Author: micah Date: 2006-03-11 22:53:41 +0000 (Sat, 11 Mar 2006) New Revision: 3599 Added: data/ID_pending Log: This is a list of the current CVE-XXXX issues that need to be assigned Added: data/ID_pending ==================================================================--- data/ID_pending 2006-03-11 21:52:33 UTC (rev 3598) +++ data/ID_pending 2006-03-11 22:53:41 UTC (rev 3599) @@ -0,0 +1,437 @@ +CVE-2006-XXXX [runit local privilege escalation] + - runit <unfixed> (bug #356016; medium) + [sarge] - runit <not-affected> +CVE-2006-XXXX [minor bypass of rssh sanitising] + - rssh <unfixed> (bug #346322; low) + [sarge] - rssh <not-affected> (Problem has been introduced in 2.3.0) +CVE-2006-XXXX [buffer overflow in netcat example] + - netcat 1.10-30 (bug #352369; unimportant) + NOTE: Only an example, not in the binary package +CVE-2006-XXXX [webcheck XSS] + - webcheck 1.9.6 +CVE-2006-XXXX [the usual gallery2 XSS] + - gallery2 2.0.3-1 +CVE-2006-XXXX [Insecure rpath in amaya] + - amaya 9.4-1 (bug #341424) +CVE-2006-XXXX [cherrypy2 information disclosure] + - cherrypy2 2.1.1-1 (bug #353542) +CVE-2006-XXXX [sa-exim: deletion of files] + - sa-exim <unfixed> (bug #345071) +CVE-2006-XXXX [imagemagick: array index overflow in DisplayImageCommand] + - imagemagick 6:6.2.4.5-0.6 (bug #345595) +CVE-2006-XXXX [imagemagick''s display(1) deletes arbitrary files] + - imagemagick 6:6.2.4.5-0.7 (bug #352575; medium) + - graphicsmagick <not-affected> (Vulnerable code not present) + [woody] - imagemagick <not-affected> (Vulnerable code not present) + [sarge] - imagemagick <not-affected> (Vulnerable code not present) +CVE-2006-XXXX [dpkg-sig: insecure temp file bug] + - dpkg-sig <unfixed> (bug #352723; medium) +CVE-2006-XXXX [Wordpress XSS] + - wordpress 2.0.1-1 (bug #328909) +CVE-2006-XXXX [pioneers meta-server DoS] + - pioneers 0.9.55-1 (bug #351986; medium) + [sarge] - gnocatan <not-affected> (Not exploitable in Sarge per maintainer) +CVE-2006-XXXX [kphone creates world-readable config file with passwords] + - kphone <unfixed> (bug #337830; low) +CVE-2006-XXXX [knowledgetree information disclosure] + - knowledgetree <unfixed> (bug #348306; medium) +CVE-2006-XXXX [php5 response splitting] + - php5 5.1.2-1 (bug #347894) + - php4 <not-affected> (vulnerable code was introduced in PHP5) +CVE-2006-XXXX [php5 mysqli format string issue] + - php5 5.1.2-1 (bug #347894) + - php4 <not-affected> (vulnerable code was introduced in PHP5) +CVE-2005-XXXX [World-readable config file with sensitive data in b2evolution] + - b2evolution 0.9.1b-4 (bug #344000) +CVE-2005-XXXX [xshisen follows symlinks for shared gid games files] + - xshisen 1.51-1-1.2 (bug #291613) +CVE-2005-XXXX [phpbb2 bbcode xss ie-only fixed in 2.0.19] + - phpbb2 <not-affected> (Fixed through a more complete fix in previous 2.0.13+1-6sarge1 update) +CVE-2005-XXXX [snort: DoS in verbose mode] + - snort 2.3.3-2 (bug #328134; low) + [woody] - snort <no-dsa> (Only exploitable in obscure setups not used in production environments, see #328134) + [sarge] - snort <no-dsa> (Only exploitable in obscure setups not used in production environments, see #328134) +CVE-2005-XXXX [Insecure tempfile in libjpeg6b''s exifautotran] + - libjpeg6b 6b-11 (bug #340079; low) + [woody] - libjpeg6b <not-affected> (Does not include exifautotran) +CVE-2005-XXXX [SQL Injection in server_privileges.php] + - phpmyadmin <unfixed> (bug #343858; unimportant) + NOTE: Attack only works for authenticated users and after all "SQL injection" is + NOTE: phpmyadmin''s primary use case :-) +CVE-2005-XXXX [rageirc IRC daemon always allows login with empty password] + - rageircd <unfixed> (bug #343543; medium) +CVE-2003-XXXX [Insecure tempfile in x-face-el] + - x-face-el 1.3.6.23-1 + NOTE: DSA-340 +CVE-2005-XXXX [Unspecified new Real/Helix createProcess() issue, no details yet] + - helix-player <unfixed> (unknown) + NOTE: http://service.real.com/help/faq/security/security111605.html +CVE-2005-XXXX [maradns risk mitigation against AES side channel attacks by Shamir et al.] + - maradns 1.0.35-1 (unimportant) +CVE-2005-XXXX [unsafe file permissions in vpnc] + - vpnc <unfixed> (bug #340105; medium) +CVE-2005-XXXX [user logout in drupal has no effect] + [sarge] - drupal <not-affected> (bug was introduced after 4.5.3) + - drupal 4.5.5-3 (bug #336719; medium) +CVE-2005-XXXX [double free() in libungif] + - libungif4 4.1.4-1 (bug #338542; medium) +CVE-2005-XXXX [webcalendar''s password visible to local users through debconf] + - webcalendar <unfixed> (bug #337624) +CVE-2005-XXXX [Insecure temp files in note] + - note 1.3.1-3 (bug #337492; low) +CVE-2005-XXXX [ntop format string vulnerability] + - ntop <unfixed> (bug #335996; unimportant) + NOTE: Not exploitable +CVE-2005-XXXX [Firefox IFRAME DoS] + - mozilla-firefox <unfixed> (bug #336171; low) + - firefox 1.4.99+1.5rc3.dfsg-2 (bug #336171; low) + NOTE: Only a DoS attack, see http://bugzilla.mozilla.org/show_bug.cgi?id=303433 +CVE-2005-XXXX [libxaw6: passwords visible in widgets] + NOTE: fixed in libxaw7 + - xorg-x11 <unfixed> (bug #172890; low) + - xfree86 <removed> +CVE-2005-XXXX [kernel: Signedness problems in net/core/filter] + - linux-2.6 2.6.12-2 + [sarge] - kernel-source-2.4.27 <not-affected> + [sarge] - kernel-source-2.6.8 <not-affected> + NOTE: http://www.kernel.org/git/?p=linux/kernel/git/chrisw/linux-2.6.12.y.git;a=commit;h=4717ecd49ce5c556d38e8c7b6fdc9fac5d35c00e +CVE-2005-XXXX [Insecure temp file usage in thttpd''s syslogtocern] + - thttpd 2.23beta1-4 (low) +CVE-2005-XXXX [adduser''s deluser creates backup files with world readable permissions] + - adduser 3.77 (bug #331720; low) + NOTE: Woody and Sarge affected +CVE-2005-XXXX [Pavuk Digest Authentication Buffer Overflow] + - pavuk 0.9.33-1 (bug #264684; high) + NOTE: second hole mentioned in bug report +CVE-2005-XXXX [libmad: Assertion failed; buffer overflow] + - libmad <unfixed> (bug #287519; low) + - mad <removed> +CVE-2005-XXXX [unsafe temporary file creation in flexbackup default config] + - flexbackup <unfixed> (bug #334350; low) +CVE-2005-XXXX [xscreensaver does not maintain screen locks during upgrade] + - xscreensaver 4.23-2 (bug #334193; low) +CVE-2005-XXXX [Minor DoS vulnerability in msg id parsing of spampd] + - spampd 2.30-1 (bug #332259; low) + [sarge] - spampd <no-dsa> (Only exploitable to let single messages pass through) +CVE-2005-XXXX [Minor local DoS as libldap] + - openldap <unfixed> (bug #253838; low) + TODO: Check, whether openldap2.2 is affected as well +CVE-2005-XXXX [Insecure bounds checking in mpack''s content parser] + - mpack 1.6-1 (bug #216566) +CVE-2005-XXXX [coreutils ignores umask when using -m in mkdir, mkfifo and mknod] + - coreutils 5.93-1 (bug #306076; low) + [sarge] - coreutils <no-dsa> (Minor issue, hardly exploitable) + [woody] - coreutils <no-dsa> (Minor issue, hardly exploitable) +CVE-2005-XXXX [tar''s rmt command may have undesired side effects] + - tar <unfixed> (bug #290435; low) +CVE-2005-XXXX [clamav''s VERSION command does not return the currently loaded version] + NOTE: no exploit vector, just bad info + - clamav <unfixed> (bug #323803; unimportant) +CVE-2005-XXXX [smbmount doesn''t honor gid/uid with kernel 2.4] + - kernel-source-2.4.27 <unfixed> (bug #310982; low) + NOTE: probably already fixed in testing, wrote for confirmation +CVE-2004-XXXX [Minor dialog box origin spoofing vulnerability in Konqueror] + - kdebase 4:3.3.1-1 (bug #278002; low) + TODO: According to http://secunia.com/secunia_research/2004-10/advisory/ Firefox and Mozilla aff. as well +CVE-2003-XXXX [Incomplete reporting of failed logins in login] + - login 1:4.0.3-36 (bug #192849) +CVE-2004-XXXX [slapd debconfage writes password to world readable file under certain circumstances] + - openldap2.2 2.2.26-5 (bug #260204; low) +CVE-2004-XXXX [Unspecified buffer overflow in libmng] + - libmng 1.0.8-1 (bug #250106) +CVE-2004-XXXX [Multiple buffer overflows in isoqlog] + - isoqlog 2.2-0.1 (bug #254101; bug #202634) +CVE-2002-XXXX [libnss-ldap: DoS through truncated DNS queries] + - libnss-ldap 199-1 (bug #169793) +CVE-2004-XXXX [Firefox doesn''t clear all cookies] + - mozilla-firefox <unfixed> (bug #203034; bug #235932; low) +CVE-2004-XXXX [Insecure temp files in amanda''s chg-manual] + - amanda 1:2.4.5p1-1 (bug #226139; low) + NOTE: Woody and Sarge affected +CVE-2004-XXXX [Buffer overflow in wdm''s login] + - wdm <unfixed> (bug #276218; low) +CVE-2005-3752 (Unspecified vulnerability in ldapdiff before 1.1.1 has unknown impact ...) + - ldapdiff <not-affected> (The version in Debian doesn''t contain the vulnerable code, see #306878) +CVE-2005-XXXX [apt-cache doesn''t differentiate sources which share several properties] + - apt <unfixed> (bug #329814; low) + - apt <no-dsa> (Unsupported use case) + NOTE: I tend to remove this completely, if you''re using apt sources which include vulnerable + NOTE: versions of Debian packages with higher version numbers you''re screwed anyway, no matter + NOTE: what apt display in this case +CVE-2004-XXXX [asciijump: /var/games/asciijump world writable] + - asciijump 0.0.6-1.2 (bug #269186) +CVE-2004-XXXX [Barrendero spool world-readable] + - barrendero 1.1-1 (bug #279163) +CVE-2005-XXXX [hdup inproperly preserves permissions on directories] + - hdup <unfixed> (bug #302790; low) +CVE-2001-XXXX [crypt++ passes passwords through the command line] + - crypt++el <unfixed> (bug #105562; low) + NOTE: Sarge and Woody are affected +CVE-2004-XXXX [Two vulnerabilities in sredird] + - sredird 2.2.1-1.1 (bug #267098) +CVE-2003-XXXX [fuzz: Insecure temp file usage] + - fuzz 0.6-7.1 (bug #183047) +CVE-2005-XXXX [DoS triggering endless loops in findutils -follow option] + - findutils 4.2.22-1 (bug #313081) +CVE-2005-XXXX [Serendipity account hijacking through CSRF] + - serendipity <itp> (bug #312413) + NOTE: Fixed in 0.8.5 +CVE-2005-XXXX [Insecure temp files in linux-wlan-ng] + - linux-wlan-ng 0.2.0+0.2.1pre21-1.1 (bug #290047; low) +CVE-2004-XXXX [kmail may send out sensitive information when used on NFS homes] + - kdepim <unfixed> (bug #280287; low) + NOTE: kmail was once part of kdenetwork. +CVE-2002-XXXX [sanitizer bypassal through quoted file names] + - sanitizer 1.76-1 (bug #149799; medium) +CVE-2005-XXXX [Heap overflow in libosip URI parsing] + - libosip2 2.0.9-1 (bug #308737) +CVE-2005-XXXX [rkhunter: Insecure temporary file] + - rkhunter 1.2.7-14 (bug #330627; medium) +CVE-2005-XXXX [fprobe-ng: Insecure default hash] + - fprobe-ng <unfixed> (bug #322699; low) +CVE-2005-XXXX [microcode.ctl downloads microcode w/o user confirmation] + - microcode.ctl <unfixed> (bug #282583; unimportant) + NOTE: The validity of the microcode is ensure inside the CPU +CVE-2005-XXXX [Unsafe user of snprintf() in icebreaker''s highscore list] + - icebreaker 1.21-9.1 (bug #297644; low) +CVE-2001-XXXX [gnupg: inproper flagging of signatures as being local] + - gnupg 1.0.7-1 (bug #107374) +CVE-2003-XXXX [libsafe: does not prevent some exploit types] + - libsafe <removed> +CVE-2003-XXXX [Insecure temp files in lilo] + - lilo 1:22.4-1 (bug #173238; bug #292073; low) +CVE-2005-XXXX [Multiple security issues when using distcc without ssh auth] + - distcc 2.18.3-3 (bug #298929; low) + [sarge] - distcc <no-dsa> (Only affects distcc in a very non-standard way not recommended for unstrusted environments) +CVE-2004-XXXX [phpwiki shares a cookie for all wikis on a host] + - phpwiki <unfixed> (bug #282565; medium) +CVE-2005-XXXX [Possibly incorrect virtualisation in php4] + - php4 <unfixed> (bug #317577; bug #330419; low) + NOTE: Maintainer can''t reproduce +CVE-1999-XXXX [Insecure access control on GNU Mach''s IO ports] + - gnumach <unfixed> (bug #46709) + NOTE: Nearly six years old :-) +CVE-2005-XXXX [egroupware unsafe use of /tmp for storing a log file] + - egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low) + NOTE: Sarge is affected (package doesn''t exist in Woody) +CVE-2005-XXXX [SQL injection vulnerability in egroupware in account deletion] + - egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low) + NOTE: Sarge is affected (package doesn''t exist in Woody) +CVE-2005-XXXX [Insecure pidfile handling in mailleds] + - mailleds 0.93-11.1 (bug #329365; low) +CVE-2005-XXXX [kdebase uses urandom as an entropy source] + - kdebase <unfixed> (bug #325369; unimportant) + NOTE: Only affects the unofficial BSD/Hurd ports or 2.2 kernels + NOTE: on Linux urandom should provide sufficient entropy +CVE-2005-XXXX [imview: Possible buffer overflow with FITS images] + - imview <unfixed> (bug #326971; unknown) + TODO: Needs further evaluation +CVE-2005-XXXX [freeradius buffer overflows and SQL injection] + - freeradius 1.0.5-1 (medium) +CVE-2005-XXXX [user password file created by gajim is world-redable] + - gajim 0.8.2-1 (bug #325080; low) +CVE-2005-XXXX [mkzopeinstance.py creates world-readable inituser file] + - zope2.7 2.7.8-1 (bug #313644; bug #313621; low) + NOTE: first patch was incorrect +CVE-2005-XXXX [wine-safe does not prompt the user/is registered in mailcap] + - wine 0.0.20050830-1 (bug #327261; bug #327262; high) +CVE-2005-XXXX [Four potentially DoS exploitable deadlocks and leaks in kernel 2.6] + - linux-2.6 2.6.12-6 (low) +CVE-2005-XXXX [osh buffer overflow in handlers.c] + NOTE: This is not the same as -13 + - osh 1.7-14 (bug #323424; bug #323482; bug #311369; medium) +CVE-2005-XXXX [Insecure tempfile usage in tleds] + - tleds 1.05beta10-9 (bug #276789; low) +CVE-2005-XXXX [Insecure temp files in firehol] + - firehol 1.231-4 (low) +CVE-2005-XXXX [cplay - still unsafe temporary file handling vulnerable to symlink attacks] + - cplay 1.49-8 (bug #324913; low) + [woody] - cplay <not-affected> (CPLAY_TMP doesn''t exist in this version) + NOTE: Sarge is affected +CVE-2005-XXXX [$servers[$i][''disable_anon_bind''] = true doesn''t prevent anonymous to access ldap directory] + - phpldapadmin 0.9.6c-5 (bug #322423; low) +CVE-2005-XXXX [DoS against clamav through infinite loop in cli_rmdirs] + - clamav 0.86.2-1 (low) + NOTE: suspect this also affects Sarge, not enough info to know what this is +CVE-2005-XXXX [Buffer overflow in Description parsing] + - bidwatcher <removed> (bug #319489; low) + NOTE: Sarge and Woody affected + NOTE: Package is totally broken due to Ebay changes, so risk is low +CVE-2005-XXXX [Does not do escaping in mysql version - both a worrying flaw and stops adduser working] + - dbmail <unfixed> (bug #303991; medium) +CVE-2005-XXXX [downloads.ini writable by group users, world-readable] + - mldonkey 2.5.28.1-1 (bug #300560; low) +CVE-2005-XXXX [Should include "UNRESTRICTED access to your computer" warning somewhere] + - gcjwebplugin <unfixed> (bug #267040; bug #301134; high) +CVE-2005-XXXX [Inconsistent escaping of user supplied data in dbauthpgsql.c] + - dbmail-pgsql <unfixed> (bug #290833; medium) +CVE-2005-XXXX [time delay of password check proves account existence to attackers] + NOTE: unknown if really a bug; if it is it''s different than the previous ssh delay bugs + - ssh <unfixed> (bug #314645; low) +CVE-2005-XXXX [Unspecified buffer overflow in metar] + - metar 20050807.1-1 (unknown) +CVE-2005-XXXX [wine: Unsafe use of temporary files in winelauncher] + - wine 0.0.20050830-1 (bug #321470; low) +CVE-2005-XXXX [DoS to users to prevent usage of showpartial through _hard_ links] + - metamail 2.7-48 (bug #321473; low) +CVE-2005-XXXX [Insecure usage of temporary files in x11perfcomp and other security issues] + - xfree86 <unfixed> (bug #321447; low) + [woody] - xfree86 <no-dsa> (Hardly exploitable) + [sarge] - xfree86 <no-dsa> (Hardly exploitable) + - xorg-x11 <unfixed> (bug #321447; low) +CVE-2005-XXXX [gs-esp: Insecure usage of /tmp in source code] + - gs-esp <unfixed> (bug #291452; unimportant) + NOTE: Not included in the binary package +CVE-2005-XXXX [Format string bug in sysklogd''s syslog_tst sources] + NOTE: binary not shipped + - sysklogd <unfixed> (bug #281448; unimportant) +CVE-2005-XXXX [fftw3-dev: Insecure tempfile usage in fftw-wisdom-to-conf script] + - fftw3 3.0.1-12 (low; bug #321566) +CVE-2005-XXXX [clamav-getfile: Insecure use of temporary files] + - clamav-getfiles 0.5-1 (bug #321446; medium) + NOTE: Sarge is affected +CVE-2005-XXXX [libnet-ssleay-perl: /tmp/entropy insecure] + - libnet-ssleay-perl 1.25-1.1 (bug #296112; low) +CVE-2005-XXXX [nvi: init.d recover file security bugs] + - nvi 1.79-22 (bug #298114; medium) +CVE-2005-XXXX [bugzilla: Maintainer''s postinst script use temporary files in an unsafe way] + [woody] - bugzilla <not-affected> (Vulnerable script is not present) + [sarge] - bugzilla <not-affected> (Vulnerable script is not present) + - bugzilla 2.18.3-2 (bug #321567; low) +CVE-2005-XXXX [Crypto weakness in Tor''s handshaking process] + - tor 0.1.0.14-1 (medium) +CVE-2005-XXXX [DoS against rsync in embedded zlib copy] + NOTE: This is distinct from CVE-2005-2096, please see rsync''s 2.6.6 announcement + NOTE: It refers to one the the two vaguely described fixes from zlib 1.2.3 + NOTE: I haven''t verified this with source so far, but it looks like a DoS + NOTE: This is fixed in zlib 1.2.3, we could check if other apps embedding + NOTE: zlib 1.2 are affected as well + - rsync 2.6.6-1 (low) +CVE-2005-XXXX [SQL injecton vulnerabilities in vpopmail prior to 5.4.6] + NOTE: see http://archives.neohapsis.com/archives/bugtraq/2004-08/0286.html + NOTE: maintainer says does not apply to debian, see #320608 +CVE-2005-XXXX [strobe reads file from unsafe directory] + - netdiag 0.7-7.1 (bug #206905; low) +CVE-2005-XXXX [Integer overflow in ffmpeg''s MPEG encoding] + - ffmpeg 0.cvs20050811-1 (bug #320150; medium) +CVE-2005-XXXX [xgalaga score file segfault] + - xgalaga 2.0.34-31 (bug #319686; low) +CVE-2005-XXXX [xemeraldia games file overwrite] + - xemeraldia 0.4-1 (bug #319661; low) +CVE-2005-XXXX [fiaif: Package provided cron job updates conf files with access definitions] + NOTE: This doesn''t look like a real security issue as cron.daily should only be + NOTE: writable by root, but lets include it as the maintainer considers it an issue + - fiaif 1.19.2-14 (low) +CVE-2005-XXXX [oftpd port DOS] + - oftpd <removed> (bug #307957; low) + NOTE: CVE id requested from mitre +CVE-2005-XXXX [Unspecified issue in moodle''s admin/delete.php] + - moodle 1.4.4.dfsg.1-3 +CVE-2005-XXXX [gforge arbitrary code execution through viewFile.php] + NOTE: viewFile.php has been removed along with other files in -26, so Debian is + NOTE: no longer affected. + - gforge 3.1-26 +CVE-2005-XXXX [osh buffer overflow] + - osh 1.7-13 (bug #311369) +CVE-2005-XXXX [xile buffer overrun in terminal code] + - zile 2.0.4-2 +CVE-2005-XXXX [Two DoS condition in ekg] + - ekg 1:1.5+20050411-3 +CVE-2005-XXXX [lcrash affected by libbfd integer overflows] + - lcrash 7.0.0.pre.cvs.20050322-3 +CVE-2005-XXXX [Multiple security problems in lbreakout2] + - lbreakout2 2.5.2-2 +CVE-2005-XXXX [clamav: DoS through multiple empty Content-Disposition header lines] + - clamav 0.85.1-1 (low) + NOTE: Suspect Sarge is affected, not enough information to certify +CVE-2005-XXXX [libxpm4: new s_popen() function is insecure garbage] + - xfree86 4.3.0.dfsg.1-14 (bug #308783) + - xorg-x11 <not-affected> (Xfree-specific, inspected the Subversion tree) +CVE-2005-XXXX [Buffer overflow in libotr] + - libotr 2.0.2-1 +CVE-2005-XXXX [vpnc: config file path security hole] + - vpnc 0.3.2+SVN20050326-2 +CVE-2005-XXXX [Several buffer overflows in termpkg] + - termpkg 3.3-2 +CVE-2005-XXXX [Integer overflow in binutils'' ELF parsing] + NOTE: 2.16.1cvs20050902-1 mentions this in the changelog as well, but it''s + NOTE: already fixed since 2.15-6 + - binutils 2.15-6 +CVE-2005-XXXX [kmd affected by binutils''s ELF parser vulnerability] + - kmd 0.9.19-1.1 +CVE-2005-XXXX [unrar: opens /tmp/debug_unrar.txt] + NOTE: Source package has been renamed from unrar to unrar-free + - unrar-free 1:0.0.1-2 +CVE-2005-XXXX [race condition with a buffered temp file] + - pysvn 1.1.2-3 +CVE-2005-XXXX [mailutils: sql injection vulnerability in sql authentication module] + - mailutils 1:0.6.1-2 +CVE-2005-XXXX [maradns: More frequent rekeying to mitigate possible AES attacks] + - maradns 1.0.27-1 +CVE-2005-XXXX [Possible SQL injection in freeradius] + - freeradius 1.0.2-4 +CVE-2005-XXXX [Directory traversal in unzoo] + - unzoo 4.4-4 +CVE-2005-XXXX [Logging bypassing through SIGHUP in syslog-ng] + - syslog-ng 1.6.5-2.1 +CVE-2005-XXXX [trackballs: Follows symlinks as gid games] + - trackballs 1.1.1-1 (bug #302454; medium) + NOTE: CVE request sent to mitre (who sent this? any response?) + NOTE: Trackballs doesn''t run as gid games anymore, high-score files are + NOTE: stored in user''s home directories instead. + TODO: check possibility of exploitation via scripting language, + TODO: as mentioned in the bug report as a separate issue +CVE-2005-XXXX [Less secure default setting in pwgen or the lack documentation about it] + - pwgen 2.04-1 +CVE-2005-XXXX [Insecure handling of gpg passphrases in gabber] + - gabber <unfixed> (bug #177776; low) +CVE-2005-XXXX [Missing input validation in xtradius] + - xtradius 1.2.1-beta2-2 (bug #307796; unimportant) +CVE-2005-XXXX [fai tempfile vulnerability] + - fai 2.8.2 +CVE-2005-XXXX [eskuel: arbitrary file retrieving] + - eskuel 1.0.5-3.1 (bug #307270; low) +CVE-2005-XXXX [Buffer overflow in elog''s header buffer] + - elog 2.5.7+r1558-3 (bug #349528; high) +CVE-2005-XXXX [Unspeficied security issue in ipsec-tool''s single DES support] + - ipsec-tools 1:0.5.2-1 +CVE-2005-XXXX [Insecure mailbox generation in passwd''s useradd] + - shadow 4.0.8 + [sarge] - shadow <not-affected> (was introduced after version 4.0.3) + [woody] - shadow <not-affected> (was introduced after version 4.0.3) +CVE-2005-XXXX [Insecure tempfile generation in shadow''s vipw] + - shadow 1:4.0.3-33 +CVE-2005-XXXX [Unspecified buffer overflow in Convert::UUlib perl module] + - libconvert-uulib-perl 1.0.5.1-1 +CVE-2005-XXXX [libpam-ssh: Inproper caching of pwd data with potential security implications] + - libpam-ssh 1.91.0-9 +CVE-2005-XXXX [Remote DoS vulnerabilities in postgrey] + - postgrey 1.21-1 +CVE-2005-XXXX [Some security issues in mod_security] + NOTE: I don''t understand mod_security fully, so I''m not entirely sure which of + NOTE: the changelog entries matches the security criteria, but the changelog + NOTE: claims so. + - libapache-mod-security 1.8.7-1 +CVE-2005-XXXX [imms: Arbitrary command execution through inproper filename escaping] + NOTE: Already fixed in 2.0.1-3.1, but 2.0.3 claims to have a better fix + - imms 2.0.3-1 +CVE-2005-XXXX [Variable function calls in Smarty allow bypassing security settings] + - smarty 2.6.9-1 +CVE-2005-XXXX [Possible problem with insecure usage of sscanf in obexftp client] + - obexftp 0.10.7-3 +CVE-2005-XXXX [Insecure tempfile handling in openwebmail CGI scripts] + - openwebmail <removed> +CVE-2005-XXXX [Several DoS possibilities of clients against the server in Freeciv] + - freeciv 2.0.1-1 +CVE-2005-XXXX [mailscanner: lock/pid file location symlink attack] + - mailscanner 4.40.11-1 +CVE-2005-XXXX [KDE Kopete ICQ remote DoS] + - kdenetwork 4:3.3.2-2 +CVE-2005-XXXX [Various /tmp related security issues in cernlib] + - cernlib 2004.11.04-3 +CVE-2005-XXXX [Connection related DoS possibility in OmniORB 4] + - omniorb4 4.0.5-2 +CVE-2002-XXXX [Cross-Site-Scripting in Bugzilla] + - bugzilla 2.16.2-1 +CVE-2002-XXXX [Multiple buffer overflows in gtetrinet] + - gtetrinet 0.4.4-1