <unfixed> (unimportant; bug #469296)
@@ -1607,7 +1608,7 @@
{DSA-1510-1}
- ghostscript 8.61.dfsg.1-1.1 (medium; bug #468190)
CVE-2007-6694 (The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 ...)
- {DSA-1504-1 DSA-1503-1}
+ {DSA-1503-2 DSA-1504-1 DSA-1503-1}
- linux-2.6 <unfixed>
CVE-2008-XXXX [openssh local users may hijack forwarded X connections]
- openssh <unfixed> (bug #463011)
@@ -3638,7 +3639,7 @@
{DSA-1476-1}
- pulseaudio 0.9.9-1
CVE-2008-0007 (Linux kernel before 2.6.22.17, when using certain drivers that ...)
- {DSA-1504-1 DSA-1503-1}
+ {DSA-1503-2 DSA-1504-1 DSA-1503-1}
- linux-2.6 2.6.24-4
CVE-2008-0006 (Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont ...)
{DSA-1466-2 DTSA-110-1}
@@ -3664,7 +3665,7 @@
CVE-2007-6207 (Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not ...)
- xen-3 3.1.2-1
CVE-2007-6206 (The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x ...)
- {DSA-1504-1 DSA-1503-1 DSA-1436-1}
+ {DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1436-1}
- linux-2.6 <unfixed>
NOTE: kernel-sec already tracks this
CVE-2007-6205 (Cross-site scripting (XSS) vulnerability in the remote RSS sidebar ...)
@@ -3795,7 +3796,7 @@
CVE-2007-6152
RESERVED
CVE-2007-6151 (The isdn_ioctl function in isdn_common.c in Linux kernel 2.6.23 allows ...)
- {DSA-1504-1 DSA-1503-1 DSA-1479-1}
+ {DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1479-1}
- linux-2.6 2.6.23-2
CVE-2007-6149 (Multiple integer overflows in the Edge server in Adobe Flash Media ...)
NOT-FOR-US: Adobe Flash Media Server
@@ -3976,7 +3977,7 @@
CVE-2007-6064
RESERVED
CVE-2007-6063 (Buffer overflow in the isdn_net_setcfg function in isdn_net.c in Linux ...)
- {DSA-1504-1 DSA-1503-1 DSA-1436-1}
+ {DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1436-1}
- linux-2.6 2.6.23-2
NOTE: kernel-sec is aware of this
CVE-2007-6062 (irc-channel.c in ngIRCd before 0.10.3 allows remote attackers to cause ...)
@@ -6797,7 +6798,7 @@
CVE-2004-2732 (nbmember.cgi in Netbilling 2.0 allows remote attackers to obtain ...)
NOT-FOR-US: Netbilling
CVE-2004-2731 (Multiple integer overflows in Sbus PROM driver ...)
- {DSA-1503-1}
+ {DSA-1503-2 DSA-1503-1}
- linux-2.6 2.6.18-1
NOTE: bufsize is unsigned since (at least) 2.6.18, might be fixed in prior versions
CVE-2004-2730 (Sysinternals PsTools before 2.05, including (1) PsExec before 1.54, ...)
@@ -7305,7 +7306,7 @@
CVE-2007-5094 (Heap-based buffer overflow in iaspam.dll in the SMTP Server in ...)
NOT-FOR-US: Ipswitch IMail Server
CVE-2007-5093 (The disconnect method in the Philips USB Webcam (pwc) driver in Linux ...)
- {DSA-1504-1 DSA-1503-1 DSA-1381-2}
+ {DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1381-2}
- linux-2.6 2.6.23-1
CVE-2007-5092 (Directory traversal vulnerability in index.php in the Dance Music ...)
NOT-FOR-US: phpNuke module
@@ -9204,14 +9205,14 @@
CVE-2007-4312 (SQL injection vulnerability in index.php in Php Blue Dragon CMS 3.0.0 ...)
NOT-FOR-US: Php Blue Dragon CMS
CVE-2007-4311 (The xfer_secondary_pool function in drivers/char/random.c in the Linux ...)
- {DSA-1503-1}
+ {DSA-1503-2 DSA-1503-1}
- linux-2.6 <not-affected> (buffer is local to the function that uses sizeof on it)
CVE-2007-4310 (The finger daemon (in.fingerd) in Sun Solaris 7 through 9 allows ...)
NOT-FOR-US: Solaris
CVE-2007-4309 (IBM Lotus Notes 5.x through 7.0.2 allows user-assisted remote ...)
NOT-FOR-US: IBM Lotus Notes
CVE-2007-4308 (The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI ...)
- {DSA-1504-1 DSA-1503-1 DSA-1363-1}
+ {DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1363-1}
- linux-2.6 2.6.22-4 (medium; bug #443694)
CVE-2007-4307 (Multiple cross-site scripting (XSS) vulnerabilities in Storesprite 7 ...)
NOT-FOR-US: Storesprite
@@ -10236,7 +10237,7 @@
CVE-2007-3849 (Red Hat Enterprise Linux (RHEL) 5 ships the rpm for the Advanced ...)
NOT-FOR-US: RedHat Advanced Intrusion Detection Environment
CVE-2007-3848 (Linux kernel 2.4.35 and other versions allows local users to send ...)
- {DSA-1504-1 DSA-1503-1 DSA-1356-1}
+ {DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1356-1}
- linux-2.6 2.6.22-4
CVE-2007-3847 (The date handling code in modules/proxy/proxy_util.c (mod_proxy) in ...)
- apache2 2.2.6-1 (bug #441845; low)
@@ -13458,7 +13459,7 @@
CVE-2007-2526 (Heap-based buffer overflow in the ConnectAsyncEx function in VNC ...)
NOT-FOR-US: VNC Viewer ActiveX control
CVE-2007-2525 (Memory leak in the PPP over Ethernet (PPPoE) socket implementation in ...)
- {DSA-1504-1 DSA-1503-1 DSA-1356-1}
+ {DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1356-1}
- linux-2.6 2.6.22-1
NOTE: Fixed in commit 202a03acf9994076055df40ae093a5c5474ad0bd in
NOTE: Linus' tree.
@@ -14291,7 +14292,7 @@
CVE-2007-2173 (Eval injection vulnerability in (1) courier-imapd.indirect and (2) ...)
NOT-FOR-US: Gentoo's packaging of courier
CVE-2007-2172 (A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 ...)
- {DSA-1504-1 DSA-1503-1 DSA-1363-1 DSA-1356-1}
+ {DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1363-1 DSA-1356-1}
- linux-2.6 2.6.21-1 (medium)
CVE-2007-2171 (Stack-based buffer overflow in the base64_decode function in ...)
NOT-FOR-US: Novell GroupWise
@@ -15657,7 +15658,7 @@
CVE-2007-1593 (The administrative service in Symantec Veritas Volume Replicator (VVR) ...)
NOT-FOR-US: Symantec
CVE-2007-1592 (net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 ...)
- {DSA-1503-1 DSA-1304 DSA-1286-1}
+ {DSA-1503-2 DSA-1503-1 DSA-1304 DSA-1286-1}
- linux-2.6 2.6.20-1 (medium)
CVE-2007-1591 (VsapiNT.sys in the Scan Engine 8.0 for Trend Micro AntiVirus ...)
NOT-FOR-US: Trend Micro
@@ -16290,7 +16291,7 @@
CVE-2007-1354 (The Access Control functionality (JMXOpsAccessControlFilter) in JMX ...)
NOT-FOR-US: JBoss Application Server
CVE-2007-1353 (The setsockopt function in the L2CAP and HCI Bluetooth support in the ...)
- {DSA-1504-1 DSA-1503-1 DSA-1356-1}
+ {DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1356-1}
- linux-2.6 2.6.22-1 (low)
CVE-2007-1352 (Integer overflow in the FontFileInitTable function in X.Org libXfont ...)
{DSA-1294-1}
@@ -21869,7 +21870,7 @@
- dbus 1.0.2-1 (low)
[sarge] - dbus <no-dsa> (Minor issue)
CVE-2006-6106 (Multiple buffer overflows in the cmtp_recv_interopmsg function in the ...)
- {DSA-1503-1 DSA-1304}
+ {DSA-1503-2 DSA-1503-1 DSA-1304}
- linux-2.6 2.6.18.dfsg.1-9
CVE-2006-6105 (Format string vulnerability in the host chooser window (gdmchooser) in ...)
- gdm 2.16.4-1 (medium; bug #403219)
@@ -21994,11 +21995,11 @@
CVE-2006-6055 (Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link ...)
NOT-FOR-US: D-Link
CVE-2006-6054 (The ext2 file system code in Linux kernel 2.6.x allows local users to ...)
- {DSA-1504-1 DSA-1503-1}
+ {DSA-1503-2 DSA-1504-1 DSA-1503-1}
- linux-2.6 2.6.18.dfsg.1-10 (unimportant)
NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6053 (The ext3fs_dirhash function in Linux kernel 2.6.x allows local users ...)
- {DSA-1503-1 DSA-1304}
+ {DSA-1503-2 DSA-1503-1 DSA-1304}
- linux-2.6 2.6.18.dfsg.1-10 (unimportant)
NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6052 (NetEpi Case Manager before 0.98 generates different error messages ...)
@@ -22488,7 +22489,7 @@
- kfreebsd-5 <unfixed>
[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
CVE-2006-5823 (The zlib_inflate function in Linux kernel 2.6.x allows local users to ...)
- {DSA-1504-1 DSA-1503-1}
+ {DSA-1503-2 DSA-1504-1 DSA-1503-1}
- linux-2.6 2.6.18.dfsg.1-10 (low)
CVE-2006-5822 (Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in ...)
NOT-FOR-US: Symantec Veritas NetBackup
@@ -22645,7 +22646,7 @@
{DSA-1304}
- linux-2.6 <not-affected> (Fixed before initial upload; 2.6.10)
CVE-2006-5753 (Unspecified vulnerability in the listxattr system call in Linux ...)
- {DSA-1503-1 DSA-1356-1 DSA-1304}
+ {DSA-1503-2 DSA-1503-1 DSA-1356-1 DSA-1304}
- linux-2.6 2.6.20-1
CVE-2006-5752 (Cross-site scripting (XSS) vulnerability in mod_status.c in the ...)
- apache2 2.2.4-2 (low)
@@ -24696,7 +24697,7 @@
CVE-2006-4815
RESERVED
CVE-2006-4814 (The mincore function in the Linux kernel before 2.4.33.6 does not ...)
- {DSA-1503-1 DSA-1304}
+ {DSA-1503-2 DSA-1503-1 DSA-1304}
- linux-2.6 2.6.18.dfsg.1-9 (low)
- kernel-patch-openvz 028.18.1
CVE-2006-4813 (The __block_prepare_write function in fs/buffer.c for Linux kernel ...)
More information about the Secure-testing-commits
mailing list