joeyh at alioth.debian.org
2007-Jul-19 09:14 UTC
[Secure-testing-commits] r6153 - data/CVE
Author: joeyh Date: 2007-07-19 09:14:07 +0000 (Thu, 19 Jul 2007) New Revision: 6153 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-07-19 07:53:04 UTC (rev 6152) +++ data/CVE/list 2007-07-19 09:14:07 UTC (rev 6153) @@ -1,3 +1,221 @@ +CVE-2007-3870 (Multiple unspecified vulnerabilities in the Human Capital Management ...) + TODO: check +CVE-2007-3869 (Multiple unspecified vulnerabilities in the Customer Relationship ...) + TODO: check +CVE-2007-3868 (Multiple unspecified vulnerabilities in PeopleTools in Oracle ...) + TODO: check +CVE-2007-3867 (Multiple unspecified vulnerabilities in Oracle E-Business Suite ...) + TODO: check +CVE-2007-3866 (Multiple unspecified vulnerabilities in Oracle E-Business Suite ...) + TODO: check +CVE-2007-3865 (Unspecified vulnerability in the Oracle Customer Intelligence ...) + TODO: check +CVE-2007-3864 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite ...) + TODO: check +CVE-2007-3863 (Unspecified vulnerability in Oracle JDeveloper for Application Server ...) + TODO: check +CVE-2007-3862 (Unspecified vulnerability in Oracle Application Server 9.0.4.3 and ...) + TODO: check +CVE-2007-3861 (Unspecified vulnerability in Oracle Jdeveloper in Oracle Application ...) + TODO: check +CVE-2007-3860 (Unspecified vulnerability in Oracle Application Express (formerly ...) + TODO: check +CVE-2007-3859 (Unspecified vulnerability in the Oracle Internet Directory component ...) + TODO: check +CVE-2007-3858 (Multiple unspecified vulnerabilities in in Oracle Database 10.2.0.3 ...) + TODO: check +CVE-2007-3857 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 allow ...) + TODO: check +CVE-2007-3856 (Unspecified vulnerability in the Oracle Data Mining component for ...) + TODO: check +CVE-2007-3855 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, ...) + TODO: check +CVE-2007-3854 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, ...) + TODO: check +CVE-2007-3853 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and ...) + TODO: check +CVE-2007-3852 + RESERVED +CVE-2007-3851 + RESERVED +CVE-2007-3850 + RESERVED +CVE-2007-3849 + RESERVED +CVE-2007-3848 + RESERVED +CVE-2007-3847 + RESERVED +CVE-2007-3846 + RESERVED +CVE-2007-3845 + RESERVED +CVE-2007-3844 + RESERVED +CVE-2007-3843 + RESERVED +CVE-2007-3842 (Cross-site scripting (XSS) vulnerability in the 8e6 R3000 Enterprise ...) + TODO: check +CVE-2007-3841 (Unspecified vulnerability in Pidgin (formerly Gaim) 2.0.2 for Linux ...) + TODO: check +CVE-2007-3840 (SQL injection vulnerability in referralUrl.php in Traffic Stats allows ...) + TODO: check +CVE-2007-3839 (Cross-site scripting (XSS) vulnerability in takeprofedit.php in ...) + TODO: check +CVE-2007-3838 (Cross-site scripting (XSS) vulnerability in takeprofedit.php in ...) + TODO: check +CVE-2007-3837 (Heap-based buffer overflow in HydraIRC 0.3.151 allows remote IRC ...) + TODO: check +CVE-2007-3836 (Format string vulnerability in HydraIRC 0.3.151 allows remote ...) + TODO: check +CVE-2007-3835 (Cross-site scripting (XSS) vulnerability in Ex Libris MetaLib 3.13 and ...) + TODO: check +CVE-2007-3834 (Multiple cross-site scripting (XSS) vulnerabilities in Ex Libris ALEPH ...) + TODO: check +CVE-2007-3833 (The AOL Instant Messenger (AIM) protocol handler in Cerulean Studios ...) + TODO: check +CVE-2007-3832 (Buffer overflow in the AOL Instant Messenger (AIM) protocol handler in ...) + TODO: check +CVE-2007-3831 (PHP remote file inclusion in main.php in ISS Proventia Network IPS ...) + TODO: check +CVE-2007-3830 (Cross-site scripting (XSS) vulnerability in alert.php in ISS Proventia ...) + TODO: check +CVE-2007-3829 (Multiple stack-based buffer overflows in (a) InterActual Player ...) + TODO: check +CVE-2007-3828 (Unspecified vulnerability in mDNSResponder in Apple Mac OS X allows ...) + TODO: check +CVE-2007-3827 (Mozilla Firefox allows for cookies to be set with a null domain (aka ...) + TODO: check +CVE-2007-3826 (Microsoft Internet Explorer 7 on Windows XP SP2 allows remote ...) + TODO: check +CVE-2007-3825 + RESERVED +CVE-2007-3824 (SQL injection vulnerability in katgoster.asp in MzK Blog (tr) allows ...) + TODO: check +CVE-2007-3823 (The Logging Server (Logsrv.exe) in IPSwitch WS_FTP 7.5.29.0 allows ...) + TODO: check +CVE-2007-3822 (Multiple cross-site scripting (XSS) vulnerabilities in Webcit before ...) + TODO: check +CVE-2007-3821 (Cross-site request forgery (CSRF) vulnerability in Webcit before 7.11 ...) + TODO: check +CVE-2007-3820 (konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to ...) + TODO: check +CVE-2007-3819 (Opera 9.21 allows remote attackers to spoof the data: URI scheme in ...) + TODO: check +CVE-2007-3818 (Cross-site scripting (XSS) vulnerability in the LoginToboggan module ...) + TODO: check +CVE-2007-3817 (Cross-site scripting (XSS) vulnerability in the LoginToboggan module ...) + TODO: check +CVE-2007-3816 (JWIG might allow context-dependent attackers to cause a denial of ...) + TODO: check +CVE-2007-3815 (Buffer overflow in pirs32.exe in Poslovni informator Republike ...) + TODO: check +CVE-2007-3814 (Multiple SQL injection vulnerabilities in MKPortal 1.1.1 allow remote ...) + TODO: check +CVE-2007-3813 (PHP remote file inclusion vulnerability in include/user.php in the ...) + TODO: check +CVE-2007-3812 (SQL injection vulnerability in forums.php in CMScout 1.23 and earlier ...) + TODO: check +CVE-2007-3811 (Multiple SQL injection vulnerabilities in eSyndiCat allow remote ...) + TODO: check +CVE-2007-3810 (SQL injection vulnerability in index.php in Realtor 747 allows remote ...) + TODO: check +CVE-2007-3809 (Multiple SQL injection vulnerabilities in Prozilla Directory Script ...) + TODO: check +CVE-2007-3808 (SQL injection vulnerability in includes/search.php in paFileDB 3.6 ...) + TODO: check +CVE-2007-3807 (Multiple cross-site scripting (XSS) vulnerabilities in SiteScape Forum ...) + TODO: check +CVE-2007-3806 (The glob function in PHP 5.2.3 allows context-dependent attackers to ...) + TODO: check +CVE-2007-3805 (The IKE implementation in Clavister CorePlus before 8.80.03, and ...) + TODO: check +CVE-2007-3804 (The AntiVirus engine in the HTTP-ALG in Clavister CorePlus before ...) + TODO: check +CVE-2007-3803 (The SMTP ALG in Clavister CorePlus before 8.80.04, and 8.81.00, does ...) + TODO: check +CVE-2007-3802 (The Decomposer component in multiple Symantec products may allow ...) + TODO: check +CVE-2007-3801 (The Decomposer component in multiple Symantec products allows remote ...) + TODO: check +CVE-2007-3800 (Unspecified vulnerability in the Real-time scanner (RTVScan) component ...) + TODO: check +CVE-2007-3799 (The session_start function in ext/session in PHP 4.x up to 4.4.7 and ...) + TODO: check +CVE-2007-3798 (Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 ...) + TODO: check +CVE-2007-3797 + RESERVED +CVE-2007-3796 (The password reset feature in the Spam Quarantine HTTP interface for ...) + TODO: check +CVE-2007-3795 (Unspecified vulnerability in Hitachi TP1/Server Base before 03-05-/P, ...) + TODO: check +CVE-2007-3794 (Buffer overflow in Hitachi Cosminexus V4 through V7, Processing Kit ...) + TODO: check +CVE-2007-3793 (SQL injection vulnerability in Job Management Partner 1/NETM/DM ...) + TODO: check +CVE-2007-3792 (Multiple PHP remote file inclusion vulnerabilities in AzDG Dating Gold ...) + TODO: check +CVE-2007-3791 (Buffer overflow in the w_read function in sockets.c in Cami Sardinha ...) + TODO: check +CVE-2007-3790 (The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 ...) + TODO: check +CVE-2007-3789 (SQL injection vulnerability in admin/index.php in Inmostore 4.0 allows ...) + TODO: check +CVE-2007-3788 (The eSoft InstaGate EX2 UTM device stores the admin password within ...) + TODO: check +CVE-2007-3787 (The eSoft InstaGate EX2 UTM device does not require entry of the old ...) + TODO: check +CVE-2007-3786 (** DISPUTED ** ...) + TODO: check +CVE-2007-3785 (Absolute path traversal vulnerability in a certain ActiveX control in ...) + TODO: check +CVE-2007-3784 (Cross-site scripting (XSS) vulnerability in the Belkin G Plus Router ...) + TODO: check +CVE-2007-3783 (SQL injection vulnerability in default.asp in enVivo!CMS allows remote ...) + TODO: check +CVE-2007-3782 (MySQL Community Server before 5.0.45 allows remote authenticated users ...) + TODO: check +CVE-2007-3781 (MySQL Community Server before 5.0.45 does not require privileges such ...) + TODO: check +CVE-2007-3780 (MySQL Community Server before 5.0.45 allows remote attackers to cause ...) + TODO: check +CVE-2007-3779 (PHP local file inclusion vulnerability in gpg_pop_init.php in the ...) + TODO: check +CVE-2007-3778 (The G/PGP (GPG) Plugin 2.0, and 2.1dev before 20060912, for ...) + TODO: check +CVE-2007-3777 (avg7core.sys 7.5.0.444 in Grisoft AVG Anti-Virus 7.5.448 and Free ...) + TODO: check +CVE-2007-3776 (Cisco Unified Communications Manager (CUCM, formerly CallManager) and ...) + TODO: check +CVE-2007-3775 (Unspecified vulnerability in Cisco Unified Communications Manager ...) + TODO: check +CVE-2007-3774 (Dvbbs 7.1.0 SP1 stores sensitive information under the web root with ...) + TODO: check +CVE-2007-3773 (Cross-site request forgery (CSRF) vulnerability in the Email-Template ...) + TODO: check +CVE-2007-3772 (Directory traversal vulnerability in news/show.php in PsNews 1.1 ...) + TODO: check +CVE-2007-3771 (Stack-based buffer overflow in the Internet E-mail Auto-Protect ...) + TODO: check +CVE-2007-3770 (The terminal_helper_execute function in terminal/terminal.c in Xfce ...) + TODO: check +CVE-2007-3769 (Cross-site scripting (XSS) vulnerability in the mirrored server ...) + TODO: check +CVE-2007-3768 (The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote ...) + TODO: check +CVE-2007-3767 + RESERVED +CVE-2007-3766 + RESERVED +CVE-2007-3765 (The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW ...) + TODO: check +CVE-2007-3764 (The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and ...) + TODO: check +CVE-2007-3763 (The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and ...) + TODO: check +CVE-2007-3762 (Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in ...) + TODO: check CVE-2007-XXXX [konqueror data: URL address bar spoofing] - kdebase <unfixed> (bug #433072; low) NOTE: http://marc.info/?l=full-disclosure&m=118437069815691&w=2 @@ -47,21 +265,16 @@ RESERVED CVE-2007-3739 RESERVED -CVE-2007-3738 [Firefox XPCNativeWrapper code injection] - RESERVED +CVE-2007-3738 (Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.5 ...) - iceweasel <unfixed> (medium) -CVE-2007-3737 [Firefox insecure event handler code injection] - RESERVED +CVE-2007-3737 (Mozilla Firefox before 2.0.0.5 allows remote attackers to execute ...) - iceweasel <unfixed> -CVE-2007-3736 [Firefox addEventListener() and setTimeout () same-origin bypass] - RESERVED +CVE-2007-3736 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...) - iceweasel <unfixed> (high) -CVE-2007-3735 [memory corruption in layout engine] - RESERVED +CVE-2007-3735 (Multiple unspecified vulnerabilities in the JavaScript engine in ...) - iceweasel <unfixed> (high) - icedove <unfixed> (high) -CVE-2007-3734 [memory corruption in js engine] - RESERVED +CVE-2007-3734 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel <unfixed> (high) - icedove <unfixed> (high) CVE-2007-3733 @@ -186,8 +399,8 @@ RESERVED CVE-2007-3674 RESERVED -CVE-2007-3673 - RESERVED +CVE-2007-3673 (Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus ...) + TODO: check CVE-2007-3672 (Cross-site scripting (XSS) vulnerability in ecrire/tools.php in ...) TODO: check CVE-2007-3671 (Unspecified vulnerability in the kernel in Microsoft Windows Vista has ...) @@ -243,18 +456,15 @@ TODO: check CVE-2007-3646 (SQL injection vulnerability in index.php in FlashGameScript 1.7 and ...) TODO: check -CVE-2007-3645 - RESERVED +CVE-2007-3645 (archive_read_support_format_tar.c in libarchive before 2.2.4 allows ...) - libarchive 2.2.4-1 (bug #432924; low) -CVE-2007-3644 - RESERVED +CVE-2007-3644 (archive_read_support_format_tar.c in libarchive before 2.2.4 allows ...) - libarchive 2.2.4-1 (bug #432924; low) CVE-2007-3643 (admin/index.php in AV Arcade 2.1b grants administrative privileges ...) TODO: check CVE-2007-3642 (The decode_choice function in net/netfilter/nf_conntrack_h323_asn1.c ...) TODO: check -CVE-2007-3641 - RESERVED +CVE-2007-3641 (archive_read_support_format_tar.c in libarchive before 2.2.4 does not ...) - libarchive 2.2.4-1 (bug #432924; low) CVE-2007-3640 (Adobe Integrated Runtime (AIR, aka Apollo) allows context-dependent ...) TODO: check @@ -266,7 +476,7 @@ TODO: check CVE-2007-3636 (Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for ...) TODO: check -CVE-2007-3635 (Unspecified vulnerability in the G/PGP (GPG) Plugin before 2.1 for ...) +CVE-2007-3635 (Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before ...) TODO: check CVE-2007-3634 (Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for ...) TODO: check @@ -408,8 +618,8 @@ RESERVED CVE-2007-3565 RESERVED -CVE-2007-3564 [curl doesn''t check certificate parameters in GNUTLS mode] - RESERVED +CVE-2007-3564 (libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does ...) + {DSA-1333-1} - curl <unfixed> (low) CVE-2007-3563 (SQL injection vulnerability in includes/view_page.php in AV Arcade ...) TODO: check @@ -690,7 +900,7 @@ NOT-FOR-US: Sun Solaris libsldap CVE-2007-3457 (Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP ...) TODO: check -CVE-2007-3456 (Unspecified vulnerability in Adobe Flash Player 9.0.45.0 and earlier ...) +CVE-2007-3456 (Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might ...) TODO: check CVE-2006-7214 (Multiple unspecified vulnerabilities in Firebird 1.5 allow remote ...) - firebird1.5 <unfixed> (bug #432753) @@ -714,7 +924,7 @@ NOT-FOR-US: BlackBerry Enterprise Server CVE-2007-3455 (cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan ...) NOT-FOR-US: Trend Micro OfficeScan Corporate Edition -CVE-2007-3454 (Buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro ...) +CVE-2007-3454 (Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in ...) NOT-FOR-US: Trend Micro OfficeScan Corporate Edition CVE-2007-3453 (SQL injection vulnerability in Papoo 3.6, and possibly earlier, allows ...) NOT-FOR-US: Papoo @@ -1092,7 +1302,7 @@ RESERVED CVE-2007-3286 RESERVED -CVE-2007-3285 (Mozilla Firefox allows remote attackers to bypass file type checks via ...) +CVE-2007-3285 (Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote ...) - iceweasel <unfixed> (low) - iceape <unfixed> (low) - firefox <removed> (low) @@ -1525,8 +1735,8 @@ RESERVED CVE-2007-3104 (The sysfs_readdir function in the Linux kernel in Red Hat Enterprise ...) - linux-2.6 <unfixed> -CVE-2007-3103 - RESERVED +CVE-2007-3103 (The init.d script for the X.Org X11 xfs font server on Red Hat ...) + TODO: check CVE-2007-3102 RESERVED CVE-2007-3101 (Multiple cross-site scripting (XSS) vulnerabilities in certain JSF ...) @@ -1559,7 +1769,7 @@ - firefox <removed> (medium) - mozilla <removed> (medium) - xulrunner <unfixed> (medium) -CVE-2007-3089 (Mozilla Firefox does not prevent use of document.write to replace an ...) +CVE-2007-3089 (Mozilla Firefox before 2.0.0.5 does not prevent use of document.write ...) - iceweasel <unfixed> (low) - iceape <unfixed> (low) - firefox <removed> (low) @@ -1711,18 +1921,18 @@ RESERVED CVE-2007-3019 RESERVED -CVE-2007-3018 - RESERVED -CVE-2007-3017 - RESERVED +CVE-2007-3018 (activeWeb contentserver CMS before 5.6.2964 does not limit the ...) + TODO: check +CVE-2007-3017 (The WYSIWYG editor applet in activeWeb contentserver CMS before ...) + TODO: check CVE-2007-3016 RESERVED CVE-2007-3015 RESERVED -CVE-2007-3014 - RESERVED -CVE-2007-3013 - RESERVED +CVE-2007-3014 (Multiple cross-site scripting (XSS) vulnerabilities in activeWeb ...) + TODO: check +CVE-2007-3013 (SQL injection vulnerability in activeWeb contentserver before 5.6.2964 ...) + TODO: check CVE-2007-3012 (The web interface in Fujitsu-Siemens Computers PRIMERGY BX300 Switch ...) TODO: check CVE-2007-3011 (The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens ...) @@ -1867,6 +2077,7 @@ CVE-2007-2950 RESERVED CVE-2007-2949 (Integer overflow in the seek_to_and_unpack_pixeldata function in the ...) + {DSA-1335-1} - gimp 2.2.16-1 (medium) - ingimp 2.2.16.20070710-1 NOTE: http://secunia.com/secunia_research/2007-63/advisory @@ -2342,7 +2553,7 @@ CVE-2007-2755 (The PrecisionID Barcode 1.9 ActiveX control in ...) NOT-FOR-US: PrecisionID CVE-2007-2754 (Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and ...) - {DSA-1302-1} + {DSA-1334-1 DSA-1302-1} - freetype 2.2.1-6 (bug #425625) CVE-2007-2753 (RunawaySoft Haber portal 1.0 stores sensitive information under the ...) NOT-FOR-US: RunawaySoft @@ -3092,8 +3303,8 @@ NOT-FOR-US: Macrovision CVE-2007-2418 (Heap-based buffer overflow in the Rendezvous / Extensible Messaging ...) NOT-FOR-US: Cerulean Trillian -CVE-2007-2417 - RESERVED +CVE-2007-2417 (Heap-based buffer overflow in _mprosrv.exe in Progress Software ...) + TODO: check CVE-2007-2416 (SQL injection vulnerability in home.php in E-Annu allows remote ...) NOT-FOR-US: E-Annu CVE-2007-2415 (Pi3Web Web Server 2.0.3 PL1 allows remote attackers to cause a denial ...) @@ -3122,8 +3333,8 @@ RESERVED CVE-2007-2403 RESERVED -CVE-2007-2402 - RESERVED +CVE-2007-2402 (QuickTime for Java in Apple Quicktime before 7.2 does not perform ...) + TODO: check CVE-2007-2401 (CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, and ...) NOT-FOR-US: Apple CVE-2007-2400 (Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, ...) @@ -3132,18 +3343,18 @@ NOT-FOR-US: Apple CVE-2007-2398 (Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers ...) NOT-FOR-US: Apple Safari -CVE-2007-2397 - RESERVED -CVE-2007-2396 - RESERVED +CVE-2007-2397 (QuickTime for Java in Apple Quicktime before 7.2 does not properly ...) + TODO: check +CVE-2007-2396 (The JDirect support in QuickTime for Java in Apple Quicktime before ...) + TODO: check CVE-2007-2395 RESERVED -CVE-2007-2394 - RESERVED -CVE-2007-2393 - RESERVED -CVE-2007-2392 - RESERVED +CVE-2007-2394 (Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and ...) + TODO: check +CVE-2007-2393 (The design of QuickTime for Java in Apple Quicktime before 7.2 allows ...) + TODO: check +CVE-2007-2392 (Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows ...) + TODO: check CVE-2007-2391 (Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 ...) NOT-FOR-US: Apple CVE-2007-2390 (Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9 allows ...) @@ -4334,7 +4545,7 @@ - php5 5.2.2-1 CVE-2007-1863 (cache_util.c in the mod_cache module in Apache HTTP Server (httpd), ...) - apache2 2.2.4-1 (low) - [sarge] - apache2 2.0.54-5sarge2 + [sarge] - apache2 2.0.54-5sarge2 TODO: check apache 1 NOTE: see http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/cache/cache_util.c?view=markup&pathrev=551944 CVE-2007-1862 (The recall_headers function in mod_mem_cache in Apache 2.2.4 does not ...) @@ -11900,9 +12111,9 @@ - linux-2.6 <unfixed> CVE-2006-5752 (Cross-site scripting (XSS) vulnerability in mod_status.c in the ...) - apache2 <unfixed> (low) - [sarge] - apache2 2.0.54-5sarge2 + [sarge] - apache2 2.0.54-5sarge2 - apache <removed> (low) - TODO: sf, when was this fixed in apache2 for unstable? + TODO: sf, when was this fixed in apache2 for unstable? CVE-2006-5751 (Integer overflow in the get_fdb_entries function in ...) {DSA-1233} - linux-2.6 2.6.18-8 (medium) @@ -12950,10 +13161,10 @@ NOT-FOR-US: communityPortals CVE-2006-5279 RESERVED -CVE-2006-5278 - RESERVED -CVE-2006-5277 - RESERVED +CVE-2006-5278 (Integer overflow in the Real-Time Information Server (RIS) Data ...) + TODO: check +CVE-2006-5277 (Off-by-one error in the Certificate Trust List (CTL) Provider service ...) + TODO: check CVE-2006-5276 (Stack-based buffer overflow in the DCE/RPC preprocessor in Snort ...) - snort <not-affected> (snort versions 2.3.x do not contain the DCE RPC preprocessor) CVE-2006-5275 @@ -14640,6 +14851,7 @@ CVE-2006-4520 (ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 ...) NOT-FOR-US: Novell eDirectory CVE-2006-4519 (Multiple integer overflows in the image loader plug-ins in GIMP before ...) + {DSA-1335-1} TODO: check CVE-2006-4518 (Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a ...) NOT-FOR-US: Qbik WinGate @@ -15470,8 +15682,8 @@ RESERVED CVE-2006-4170 REJECTED -CVE-2006-4169 - RESERVED +CVE-2006-4169 (Multiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin ...) + TODO: check CVE-2006-4168 (Integer overflow in the exif_data_load_data_entry function in ...) {DSA-1310-1} - libexif 0.6.16-1 (bug #430012) @@ -16024,7 +16236,7 @@ CVE-2006-3918 (http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 ...) {DSA-1167-1} - apache2 2.0.55-4.1 (bug #381376; low) - [sarge] - apache2 2.0.54-5sarge2 + [sarge] - apache2 2.0.54-5sarge2 - apache 1.3.34-3 (bug #381381; low) CVE-2006-3917 (PHP remote file inclusion vulnerability in inc/gabarits.php in R. ...) NOT-FOR-US: PHP Forge @@ -28905,7 +29117,7 @@ - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11) CVE-2005-3357 (mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost ...) - apache2 2.0.55-4 (bug #351246; low) - [sarge] - apache2 2.0.54-5sarge2 + [sarge] - apache2 2.0.54-5sarge2 CVE-2005-3356 (The mq_open system call in Linux kernel 2.6.9, in certain situations, ...) {DSA-1017-1} - linux-2.6 2.6.15-4 @@ -28926,7 +29138,7 @@ {DSA-1167-1} - apache 1.3.34-2 (bug #343466; low) - apache2 2.0.55-4 (bug #343467; bug #349793; low) - [sarge] - apache2 2.0.54-5sarge2 + [sarge] - apache2 2.0.54-5sarge2 NOTE: Version(s): prior to 1.3.35-dev, 2.0.56-dev are affected NOTE: Means oldstable and stable are affected CVE-2005-3351 (SpamAssassin 3.0.4 allows attackers to bypass spam detection via an ...) @@ -30132,7 +30344,7 @@ - koffice 1:1.3.5-5 (bug #333497; medium) CVE-2005-2970 (Memory leak in the worker MPM (worker.c) for Apache 2, in certain ...) - apache2 2.0.55-1 (bug #340337; low) - [sarge] - apache2 2.0.54-5sarge2 + [sarge] - apache2 2.0.54-5sarge2 NOTE: this occurs in the binary package apache2-mpm-worker CVE-2005-2969 (The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and ...) {DSA-888-1 DSA-882-1 DSA-881-1 DSA-875-1} @@ -34595,8 +34807,7 @@ RESERVED CVE-2005-1925 (Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 ...) NOT-FOR-US: Tikiwiki -CVE-2005-1924 [squirrelmail gpg plugin] - RESERVED +CVE-2005-1924 (The G/PGP (GPG) Plugin 2.1 and earlier for Squirrelmail allow remote ...) NOT-FOR-US: External Squirrelmail plugin not packaged in Debian CVE-2005-1923 (The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, ...) {DSA-737-1 DTSA-3-1} @@ -58399,7 +58610,7 @@ NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0525 (IP traceroute is allowed from arbitrary hosts. ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-1999-0524 (ICMP information such as netmask and timestamp is allowed from ...) +CVE-1999-0524 (ICMP information such as (1) netmask and (2) timestamp is allowed from ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0523 (ICMP echo (ping) is allowed from arbitrary hosts. ...) NOT-FOR-US: Data pre-dating the Security Tracker