thr3ads.net - Secure testing commits - [Secure-testing-commits] r8959

If this information is useful, please help other people find it:
Share via:
fw at alioth.debian.org
2008-Jun-02 18:21 UTC
[Secure-testing-commits] r8959 - data/CVE

Author: fw
Date: 2008-06-02 18:21:36 +0000 (Mon, 02 Jun 2008)
New Revision: 8959

Modified:
   data/CVE/list
Log:
Replace binary package names with source package names


Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-06-02 18:20:36 UTC (rev 8958)
+++ data/CVE/list	2008-06-02 18:21:36 UTC (rev 8959)
@@ -454,7 +454,7 @@
 CVE-2008-2281 (Cross-zone scripting vulnerability in the Print Table of Links
feature ...)
 	NOT-FOR-US: Internet Explorer
 CVE-2005-4875 (TYPO3 3.8.0 and earlier allows remote attackers to obtain
sensitive ...)
-	- typo3 4.0.2-1
+	- typo3-src 4.0.2-1
 CVE-2008-2280 (Cross-site scripting (XSS) vulnerability in admin/index.php in
Script ...)
 	NOT-FOR-US: PHP PicEngine
 CVE-2008-2279 (Freelance Auction Script 1.0 stores user passwords in plaintext
in the ...)
@@ -2365,7 +2365,7 @@
 CVE-2008-1430 (SQL injection vulnerability in links.asp in ASPapp allows remote
...)
 	NOT-FOR-US: ASPapp
 CVE-2008-1429 (Secure Internet Live Conferencing (SILC) Server before 1.1.1
allows ...)
-	- silcd 1.1.1-1 (medium)
+	- silc-server 1.1.1-1 (medium)
 CVE-2008-1428 (Multiple cross-site scripting (XSS) vulnerabilities in the
Ubercart ...)
 	NOT-FOR-US: Ubercart
 CVE-2008-1427 (SQL injection vulnerability in the Joobi Acajoom (com_acajoom)
1.1.5 ...)
@@ -8322,7 +8322,7 @@
 CVE-2007-5687 (Multiple buffer overflows in the rich text processing
functionality in ...)
 	NOT-FOR-US: JustSystems Ichitaro
 CVE-2007-5686 (initscripts in rPath Linux 1 sets insecure permissions for the
...)
-	- login <unfixed> (unimportant)
+	- shadow <unfixed> (unimportant)
 	NOTE: See #290803, on Debian LOG_UNKFAIL_ENAB in login.defs is set to no so
 	NOTE: unknown usernames are not recorded on login failures
 CVE-2007-5685 (The safe_path function in shttp before 0.0.5 allows remote
attackers ...)
@@ -10136,7 +10136,7 @@
 CVE-2004-2723 (NessusWX 1.4.4 stores account passwords in plaintext in .session
...)
 	NOT-FOR-US: NessusWXdd
 CVE-2004-2722 (** DISPUTED ** ...)
-	- nessus <unfixed> (unimportant)
+	- nessus-core <unfixed> (unimportant)
 	NOTE: this is no security issue assuming correct permissions
 CVE-2004-2721 (The CheckGroup function in openSkat VTMF before 2.1 generates
public ...)
 	NOT-FOR-US: openSkat
@@ -10693,8 +10693,8 @@
 	[etch] - mp <no-dsa> (Minor issue)
 	NOTE: Can be fixed in a point update
 CVE-2007-5019 (Buffer overflow in the Sun Java Web Start ActiveX control in
Java ...)
-	- sun-java6-jre <unfixed> (unimportant)
-	- sun-java5-jre <unfixed> (unimportant)
+	- sun-java6 <unfixed> (unimportant)
+	- sun-java5 <unfixed> (unimportant)
 	NOTE: exploiting this would not work under Linux
 CVE-2007-5018 (Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows
remote ...)
 	NOT-FOR-US: Pegasus Mail Mercury
@@ -11410,8 +11410,8 @@
 CVE-2007-4725 (Stack consumption vulnerability in AkkyWareHOUSE 7-zip32.dll
before ...)
 	NOT-FOR-US: AkkyWareHOUSE
 CVE-2007-4724 (Cross-site request forgery (CSRF) vulnerability in cal2.jsp in
the ...)
-	- tomcat5.5-webapps <not-affected> (Version already ships fixed files)
-	- tomcat5-webapps <unfixed> (unimportant; bug #441205)
+	- tomcat5.5 <not-affected> (Version already ships fixed files)
+	- tomcat5 <unfixed> (unimportant; bug #441205)
 	- libservlet2.4-java 5.0.30-6 (unimportant)
 	NOTE: DSA should not be required, minor issue, jsp just present as example
 CVE-2007-4723 (Directory traversal vulnerability in Ragnarok Online Control
Panel ...)
@@ -12596,7 +12596,7 @@
 CVE-2007-4230 (** DISPUTED ** ...)
 	NOT-FOR-US: BellaBiblio
 CVE-2007-4229 (Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier
allows ...)
-	- konqueror <unfixed> (unimportant)
+	- kdebase <unfixed> (unimportant)
 	NOTE: Browser DoS not treated as vulnerabilities
 CVE-2007-4228 (rmpvc on IBM AIX 4.3 allows local users to cause a denial of
service ...)
 	NOT-FOR-US: AIX
@@ -12974,9 +12974,9 @@
 	- drupal5 5.2-1 (low)
 	NOTE: DRUPAL-SA-2007-017
 CVE-2007-4062 (The SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll in
Nessus ...)
-	- nessus <not-affected> (Windows only)
+	- nessus-core <not-affected> (Windows only)
 CVE-2007-4061 (Directory traversal vulnerability in a certain ActiveX control
in ...)
-	- nessus <not-affected> (Windows only)
+	- nessus-core <not-affected> (Windows only)
 CVE-2007-4060 (Multiple buffer overflows in the HttpSprockMake function in
http.c in ...)
 	NOT-FOR-US: corehttp
 CVE-2007-4059 (Absolute path traversal vulnerability in a certain ActiveX
control in ...)
@@ -13006,7 +13006,7 @@
 	- phpsysinfo 2.5.1-6.1 (unimportant; bug #435935)
 	- phpgroupware 0.9.16.012-1 (low; bug #435936)
 	[etch] - phpgroupware <not-affected> (Affected code is not used in
phpgroupware)
-	- egroupware-phpsysinfo 1.2.107-2.dfsg-1.1 (low; bug #435937)
+	- egroupware 1.2.107-2.dfsg-1.1 (low; bug #435937)
 	NOTE: phpsysinfo alone doesn''t maintain any data, which makes this an
issue
 CVE-2007-4047 (geoBlog (aka BitDamaged) 1 does not require authentication for
(1) ...)
 	NOT-FOR-US: geoBlog
@@ -15351,7 +15351,7 @@
 	{DSA-1342-1}
 	- xfs 1:1.0.4-2
 CVE-2007-3102 (Unspecified vulnerability in the linux_audit_record_event
function in ...)
-	- openssh-server <not-affected> (This is a redhat/fedora specific issue)
+	- openssh <not-affected> (This is a redhat/fedora specific issue)
 	NOTE: this issue was introduced by a patch of redhat
(openssh-4.3p1-audit.patch)
 	NOTE: The patch fixing this (openssh-4.3p2-cve-2007-3102.patch) can be found
on:
 	NOTE:
http://mirror.linux.duke.edu/pub/fedora/linux/core/updates/6/SRPMS/openssh-4.3p2-25.fc6.src.rpm
@@ -20574,7 +20574,7 @@
 	NOTE: Doesn''t affect a standard Debian installation, only users,
which install
 	NOTE: proprietary apps, it should be fixed for sanity, but not a direct
vulnerability
 CVE-2006-XXXX [pure-ftpd-mysql: any problems with a home dir will allow rw to
the entire filesystem]
-	- pure-ftpd-mysql 1.0.21-1 (low)
+	- pure-ftpd 1.0.21-1 (low)
 	NOTE: oldstable is affected
 CVE-2007-XXXX [MediaWiki XSS based on Microsoft Internet Explorer''s
UTF-7 charset autodetection]
 	- mediawiki1.7 1.7.1-9 (low)
@@ -21191,7 +21191,7 @@
 CVE-2007-0823 (xterm on Slackware Linux 10.2 stores information that had been
...)
 	- xterm <not-affected> (Not a security problem)
 CVE-2007-0822 (umount, when running with the Linux 2.6.15 kernel on Slackware
Linux ...)
-	- mount <not-affected> (Not a security problem)
+	- util-linux <not-affected> (Not a security problem)
 CVE-2007-0821 (Multiple directory traversal vulnerabilities in Cedric CLAIRE
...)
 	NOT-FOR-US: PortailPhp
 CVE-2007-0820 (Multiple PHP remote file inclusion vulnerabilities in Cedric
CLAIRE ...)
@@ -23738,7 +23738,7 @@
 CVE-2006-6691 (Multiple PHP remote file inclusion vulnerabilities in Valdersoft
...)
 	NOT-FOR-US: Valdersoft Shopping Cart
 CVE-2006-6690 (rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0
through ...)
-	- typo3 4.0.2+debian-2 (high; bug #403906)
+	- typo3-src 4.0.2+debian-2 (high; bug #403906)
 	NOTE:
http://typo3.org/news-single-view/?tx_newsimporter_pi1%5BshowItem%5D=0&cHash=e4a40a11a9
 CVE-2006-6689 (Multiple PHP remote file inclusion vulnerabilities in Paristemi
0.8.3 ...)
 	NOT-FOR-US: Paristemi
@@ -27405,7 +27405,7 @@
 CVE-2006-5070 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: faceStones Personal
 CVE-2006-5069 (Cross-site scripting (XSS) vulnerability in
class.tx_indexedsearch.php ...)
-	- typo3 <not-affected> (only versions 4.0.0+4.0.1 affected)
+	- typo3-src <not-affected> (only versions 4.0.0+4.0.1 affected)
 CVE-2006-5068 (PHP remote file inclusion vulnerability in admin/index.php in
...)
 	NOT-FOR-US: BrudaNews
 CVE-2006-5067 (** DISPUTED ** ...)
@@ -30112,7 +30112,7 @@
 CVE-2006-3880 (** DISPUTED ** ...)
 	NOT-FOR-US: Zen Cart
 CVE-2006-3879 (Integer overflow in the loadChunk function in loaders/load_gt2.c
in ...)
-	- libmikmod2 <not-affected> (Debian''s 3.1.1 version
doesn''t have GT2 support)
+	- libmikmod <not-affected> (Debian''s 3.1.1 version
doesn''t have GT2 support)
 CVE-2006-3878 (Opsware Network Automation System (NAS) 6.0 installs
/etc/init.d/mysql ...)
 	NOT-FOR-US: Opsware Network Automation System
 CVE-2006-3877 (Unspecified vulnerability in PowerPoint in Microsoft Office
2000, ...)
@@ -31930,10 +31930,10 @@
 	- gnupg2 1.9.20-1.1 (bug #375053; low)
 CVE-2006-3081 (mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and
5.1.x ...)
 	{DSA-1112}
-	- mysql-server-5.0 5.0.19-1 (bug #373913; high)
+	- mysql-dfsg-5.0 5.0.19-1 (bug #373913; high)
 CVE-2006-3100 [termnetd buffer overflow]
 	RESERVED
-	- termnetd 3.3-7 (bug #358028; medium)
+	- termpkg 3.3-7 (bug #358028; medium)
 CVE-2006-3085 (xt_sctp in netfilter for Linux kernel before 2.6.17.1 allows
attackers ...)
 	- linux-2.6 2.6.16-15
 CVE-2006-XXXX [webalizer-stonesteps XSS]
@@ -32107,7 +32107,7 @@
 CVE-2006-3006 (Cross-site scripting (XSS) vulnerability in iFoto 0.20, and
possibly ...)
 	NOT-FOR-US: iFoto
 CVE-2006-3005 (The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux
is ...)
-	- libjpeg62 <not-affected> (--maxmem is set during configure)
+	- libjpeg6b <not-affected> (--maxmem is set during configure)
 	- libjpeg-mmx <removed> (bug #373672; low)
 	[sarge] - libjpeg-mmx <no-dsa> (If this poses a threat, the admin can
apply resource limits)
 CVE-2006-3004 (Multiple cross-site scripting (XSS) vulnerabilities in Ez
Ringtone ...)
@@ -35375,7 +35375,7 @@
 CVE-2006-1665 (Multiple cross-site scripting (XSS) vulnerabilities in Arab
Portal ...)
 	NOT-FOR-US: Arab Portal
 CVE-2006-1664 (Buffer overflow in xine_list_delete_current in libxine 1.14 and
...)
-	- libxine1 <not-affected> (Not reproducible with Debian version, see bug
#363127)
+	- xine-lib <not-affected> (Not reproducible with Debian version, see bug
#363127)
 CVE-2006-1663
 	REJECTED
 CVE-2006-1662 (The frontpage option in Limbo CMS 1.0.4.2 and 1.0.4.1 allows
remote ...)
@@ -36862,7 +36862,7 @@
 CVE-2006-1056 (The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when
running ...)
 	{DSA-1103 DSA-1097-1}
 	- linux-2.6 2.6.16-9
-	- kfreebsd-source-5.4 5.4-17
+	- kfreebsd-5 5.4-17
 	- xen-3.0 3.0.2+hg9656-1
 CVE-2006-1055 (The fill_write_buffer function in sysfs/file.c in Linux kernel
2.6.12 ...)
 	- linux-2.6 2.6.16-6
@@ -37204,7 +37204,7 @@
 CVE-2006-0906 (SQL injection vulnerability in D3Jeeb Pro 3 allows remote
attackers to ...)
 	NOT-FOR-US: D3Jeeb Pro
 CVE-2006-0905 (A &quot;programming error&quot; in fast_ipsec in FreeBSD
4.8-RELEASE through ...)
-	- kfreebsd-source-5.4 5.4-16
+	- kfreebsd-5 5.4-16
 CVE-2006-0904
 	RESERVED
 CVE-2006-0903 (MySQL 5.0.18 and earlier allows local users to bypass logging
...)
@@ -45717,9 +45717,9 @@
 CVE-2005-XXXX [downloads.ini writable by group users, world-readable]
 	- mldonkey 2.5.28.1-1 (bug #300560; low)
 CVE-2005-XXXX [Should include "UNRESTRICTED access to your computer"
warning somewhere]
-	- gcjwebplugin 2:0.92-1 (bug #267040; bug #301134; high)
+	- classpath 2:0.92-1 (bug #267040; bug #301134; high)
 CVE-2005-XXXX [Inconsistent escaping of user supplied data in dbauthpgsql.c]
-	- dbmail-pgsql 2.2.1-1 (bug #290833; medium)
+	- dbmail 2.2.1-1 (bug #290833; medium)
 CVE-2005-2548 (vlan_dev.c in the VLAN code for Linux kernel 2.6.8 allows remote
...)
 	{DSA-922-1 DTSA-16-1}
 	NOTE: Will appear in next kernel DSA, fixed in 2.6 since 2.6.9-rc2
@@ -45828,7 +45828,7 @@
 CVE-2002-2103 (Apache before 1.3.24, when writing to the log file, records a
spoofed ...)
 	- apache 1.3.24 (low)
 CVE-2002-2102 (InfBlocks.java in JCraft JZlib before 0.0.7 allow remote
attackers to ...)
-	- libjzlib-java 0.0.7 (low)
+	- jzlib 0.0.7 (low)
 CVE-2002-2101 (Microsoft Outlook 2002 allows remote attackers to execute
arbitrary ...)
 	NOT-FOR-US: Microsoft
 CVE-2002-2100 (Microsoft Outlook 2002 allows remote attackers to embed bypass
the ...)
@@ -48299,7 +48299,7 @@
 CVE-2002-1743 (AOL ICQ 2002a Build 3722 allows remote attackers to cause a
denial of ...)
 	NOT-FOR-US: AOL ICQ
 CVE-2002-1742 (SOAP::Lite 0.50 through 0.52 allows remote attackers to load
arbitrary ...)
-	- libsoap-lite-perl 0.55
+	- soap-lite 0.55
 CVE-2002-1741 (Directory traversal vulnerability in WorldClient.cgi in
WorldClient ...)
 	NOT-FOR-US: WorldClient
 CVE-2002-1740 (Buffer overflow in WorldClient.cgi in WorldClient in Alt-N ...)
@@ -48786,7 +48786,7 @@
 	- gopher 3.0.8 (low)
 CVE-2005-1852 (Multiple integer overflows in libgadu, as used in Kopete in KDE
3.2.3 ...)
 	{DSA-767-1 DTSA-4-1}
-	- kopete 4:3.3.2-5 (bug #319443; unimportant)
+	- kdenetwork 4:3.3.2-5 (bug #319443; unimportant)
 	NOTE: Kopete embeds the vulnerable code, but it''s only used as a
fallback when
 	NOTE: no shared lib version is found. As the Debian package has a dependency
on
 	NOTE: it the maintainer does not intent to fix it, see # 319443
@@ -49815,11 +49815,11 @@
 CVE-2005-1516 (DList (dlist.exe) in DMail 3.1a allows remote attackers to
bypass ...)
 	NOT-FOR-US: DMail
 CVE-2005-1515 (Integer signedness error in the qmail_put and substdio_put
functions ...)
-	- qmail-src 1.03-38
+	- qmail 1.03-38
 CVE-2005-1514 (commands.c in qmail, when running on 64 bit platforms with a
large ...)
-	- qmail-src 1.03-38
+	- qmail 1.03-38
 CVE-2005-1513 (Integer overflow in the stralloc_readyplus function in qmail,
when ...)
-	- qmail-src 1.03-38
+	- qmail 1.03-38
 CVE-2004-2067 (SQL injection vulnerability in controlpanel.php in Jaws
Framework and ...)
 	NOT-FOR-US: JAWS
 CVE-2004-2066 (SQL injection vulnerability in session.php in LinPHA 0.9.4
allows ...)
@@ -53442,7 +53442,7 @@
 CVE-2004-1654 (SQL injection vulnerability in the calendar module in phpWebsite
...)
 	NOT-FOR-US: phpWebsite
 CVE-2004-1653 (The default configuration for OpenSSH enables
AllowTcpForwarding, ...)
-	- ssh <not-affected> (Documented SSH protocol behaviour, cannot be
"fixed")
+	- openssh <not-affected> (Documented SSH protocol behaviour, cannot be
"fixed")
 	NOTE: See bug #296547 for details
 CVE-2004-1652 (phpScheduleIt 1.0.0 RC1 does not clear administrative privileges
if ...)
 	NOT-FOR-US: phpScheduleIt
@@ -54002,7 +54002,7 @@
 	- mozilla-firefox 1.0.2-1
 	- mozilla-thunderbird 1.0.2-1
 CVE-2005-0398 (The KAME racoon daemon in ipsec-tools before 0.5 allows remote
...)
-	- racoon 1:0.5-5
+	- ipsec-tools 1:0.5-5
 CVE-2005-0397 (Format string vulnerability in the SetImageInfo function in
image.c ...)
 	{DSA-702-1}
 	- imagemagick 6:6.0.6.2-2.2 (bug #297990)
@@ -54136,7 +54136,7 @@
 	- inetutils <not-affected> (inetutils 2:1.4.2+20040207-4; not vulnerable
and its tftpd is not shipped)
 	- atftp <not-affected> (atftp checks h_length)
 	- netkit-tftp <not-affected> (netkit-tftp not vulnerable)
-	- tftpd-hpa <not-affected> (bug #295297; not exploitable)
+	- tftp-hpa <not-affected> (bug #295297; not exploitable)
 	NOTE: The address length comes from libc, not the network.
 CVE-2004-1484 (Format string vulnerability in the _msg function in error.c in
socat ...)
 	- socat 1.4.0.3-1
@@ -55751,9 +55751,9 @@
 	{DSA-612-1}
 	- a2ps 1:4.13b-4.2 (bug #283134)
 CVE-2004-1169 (MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to
cause ...)
-	- maxdb-webtools 7.5.00.19-1
+	- maxdb-7.5.00 7.5.00.19-1
 CVE-2004-1168 (Stack-based buffer overflow in the WebDav handler in MaxDB
WebTools ...)
-	- maxdb-webtools 7.5.00.19-1
+	- maxdb-7.5.00 7.5.00.19-1
 CVE-2004-1167 (mirrorselect before 0.89 creates temporary files in a
world-writable ...)
 	NOT-FOR-US: gentoo mirrorselect
 CVE-2004-1166 (CRLF injection vulnerability in Microsoft Internet Explorer ...)
@@ -56068,7 +56068,7 @@
 CVE-2004-1036 (Cross-site scripting (XSS) vulnerability in the decoding of
encoded ...)
 	- squirrelmail 2:1.4.3a-3
 CVE-2004-1035 (Multiple integer signedness errors in (1) imapcommon.c, (2)
main.c, ...)
-	- imapproxy 1.2.2+1.2.3rc2-1
+	- up-imapproxy 1.2.2+1.2.3rc2-1
 CVE-2004-1034 (Buffer overflow in the http_open function in Kaffeine before
0.5, ...)
 	- kaffeine 0.4.3.1-3
 	- gxine 0.4-rc1
@@ -56396,7 +56396,7 @@
 	NOTE: Previous -9 fix had some issues of its own
 	- xfree86 4.3.0.dfsg.1-14 (bug #309143)
 	NOTE: lesstif1 and 2 have to be fixed separately
-	- lesstif1 1:0.93.94-11.3 (bug #294099)
+	- lesstif1-1 1:0.93.94-11.3 (bug #294099)
 	NOTE: but lesstif2 did get fixed for this hole..
 	- lesstif2 1:0.93.94-11.2
 	- openmotif 2.2.3-1.1 (bug #309819; medium)
@@ -56473,9 +56473,8 @@
 	- koffice 1:1.3.4-1
 	- tetex-bin 2.0.2-23
 	- xpdf 3.00-9
-	- kpdf 4:3.3.1-1 (bug #278173)
 	- gpdf 2.8.0-1
-	- kfax 4:3.3.1-1 (bug #280373)
+	- kdegraphics 4:3.3.1-1 (bug #280373)
 	- cupsys 1.1.22-6 (bug #324460)
 	NOTE: cupsys switched to an xpdf-utils wrapper in version 1.1.22-6.
 	NOTE: In version 1.1.20final+rc1-10, the dormant code in the source
@@ -57175,7 +57174,7 @@
 CVE-2004-0608 (The Unreal Engine, as used in DeusEx 1.112fm and earlier,
Devastation ...)
 	NOT-FOR-US: Unreal Engine
 CVE-2004-0607 (The eay_check_x509cert function in KAME Racoon successfully
verifies ...)
-	- racoon 0.3.3-1
+	- ipsec-tools 0.3.3-1
 CVE-2004-0606 (Cross-site scripting (XSS) vulnerability in Infoblox DNS One
running ...)
 	NOT-FOR-US: Infoblox DNS One
 CVE-2004-0605 (Non-registered IRC users using (1) ircd-hybrid 7.0.1 and
earlier, (2) ...)
@@ -57226,7 +57225,7 @@
 CVE-2004-0588 (Cross-site scripting (XSS) vulnerability in the web mail module
for ...)
 	- usermin 1.090-1
 CVE-2004-0587 (Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file
in ...)
-	- qla2x00-source 7.01.01-1
+	- qla2x00 7.01.01-1
 CVE-2004-0586 (acpRunner ActiveX 1.2.5.0 allows remote attackers to execute
arbitrary ...)
 	NOT-FOR-US: Windows
 CVE-2004-0585
@@ -57657,7 +57656,7 @@
 	{DSA-488}
 	- logcheck 1.1.1-13.2
 CVE-2004-0403 (Racoon before 20040408a allows remote attackers to cause a
denial of ...)
-	- racoon 0.3.1-3
+	- ipsec-tools 0.3.1-3
 CVE-2004-0402 (Buffer overflow in xpcd-svga in xpcd before 2.08, and possibly
other ...)
 	{DSA-508}
 	- xpcd 2.08-10
@@ -58147,7 +58146,7 @@
 	{DSA-485}
 	- ssmtp 2.60.7
 CVE-2004-0155 (The KAME IKE Daemon Racoon, when authenticating a peer during
Phase 1, ...)
-	- racoon 0.2.5-2
+	- ipsec-tools 0.2.5-2
 CVE-2004-0154 (rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows
attackers ...)
 	- nfs-utils 1:1.0.5-3
 CVE-2004-0153 (Multiple format string vulnerabilities in emil 2.1.0 and earlier
may ...)
@@ -58966,9 +58965,9 @@
 CVE-2003-0788 (Unknown vulnerability in the Internet Printing Protocol (IPP)
...)
 	- cupsys 1.1.19
 CVE-2003-0787 (The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1
interprets ...)
-	- ssh 1:3.7.1p2
+	- openssh 1:3.7.1p2
 CVE-2003-0786 (The SSH1 PAM challenge response authentication in OpenSSH 3.7.1
and ...)
-	- ssh 1:3.7.1p2
+	- openssh 1:3.7.1p2
 CVE-2003-0785 (ipmasq before 3.5.12, in certain configurations, may forward
packets ...)
 	{DSA-389}
 	- ipmasq 3.5.12
@@ -59109,7 +59108,7 @@
 CVE-2003-0724 (ssh on HP Tru64 UNIX 5.1B and 5.1A does not properly handle RSA
...)
 	NOT-FOR-US: HP Tru64
 CVE-2003-0723 (Buffer overflow in gkrellmd for gkrellm 2.1.x before 2.1.14 may
allow ...)
-	- gkrellmd 2.1.14
+	- gkrellm 2.1.14
 CVE-2003-0722 (The default installation of sadmind on Solaris uses weak ...)
 	NOT-FOR-US: solaris
 CVE-2003-0721 (Integer signedness error in rfc2231_get_param from strings.c in
PINE ...)
@@ -59773,9 +59772,9 @@
 	{DSA-325}
 	- eldav 0.7.2-1
 CVE-2003-0437 (Buffer overflow in search.cgi for mnoGoSearch 3.2.10 allows
remote ...)
-	- mnogosearch-common 3.2.11
+	- mnogosearch 3.2.11
 CVE-2003-0436 (Buffer overflow in search.cgi for mnoGoSearch 3.1.20 allows
remote ...)
-	- mnogosearch-common 3.2.11
+	- mnogosearch 3.2.11
 CVE-2003-0435 (Buffer overflow in net_swapscore for typespeed 0.4.1 and earlier
...)
 	{DSA-322}
 	- typespeed 0.4.4
@@ -59915,11 +59914,11 @@
 CVE-2003-0375 (Cross-site scripting (XSS) vulnerability in member.php of
XMBforum XMB ...)
 	NOT-FOR-US: XMBforum aka Partagium)
 CVE-2003-0374 (Multiple unknown vulnerabilities in Nessus before 2.0.6, in
libnessus ...)
-	- nessus 2.0.6
+	- nessus-core 2.0.6
 CVE-2003-0373 (Multiple buffer overflows in libnasl in Nessus before 2.0.6
allow ...)
-	- nessus 2.0.6
+	- nessus-core 2.0.6
 CVE-2003-0372 (Signed integer vulnerability in libnasl in Nessus before 2.0.6
allows ...)
-	- nessus 2.0.6
+	- nessus-core 2.0.6
 CVE-2003-0371 (Buffer overflow in Prishtina FTP client 1.x allows remote FTP
servers ...)
 	NOT-FOR-US: Prishtina FTP client
 CVE-2003-0370 (Konqueror Embedded and KDE 2.2.2 and earlier does not validate
the ...)
@@ -60185,7 +60184,7 @@
 CVE-2003-0257 (Format string vulnerability in the printer capability for IBM
AIX .3, ...)
 	NOT-FOR-US: AIX
 CVE-2003-0256 (The GnuPG plugin in kopete before 0.6.2 does not properly
cleanse the ...)
-	- kopete 3.2.0
+	- kdenetwork 3.2.0
 CVE-2003-0255 (The key validation code in GnuPG before 1.2.2 does not properly
...)
 	- gnupg 1.2.2
 CVE-2003-0254 (Apache 2 before 2.0.47, when running on an IPv6 host, allows
attackers ...)
@@ -60341,7 +60340,7 @@
 CVE-2003-0192 (Apache 2 before 2.0.47, and certain versions of mod_ssl for
Apache ...)
 	- apache2 2.0.47
 CVE-2003-0190 (OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support
...)
-	- ssh 1:3.8.1p1-8.sarge.4 (bug #196413)
+	- openssh 1:3.8.1p1-8.sarge.4 (bug #196413)
 CVE-2003-0189 (The authentication module for Apache 2.0.40 through 2.0.45 on
Unix ...)
 	- apache2 2.0.46
 CVE-2003-0188 (lv reads a .lv file from the current working directory, which
allows ...)
@@ -60950,7 +60949,7 @@
 CVE-2002-1351 (Buffer overflow in Melange Chat System 1.10 allows remote
attackers to ...)
 	NOT-FOR-US: Melange Chat System
 CVE-2002-1347 (Multiple buffer overflows in Cyrus SASL library 2.1.9 and
earlier ...)
-	- libsasl2 2.1.10-1
+	- cyrus-sasl2 2.1.10-1
 CVE-2002-1346
 	RESERVED
 CVE-2002-1345 (Directory traversal vulnerabilities in multiple FTP clients on
UNIX ...)
@@ -61256,7 +61255,7 @@
 CVE-2002-1094 (Information leaks in Cisco VPN 3000 Concentrator 2.x.x and 3.x.x
...)
 	NOT-FOR-US: Cisco
 CVE-2002-1090 (Buffer overflow in read_smtp_response of protocol.c in libesmtp
before ...)
-	- libesmtp5 0.8.11-1
+	- libesmtp 0.8.11-1
 CVE-2002-1089 (rwcgi60 CGI program in Oracle Reports Server, by design,
provides ...)
 	NOT-FOR-US: Oracle
 CVE-2002-1087 (The scripts (1) createdir.php, (2) removedir.php and (3) ...)
@@ -61830,9 +61829,9 @@
 CVE-2004-0273 (Directory traversal vulnerability in RealOne Player, RealOne
Player ...)
 	NOT-FOR-US: realone player
 CVE-2004-0270 (libclamav in Clam AntiVirus 0.65 allows remote attackers to
cause a ...)
-	- libclamav1 0.80
+	- clamav 0.80
 CVE-2004-0263 (PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak
global ...)
-	- libapache-mod-php4 4.3.9
+	- php4 4.3.9
 CVE-2004-0261 (oj.cgi in OpenJournal 2.0 through 2.0.5 allows remote attackers
to ...)
 	NOT-FOR-US: openjournal, not in debian
 CVE-2004-0257 (OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to
cause a ...)
@@ -62616,7 +62615,7 @@
 CVE-2002-1153 (IBM Websphere 4.0.3 allows remote attackers to cause a denial of
...)
 	NOT-FOR-US: IBM Websphere
 CVE-2002-1152 (Konqueror in KDE 3.0 through 3.0.2 does not properly detect the
...)
-	- konqueror 3.03
+	- kdebase 3.03
 CVE-2002-1151 (The cross-site scripting protection for Konqueror in KDE 2.2.2
and 3.0 ...)
 	{DSA-167}
 	- kdelibs 4:2.2.2-14
@@ -62822,7 +62821,7 @@
 CVE-2002-0916 (Format string vulnerability in the allowuser code for the
Stellar-X ...)
 	- squid 2.4.7
 CVE-2002-0914 (Double Precision Courier e-mail MTA allows remote attackers to
cause a ...)
-	- courier-mta 0.46
+	- courier 0.46
 CVE-2002-0911 (Caldera Volution Manager 1.1 stores the Directory Administrator
...)
 	NOT-FOR-US: Caldera Volution Manager
 CVE-2002-0906 (Buffer overflow in Sendmail before 8.12.5, when configured to
use a ...)
Secure testing commits - Jun 2008 - r8959 - data/CVE

[Secure-testing-commits] r8959 - data/CVE
