Secure testing commits - Mar 2009 - r11494 - data/CVE

Author: joeyh
Date: 2009-03-30 21:14:15 +0000 (Mon, 30 Mar 2009)
New Revision: 11494

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-03-30 20:45:07 UTC (rev 11493)
+++ data/CVE/list	2009-03-30 21:14:15 UTC (rev 11494)
@@ -14512,7 +14512,7 @@
 CVE-2008-1448 (The MHTML protocol handler in a component of Microsoft Outlook
Express ...)
 	NOT-FOR-US: Microsoft Outlook Express
 CVE-2008-1447 (The DNS protocol, as implemented in (1) BIND 8 and 9 before
9.5.0-P1, ...)
-	{DSA-1623-1 DSA-1619-1 DSA-1617-1 DSA-1603-1 DTSA-147-1}
+	{DSA-1605-1 DSA-1604-1 DSA-1623-1 DSA-1619-1 DSA-1617-1 DSA-1603-1 DTSA-147-1}
 	- bind9 1:9.5.0.dfsg-5 (high)
 	NOTE: glibc stub resolver relies on source port randomisation in kernel
 	- dnsmasq 2.43-1 (medium; bug #490123)
@@ -16889,6 +16889,7 @@
 CVE-2008-0468 (SQL injection vulnerability in category.php in Flinx 1.3 and
earlier ...)
 	NOT-FOR-US: Flinx
 CVE-2008-0467 (Stack-based buffer overflow in Firebird before 2.0.4, and 2.1.x
before ...)
+	{DSA-1529-1}
 	- firebird2 <removed>
 	[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
 	- firebird2.0 2.0.3.12981.ds1-5 (medium; bug #463596)
@@ -17106,6 +17107,7 @@
 CVE-2008-0388 (SQL injection vulnerability in the WP-Forum 1.7.4 plugin for
WordPress ...)
 	NOT-FOR-US: WP-Forum plugin for WordPress
 CVE-2008-0387 (Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before
...)
+	{DSA-1529-1}
 	- firebird2.0 2.0.3.12981.ds1-4 (bug #460048)
 	[lenny] - firebird2.0 2.0.3.12981.ds1-1+lenny1
 	- firebird2 <removed>
@@ -23853,26 +23855,32 @@
 	- php4 <removed> (unimportant)
 	NOTE: This refers to an improved fix for MOPB 03-2007, which is CVE-2007-1285
and a non-issue
 CVE-2007-4669 (The Services API in Firebird before 2.0.2 allows remote
authenticated ...)
+	{DSA-1529-1}
 	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
 	[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
 	[sarge] - firebird2 <unfixed>
 CVE-2007-4668 (Unspecified vulnerability in the server in Firebird before 2.0.2
...)
+	{DSA-1529-1}
 	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
 	[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
 	[sarge] - firebird2 <unfixed>
 CVE-2007-4667 (Unspecified vulnerability in the Services API in Firebird before
2.0.2 ...)
+	{DSA-1529-1}
 	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
 	[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
 	[sarge] - firebird2 <unfixed>
 CVE-2007-4666 (Unspecified vulnerability in the server in Firebird before
2.0.2, when ...)
+	{DSA-1529-1}
 	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
 	[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
 	[sarge] - firebird2 <unfixed>
 CVE-2007-4665 (Unspecified vulnerability in the server in Firebird before 2.0.2
...)
+	{DSA-1529-1}
 	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
 	[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
 	[sarge] - firebird2 <unfixed>
 CVE-2007-4664 (Unspecified vulnerability in the (1) attach database and (2)
create ...)
+	{DSA-1529-1}
 	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
 	[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
 	[sarge] - firebird2 <unfixed>
@@ -26567,6 +26575,7 @@
 	[etch] - dar <no-dsa> (Minor issue)
 	[sarge] - dar <no-dsa> (Minor issue)
 CVE-2007-3527 (Integer overflow in Firebird 2.0.0 allows remote authenticated
users ...)
+	{DSA-1529-1}
 	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
 	[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
 	[sarge] - firebird2 <unfixed>
@@ -26784,21 +26793,25 @@
 	[sarge] - flashplugin-nonfree <no-dsa> (non-free not supported)
 	[etch] - flashplugin-nonfree <no-dsa> (non-free not supported)
 CVE-2006-7214 (Multiple unspecified vulnerabilities in Firebird 1.5 allow
remote ...)
+	{DSA-1529-1}
 	- firebird1.5 <removed> (bug #432753)
 	- firebird2 <removed>
 	[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
 	- firebird2.0 <not-affected> (fixed in 2.0)
 CVE-2006-7213 (Firebird 1.5 allows remote authenticated users without SYSDBA
and ...)
+	{DSA-1529-1}
 	- firebird1.5 <removed> (bug #432753)
 	- firebird2 <removed>
 	[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
 	- firebird2.0 <not-affected> (fixed in 2.0)
 CVE-2006-7212 (Multiple buffer overflows in Firebird 1.5, one of which affects
WNET, ...)
+	{DSA-1529-1}
 	- firebird1.5 <removed> (bug #432753)
 	- firebird2 <removed>
 	[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
 	- firebird2.0 <not-affected> (fixed in 2.0)
 CVE-2006-7211 (fb_lock_mgr in Firebird 1.5 uses weak permissions (0666) for the
...)
+	{DSA-1529-1}
 	- firebird1.5 <not-affected> (fixed before rename to firebird1.5)
 	- firebird2 1.5.3.4870-4 (low; bug #362001)
 	[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
@@ -27472,6 +27485,7 @@
 CVE-2007-3182 (Multiple cross-site scripting (XSS) vulnerabilities in
Calendarix ...)
 	NOT-FOR-US: Calendarix
 CVE-2007-3181 (Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1
allows ...)
+	{DSA-1529-1}
 	- firebird2.0 2.0.3.12981.ds1-1 (medium)
 	[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
 	[sarge] - firebird2 <unfixed> (medium)
@@ -28861,6 +28875,7 @@
 CVE-2007-2607 (PHP remote file inclusion vulnerability in
views/print/printbar.php in ...)
 	NOT-FOR-US: LaVague
 CVE-2007-2606 (Multiple buffer overflows in Firebird 2.1 allow attackers to
trigger ...)
+	{DSA-1529-1}
 	- firebird2.0 2.0.3.12981.ds1-1 (low; bug #444976)
 	[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
 	[sarge] - firebird2 <unfixed> (low)
@@ -40961,6 +40976,7 @@
 CVE-2006-4536 (SQL injection vulnerability in module/rejestracja.php in CMS
Frogss ...)
 	NOT-FOR-US: CMS Frogss
 CVE-2006-4535 (The Linux kernel 2.6.17.10 and 2.6.17.11 and 2.6.18-rc5 allows
local ...)
+	{DSA-1184-2 DSA-1183-1}
 	- linux-2.6 2.6.18-1
 CVE-2006-4534 (Unspecified vulnerability in Microsoft Word 2000, 2002, and
Office ...)
 	NOT-FOR-US: Microsoft
@@ -41885,6 +41901,7 @@
 	- gdb <unfixed> (unimportant)
 	NOTE: Every sensible use of gdb involves executing the debugged binary
 CVE-2006-4145 (The Universal Disk Format (UDF) filesystem driver in Linux
kernel ...)
+	{DSA-1184-2}
 	- linux-2.6 2.6.17-7
 CVE-2006-4143 (Netgear FVG318 running firmware 1.0.40 allows remote attackers
to ...)
 	NOT-FOR-US: Netgear
@@ -41991,7 +42008,7 @@
 CVE-2006-4094
 	RESERVED
 CVE-2006-4093 (Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on
...)
-	{DSA-1237}
+	{DSA-1184-2 DSA-1237}
 	- linux-2.6 2.6.17-7
 CVE-2006-4092 (Simpliciti Locked Browser does not properly limit a
user''s actions to ...)
 	NOT-FOR-US: Simpliciti Locked Browser
@@ -42832,6 +42849,7 @@
 	- gnupg 1.4.5-1 (medium; bug #381204)
 	- gnupg2 1.9.20-2 (medium)
 CVE-2006-3745 (Unspecified vulnerability in the sctp_make_abort_user function
in the ...)
+	{DSA-1184-2 DSA-1183-1}
 	- linux-2.6 2.6.17-7
 CVE-2006-3744 (Multiple integer overflows in ImageMagick before 6.2.9 allows
...)
 	{DSA-1168-1}
@@ -43450,6 +43468,7 @@
 	{DSA-1112}
 	- mysql-dfsg-5.0 5.0.22-1 (bug #375694)
 CVE-2006-3468 (Linux kernel 2.6.x, when using both NFS and EXT3, allows remote
...)
+	{DSA-1184-2}
 	- linux-2.6 2.6.17-6
 CVE-2006-3467 (Integer overflow in FreeType before 2.2 allows remote attackers
to ...)
 	{DSA-1193-1 DSA-1178-1}
@@ -44612,8 +44631,10 @@
 	- openssl097 0.9.7k-2
 	- openssl096 <not-affected>
 CVE-2006-2936 (The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel
2.6.x up ...)
+	{DSA-1184-2}
 	- linux-2.6 2.6.17-5 (low)
 CVE-2006-2935 (The dvd_read_bca function in the DVD handling code in ...)
+	{DSA-1184-2 DSA-1183-1}
 	- linux-2.6 2.6.17-5 (low)
 CVE-2006-2934 (SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for
Linux ...)
 	- linux-2.6 2.6.17-3
@@ -45414,6 +45435,7 @@
 CVE-2006-2608 (artmedic newsletter 4.1 and possibly other versions, when ...)
 	NOT-FOR-US: artmedic newsletter
 CVE-2004-2660 (Memory leak in direct-io.c in Linux kernel 2.6.x before 2.6.10
allows ...)
+	{DSA-1184-2}
 	- linux-2.6 <not-affected> (fixed before the first upload)
 CVE-2003-1301 (Sun Java Runtime Environment (JRE) 1.x before 1.4.2_11 and 1.5.x
...)
 	- sun-java5 1.5.0-06-1 (low; bug #384734)
@@ -45784,12 +45806,14 @@
 	{DSA-1090-1}
 	- spamassassin 3.1.3-1 (medium)
 CVE-2006-2446 (Race condition between the kfree_skb and __skb_unlink functions
in the ...)
+	{DSA-1184-2 DSA-1183-1}
 	- linux-2.6 2.6.16-1
 	NOTE: I''m not sure at which point this was merged, but I checked
2.6.16 and the
 	NOTE: patch is included there
 CVE-2006-2445 (Race condition in run_posix_cpu_timers in Linux kernel before
...)
 	- linux-2.6 2.6.16-15
 CVE-2006-2444 (The snmp_trap_decode function in the SNMP NAT helper for Linux
kernel ...)
+	{DSA-1184-2 DSA-1183-1}
 	- linux-2.6 2.6.16-15
 CVE-2006-2442 (kphone 4.2 creates .qt/kphonerc with world-readable permissions,
which ...)
 	{DSA-1062-1}
@@ -46183,6 +46207,7 @@
 	{DSA-1103 DSA-1097-1}
 	- linux-2.6 2.6.16-13
 CVE-2005-4798 (Buffer overflow in NFS readlink handling in the Linux Kernel 2.4
up to ...)
+	{DSA-1184-2 DSA-1183-1}
 	- linux-2.6 <not-affected>
 CVE-2006-2270 (PHP remote file inclusion vulnerability in includes/config.php
in ...)
 	NOT-FOR-US: Jetbox CMS
@@ -47175,8 +47200,10 @@
 	{DSA-1103 DSA-1097-1}
 	- linux-2.6 2.6.16-14
 CVE-2006-1856 (Certain modifications to the Linux kernel 2.6.16 and earlier do
not ...)
+	{DSA-1184-2}
 	- linux-2.6 2.6.16-12
 CVE-2006-1855 (choose_new_parent in Linux kernel before 2.6.11.12 includes
certain ...)
+	{DSA-1184-2}
 	NOTE: probably fixed before, but this is the oldest linux-2.6 in the changelog
 	- linux-2.6 2.6.12-1
 CVE-2006-1854 (** DISPUTED ** ...)
@@ -48111,6 +48138,7 @@
 	NOTE: Thunderbird is potentially affected as well, but not in the
 	NOTE: default configuration.
 CVE-2006-1528 (Linux kernel before 2.6.13 allows local users to cause a denial
of ...)
+	{DSA-1184-2 DSA-1183-1}
 	- linux-2.6 2.6.13-1
 CVE-2006-1527 (The SCTP-netfilter code in Linux kernel before 2.6.16.13 allows
remote ...)
 	- linux-2.6 2.6.16-12 (low)
@@ -48559,7 +48587,7 @@
 CVE-2006-1344 (Cross-site scripting (XSS) vulnerability in VeriSign haydn.exe,
as ...)
 	NOT-FOR-US: VeriSign haydn.exe
 CVE-2006-1343 (net/ipv4/netfilter/ip_conntrack_core.c in Linux kernel 2.4 and
2.6, ...)
-	{DSA-1097-1}
+	{DSA-1184-2 DSA-1097-1}
 	- linux-2.6 2.6.16-15
 CVE-2006-1342 (net/ipv4/af_inet.c in Linux kernel 2.4 does not clear ...)
 	- linux-2.6 <not-affected> (Only affects 2.4 kernels)
@@ -49227,6 +49255,7 @@
 CVE-2006-1053
 	RESERVED
 CVE-2006-1052 (The selinux_ptrace logic in hooks.c in SELinux for Linux 2.6.6
allows ...)
+	{DSA-1184-2}
 	- linux-2.6 2.6.15+2.6.16-rc5-0experimental.1 (low)
 CVE-2006-1051 (SQL injection vulnerability in Akarru Social BookMarking Engine
before ...)
 	NOT-FOR-US: Akurru Social BookMarking Engine
@@ -57711,7 +57740,7 @@
 CVE-2005-2559 (doping.php in ePing plugin 1.02 and earlier for e107 portal
allows ...)
 	NOT-FOR-US: e107 portal
 CVE-2005-2558 (Stack-based buffer overflow in the init_syms function in MySQL
4.0 ...)
-	{DSA-831-1 DSA-829-1}
+	{DSA-833-2 DSA-831-1 DSA-829-1}
 	- mysql-dfsg-4.1 4.1.13 (medium)
 	- mysql-dfsg-5.0 5.0.7beta-1 (medium)
 	- mysql-dfsg 4.0.24-10sarge1 (bug #322133; medium)