Secure testing commits - Dec 2005 - r3012 - data/CVE

Author: jmm-guest
Date: 2005-12-12 11:51:29 +0000 (Mon, 12 Dec 2005)
New Revision: 3012

Modified:
   data/CVE/list
Log:
lots of syntax updates and kernel updates


Modified: data/CVE/list
==================================================================---
data/CVE/list	2005-12-12 10:19:22 UTC (rev 3011)
+++ data/CVE/list	2005-12-12 11:51:29 UTC (rev 3012)
@@ -11929,7 +11929,7 @@
 CVE-2002-1595 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows attackers
to ...)
 	NOT-FOR-US: Cisco
 CVE-2002-1594 (Buffer overflow in (1) grpck and (2) pwck, if installed setuid
on a ...)
-	NOTE: our pwck and grpck do not overflow and are not suid
+	- shadow <not-affected> (Debian''s pwck and grpck do not
overflow and are not suid)
 CVE-2002-1593 (mod_dav in Apache before 2.0.42 does not properly handle
versioning ...)
 	- apache2 2.0.42
 CVE-2002-1592 (The ap_log_rerror function in Apache 2.0 through 2.035, when a
CGI ...)
@@ -11959,7 +11959,7 @@
 CVE-2004-1766 (The default installation of NetScreen-Security Manager before
Feature ...)
 	NOT-FOR-US: NetScreen-Security Manager
 CVE-2004-1765 (Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4
for ...)
-	NOTE: only seems to affect 1.7.4, not the newer branch in debian
+	- libapache-mod-security <not-affected> (only seems to affect 1.7.4, not
the newer branch in Debian)
 CVE-2004-1764 (Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04,
B.11.11, ...)
 	NOT-FOR-US: HP-UX
 CVE-2004-1763 (Buffer overflow in hsrun.exe for HAHTsite Scenario Server 5.1
Patch 06 ...)
@@ -12027,11 +12027,9 @@
 CVE-2005-0688 (Windows Server 2003 and XP SP2, with Windows Firewall turned
off, ...)
 	NOT-FOR-US: Windows
 CVE-2005-0687 (Format string vulnerability in Hashcash 1.16 allows remote
attackers ...)
-	NOTE: hashcash 1.13 (which is in Debian) is not vulnerable
-	NOTE: hashcash 1.17 is also ok
+	- hashcash 1.17-1
 CVE-2005-0686 (Integer overflow in mlterm 2.5.0 through 2.9.1, with gdk-pixbuf
...)
-	- mlterm 2.9.2
-	NOTE: see bug #298621, was stalled in NEW, now accepted
+	- mlterm 2.9.2 (bug #298621)
 CVE-2005-0685 (Multiple access validation errors in OutStart Participate
Enterprise ...)
 	NOT-FOR-US: OutStart Participate Enterprise
 CVE-2005-0684 (Multiple buffer overflows in the web tool for MySQL MaxDB before
...)
@@ -12087,7 +12085,7 @@
 CVE-2005-0660 (Multiple cross-site scripting (XSS) vulnerabilities in D-Forum
1.11 ...)
 	NOT-FOR-US: D-Forum
 CVE-2005-0659 (phpBB 2.0.13 and earlier allows remote attackers to obtain
sensitive ...)
-	NOTE: This is not a security issue as the installation path is known.
+	- phpbb2 <unfixed> (unimportant)
 CVE-2005-0658 (SQL injection vulnerability in a third party extension to TYPO3
allows ...)
 	NOT-FOR-US: Typo3
 CVE-2005-0657 (Directory traversal vulnerability in Computalynx CProxy 3.3.x
and ...)
@@ -12155,8 +12153,7 @@
 CVE-2005-0628 (Multiple cross-site scripting (XSS) vulnerabilities in Forumwa
1.0 ...)
 	NOT-FOR-US: Forumwa
 CVE-2005-0627 (Qt before 3.3.4 searches the BUILD_PREFIX directory, which could
be ...)
-	NOTE: We are not vulnerable to this since RPATH has been disable in QT3 ever
since
-	NOTE: Martin Loschwitz maintain it.
+	- qt-x11-free <not-affected> (RPATH disabled in Debian''s build)
 CVE-2004-1754 (The DNS proxy (DNSd) for multiple Symantec Gateway Security
products ...)
 	NOT-FOR-US: Symantec DNSd
 CVE-2003-1089 (index.php for Zorum 3.4 allows remote attackers to determine the
full ...)
@@ -12213,11 +12210,9 @@
 	- lesstif1-1 1:0.93.94-11.1 (bug #298183; bug #299236)
 	NOTE: lesstif1
 	- lesstif1-1 1:0.93.94-11.3 (bug #300421)
-	NOTE: libxmp4 is the real culprit, but there are different
-	NOTE: source packages for it (xorg-x11 and xfree86). xorg-x11
-	NOTE: in unstable is not affected (was fixed before the upload).
+	NOTE: libxmp4 is the real culprit
 	- xfree86 4.3.0.dfsg.1-13
-	NOTE: openmotif is non-free
+	- xorg-x11 <not-affected> (Fixed before upload into archive)
 	- openmotif 2.2.3-1.1 (bug #308819; medium)
 CVE-2005-0604 (lnss.exe in GFI Languard Network Security Scanner 5.0 stores the
...)
 	NOT-FOR-US: GFI Languard Network Security Scanner
@@ -12481,17 +12476,21 @@
 CVE-2005-0533 (Heap-based buffer overflow in Trend Micro AntiVirus Library
VSAPI ...)
 	NOT-FOR-US: Trend Micro AntiVirus
 CVE-2005-0532 (The reiserfs_copy_from_user_to_file_region function in
reiserfs/file.c ...)
-	- kernel-source-2.6.8 2.6.8-14
-	NOTE: 2.4.27 seems to be unaffected
+	- linux-2.6 <not-affected> (Fixed before upload into archive;
2.6.11-rc4)
+	[sarge] - kernel-source-2.6.8 2.6.8-14
+	TODO: 2.4.27 seems to be unaffected, check back with kernel patch tracker
 CVE-2005-0531 (The atm_get_addr function in addr.c for Linux kernel 2.6.10 and
2.6.11 ...)
-	- kernel-source-2.6.8 2.6.8-14
+	- linux-2.6 <not-affected> (Fixed before upload into archive;
2.6.11-rc4)
+	[sarge] - kernel-source-2.6.8 2.6.8-14
 	- kernel-source-2.4.27 2.4.27-9
 CVE-2005-0530 (Signedness error in the copy_from_read_buf function in n_tty.c
for ...)
 	- kernel-source-2.6.8 2.6.8-14
 	NOTE: affects only 2.6 (see #296906)
 CVE-2005-0529 (Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types
for ...)
-	- kernel-source-2.6.8 2.6.8-14
-	NOTE: 2.4.27 seems to be unaffected 
+	- linux-2.6 <not-affected> (Fixed before upload into archive)
+	[sarge] - kernel-source-2.6.8 2.6.8-14
+	TODO: 2.4.27 seems to be unaffected, check back with kernel patch tracker
+	TODO: check, when this was fixed in 2.6
 CVE-2005-0528
 	RESERVED
 CVE-2005-0527 (Firefox 1.0 allows remote attackers to execute arbitrary code
via ...)
@@ -12505,7 +12504,7 @@
 	- php4 4:4.3.10-10
 	- php3 3:3.0.18-31
 CVE-2005-0524 (The php_handle_iff function in image.c for PHP 4.2.2, 4.3.9,
4.3.10 ...)
-	NOTE: php3 not affected
+	- php3 <not-affected>
 	- php4 4:4.3.10-10
 CVE-2005-0523 (Format string vulnerability in ProZilla 1.3.7.3 and earlier
allows ...)
 	{DSA-719-1}
@@ -12726,8 +12725,9 @@
 	NOTE: hard disc, well than you have "DoSed" yourself,
congratulations.
 	NOTE: It''s reproducable with 1.0.2, but I doubt it will ever be
"fixed", as HTML parsers
 	NOTE: generally try to make sense of anything even remotely resembling HTML.
-	TODO: This is still a bug (maybe not a security one) 
-	TODO: and needs fixing. (IMHO, fw)
+	- mozilla-firefox <unfixed> (unimportant)
+	- mozilla <unfixed> (unimportant)
+	TODO: This is still a bug (maybe not a security one) and needs fixing. (IMHO,
fw)
 CVE-2004-1638 (Buffer overflow in MailCarrier 2.51 allows remote attackers to
execute ...)
 	NOT-FOR-US: mailcarrier
 CVE-2004-1637 (The Hawking Technologies HAR11A modem/router allows remote
attackers ...)
@@ -12778,7 +12778,7 @@
 CVE-2004-1615 (Opera allows remote attackers to cause a denial of service
(invalid ...)
 	NOT-FOR-US: Opera
 CVE-2004-1614 (Mozilla allows remote attackers to cause a denial of service
...)
-	NOTE: assuming this is mozilla_die2.html, does not bother firefox 1.0+dfsg.1-6
+	- mozilla-firefox <not-affected> (assuming this is mozilla_die2.html,
does not bother firefox 1.0+dfsg.1-6)
 	NOTE: mozilla-browser 1.7.5-1 also ok
 CVE-2004-1613 (Mozilla allows remote attackers to cause a denial of service
...)
 	NOTE: example page did not bother firefox 1.0+dfsg.1-6
@@ -12860,8 +12860,8 @@
 CVE-2004-1575 (The XML parser in Xerces-C++ 2.5.0 allows remote attackers to
cause a ...)
 	- xerces25 2.5.0-4
 	- xerces24 2.4.0-4
-	NOTE: maintainer believe that this CVE doesn''t apply to xerces23 (see
bug #296432)
-	NOTE: maintainer believe that this CVE doesn''t apply to xerces21 (see
bug #296466)
+	- xerces23 <not-affected> (not affected, see bug #296432)
+	- xerces21 <not-affected> (not affected, see bug #296466)
 CVE-2004-1574 (Buffer overflow in Vypress Messenger 3.5.1 and earlier allows
remote ...)
 	NOT-FOR-US: Vypress
 CVE-2004-1573 (The documentation for AJ-Fork 167 implies that users should set
...)
@@ -13094,6 +13094,7 @@
 CVE-2005-0460 (index.php in MercuryBoard 1.0.x and 1.1.x allows remote
attackers to ...)
 	NOT-FOR-US: MercuryBoard
 CVE-2005-0459 (phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows
remote ...)
+	- phpmyadmin 2.6.2 (unimportant)
 	NOTE: From maintainer Piotr Roszatycki <Piotr_Roszatycki@netia.net.pl> :
 	NOTE: I think it is not a problem on Debian as far as everybody knows the full
 	NOTE: path of phpMyAdmin is /usr/share/phpmyadmin.
@@ -13122,7 +13123,6 @@
 CVE-2005-0450 (Directory traversal vulnerability in Sami HTTP Server 1.0.5
allows ...)
 	NOT-FOR-US: Sami HTTP Server
 CVE-2005-0449 (The netfilter/iptables module in Linux before 2.6.8.1 allows
remote ...)
-	NOTE:
http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1e01441051dda3bb01c455b6e20bce6d00563d82"
 	- kernel-source-2.6.8 2.6.8-14 (bug #295949; high)
 	- linux-2.6 <not-affected> (Vulnerable code was removed betwen 2.6.11
and 2.6.12)
 	- kernel-source-2.4.27 <not-affected> (Per Herbet Xu:
http://oss.sgi.com/archives/netdev/2005-01/msg01107.html)
@@ -13137,8 +13137,7 @@
 	{DSA-688-1}
 	- squid 2.5.8-3
 CVE-2005-0445 (Cross-site scripting (XSS) vulnerability in Open WebMail 2.x
allows ...)
-	NOTE: Not in testing, only sid
-	NOTE: Was once part of Debian, but has been removed
+	- openwebmail <removed>
 CVE-2005-0444 (VMware before 4.5.2.8848-r5 searches for gdk-pixbuf shared
libraries ...)
 	NOT-FOR-US: VMware
 CVE-2005-0443 (index.php in CubeCart 2.0.4 allows remote attackers to (1)
obtain the ...)
@@ -13235,8 +13234,8 @@
 	- mozilla-firefox 1.0.2-1
 	- mozilla-thunderbird 1.0.2-1
 CVE-2005-0400 (The ext2_make_empty function call in the Linux kernel before
2.6.11.6 ...)
+	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.6)
 	- kernel-source-2.4.27 2.4.27-10 (bug #303294)
-	- kernel-source-2.6.8 2.6.8-16 (bug #303294)
 CVE-2005-0399 (Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2,
...)
 	- mozilla-firefox 1.0.2-1
 	- mozilla-thunderbird 1.0.2-1
@@ -13279,7 +13278,8 @@
 	{DSA-693-1}
 	- luxman 0.41-20 (bug #299857)
 CVE-2005-0384 (Unknown vulnerability in the PPP driver for the Linux kernel
2.6.8.1 ...)
-	- kernel-source-2.6.8 2.6.8-15
+	- linux-2.6 <not-affected> (Fixed before upload into archive)
+	TODO: Check, when this was fixed upstream
 	- kernel-source-2.4.27 2.4.27-9
 CVE-2004-1488 (wget 1.8.x and 1.9.x does not filter or quote control characters
when ...)
 	- wget 1.9.1-11
@@ -13296,7 +13296,8 @@
 CVE-2005-0379 (Multiple directory traversal vulnerabilities in ZeroBoard 4.1pl5
and ...)
 	NOT-FOR-US: ZeroBoard
 CVE-2005-0378 (Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0
allow ...)
-	NOTE: horde 2.0 not vulnerable
+	- horde2 <not-affected>
+	TODO: check horde3
 CVE-2005-0377 (SQL injection vulnerability in imageview.php for SGallery 1.01
allows ...)
 	NOT-FOR-US: sgallery
 CVE-2005-0376 (PHP remote code injection vulnerability in SGallery 1.01 allows
local ...)
@@ -13327,7 +13328,7 @@
 CVE-2005-0366 (The integrity check feature in OpenPGP, when handling a message
that ...)
 	- gnupg 1.4.1-1
 CVE-2005-0364 (Unknown vulnerability in BIND 9.2.0 in HP-UX B.11.00, B.11.11,
and ...)
-	NOT-FOR-US: bind on hp-ux
+	- bind9 <not-affected> (Bind on hp-ux)
 CVE-2005-0361
 	RESERVED
 CVE-2005-0360 (The Microsoft Log Sink Class ActiveX control in pkmcore.dll is
marked ...)
@@ -13339,7 +13340,8 @@
 CVE-2005-0357 (EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and
StorEdge ...)
 	NOT-FOR-US: EMC Legato
 CVE-2005-0356 (Multiple TCP implementations with Protection Against Wrapped
Sequence ...)
-	NOTE: linux is not vulnerable, see #310804
+	- linux-2.6 <not-affected> (Linux is not vulnerable, see #310804)
+	- kernel-source-2.4.27 <not-affected> (Linux is not vulnerable, see
#310804)
 	- kfreebsd5-source 5.3-15 (medium) 
 CVE-2005-0355
 	RESERVED
@@ -13362,9 +13364,9 @@
 CVE-2004-1486 (Unknown vulnerability in Serviceguard A.11.13 through A.11.16.00
and ...)
 	NOT-FOR-US: Serviceguard and Cluster Object Manager on HP-UX, HP Linux
 CVE-2004-1485 (Buffer overflow in the TFTP client in InetUtils 1.4.2 allows
remote ...)
-	NOTE: checked inetutils 2:1.4.2+20040207-4; not vulnerable and its tftpd is
not shipped
-	NOTE: atftp checks h_length
-	NOTE: netkit-tftp not vulnerable
+	- inetutils <not-affected> (inetutils 2:1.4.2+20040207-4; not vulnerable
and its tftpd is not shipped)
+	- atftp <not-affected> (atftp checks h_length)
+	- netkit-tftp <not-affected> (netkit-tftp not vulnerable)
 	- tftpd-hpa <unfixed> (bug #295297; unimportant)
 	NOTE: The address length comes from libc, not the network.
 CVE-2004-1484 (Format string vulnerability in the _msg function in error.c in
socat ...)
@@ -13891,7 +13893,7 @@
 	NOTE: to ... execute arbitrary commands via malformed GIF files ... parsed by
the Windows batch file parser
 	NOTE: any interpretor would require the file to be +x to execute it and then
would spit if handed a GIF
 	NOTE: < vorlon> hacim: it''s specific to Windows, home to the
dumbest interpreter on the planet.
-	NOT-FOR-US: Firefox on Windows
+	- mozilla-firefox <not-affected> (Affects only Firefox on Windows)
 CVE-2005-0229 (CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data
file ...)
 	NOT-FOR-US: CitrusDB
 CVE-2005-0228
@@ -13920,7 +13922,7 @@
 CVE-2005-0216 (Cross-site scripting (XSS) vulnerability in formmail.php in
Woltlab ...)
 	NOT-FOR-US: Woltlab Burning Board Lite
 CVE-2005-0215 (Mozilla 1.6 and possibly other versions allows remote attackers
to ...)
-	NOT-FOR-US: Mozilla 1.6 for Windows
+	- mozilla <not-affected> (Mozilla 1.6 for Windows)
 CVE-2005-0214 (Directory traversal vulnerability in Simple PHP Blog (SPHPBlog)
0.3.7c ...)
 	NOT-FOR-US: SPHPBlog
 CVE-2005-0213 (Directory traversal vulnerability in WinHKI 1.4d allows remote
...)
@@ -13932,29 +13934,33 @@
 	- squid 2.5.7-6
 CVE-2005-0210 (Netfilter in the Linux kernel 2.6.8.1 allows local users to
cause a ...)
 	- linux-2.6 <not-affected> (Fixed before upload into archive)
+	TODO: Check, which version fixed this
 	[sarge] - kernel-source-2.6.8 2.6.8-15
 	- kernel-source-2.4.27 2.4.27-9 (bug #300838)
 CVE-2005-0209 (Netfilter in Linux kernel 2.6.8.1 allows remote attackers to
cause a ...)
-	NOTE: <horms> all kernels seem to be clear with regards to 2005-0209
-	NOTE: <dilinger>
http://oss.sgi.com/archives/netdev/2005-01/msg01072.html resolves this and it is
in all our kernels
+	- linux-2.6 <not-affected> (Fixed before upload into archive)
+	TODO: Check, which version fixed this
 	- kernel-source-2.4.27 2.4.27-9
 CVE-2005-0208 (The HTML parsing functions in Gaim before 1.1.4 allow remote
attackers ...)
 	- gaim 1:1.1.4
 CVE-2005-0207 (Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x
allows ...)
-	NOTE: this is
http://www.acm.cs.rpi.edu/~dilinger/patches/2.6.10/as2/linux-2.6.10-as2/026-nfs_o_direct_error.patch
-	NOTE:
http://linux.bkbits.net:8080/linux-2.6/cset@41db2d65wbgJvuXTv4x9_quExW0vEA
-	NOTE: fixed in upstream 2.6.10, 2.6.9 is dead
-	- kernel-source-2.6.8 2.6.8-14
+	- linux-2.6 <not-affected> (Fixed before upload into archive)
+	[sarge] - kernel-source-2.6.8 2.6.8-14
+	TODO: Check 2.4
 CVE-2005-0206 (The patch for integer overflow vulnerabilities in Xpdf 2.0 and
3.0 ...)
-	NOTE: turns out that xpdf, kpdf, tetex-bin and pdftohtml were patched for
CVE-2004-0888 with
-	NOTE: a fixed patch from the beginning, cupsys doesn''t include xpdf
code any more
-	NOTE: found this: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=135393
-	NOTE: gpdf ok, all implementations seem ok
+	- xpdf <not-affected> (Initial Debian fix was already correct)
+	- gpdf <not-affected> (Initial Debian fix was already correct)
+	- kdegraphics <not-affected> (Initial Debian fix was already correct)
+	- tetex-bin <not-affected> (Initial Debian fix was already correct)
+	- pdftohtml <not-affected> (Initial Debian fix was already correct)
+	- cupsys <not-affected> (Uses an external xpdf now)
+	NOTE: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=135393
 CVE-2005-0205 (KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without
certain ...)
 	{DSA-692-1}
 	- kdenetwork 4:3.1.6
 CVE-2005-0204 (Linux kernel before 2.6.9, when running on the AMD64 and Intel
EM64T ...)
-	NOTE: According to a question on linux-kernel 2.6 is not vulnerable
+	- linux-2.6 <not-affected> (Fixed before upload into archive)
+	TODO: Check, which version fixed this
 	- kernel-source-2.4.27 2.4.27-12 (bug #296700; high)
 CVE-2005-0203
 	REJECTED