Author: joeyh Date: 2006-05-31 21:14:28 +0000 (Wed, 31 May 2006) New Revision: 4105 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-05-31 19:36:23 UTC (rev 4104) +++ data/CVE/list 2006-05-31 21:14:28 UTC (rev 4105) @@ -8094,7 +8094,7 @@ CVE-2005-3864 (SQL injection vulnerability in index.php in SourceWell 1.1.2 and ...) NOT-FOR-US: SourceWell CVE-2005-3863 (Stack-based buffer overflow in kkstrtext.h in ktools library 0.3 and ...) - {DTSA-23-1} + {DSA-1083-1 DTSA-23-1} - centericq 4.21.0-6 (bug #340959; medium) - orpheus <unfixed> (bug #368402; medium) - motor 2:3.4.0-6 (bug #368400; medium) @@ -20063,7 +20063,7 @@ TODO: check, when this was fixed in 2.6 CVE-2005-0528 [mremap kernel issue] RESERVED - {DSA-1070-1 DSA-1069-1 DSA-1067-1} + {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} TODO: Fixed for Woody, check 2.4 and 2.6 CVE-2005-0527 (Firefox 1.0 allows remote attackers to execute arbitrary code via ...) - mozilla-firefox 1.0.1 @@ -20121,7 +20121,7 @@ CVE-2005-0505 (Unknown vulnerability in Information Resource Manager (IRM) before ...) - irm 1.5.3.1-1 CVE-2005-0504 (Buffer overflow in the MoxaDriverIoctl function for the moxa serial ...) - {DSA-1070-1 DSA-1069-1 DSA-1067-1} + {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - kernel-source-2.6.8 2.6.8-12 - kernel-source-2.6.9 2.6.9-5 - kernel-source-2.6.10 2.6.10-2 @@ -20156,7 +20156,7 @@ - curl 7.13.0-2 CVE-2005-0489 RESERVED - {DSA-1070-1 DSA-1069-1 DSA-1067-1} + {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} CVE-2004-1702 (The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to ...) - cfengine2 2.1.8-1 CVE-2004-1701 (Heap-based buffer overflow in the AuthenticationDialogue function in ...) @@ -20859,7 +20859,7 @@ {DSA-693-1} - luxman 0.41-20 (bug #299857) CVE-2005-0384 (Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 ...) - {DSA-1070-1 DSA-1069-1 DSA-1067-1} + {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 <not-affected> (Fixed before upload into archive) TODO: Check, when this was fixed upstream - kernel-source-2.4.27 2.4.27-9 @@ -21743,7 +21743,7 @@ TODO: Check, whether 2.4 is affected [sarge] - kernel-source-2.6.8 2.6.8-14 CVE-2005-0135 (The unw_unwind_to_user function in unwind.c on Itanium (ia64) ...) - {DSA-1070-1 DSA-1069-1 DSA-1067-1} + {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} TODO: Check, when this was fixed upstream TODO: Check, whether 2.4 is affected [sarge] - kernel-source-2.6.8 2.6.8-14 @@ -21774,7 +21774,7 @@ CVE-2005-0125 (The "at" commands on Mac OS X 10.3.7 and earlier do not properly drop ...) NOT-FOR-US: MacOS CVE-2005-0124 (The coda_pioctl function in the coda functionality (pioctl.c) for ...) - {DSA-1070-1 DSA-1069-1 DSA-1067-1 DSA-1017-1} + {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1 DSA-1017-1} TODO: Check, when this was fixed upstream CVE-2005-0123 RESERVED @@ -22173,14 +22173,14 @@ - mysql-dfsg-4.1 4.1.8a-6 - mysql-dfsg 4.0.23-3 CVE-2005-0003 (The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit ...) - {DSA-1070-1 DSA-1069-1 DSA-1067-1} + {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10) - kernel-source-2.4.27 2.4.27-9 [sarge] - kernel-source-2.6.8 2.6.8-9 CVE-2005-0002 (poppassd_pam 1.0 and earlier, when changing a user password, does not ...) NOT-FOR-US: poppassd_pam CVE-2005-0001 (Race condition in the page fault handler (fault.c) for Linux kernel ...) - {DSA-1070-1 DSA-1069-1 DSA-1067-1} + {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} NOTE: i386 and smp specific TODO: Check, when this was fixed upstream - linux-2.6 <not-affected> (Fixed before upload into archive) @@ -22197,7 +22197,7 @@ CVE-2004-1336 (The xdvizilla script in tetex-bin 2.0.2 creates temporary files with ...) - tetex-bin 2.0.2-25 CVE-2004-1335 (Memory leak in the ip_options_get function in the Linux kernel before ...) - {DSA-1070-1 DSA-1069-1 DSA-1067-1} + {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10) [sarge] - kernel-source-2.6.8 2.6.8-11 - kernel-source-2.4.27 2.4.27-9 @@ -22206,7 +22206,7 @@ [sarge] - kernel-source-2.6.8 2.6.8-11 - kernel-source-2.4.27 <not-affected> CVE-2004-1333 (Integer overflow in the vc_resize function in the Linux kernel 2.4 and ...) - {DSA-1070-1 DSA-1069-1 DSA-1067-1} + {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10) [sarge] - kernel-source-2.6.8 2.6.8-11 - kernel-source-2.4.27 2.4.27-9 @@ -22415,12 +22415,12 @@ CVE-2004-1236 (Buffer overflow in the LDAP component for Netscape Directory Server ...) NOT-FOR-US: Netscape Directory Server on HP-UX CVE-2004-1235 (Race condition in the (1) load_elf_library and (2) binfmt_aout ...) - {DSA-1070-1 DSA-1069-1 DSA-1067-1} + {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 <not-affected> (Fixed before upload into archive) TODO: Check, when this was fixed - kernel-source-2.4.27 2.4.27-8 (bug #289202; bug #289708; bug #291053; high) CVE-2004-1234 (load_elf_binary in Linux before 2.4.26 allows local users to cause a ...) - {DSA-1070-1 DSA-1069-1 DSA-1067-1} + {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26) CVE-2004-1233 (Integer overflow in Gadu-Gadu allows remote attackers to cause a ...) NOT-FOR-US: Gadu-Gadu @@ -22801,28 +22801,28 @@ CVE-2004-1075 (Cross-site scripting (XSS) vulnerability in standard_error_message.dtml ...) - zope-zwiki 0.37.0-1 CVE-2004-1074 (The binfmt functionality in the Linux kernel, when "memory overcommit" ...) - {DSA-1070-1 DSA-1069-1 DSA-1067-1} + {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 <not-affected> (Fixed before upload into archive) TODO: Check, which version fixed this [sarge] - kernel-source-2.6.8 2.6.8-11 - kernel-source-2.4.27 2.4.27-7 CVE-2004-1073 (The open_exec function in the execve functionality (exec.c) in Linux ...) - {DSA-1070-1 DSA-1069-1 DSA-1067-1} + {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 <not-affected> (Fixed before upload into archive) TODO: Check, which version fixed this - kernel-source-2.4.27 2.4.27-6 CVE-2004-1072 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to ...) - {DSA-1070-1 DSA-1069-1 DSA-1067-1} + {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 <not-affected> (Fixed before upload into archive) TODO: Check, which version fixed this - kernel-source-2.4.27 2.4.27-6 CVE-2004-1071 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to ...) - {DSA-1070-1 DSA-1069-1 DSA-1067-1} + {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 <not-affected> (Fixed before upload into archive) TODO: Check, which version fixed this - kernel-source-2.4.27 2.4.27-6 CVE-2004-1070 (The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) ...) - {DSA-1070-1 DSA-1069-1 DSA-1067-1} + {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 <not-affected> (Fixed before upload into archive) TODO: Check, which version fixed this - kernel-source-2.4.27 2.4.27-6 @@ -22832,7 +22832,7 @@ - kernel-source-2.4.27 <not-affected> (2.6 only issue) [sarge] - kernel-source-2.6.8 2.6.8-11 CVE-2004-1068 (A "missing serialization" error in the unix_dgram_recvmsg function in ...) - {DSA-1070-1 DSA-1069-1 DSA-1067-1} + {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.9) - kernel-source-2.4.27 2.4.27-7 [sarge] - kernel-source-2.6.8 2.6.8-11 @@ -22954,10 +22954,10 @@ - php4 4:4.3.10-1 - php3 3:3.0.18-29 CVE-2004-1017 (Multiple "overflows" in the io_edgeport driver for Linux kernel 2.4.x ...) - {DSA-1070-1 DSA-1069-1 DSA-1067-1 DSA-1017-1} + {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1 DSA-1017-1} - linux-2.6 <not-affected> (2.4 specific vulnerability) CVE-2004-1016 (The scm_send function in the scm layer for Linux kernel 2.4.x up to ...) - {DSA-1070-1 DSA-1069-1 DSA-1067-1} + {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 <not-affected> (Fixed before upload into archive) - kernel-source-2.4.27 2.4.27-7 CVE-2004-1015 (Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, ...) @@ -23024,7 +23024,7 @@ - netkit-telnet-ssl 0.17.24+0.1-6 CVE-2004-0997 RESERVED - {DSA-1070-1 DSA-1069-1 DSA-1067-1} + {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} CVE-2004-0996 (main.c in cscope 15-4 and 15-5 creates temporary files with ...) {DSA-610-1} - cscope 15.5-1.1 (bug #282815) @@ -23155,7 +23155,7 @@ CVE-2004-0950 (NetOp Host before 7.65 build 2004278 allows remote attackers to obtain ...) NOT-FOR-US: NetOp Host CVE-2004-0949 (The smb_recv_trans2 function call in the samba filesystem (smbfs) in ...) - {DSA-1070-1 DSA-1069-1 DSA-1067-1} + {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.9) - kernel-source-2.4.27 <unfixed> CVE-2004-0948 @@ -23341,7 +23341,7 @@ - cyrus-sasl <removed> - cyrus-sasl2 2.1.19-1.3 (bug #275431; bug #276865; bug #275432; bug #275553) CVE-2004-0883 (Multiple vulnerabilities in the samba filesystem (smbfs) in Linux ...) - {DSA-1070-1 DSA-1069-1 DSA-1067-1} + {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 <not-affected> (Fixed before upload into archive) TODO: Check, when this was fixed - kernel-source-2.4.27 2.4.27-6 @@ -23844,7 +23844,7 @@ CVE-2004-0686 (Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the ...) - samba 3.0.5 (bug #260839; bug #260838) CVE-2004-0685 (Certain USB drivers in the Linux 2.4 kernel use the copy_to_user ...) - {DSA-1070-1 DSA-1069-1 DSA-1067-1} + {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - kernel-source-2.4.27 2.4.27-1 CVE-2004-0684 (WebSphere Edge Component Caching Proxy in WebSphere Edge Server 5.02, ...) NOT-FOR-US: WebSphere Edge Server @@ -24130,7 +24130,7 @@ CVE-2004-0566 (Integer overflow in imgbmp.cxx for Windows 2000 allows remote ...) NOT-FOR-US: Windows CVE-2004-0565 (Floating point information leak in the context switch code for Linux ...) - {DSA-1070-1 DSA-1069-1 DSA-1067-1} + {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - kernel-source-2.4.27 2.4.27-1 TODO: Check 2.6 CVE-2004-0564 (Roaring Penguin pppoe (rp-ppoe), if installed or configured to run ...) @@ -24165,7 +24165,7 @@ {DSA-643-1} - queue 1.30.1-5 CVE-2004-0554 (Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a ...) - {DSA-1070-1 DSA-1069-1 DSA-1067-1} + {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - kernel-source-2.4.27 2.4.27-1 - linux-2.6 2.6.12-1 (bug #261521) TODO: Check 2.6, entries look flaky @@ -24407,7 +24407,7 @@ {DSA-510} - jftpgw 0.13.4-1 CVE-2004-0447 (Unknown vulnerability in Linux before 2.4.26 for IA64 allows local ...) - {DSA-1070-1 DSA-1069-1 DSA-1067-1} + {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26) CVE-2004-0446 RESERVED @@ -24450,7 +24450,7 @@ CVE-2004-0428 (Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS ...) NOT-FOR-US: Mac OS X) CVE-2004-0427 (The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before ...) - {DSA-1070-1 DSA-1069-1 DSA-1067-1} + {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 <not-affected> (Fixed before upload of linux-2.6 package into the archive; 2.6.6) - kernel-source-2.4.27 <not-affected> (Fixed before upload of package into the archive; 2.4.26) CVE-2004-0426 (rsync before 2.6.1 does not properly sanitize paths when running a ...) @@ -24546,7 +24546,7 @@ {DSA-509} - gatos 0.0.5-12 CVE-2004-0394 (A "potential" buffer overflow exists in the panic() function in Linux ...) - {DSA-1070-1 DSA-1069-1 DSA-1067-1} + {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 <not-affected> NOTE: patch: http://www.ultramonkey.org/bugs/cve-patch/CVE-2004-0394.patch TODO: not fixed in 2.4.27 by inspection, didn''t bother with a bug @@ -25041,7 +25041,7 @@ NOT-FOR-US: SGI IRIX CVE-2004-0138 RESERVED - {DSA-1070-1 DSA-1069-1 DSA-1067-1} + {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} CVE-2004-0137 (Unknown vulnerability in init for IRIX 6.5.20 through 6.5.24 allows ...) NOT-FOR-US: IRIX init CVE-2004-0136 (The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows ...) @@ -25397,7 +25397,7 @@ CVE-2003-0986 (Various routines for the ppc64 architecture on Linux kernel 2.6 prior ...) TODO: check CVE-2003-0984 (Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do ...) - {DSA-1070-1 DSA-1069-1 DSA-1067-1} + {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.2) - kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.24-rc1) CVE-2003-0983 (Cisco Unity on IBM servers is shipped with default settings that ...)