Author: fw
Date: 2005-09-12 14:30:24 +0000 (Mon, 12 Sep 2005)
New Revision: 1930
Modified:
data/CAN/list
data/CVE/list
Log:
Manually consolidate CAN and CVE entries, moving additional data from
the CAN entries to the CVE entries. Conflicting data has been reviewed.
(A cross-list checker which catches such duplication is in preparation.)
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-09-12 13:15:56 UTC (rev 1929)
+++ data/CAN/list 2005-09-12 14:30:24 UTC (rev 1930)
@@ -13310,14 +13310,8 @@
NOTE: reserved
CAN-2004-0192 (Cross-site scripting (XSS) vulnerability in the Management
Service for ...)
NOTE: not-for-us (Symantec Gateway Security)
-CAN-2004-0189
- {DSA-474}
-CAN-2004-0188
- {DSA-461}
CAN-2004-0187
NOTE: rejected
-CAN-2004-0186
- {DSA-463}
CAN-2004-0184 (Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and
earlier ...)
{DSA-478}
- tcpdump 3.7.2-4
@@ -13368,10 +13362,6 @@
NOTE: not-for-us (general MIME bug with security gateways)
CAN-2004-0161 (Multiple content security gateway and antivirus products allow
remote ...)
NOTE: not-for-us (general MIME bug with security gateways)
-CAN-2004-0160
- {DSA-446}
-CAN-2004-0159
- {DSA-447}
CAN-2004-0158 (Buffer overflow in lbreakout2 allows local users to gain
''games'' group ...)
{DSA-445}
CAN-2004-0157 (xonix 1.4 and earlier invokes an external program while running
at ...)
@@ -13388,8 +13378,6 @@
{DSA-468}
CAN-2004-0151 (Unknown vulnerability in xitalk 1.1.11 and earlier allows local
users ...)
{DSA-462}
-CAN-2004-0150
- {DSA-458-2 DSA-458}
CAN-2004-0149 (Multiple buffer overflows in xboing before 2.4 allow local users
to ...)
{DSA-451}
CAN-2004-0147
@@ -13446,15 +13434,11 @@
NOTE: not-for-us (Windows bug)
CAN-2004-0112 (The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and
0.9.7c, ...)
- openssl 0.9.7d-1
-CAN-2004-0111
- {DSA-464}
CAN-2004-0110 (Buffer overflow in the (1) nanohttp or (2) nanoftp modules in
XMLSoft ...)
{DSA-455}
CAN-2004-0109 (Buffer overflow in the ISO9660 file system component for Linux
kernel ...)
{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
NOTE: fixed in 2.4.26-rc4
-CAN-2004-0108
- {DSA-460}
CAN-2004-0107 (The (1) post and (2) trigger scripts in sysstat 4.0.7 and
earlier ...)
- sysstat 5.0.2-1
CAN-2004-0106 (Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0,
related to ...)
@@ -13475,10 +13459,6 @@
NOTE: reserved
CAN-2004-0097 (Multiple vulnerabilities in PWLib before 1.6.0 allow remote
attackers ...)
{DSA-448}
-CAN-2004-0094
- {DSA-443}
-CAN-2004-0093
- {DSA-443}
CAN-2004-0092 (Unknown vulnerability in Safari web browser in Mac OS X 10.2.8
and ...)
NOTE: not-for-us (Safari)
CAN-2004-0091 (** DISPUTED ** ...)
@@ -13502,9 +13482,6 @@
CAN-2004-0079 (The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k,
and ...)
{DSA-465}
- openssl096 0.9.6m-1
-CAN-2004-0077
- {DSA-514 DSA-475 DSA-470 DSA-466 DSA-456 DSA-454 DSA-453 DSA-450 DSA-444
DSA-442 DSA-441 DSA-440 DSA-439 DSA-438}
- NOTE: fixed in 2.4.26-pre3
CAN-2004-0076
NOTE: rejected
CAN-2004-0074 (Multiple buffer overflows in xsok 1.02 allows local users to
gain ...)
@@ -13577,8 +13554,6 @@
NOTE: not-for-us (PHPGEDVIEW)
CAN-2004-0029 (Lotus Notes Domino 6.0.2 on Linux installs the notes.ini
configuration ...)
NOTE: not-for-us (Lotus Notes Domino)
-CAN-2004-0028
- {DSA-420}
CAN-2004-0027
NOTE: reserved
CAN-2004-0026
@@ -13601,18 +13576,10 @@
NOTE: reserved
CAN-2004-0017 (Multiple SQL injection vulnerabilities in the (1) calendar and
(2) ...)
{DSA-419}
-CAN-2004-0016
- {DSA-419}
-CAN-2004-0015
- {DSA-418}
CAN-2004-0014 (Multiple buffer overflows in the nd WebDAV interface 0.8.2 and
earlier ...)
{DSA-412}
-CAN-2004-0013
- {DSA-414}
CAN-2004-0012
NOTE: reserved
-CAN-2004-0011
- {DSA-416}
CAN-2004-0010 (Stack-based buffer overflow in the ncp_lookup function for ncpfs
in ...)
{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
NOTE: fixed in 2.4.25-pre7
@@ -13694,8 +13661,6 @@
NOTE: not-for-us (solaris)
CAN-2003-1023 (Stack-based buffer overflow in vfs_s_resolve_symlink of
vfs/direntry.c ...)
{DSA-424}
-CAN-2003-1022
- {DSA-416}
CAN-2003-1021 (The scosession program in OpenServer 5.0.6 and 5.0.7 allows
local ...)
NOTE: not-for-us (SCO)
CAN-2003-1020 (The format_send_to_gui function in formats.c for irssi before
0.8.9 ...)
@@ -13766,9 +13731,6 @@
- apache 1.3.29.0.2-5
CAN-2003-0986
NOTE: reserved
-CAN-2003-0985
- {DSA-475 DSA-470 DSA-450 DSA-442 DSA-440 DSA-439 DSA-427 DSA-423 DSA-417
DSA-413}
- NOTE: fixed in 2.4.24-rc1
CAN-2003-0984 (Real time clock (RTC) routines in Linux kernel 2.4.23 and
earlier do ...)
NOTE: fixed in 2.4.24-rc1
CAN-2003-0983 (Cisco Unity on IBM servers is shipped with default settings that
...)
@@ -13800,8 +13762,6 @@
{DSA-429}
CAN-2003-0970 (The Network Management Port on Sun Fire B1600 systems allows
remote ...)
NOTE: not-for-us (Sun Fire B1600)
-CAN-2003-0969
- {DSA-411}
CAN-2003-0968 (Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb
...)
NOTE: freeradius module in question is not built in debian package
NOTE: buffer overflow apparently fixed in freeradius 1.0.1
@@ -13896,8 +13856,6 @@
CAN-2003-0925 (Buffer overflow in Ethereal 0.9.15 and earlier allows remote
attackers ...)
{DSA-407}
- ethereal 0.9.16-0.1
-CAN-2003-0924
- {DSA-426}
CAN-2003-0923
NOTE: reserved
CAN-2003-0922
@@ -15510,12 +15468,8 @@
{DSA-288}
CAN-2003-0146 (Multiple vulnerabilities in NetPBM 9.20 and earlier, and
possibly ...)
{DSA-263}
-CAN-2003-0145
- {DSA-261}
CAN-2003-0144 (Buffer overflow in the lprm command in the lprold lpr package on
SuSE ...)
{DSA-275 DSA-267}
-CAN-2003-0143
- {DSA-259}
CAN-2003-0142 (Adobe Acrobat Reader (acroread) 6, under certain circumstances
when ...)
NOTE: not-for-us (acroread)
CAN-2003-0141 (The PNG deflate algorithm in RealOne Player 6.0.11.x and
earlier, ...)
@@ -15552,8 +15506,6 @@
NOTE: not-for-us (SOHO Routefinder 550 firmware)
CAN-2003-0121 (Clearswift MAILsweeper 4.x allows remote attackers to bypass
...)
NOTE: not-for-us (Clearswift MAILsweeper)
-CAN-2003-0120
- {DSA-256}
CAN-2003-0119 (The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet
...)
NOTE: not-for-us (AIX)
CAN-2003-0118 (SQL injection vulnerability in the Document Tracking and ...)
@@ -15576,15 +15528,10 @@
NOTE: not-for-us (Microsoft)
CAN-2003-0109 (Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0,
Windows NT ...)
NOTE: not-for-us (Microsoft)
-CAN-2003-0108
- {DSA-255}
- - tcpdump 3.7.1-1.2
CAN-2003-0106 (The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows
proxy ...)
NOTE: not-for-us (Symantec Enterprise Firewall)
CAN-2003-0105 (ServerMask 2.2 and earlier does not obfuscate (1) ETag, (2) HTTP
...)
NOTE: not-for-us (ServerMask)
-CAN-2003-0102
- {DSA-260}
CAN-2003-0101 (miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before
1.000 ...)
{DSA-319}
CAN-2003-0099 (Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x
before ...)
@@ -15593,8 +15540,6 @@
{DSA-277}
CAN-2003-0096 (Multiple buffer overflows in Oracle 9i Database release 2,
Release 1, ...)
NOTE: not-for-us (Oracle)
-CAN-2003-0093
- {DSA-261}
CAN-2003-0092 (Heap-based buffer overflow in dtsession for Solaris 2.5.1
through ...)
NOTE: not-for-us (Solaris)
CAN-2003-0091 (Stack-based buffer overflow in the bsd_queue() function for lpq
on ...)
@@ -15614,26 +15559,14 @@
- apache 1.3.25
CAN-2003-0082 (The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and
...)
{DSA-266}
-CAN-2003-0081
- {DSA-258}
CAN-2003-0080 (The iptables ruleset in Gnome-lokkit in Red Hat Linux 8.0 does
not ...)
- gnome-lokkit 0.50.22-4
-CAN-2003-0078
- {DSA-253}
CAN-2003-0076 (Unknown vulnerability in the directory parser for Direct Connect
4 ...)
- dcgui 0.2.2
CAN-2003-0074 (Format string vulnerability in mpmain.c for plpnfsd of the
plptools ...)
- plptools 0.12-0
-CAN-2003-0073
- {DSA-303}
CAN-2003-0072 (The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and
...)
{DSA-266}
-CAN-2003-0071
- {DSA-380}
-CAN-2003-0068
- {DSA-496}
-CAN-2003-0063
- {DSA-380}
CAN-2003-0061 (Buffer overflow in passwd for HP UX B.10.20 allows local users
to ...)
NOTE: not-for-us (HP UX)
CAN-2003-0060 (Format string vulnerabilities in the logging routines for MIT
Kerberos ...)
@@ -15652,17 +15585,11 @@
NOTE: not-for-us (commercial ssh clients)
CAN-2003-0044 (Multiple cross-site scripting (XSS) vulnerabilities in the (1)
...)
{DSA-246}
-CAN-2003-0043
- {DSA-246}
CAN-2003-0042 (Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or
earlier, ...)
{DSA-246}
CAN-2003-0041 (Kerberos FTP client allows remote FTP sites to execute arbitrary
code ...)
NOTE: verified sarge version of krb5-clients not vulnerable
NOTE: nothing in changelogs
-CAN-2003-0040
- {DSA-247}
-CAN-2003-0039
- {DSA-245}
CAN-2003-0038 (Cross-site scripting (XSS) vulnerability in options.py for
Mailman 2.1 ...)
{DSA-436}
CAN-2003-0037 (Buffer overflows in noffle news server 1.0.1 and earlier allow
remote ...)
@@ -15675,10 +15602,6 @@
NOTE: HOME overflow was fixed in mainSrc/rcfile.c, but not in
NOTE: chooser/mtinkc.c''s version, which goes into mtinkc
NOTE: it''s not installed setuid or setgid, so this is not exploitable
-CAN-2003-0033
- {DSA-297}
-CAN-2003-0032
- {DSA-228}
CAN-2003-0031 (Multiple buffer overflows in libmcrypt before 2.5.5 allow
attackers to ...)
{DSA-228}
CAN-2003-0030 (Buffer overflows in protegrity.dll of Protegrity Secure.Data
Extension ...)
@@ -15691,24 +15614,8 @@
{DSA-231}
CAN-2003-0025 (Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier
allow ...)
{DSA-229}
-CAN-2003-0020
- - apache2 2.0.49
- - apache 1.3.29.0.2-4
-CAN-2003-0018
- {DSA-423 DSA-358}
-CAN-2003-0017
- - apache2 2.0.44
-CAN-2003-0016
- - apache2 2.0.44
-CAN-2003-0015
- {DSA-233}
- - cvs 1.11.2-5.1
CAN-2003-0014 (gsinterf.c in bmv 1.2 and earlier allows local users to
overwrite ...)
{DSA-633-1}
-CAN-2003-0013
- {DSA-230}
-CAN-2003-0012
- {DSA-230}
CAN-2003-0011 (Unknown vulnerability in the DNS intrusion detection application
...)
NOTE: not-for-us (Microsoft)
CAN-2003-0010 (Integer overflow in JsArrayFunctionHeapSort function used by
Windows ...)
@@ -15861,12 +15768,6 @@
NOTE: phpGB not in Debian
CAN-2002-1480 (Cross-site scripting (XSS) vulnerability in phpGB before 1.20
allows ...)
NOTE: phpGB not in Debian
-CAN-2002-1478
- {DSA-164}
- - cacti 0.6.8a-2
-CAN-2002-1477
- {DSA-164}
- - cacti 0.6.8a-2
CAN-2002-1475 (Unknown vulnerability in the ARP component for HP Tru64 UNIX
4.0f, ...)
NOTE: not-for-us (HPUX)
CAN-2002-1474 (Unknown vulnerability or vulnerabilities in TCP/IP component for
HP ...)
@@ -15939,9 +15840,6 @@
NOTE: Easy Homepage Creator not in Debian
CAN-2002-1426 (HP ProCurve Switch 4000M C.07.23 allows remote attackers to
cause a ...)
NOTE: not-for-us (HP)
-CAN-2002-1425
- {DSA-141}
- - mpack 1.5-9
CAN-2002-1423 (tmp_view.php in FUDforum before 2.2.0 allows remote attackers to
read ...)
NOTE: vuln in fudforum before 2.2.0. fudforum in phpgroupware-fudforum
NOTE: is version 2.5.x
@@ -15957,7 +15855,7 @@
NOTE: not-for-us (Webeasymail)
CAN-2002-1412
{DSA-138}
- - gallery 1.3-1
+ - gallery 1.3-3
CAN-2002-1411 (Directory traversal vulnerability in update.dpgs in Duma Photo
Gallery ...)
NOTE: not-for-us (Duma)
CAN-2002-1410 (Easy Guestbook CGI programs do not authenticate the
administrator, ...)
@@ -15968,15 +15866,8 @@
NOTE: not-for-us (HP Openview)
CAN-2002-1406 (Unknown vulnerability in passwd for VVOS HP-UX 11.04, with
unknown ...)
NOTE: not-for-us (HPUX)
-CAN-2002-1405
- {DSA-210}
- - lynx 2.8.4.1b-3.2
- - lynx-ssl 1:2.8.4.1b-3.1
CAN-2002-1404
NOTE: rejected
-CAN-2002-1403
- {DSA-219}
- NOTE: Debian sarge uses dhcp > 2.0
CAN-2002-1402 (Buffer overflows in the (1) TZ and (2) SET TIME ZONE enivronment
...)
{DSA-165}
- postgresql 7.2.2-2
@@ -15996,36 +15887,18 @@
CAN-2002-1395 (Internet Message (IM) 141-18 and earlier uses predictable file
and ...)
{DSA-202}
- im 141-20
-CAN-2002-1394
- {DSA-225}
- NOTE: no problem in sarge packages
CAN-2002-1393 (Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do
not ...)
{DSA-243 DSA-242 DSA-241 DSA-240 DSA-239 DSA-238 DSA-237 DSA-236 DSA-235
DSA-234}
NOTE: KDE2 not in sarge
-CAN-2002-1390
- {DSA-223}
- - geneweb 4.09-1
-CAN-2002-1389
- {DSA-217}
- - typespeed 0.4.2-2
-CAN-2002-1388
- {DSA-221}
- - mhonarc 2.5.14-1
CAN-2002-1387 (The spray mode in traceroute-nanog (aka traceroute-ng) may allow
local ...)
{DSA-254}
- traceroute-nanog 6.3.0-1
CAN-2002-1386 (Buffer overflow in traceroute-nanog (aka traceroute-ng) may
allow ...)
{DSA-254}
- traceroute-nanog 6.3.0-1
-CAN-2002-1384
- {DSA-232 DSA-226 DSA-222}
- - xpdf 3.00-9
CAN-2002-1383 (Multiple integer overflows in Common Unix Printing System (CUPS)
...)
{DSA-232}
- cupsys 1.1.18-1
-CAN-2002-1380
- {DSA-336}
- - kernel-source-2.2.25 2.2.25-2
CAN-2002-1379 (OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows remote or local
...)
{DSA-227}
- openldap2 2.0.27-3
@@ -16035,47 +15908,11 @@
CAN-2002-1376 (libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x
to ...)
{DSA-212}
NOTE: bug in mysql 3, sarge uses mysql 4
-CAN-2002-1375
- {DSA-212}
- NOTE: bug in mysql 3, sarge uses mysql 4
-CAN-2002-1374
- {DSA-212}
- NOTE: bug in mysql 3, sarge uses mysql 4
-CAN-2002-1373
- {DSA-212}
- NOTE: bug in mysql 3, sarge uses mysql 4
-CAN-2002-1372
- {DSA-232}
- - cupsys 1.1.18-1
-CAN-2002-1371
- {DSA-232}
- - cupsys 1.1.18-1
CAN-2002-1370
NOTE: rejected
-CAN-2002-1369
- {DSA-232}
- - cupsys 1.1.18-1
CAN-2002-1368 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows
remote ...)
{DSA-232}
- cupsys 1.1.18-1
-CAN-2002-1367
- {DSA-232}
- - cupsys 1.1.18-1
-CAN-2002-1366
- {DSA-232}
- - cupsys 1.1.18-1
-CAN-2002-1365
- {DSA-216}
- - fetchmail 6.2.0-1
-CAN-2002-1364
- {DSA-254}
- - traceroute-nanog 6.3.0-1
-CAN-2002-1363
- {DSA-213}
- - libpng3 1.2.5-8
-CAN-2002-1362
- {DSA-211}
- NOTE: micq not in sarge
CAN-2002-1360 (Multiple SSH2 servers and clients do not properly handle strings
with ...)
NOTE: Debian uses openssh, not vulnerable
CAN-2002-1359 (Multiple SSH2 servers and clients do not properly handle large
packets ...)
@@ -16096,12 +15933,6 @@
NOTE: not-for-us (CartMan)
CAN-2002-1351 (Buffer overflow in Melange Chat System 1.10 allows remote
attackers to ...)
NOTE: not-for-us (Melange Chat System)
-CAN-2002-1350
- {DSA-206}
- - tcpdump 3.6.2-2.2
-CAN-2002-1348
- {DSA-251 DSA-250 DSA-249}
- - w3mmee 0.3.p24.17-3
CAN-2002-1347 (Multiple buffer overflows in Cyrus SASL library 2.1.9 and
earlier ...)
- libsasl2 2.1.10-1
CAN-2002-1346
@@ -16126,9 +15957,6 @@
NOTE: not-for-us (Office Web Components)
CAN-2002-1338 (The Load method in the Chart component of Office Web Components
(OWC) ...)
NOTE: not-for-us (Office Web Components)
-CAN-2002-1337
- {DSA-257}
- NOTE: problem in sendmail 8.12, sarge uses 8.13
CAN-2002-1335 (Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not
escape ...)
{DSA-251 DSA-250 DSA-249}
- w3mmee 0.3.p24.17-3
@@ -16150,37 +15978,22 @@
NOTE: reserved
CAN-2002-1324
NOTE: reserved
-CAN-2002-1323
- {DSA-208}
- - perl 5.8.0-14
CAN-2002-1322 (Rational ClearCase 4.1, 2002.05, and possibly other versions
allows ...)
NOTE: not-for-us (ClearCase)
CAN-2002-1321 (Multiple buffer overflows in RealOne and RealPlayer allow remote
...)
NOTE: Realplayer not in Sarge
-CAN-2002-1318
- {DSA-200}
- NOTE: Problem in Samba 2, sarge uses Samba 3.
CAN-2002-1316 (importInfo in the Admin Server for iPlanet WebServer 4.x, up to
SP11, ...)
NOTE: not-for-us (iPlanet)
CAN-2002-1315 (Cross-site scripting (XSS) vulnerability in the Admin Server for
...)
NOTE: not-for-us (iPlanet)
CAN-2002-1314
NOTE: reserved
-CAN-2002-1313
- {DSA-198}
- - nullmailer 1.00RC5-17
CAN-2002-1312 (Buffer overflow in the Web management interface in Linksys
BEFW11S4 ...)
NOTE: not-for-us (Linksys)
-CAN-2002-1311
- {DSA-197}
- - courier 0.40.0-1
CAN-2002-1310 (Heap-based buffer overflow in the error-handling mechanism for
the IIS ...)
NOTE: not-for-us (Macromedia)
CAN-2002-1309 (Heap-based buffer overflow in the error-handling mechanism for
the IIS ...)
NOTE: not-for-us (Macromedia)
-CAN-2002-1307
- {DSA-199}
- - mhonarc 2.5.13-1
CAN-2002-1306 (Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later,
and ...)
{DSA-214}
- kdenetwork 2.2.2-14.20
@@ -16234,8 +16047,6 @@
NOTE: not-for-us (RealSecure Event Collector)
CAN-2002-1279 (Multiple buffer overflows in conf.c for Masqmail 0.1.x before
0.1.17, ...)
{DSA-194}
-CAN-2002-1277
- {DSA-190}
CAN-2002-1276 (An incomplete fix for a cross-site scripting (XSS) vulnerability
in ...)
{DSA-191}
CAN-2002-1275 (Unknown vulnerability in html2ps HTML/PostScript converter 1.0,
when ...)
@@ -16244,8 +16055,6 @@
NOTE: reserved
CAN-2002-1273
NOTE: reserved
-CAN-2002-1271
- {DSA-386}
CAN-2002-1269 (Unknown vulnerability in NetInfo Manager application in Mac OS X
...)
NOTE: not-for-us (MacOS)
CAN-2002-1263
@@ -16260,16 +16069,12 @@
NOTE: not-for-us (Microsoft)
CAN-2002-1254 (Internet Explorer 5.5 and 6.0 allows remote attackers to bypass
the ...)
NOTE: not-for-us (Microsoft)
-CAN-2002-1251
- {DSA-186}
CAN-2002-1249
NOTE: reserved
CAN-2002-1247 (Buffer overflow in LISa allows local users to gain access to a
raw ...)
{DSA-193}
CAN-2002-1246
NOTE: reserved
-CAN-2002-1245
- {DSA-189}
CAN-2002-1243
NOTE: reserved
CAN-2002-1241
@@ -16286,24 +16091,14 @@
NOTE: rejected
CAN-2002-1233 (A regression error in the Debian distributions of the apache-ssl
...)
{DSA-195 DSA-188 DSA-187}
-CAN-2002-1232
- {DSA-180}
CAN-2002-1229 (Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and
earlier ...)
NOTE: not-for-us (Avaya Cajun switches)
CAN-2002-1228 (Unknown vulnerability in NFS on Solaris 2.5.1 through Solaris 9
allows ...)
NOTE: not-for-us (Solaris)
-CAN-2002-1227
- {DSA-177}
CAN-2002-1226 (Unknown vulnerabilities in Heimdal before 0.5 with unknown
impact, ...)
{DSA-178}
CAN-2002-1225 (Multiple buffer overflows in Heimdal before 0.5, possibly in
both the ...)
{DSA-178}
-CAN-2002-1221
- {DSA-196}
-CAN-2002-1220
- {DSA-196}
-CAN-2002-1219
- {DSA-196}
CAN-2002-1218
NOTE: reserved
CAN-2002-1217 (Cross-Frame scripting vulnerability in the WebBrowser control as
used ...)
@@ -16336,16 +16131,8 @@
NOTE: not-for-us (HP Tru64 UNIX)
CAN-2002-1201 (IBM AIX 4.3.3 and AIX 5 allows remote attackers to cause a
denial of ...)
NOTE: not-for-us (AIX)
-CAN-2002-1200
- {DSA-175}
-CAN-2002-1196
- {DSA-173}
-CAN-2002-1195
- {DSA-169}
CAN-2002-1194 (Buffer overflow in talkd on NetBSD 1.6 and earlier, and possibly
other ...)
NOTE: not-for-us (NetBSD)
-CAN-2002-1193
- {DSA-172}
CAN-2002-1192 (Multiple buffer overflows in rogue on NetBSD 1.6 and earlier,
FreeBSD ...)
NOTE: not-for-us (NetBSD)
CAN-2002-1191 (The Sabserv client component in Sabre Desktop Reservation
Software 4.2 ...)
@@ -16378,26 +16165,14 @@
NOTE: Debian uses sendmail 8.13, not vulnerable.
CAN-2002-1161
NOTE: rejected
-CAN-2002-1159
- {DSA-224}
-CAN-2002-1158
- {DSA-224}
-CAN-2002-1157
- {DSA-181}
-CAN-2002-1156
- - apache2 2.0.43
CAN-2002-1155 (Buffer overflow in KON kon2 0.3.9b and earlier allows local
users to ...)
NOTE: kon2. patched, but I don''t know when.
NOTE: assuming the current unstable/testing version is ok then..
- kon2 0.3.9b-18
-CAN-2002-1151
- {DSA-167}
CAN-2002-1150 (The Remote Desktop Sharing (RDS) Screen Saver Protection
capability ...)
NOTE: not-for-us (Microsoft Netmeeting)
CAN-2002-1149 (The installation procedure for Invision Board suggests that
users ...)
NOTE: not-for-us (Invision Board)
-CAN-2002-1148
- {DSA-170}
CAN-2002-1145 (The xp_runwebtask stored procedure in the Web Tasks component of
...)
NOTE: not-for-us (Microsoft SQL)
CAN-2002-1144
@@ -16410,8 +16185,6 @@
NOTE: not-for-us (HP Tru64)
CAN-2002-1133 (Encoded directory traversal vulnerability in Dino''s web
server 2.1 ...)
NOTE: not-for-us (Dino''s Webserver)
-CAN-2002-1132
- {DSA-191}
CAN-2002-1131 (Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and
...)
{DSA-191}
CAN-2002-1130
@@ -16432,20 +16205,10 @@
TODO: check Debian mailscanners, if any.
CAN-2002-1120 (Buffer overflow in Savant Web Server 3.1 and earlier allows
remote ...)
NOTE: not-for-us (Savant Web Server)
-CAN-2002-1119
- {DSA-159}
-CAN-2002-1116
- {DSA-161}
CAN-2002-1115 (Mantis 0.17.4a and earlier allows remote attackers to view
private ...)
{DSA-161}
CAN-2002-1114 (config_inc2.php in Mantis before 0.17.4 allows remote attackers
to ...)
{DSA-153}
-CAN-2002-1113
- {DSA-153}
-CAN-2002-1112
- {DSA-153}
-CAN-2002-1111
- {DSA-153}
CAN-2002-1110 (Multiple SQL injection vulnerabilities in Mantis 0.17.2 and
earlier, ...)
{DSA-153}
CAN-2002-1103 (Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before
3.5.5, ...)
@@ -16512,8 +16275,6 @@
NOTE: not-for-us
CAN-2002-1052 (Jigsaw 2.2.1 on Windows systems allows remote attackers to use
MS-DOS ...)
NOTE: not-for-us
-CAN-2002-1051
- {DSA-254}
CAN-2002-1048 (HP JetDirect printers allow remote attackers to obtain the ...)
NOTE: not-for-us
CAN-2002-1047 (The FTP service in Watchguard Soho Firewall 5.0.35a allows
remote ...)
@@ -16600,10 +16361,6 @@
NOTE: not-for-us (HP)
CAN-2002-0991 (Buffer overflows in the cifslogin command for HP CIFS/9000
Client ...)
NOTE: not-for-us (HP)
-CAN-2002-0986
- {DSA-168}
-CAN-2002-0985
- {DSA-168}
CAN-2002-0983 (IRC client irssi in irssi-text before 0.8.4 allows remote
attackers to ...)
{DSA-157}
CAN-2002-0982 (Microsoft SQL Server 2000 SP2, when configured as a distributor,
...)
@@ -16626,8 +16383,6 @@
{DSA-165}
CAN-2002-0971 (Vulnerability in VNC, TightVNC, and TridiaVNC allows local users
to ...)
NOTE: not-for-us (Microsoft Windows specific)
-CAN-2002-0970
- {DSA-155}
CAN-2002-0966 (Buffer overflow in 4D web server 6.7.3 allow remote attackers to
cause ...)
NOTE: not-for-us
CAN-2002-0963 (SQL injection vulnerability in comment.php for GeekLog 1.3.5 and
...)
@@ -16789,10 +16544,6 @@
- apache 1.3.27-0.1
CAN-2002-0841
NOTE: rejected
-CAN-2002-0840
- {DSA-195 DSA-188 DSA-187}
- - apache2 2.0.43-1
- - apache 1.3.27-0.1
CAN-2002-0839 (The shared memory scoreboard in the HTTP daemon for Apache 1.3.x
...)
{DSA-195 DSA-188 DSA-187}
- apache 1.3.27-0.1
@@ -16800,8 +16551,6 @@
{DSA-182 DSA-179 DSA-176}
CAN-2002-0837 (wordtrans 1.1pre8 and earlier in the wordtrans-web package
allows ...)
- wordtrans 1.1pre9
-CAN-2002-0836
- {DSA-207}
CAN-2002-0834 (Buffer overflow in the ISIS dissector for Ethereal 0.9.5 and
earlier ...)
{DSA-162}
CAN-2002-0833 (Buffer overflow in Eudora 5.1.1 and 5.0-J for Windows, and
possibly ...)
@@ -16988,8 +16737,6 @@
{DSA-201}
CAN-2002-0664 (The default Access Control Lists (ACLs) of the administration
database ...)
NOTE: not-for-us (ZMerge not in Debian)
-CAN-2002-0662
- {DSA-160}
CAN-2002-0661 (Directory traversal vulnerability in Apache 2.0 through 2.0.39
on ...)
- apache2 2.0.40
CAN-2002-0660 (Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 ...)
@@ -17179,8 +16926,6 @@
CAN-2002-0407 (htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows
remote ...)
CAN-2002-0405 (Buffer overflow in Transsoft Broker FTP Server 5.0 evaluation
allows ...)
CAN-2002-0399 (Directory traversal vulnerability in GNU tar 1.13.19 through
1.13.25, ...)
-CAN-2002-0392
- - apache2 2.0.37
CAN-2002-0393 (Buffer overflow in Red-M 1050 (Bluetooth Access Point)
management web ...)
CAN-2002-0390
NOTE: reserved
@@ -17190,8 +16935,6 @@
CAN-2002-0385 (Vignette Story Server 4.1 and 6.0 allows remote attackers to
obtain ...)
CAN-2002-0383
NOTE: reserved
-CAN-2002-0380
- {DSA-255}
CAN-2002-0378 (The default configuration of LPRng print spooler in Red Hat
Linux 7.0 ...)
CAN-2002-0375 (Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo
allows ...)
CAN-2002-0371 (Buffer overflow in gopher client for Microsoft Internet Explorer
5.1 ...)
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-09-12 13:15:56 UTC (rev 1929)
+++ data/CVE/list 2005-09-12 14:30:24 UTC (rev 1930)
@@ -113,6 +113,7 @@
{DSA-514 DSA-475 DSA-470 DSA-466 DSA-456 DSA-454 DSA-453 DSA-450 DSA-444
DSA-442 DSA-441 DSA-440 DSA-439 DSA-438}
CVE-2004-0075
- kernel-source-2.4.24 2.4.24-3
+ NOTE: fixed in 2.4.26-pre3
TODO: test
CVE-2004-0070
NOTE: not-for-us (ezcontents, commercial)
@@ -328,6 +329,7 @@
NOTE: According to upstream changelog and
http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
NOTE: this is fixed in eterm 0.9.2
CVE-2003-0020
+ - apache2 2.0.49
- apache 1.3.29.0.2-4
CVE-2003-0019
NOTE: not-for-us (redhat 8.0 only)
@@ -501,17 +503,16 @@
- qmailadmin 1.0.6-1
CVE-2002-1413
NOTE: not-for-us (RCONAG6 for Novell Netware SP2)
-CVE-2002-1412
- {DSA-138}
- - gallery 1.3-3
CVE-2002-1407
NOTE: not-for-us (TinySSL not in Debian)
CVE-2002-1405
{DSA-210}
- lynx 2.8.4.1b-4
+ - lynx-ssl 1:2.8.4.1b-3.1
CVE-2002-1403
{DSA-219}
- dhcpd 1.3.22pl2-2
+ NOTE: Debian sarge uses dhcp >= 2.0
CVE-2002-1396
- php4 4:4.3.2+rc3-1
NOTE: according to http://www.securityfocus.com/bid/6488
@@ -519,6 +520,7 @@
CVE-2002-1394
{DSA-225}
- tomcat4 4.1.9-1
+ NOTE: no problem in sarge packages
CVE-2002-1392
- mgetty 1.1.30-1
NOTE: woody version seems to be vulnerable see bug #199351
@@ -538,7 +540,9 @@
- openwebmail 1.90-1
CVE-2002-1384
{DSA-232 DSA-226 DSA-222}
+ - xpdf-i 2.01-2
- xpdf 2.01-2
+ - cupsys 1.1.18-1
CVE-2002-1382
- flashplugin-nonfree 6.0.69-1
CVE-2002-1381
@@ -546,7 +550,7 @@
- exim 3.36-14
CVE-2002-1380
{DSA-336}
- - kernel-source-2.2.25
+ - kernel-source-2.2.25 2.2.25-2
CVE-2002-1377
- vim 6.1.263-1
NOTE: woody seems to be still vulnerable
@@ -558,12 +562,15 @@
CVE-2002-1375
{DSA-212}
- mysql-dfsg 4.0.7.gamma-1
+ NOTE: bug in mysql 3, sarge uses mysql 4
CVE-2002-1374
{DSA-212}
- mysql-dfsg 4.0.7.gamma-1
+ NOTE: bug in mysql 3, sarge uses mysql 4
CVE-2002-1373
{DSA-212}
- mysql-dfsg 4.0.7.gamma-1
+ NOTE: bug in mysql 3, sarge uses mysql 4
CVE-2002-1372
{DSA-232}
- cupsys 1.1.18-1
@@ -597,7 +604,9 @@
NOTE: not-for-us (sun)
CVE-2002-1350
{DSA-206}
- - tcpdump 3.7.1-1.2
+ - tcpdump 3.7.1-1
+ NOTE: 3.7.1-1.2 fixes a different issue.
+ NOTE: The fix from 3.6.2-2.2 was not upload to unstable.
CVE-2002-1349
NOTE: not-for-us (PC-cillin)
CVE-2002-1348
@@ -607,6 +616,7 @@
{DSA-257}
- sendmail 8.13.0.PreAlpha4-0
NOTE: sendmail-wide not in testing/unstable
+ NOTE: problem in sendmail 8.12, sarge uses 8.13
CVE-2002-1336
- tightvnc 1.2.6-1
CVE-2002-1327
@@ -623,6 +633,7 @@
CVE-2002-1318
{DSA-200}
- samba 2.99.cvs.20020713-1
+ NOTE: Problem in Samba 2, sarge uses Samba 3.
CVE-2002-1317
NOTE: not-for-us (solaris)
CVE-2002-1313
@@ -1037,6 +1048,8 @@
NOTE: lists.netsys.com/pipermail/full-disclosure/2003-February/003875.html
CVE-2002-0840
{DSA-195 DSA-188 DSA-187}
+ - apache2 2.0.43-1
+ - apache 1.3.27-0.1
CVE-2002-0836
{DSA-207}
CVE-2002-0835
@@ -1302,6 +1315,7 @@
CVE-2002-0395
CVE-2002-0394
CVE-2002-0392
+ - apache2 2.0.37
CVE-2002-0391
{DSA-333 DSA-149 DSA-146 DSA-143 DSA-142}
CVE-2002-0389