Author: joeyh
Date: 2005-12-12 21:14:20 +0000 (Mon, 12 Dec 2005)
New Revision: 3018
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-12-12 15:54:05 UTC (rev 3017)
+++ data/CVE/list 2005-12-12 21:14:20 UTC (rev 3018)
@@ -327,6 +327,7 @@
CVE-2005-4008 (SQL injection vulnerability in jax_calendar.php in Jax Calendar
1.34 ...)
NOT-FOR-US: Jax Calendar
CVE-2005-4077 (Multiple off-by-one errors in libcurl 7.11.2 through 7.15.0 and
...)
+ {DSA-919-1}
- curl 7.15.1-1 (bug #342339; medium)
[sarge] - curl 7.13.2-2sarge4 (medium)
[woody] - curl <not-affected> (Only curl >= 7.11 is vulnerable)
@@ -2863,6 +2864,7 @@
CVE-2005-XXXX [xscreensaver does not maintain screen locks during upgrade]
- xscreensaver 4.23-2 (bug #334193; low)
CVE-2005-3185 (Stack-based buffer overflow in the ntlm_output function in
http-ntlm.c ...)
+ {DSA-919-1}
- wget 1.10.2-1 (medium)
[sarge] - wget <not-affected> (Does not contain NTML authentication
code)
[woody] - wget <not-affected> (Does not contain NTML authentication
code)
@@ -14247,102 +14249,95 @@
- xemacs21 21.4.16-2
CVE-2005-0099 (The SDL port of abuse (abuse-SDL) before 2.00 does not properly
drop ...)
{DSA-691-1}
- - abuse <removed>
+ - abuse <removed>
CVE-2005-0098 (Multiple buffer overflows in the SDL port of abuse (abuse-SDL)
before ...)
{DSA-691-1}
TODO: Check, when this was fixed upstream
TODO: Check, whether 2.4 is affected
[sarge] - kernel-source-2.6.8 2.6.8-14
-CVE-2005-0134 (The X server in SCO UnixWare 7.1.1, 7.1.3, and 7.1.4 does not
properly ...)
+CVE-2005-0134
NOT-FOR-US: SCO UnixWare
-CVE-2004-1381 (Firefox before 1.0 and Mozilla before 1.7.5 allow inactive ...)
+CVE-2004-1381
- mozilla-firefox 1.0
- mozilla 2:1.7.5
-CVE-2004-1380 (Firefox before 1.0 and Mozilla before 1.7.5 allows inactive ...)
+CVE-2004-1380
- mozilla-firefox 1.0
- mozilla 2:1.7.5
-CVE-2005-0133 (ClamAV 0.80 and earlier allows remote attackers to cause a
denial of ...)
+CVE-2005-0133
- clamav 0.80-0.81rc1-1
CVE-2005-0132
- RESERVED
-CVE-2005-0131 (The Quick Connection dialog in Konversation 0.15 inadvertently
uses ...)
+ TODO: check
+CVE-2005-0131
- konversation 0.15-3
-CVE-2005-0130 (Certain Perl scripts in Konversation 0.15 allow remote attackers
to ...)
+CVE-2005-0130
- konversation 0.15-3
-CVE-2005-0129 (The Quick Buttons feature in Konversation 0.15 allows remote
attackers ...)
+CVE-2005-0129
- konversation 0.15-3
CVE-2005-0128
- RESERVED
-CVE-2005-0127 (Mail in Mac OS X 10.3.7, when generating a Message-ID header,
...)
+ TODO: check
+CVE-2005-0127
NOT-FOR-US: MacOS
-CVE-2005-0126 (ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to
execute ...)
+CVE-2005-0126
NOT-FOR-US: MacOS
-CVE-2005-0125 (The "at" commands on Mac OS X 10.3.7 and
earlier do not properly drop ...)
+CVE-2005-0125
NOT-FOR-US: MacOS
-CVE-2005-0124 (The coda_pioctl function in the coda functionality (pioctl.c)
for ...)
+CVE-2005-0124
TODO: Check, when this was fixed upstream
- kernel-source-2.4.27 2.4.27-8
CVE-2005-0123
- RESERVED
+ TODO: check
CVE-2005-0122
- REJECTED
-CVE-2005-0121 (Multiple buffer overflows in golddig 2.0 and earlier allow local
users ...)
+ TODO: check
+CVE-2005-0121
NOT-FOR-US: golddig
-CVE-2005-0120 (helvis 1.8h2_1 and earlier allows local users to delete
arbitrary ...)
+CVE-2005-0120
NOT-FOR-US: helvis
-CVE-2005-0119 (helvis 1.8h2_1 and earlier allows local users to recover and
read the ...)
+CVE-2005-0119
NOT-FOR-US: helvis
-CVE-2005-0118 (helvis 1.8h2_1 and earlier stores recovery files in world
readable ...)
+CVE-2005-0118
NOT-FOR-US: helvis
-CVE-2005-0117 (Buffer overflow in XShisen before 1.36 allows local users to
execute ...)
+CVE-2005-0117
- xshisen 1.51-1-1.1 (bug #289784)
-CVE-2005-0116 (AWStats 6.1, and other versions before 6.3, allows remote
attackers to ...)
+CVE-2005-0116
- awstats 6.2-1.1
-CVE-2005-0115 (Stack-based buffer overflow in DataRescue Interactive
Disassembler ...)
+CVE-2005-0115
NOT-FOR-US: DataRescue Interactive Disassembler
-CVE-2005-0114 (vsdatant.sys in Zone Lab ZoneAlarm before 5.5.062.011, ZoneAlarm
...)
+CVE-2005-0114
NOT-FOR-US: ZoneAlarm
-CVE-2005-0113 (inpview in SGI IRIX allows local users to execute arbitrary
commands ...)
+CVE-2005-0113
NOT-FOR-US: IRIX
-CVE-2005-0112 (The web-based administrative interface for 3Com OfficeConnect
Wireless ...)
+CVE-2005-0112
NOT-FOR-US: 3Com OfficeConnect Wireless 11g Access Point
-CVE-2005-0111 (Stack-based buffer overflow in the websql CGI program in MySQL
MaxDB ...)
+CVE-2005-0111
- maxdb-7.5.00 7.5.00.18
-CVE-2005-0110 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to
...)
+CVE-2005-0110
NOT-FOR-US: MSIE
-CVE-2005-0109 (Hyper-Threading technology, as used in FreeBSD and other
operating ...)
+CVE-2005-0109
NOTE: According to Linus Torvalds and others on linux-kernel this is a
theoretical
NOTE: attack, paranoid people should disable hyper threading
- kfreebsd5-source 5.3-11
-CVE-2005-0108 (Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote
...)
- {DSA-659-1}
+CVE-2005-0108
- libapache-mod-auth-radius 1.5.7-6
- libpam-radius-auth 1.3.16-3
-CVE-2005-0107 (bsmtpd 2.3 and earlier does not properly sanitize e-mail
addresses, ...)
- {DSA-690-1}
+CVE-2005-0107
- bsmtpd 2.3pl8b-16
-CVE-2005-0106 (SSLeay.pm in libnet-ssleay-perl before 1.25 uses the
/tmp/entropy file ...)
+CVE-2005-0106
- libnet-ssleay-perl 1.25-1.1
-CVE-2005-0105 (Unknown vulnerability in typespeed 0.4.1 and earlier allows
local ...)
- {DSA-684-1}
+CVE-2005-0105
- typespeed 0.4.4-8
-CVE-2005-0104 (Cross-site scripting (XSS) vulnerability in webmail.php in ...)
- {DSA-662-1}
+CVE-2005-0104
- squirrelmail 2:1.4.4
-CVE-2005-0103 (PHP remote code injection vulnerability in webmail.php in
SquirrelMail ...)
+CVE-2005-0103
- squirrelmail 2:1.4.4-1
-CVE-2005-0102 (Integer overflow in camel-lock-helper in Evolution 2.0.2 and
earlier ...)
- {DSA-673-1}
+CVE-2005-0102
- evolution 2.0.3-1.2 (bug #295548)
-CVE-2005-0101 (Buffer overflow in the socket_getline function in Newspost 2.1.1
and ...)
+CVE-2005-0101
- newspost 2.1.1-2
-CVE-2005-0100 (Format string vulnerability in the movemail utility in (1) Emacs
20.x, ...)
- {DSA-685-1 DSA-671-1 DSA-670-1}
+CVE-2005-0100
- emacs21 21.3+1-9
- xemacs21 21.4.16-2
-CVE-2005-0099 (The SDL port of abuse (abuse-SDL) before 2.00 does not properly
drop ...)
- {DSA-691-1}
- - abuse <removed>
+CVE-2005-0099
+ - abuse <removed>
CVE-2005-0097 (The NTLM component in Squid 2.5.STABLE7 and earlier allows
remote ...)
- squid 2.5.7-4
CVE-2005-0096 (Memory leak in the NTLM fakeauth_auth helper for Squid
2.5.STABLE7 and ...)