Author: stef-guest
Date: 2006-05-11 12:12:14 +0000 (Thu, 11 May 2006)
New Revision: 3936
Modified:
data/CVE/list
Log:
avahi fixed
abc2ps dsa 1041
abcmidi dsa 1043
asterisk dsa 1048
ethereal dsa 1049
clamav dsa 1050
mozilla-thunderbird dsa 1051
cgiirc dsa 1052
mozilla dsa 1053
tiff dsa 1054
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-05-10 22:18:40 UTC (rev 3935)
+++ data/CVE/list 2006-05-11 12:12:14 UTC (rev 3936)
@@ -15,9 +15,9 @@
CVE-2006-2290 (Multiple cross-site scripting (XSS) vulnerabilities in
kommentar.php ...)
TODO: check
CVE-2006-2289 (Buffer overflow in avahi-core in Avahi before 0.6.10 allows
local ...)
- TODO: check
+ - avahi 0.6.10-1 (medium)
CVE-2006-2288 (Avahi before 0.6.10 allows local users to cause a denial of
service ...)
- TODO: check
+ - avahi 0.6.10-1 (low)
CVE-2006-2287 (Multiple cross-site scripting (XSS) vulnerabilities in Vision
Source ...)
TODO: check
CVE-2006-2286 (Multiple PHP remote file inclusion vulnerabilities in ...)
@@ -346,7 +346,7 @@
CVE-2006-2148 (Multiple buffer overflows in client.c in CGI:IRC (CGIIRC) before
0.5.8 ...)
{DSA-1052-1}
- cgiirc <unfixed> (bug #365680; medium)
- [sarge] - cgiirc <unfixed> (bug #365680; medium)
+ [sarge] - cgiirc 0.5.4-6sarge1 (bug #365680; medium)
CVE-2006-2133 (SQL injection vulnerability in index.php in BoonEx Barracuda 1.1
and ...)
TODO: check
CVE-2006-2132 (SQL injection vulnerability in detail.asp in DUclassified allows
...)
@@ -572,13 +572,19 @@
TODO: check
CVE-2006-2026 (Double-free vulnerability in tif_jpeg.c in libtiff before 3.8.1
allows ...)
{DSA-1054-1}
- TODO: check
+ [sarge] - tiff 3.7.2-3sarge1
+ [woody] - tiff 3.5.5-7woody1
+ - tiff 3.8.1
CVE-2006-2025 (Integer overflow in the TIFFFetchData function in tif_dirread.c
for ...)
{DSA-1054-1}
- TODO: check
+ [sarge] - tiff 3.7.2-3sarge1
+ [woody] - tiff 3.5.5-7woody1
+ - tiff 3.8.1
CVE-2006-2024 (Multiple vulnerabilities in libtiff before 3.8.1 allow ...)
{DSA-1054-1}
- TODO: check
+ [sarge] - tiff 3.7.2-3sarge1
+ [woody] - tiff 3.5.5-7woody1
+ - tiff 3.8.1
CVE-2006-2023 (Integer overflow in the RTSP_msg_len function in
rtsp/RTSP_msg_len.c ...)
TODO: check
CVE-2006-2022 (Buffer overflow in the parse_url function in the RTSP module
...)
@@ -663,7 +669,8 @@
- php5 <unfixed> (bug #365312; medium)
CVE-2006-1989 (Buffer overflow in the get_database function in the HTTP client
in ...)
{DSA-1050-1}
- - clamav 0.88.2-1
+ - clamav 0.88.2
+ [sarge] - clamav 0.84-2.sarge.9
CVE-2006-1988 (The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry:
function ...)
NOT-FOR-US: Apple Safari
NOTE: PoC exploit does not work with konqueror 4:3.5.2-2
@@ -695,6 +702,7 @@
{DSA-1053-1}
- firefox 1.5.dfsg+1.5.0.3-1
[sarge] - mozilla-firefox <not-affected>
+ [sarge] - mozilla 1.7.8-1sarge6
- mozilla <unfixed>
CVE-2006-XXXX [typo3 mailforms can be abused to send spam]
- typo3-src <unfixed> (bug #364350)
@@ -780,30 +788,48 @@
CVE-2006-1940 (Unspecified vulnerability in Ethereal 0.10.4 up to 0.10.14
allows ...)
{DSA-1049-1}
- ethereal 0.99.0-1 (bug #364758; medium)
+ [sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
+ [woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1939 (Multiple unspecified vulnerabilities in Ethereal 0.9.x up to
0.10.14 ...)
{DSA-1049-1}
- ethereal 0.99.0-1 (bug #364758; medium)
+ [sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
+ [woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1938 (Multiple unspecified vulnerabilities in Ethereal 0.8.x up to
0.10.14 ...)
{DSA-1049-1}
- ethereal 0.99.0-1 (bug #364758; medium)
+ [sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
+ [woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1937 (Multiple unspecified vulnerabilities in Ethereal 0.10.x up to
0.10.14 ...)
{DSA-1049-1}
- ethereal 0.99.0-1 (bug #364758; medium)
+ [sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
+ [woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1936 (Buffer overflow in Ethereal 0.8.5 up to 0.10.14 allows remote
...)
{DSA-1049-1}
- ethereal 0.99.0-1 (bug #364758; medium)
+ [sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
+ [woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1935 (Buffer overflow in Ethereal 0.9.15 up to 0.10.14 allows remote
...)
{DSA-1049-1}
- ethereal 0.99.0-1 (bug #364758; medium)
+ [sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
+ [woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1934 (Multiple buffer overflows in Ethereal 0.10.x up to 0.10.14 allow
...)
{DSA-1049-1}
- ethereal 0.99.0-1 (bug #364758; medium)
+ [sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
+ [woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1933 (Multiple unspecified vulnerabilities in Ethereal 0.10.x up to
0.10.14 ...)
{DSA-1049-1}
- ethereal 0.99.0-1 (bug #364758; medium)
+ [sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
+ [woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1932 (Off-by-one error in the OID printing routine in Ethereal 0.10.x
up to ...)
{DSA-1049-1}
- ethereal 0.99.0-1 (bug #364758; medium)
+ [sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
+ [woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1931 (The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking
sockets, ...)
NOTE: the redhat bugzilla entry says this is fixed in 1.8.3
NOTE: the fix is definitely not in 1.8.2-7sarge2
@@ -1030,6 +1056,8 @@
CVE-2006-1827 (Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and
...)
{DSA-1048-1}
- asterisk 1:1.2.7.1.dfsg-1 (bug #364195; medium)
+ [sarge] - asterisk 1:1.0.7.dfsg.1-2sarge2 (bug #364195; medium)
+ [woody] - asterisk 0.1.11-3woody1 (bug #364195; medium)
CVE-2005-4786 (Buffer overflow in the archive decompression library
(vrAZMain.dll ...)
NOT-FOR-US: HAURI anti-virus
CVE-2006-1826 (Multiple cross-site scripting (XSS) vulnerabilities in Snipe
Gallery ...)
@@ -1109,6 +1137,8 @@
{DSA-1051-1 DSA-1046-1}
- firefox 1.5
- mozilla-firefox <not-affected> (problematic fix not backported into
1.0.4-2sarge5)
+ [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
+ - thunderbird 1.5.0.2-1
CVE-2005-4785 (Cross-site scripting (XSS) vulnerability in QuickBlogger 1.4 and
...)
NOT-FOR-US: QuickBlogger
CVE-2006-XXXX [kphone stores SIP passwords in world readable files]
@@ -1214,7 +1244,7 @@
- mozilla-firefox <unfixed> (medium)
- mozilla <unfixed> (medium)
- thunderbird 1.5.0.2-1 (low)
- - mozilla-thunderbird <unfixed> (low)
+ [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
NOTE: The Mozilla Foundation labels this as "critical", but
it''s not
NOTE: clear if this bug is exploitable.
CVE-2006-1741 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla
Suite ...)
@@ -1223,82 +1253,83 @@
- mozilla-firefox <unfixed> (medium)
- mozilla <unfixed> (medium)
- thunderbird 1.5.0.2-1 (low)
- - mozilla-thunderbird <unfixed> (low)
+ [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1740 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla
Suite ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox <unfixed> (low)
- mozilla-firefox <unfixed> (low)
- mozilla <unfixed> (low)
- thunderbird 1.5.0.2-1 (low)
- - mozilla-thunderbird <unfixed> (low)
+ [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1739 (The CSS border-rendering code in Mozilla Firefox and Thunderbird
1.x ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox <unfixed> (medium)
- mozilla-firefox <unfixed> (medium)
- mozilla <unfixed> (medium)
- thunderbird 1.5.0.2-1 (low)
- - mozilla-thunderbird <unfixed> (low)
+ [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1738 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x
...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox <unfixed> (medium)
- mozilla-firefox <unfixed> (medium)
- mozilla <unfixed> (medium)
- thunderbird 1.5.0.2-1 (low)
- - mozilla-thunderbird <unfixed> (low)
+ [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1737 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before
1.5 and ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox <unfixed> (medium)
- mozilla-firefox <unfixed> (medium)
- mozilla <unfixed> (medium)
- thunderbird 1.5.0.2-1 (low)
- - mozilla-thunderbird <unfixed> (low)
+ [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1736 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla
Suite ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox <unfixed> (low)
- mozilla-firefox <unfixed> (low)
- mozilla <unfixed> (low)
+ [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
CVE-2006-1735 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before
1.0.8, ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox <unfixed> (high)
- mozilla-firefox <unfixed> (high)
- mozilla <unfixed> (high)
- thunderbird 1.5.0.2-1 (medium)
- - mozilla-thunderbird <unfixed> (medium)
+ [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
CVE-2006-1734 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before
1.0.8, ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox <unfixed> (high)
- mozilla-firefox <unfixed> (high)
- mozilla <unfixed> (high)
- thunderbird 1.5.0.2-1 (medium)
- - mozilla-thunderbird <unfixed> (medium)
+ [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
CVE-2006-1733 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before
1.0.8, ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox <unfixed> (high)
- mozilla-firefox <unfixed> (high)
- mozilla <unfixed> (high)
- thunderbird 1.5.0.2-1 (medium)
- - mozilla-thunderbird <unfixed> (medium)
+ [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
CVE-2006-1732 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x
...)
{DSA-1051-1 DSA-1044-1}
- firefox <unfixed> (medium)
- mozilla-firefox <unfixed> (medium)
- mozilla <unfixed> (medium)
- thunderbird 1.5.0.2-1 (low)
- - mozilla-thunderbird <unfixed> (low)
+ [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1731 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before
1.0.8, ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox <unfixed> (medium)
- mozilla-firefox <unfixed> (medium)
- mozilla <unfixed> (medium)
- thunderbird 1.5.0.2-1 (low)
- - mozilla-thunderbird <unfixed> (low)
+ [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1730 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before
1.5.0.2 ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.2-1 (high)
- mozilla-firefox <unfixed> (high)
- mozilla <unfixed> (high)
- thunderbird 1.5.0.2-1 (medium)
- - mozilla-thunderbird <unfixed> (medium)
+ [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
NOTE: MFSA2006-22 says that it is not clear whether Thunderbird is
NOTE: exploitable in the default configuration.
CVE-2006-1729 (Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8,
Mozilla ...)
@@ -1306,6 +1337,7 @@
- firefox 1.5.dfsg+1.5.0.2-1 (medium)
- mozilla-firefox <unfixed> (medium)
- mozilla <unfixed> (medium)
+ [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
NOTE: Can likely be used to steal OpenSSH keys and the like.
CVE-2006-1728 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x
...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
@@ -1313,14 +1345,14 @@
- mozilla-firefox <unfixed> (high)
- mozilla <unfixed> (high)
- thunderbird 1.5.0.2-1 (medium)
- - mozilla-thunderbird <unfixed> (medium)
+ [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
CVE-2006-1727 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x
...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.2-1 (medium)
- mozilla-firefox <unfixed> (medium)
- mozilla <unfixed> (medium)
- thunderbird 1.5.0.2-1 (medium)
- - mozilla-thunderbird <unfixed> (medium)
+ [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
NOTE: If print preview (and this bug) can be triggered from JavaScript,
NOTE: the urgency should probably be raised.
CVE-2006-1726 (Unspecified vulnerability in Firefox and Thunderbird 1.5 before
...)
@@ -1335,7 +1367,7 @@
- firefox 1.5.dfsg+1.5.0.2-1 (medium)
- mozilla <unfixed> (medium)
- thunderbird 1.5.0.2-1 (low)
- - mozilla-thunderbird <unfixed> (low)
+ [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
NOTE: MFSA2006-20 says exploitability has not been confirmed.
NOTE: Thunderbird is potentially affected as well, but not in the
NOTE: default configuration.
@@ -1345,7 +1377,7 @@
- mozilla-firefox <unfixed> (medium)
- mozilla <unfixed> (medium)
- thunderbird 1.5.0.2-1 (low)
- - mozilla-thunderbird <unfixed> (low)
+ [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
NOTE: This is probably: https://bugzilla.mozilla.org/show_bug.cgi?id=320459
CVE-2006-1722 (Cross-site scripting (XSS) vulnerability in suche.htm in ShopXS
4.0 ...)
NOT-FOR-US: ShopXS
@@ -1909,10 +1941,13 @@
- typespeed 0.4.4-10
CVE-2006-1514 (Multiple buffer overflows in the abcmidi-yaps translator in
abcmidi ...)
{DSA-1043-1}
- - abcmidi <unfixed>
+ - abcmidi 20060422-1
+ [woody] - abcmidi 17-1woody1
+ [sarge] - abcmidi 20050101-1sarge1
CVE-2006-1513 (Multiple buffer overflows in abc2ps before 1.3.3 allow
user-complicit ...)
{DSA-1041-1}
- abc2ps 1.3.3-3sarge1
+ [woody] - abc2ps 1.3.3-2woody1
CVE-2006-1512
REJECTED
CVE-2006-1511 (Buffer overflow in the ILASM assembler in the Microsoft .NET 1.0
and ...)
@@ -2976,6 +3011,7 @@
CVE-2006-1045 (The HTML rendering engine in Mozilla Thunderbird 1.5, when
"Block ...)
{DSA-1051-1 DSA-1046-1}
- thunderbird 1.5.0.2-1
+ [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
- firefox 1.5.dfsg+1.5.0.2-1
CVE-2006-1044 (Multiple buffer overflows in LISTSERV 14.3 and 14.4, including
...)
NOT-FOR-US: LISTSERV
@@ -3316,7 +3352,7 @@
NOT-FOR-US: CuteNews
CVE-2006-0884 (The WYSIWYG rendering engine in Mozilla Thunderbird 1.0.7 and
earlier ...)
{DSA-1051-1 DSA-1046-1}
- - mozilla-thunderbird <unfixed>
+ [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
- thunderbird 1.5.0.2-1
- firefox 1.5.dfsg+1.5.0.2-1
CVE-2003-1295 (Unspecified vulnerability in xscreensaver 4.12, and possibly
other ...)
@@ -3610,14 +3646,14 @@
- mozilla-firefox <unfixed> (low)
- mozilla <unfixed> (low)
- thunderbird 1.5.0.2-1 (low)
- - mozilla-thunderbird <unfixed> (low)
+ [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-0748 (Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x
before ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.2-1 (high)
- mozilla-firefox <unfixed> (high)
- mozilla <unfixed> (high)
- thunderbird 1.5.0.2-1 (high)
- - mozilla-thunderbird <unfixed> (high)
+ [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (high)
CVE-2006-0747
RESERVED
CVE-2006-0746 (Certain patches for kpdf do not include all relevant patches
from xpdf ...)
@@ -4770,7 +4806,7 @@
{DSA-1051-1}
- mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
- - mozilla-thunderbird <unfixed>
+ [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
- mozilla <not-affected> (Mozilla 1.7 is not affected)
- thunderbird 1.5.0.2-1
CVE-2006-0295 (Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in
mail, ...)
@@ -4788,12 +4824,12 @@
{DSA-1051-1 DSA-1046-1}
- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
- mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
- - mozilla-thunderbird <unfixed>
+ [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
CVE-2006-0292 (The Javascript interpreter (jsinterp.c) in Mozilla and Firefox
before ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
- mozilla-firefox <unfixed> (bug #351442)
- - mozilla-thunderbird <unfixed>
+ [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
- thunderbird 1.5.0.2-1
CVE-2006-0291 (Multiple unspecified vulnerabilities in Oracle Database Server
...)
NOT-FOR-US: Oracle
@@ -6536,6 +6572,7 @@
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- mozilla-firefox <unfixed> (unimportant)
- mozilla <unfixed> (unimportant)
+ [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (unimportant)
NOTE: Not exploitable beyond a sluggish browser startup, see
NOTE: http://www.mozilla.org/security/history-title.html
CVE-2005-4133 (Sun Update Connection in Sun Solaris 10, when configured to use
a web ...)
@@ -8103,7 +8140,8 @@
CVE-2005-3559 (Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9
...)
{DSA-1048-1}
- asterisk <unfixed> (bug #338116; medium)
- NOTE: Sarge and Woody are affected by this
+ [sarge] - asterisk 1:1.0.7.dfsg.1-2sarge2 (bug #338116; medium)
+ [woody] - asterisk 0.1.11-3woody1 (bug #338116; medium)
CVE-2005-3558 (PHP file inclusion vulnerability in index.php in OSTE 1.0 allows
...)
NOT-FOR-US: OSTE
CVE-2005-3557 (Directory traversal vulnerability in admin/defaults.php in
PHPlist ...)
@@ -16499,6 +16537,7 @@
CVE-2005-2353 (run-mozilla.sh in Thunderbird, with debugging enabled, allows
local ...)
{DSA-1051-1 DSA-1046-1}
- mozilla-thunderbird 1.0.6-1 (bug #306893; low)
+ [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
- firefox 1.5.dfsg+1.5.0.2-1
- thunderbird 1.5.0.2-1
CVE-2005-XXXX [Directory traversal in unzoo]