Author: joeyh
Date: 2006-05-21 09:14:43 +0000 (Sun, 21 May 2006)
New Revision: 4021
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-05-21 03:42:54 UTC (rev 4020)
+++ data/CVE/list 2006-05-21 09:14:43 UTC (rev 4021)
@@ -882,7 +882,6 @@
CVE-2006-2076 (Memory leak in Paul Rombouts pdnsd before 1.2.4 allows remote
...)
- pdnsd <unfixed> (bug filed; high)
CVE-2006-2075 (Unspecified vulnerability in MyDNS 1.1.0 allows remote attackers
to ...)
- {DSA-963-1}
[sarge] - mydns 1.0.0-4sarge1
- mydns 1.1.0+pre-3 (medium; bug #348826)
CVE-2006-2074 (Unspecified vulnerability in Juniper Networks JUNOSe E-series
routers ...)
@@ -19676,7 +19675,7 @@
TODO: check, when this was fixed in 2.6
CVE-2005-0528 [mremap kernel issue]
RESERVED
- {DSA-1067-1}
+ {DSA-1069-1 DSA-1067-1}
TODO: Fixed for Woody, check 2.4 and 2.6
CVE-2005-0527 (Firefox 1.0 allows remote attackers to execute arbitrary code
via ...)
- mozilla-firefox 1.0.1
@@ -19734,7 +19733,7 @@
CVE-2005-0505 (Unknown vulnerability in Information Resource Manager (IRM)
before ...)
- irm 1.5.3.1-1
CVE-2005-0504 (Buffer overflow in the MoxaDriverIoctl function for the moxa
serial ...)
- {DSA-1067-1}
+ {DSA-1069-1 DSA-1067-1}
- kernel-source-2.6.8 2.6.8-12
- kernel-source-2.6.9 2.6.9-5
- kernel-source-2.6.10 2.6.10-2
@@ -19769,7 +19768,7 @@
- curl 7.13.0-2
CVE-2005-0489
RESERVED
- {DSA-1067-1}
+ {DSA-1069-1 DSA-1067-1}
CVE-2004-1702 (The AuthenticationDialogue function in cfservd for Cfengine
2.0.0 to ...)
- cfengine2 2.1.8-1
CVE-2004-1701 (Heap-based buffer overflow in the AuthenticationDialogue
function in ...)
@@ -20472,7 +20471,7 @@
{DSA-693-1}
- luxman 0.41-20 (bug #299857)
CVE-2005-0384 (Unknown vulnerability in the PPP driver for the Linux kernel
2.6.8.1 ...)
- {DSA-1067-1}
+ {DSA-1069-1 DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive)
TODO: Check, when this was fixed upstream
- kernel-source-2.4.27 2.4.27-9
@@ -21356,7 +21355,7 @@
TODO: Check, whether 2.4 is affected
[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0135 (The unw_unwind_to_user function in unwind.c on Itanium (ia64)
...)
- {DSA-1067-1}
+ {DSA-1069-1 DSA-1067-1}
TODO: Check, when this was fixed upstream
TODO: Check, whether 2.4 is affected
[sarge] - kernel-source-2.6.8 2.6.8-14
@@ -21387,7 +21386,7 @@
CVE-2005-0125 (The "at" commands on Mac OS X 10.3.7 and
earlier do not properly drop ...)
NOT-FOR-US: MacOS
CVE-2005-0124 (The coda_pioctl function in the coda functionality (pioctl.c)
for ...)
- {DSA-1067-1 DSA-1017-1}
+ {DSA-1069-1 DSA-1067-1 DSA-1017-1}
TODO: Check, when this was fixed upstream
CVE-2005-0123
RESERVED
@@ -21786,14 +21785,14 @@
- mysql-dfsg-4.1 4.1.8a-6
- mysql-dfsg 4.0.23-3
CVE-2005-0003 (The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on
64-bit ...)
- {DSA-1067-1}
+ {DSA-1069-1 DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
- kernel-source-2.4.27 2.4.27-9
[sarge] - kernel-source-2.6.8 2.6.8-9
CVE-2005-0002 (poppassd_pam 1.0 and earlier, when changing a user password,
does not ...)
NOT-FOR-US: poppassd_pam
CVE-2005-0001 (Race condition in the page fault handler (fault.c) for Linux
kernel ...)
- {DSA-1067-1}
+ {DSA-1069-1 DSA-1067-1}
NOTE: i386 and smp specific
TODO: Check, when this was fixed upstream
- linux-2.6 <not-affected> (Fixed before upload into archive)
@@ -21810,7 +21809,7 @@
CVE-2004-1336 (The xdvizilla script in tetex-bin 2.0.2 creates temporary files
with ...)
- tetex-bin 2.0.2-25
CVE-2004-1335 (Memory leak in the ip_options_get function in the Linux kernel
before ...)
- {DSA-1067-1}
+ {DSA-1069-1 DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
[sarge] - kernel-source-2.6.8 2.6.8-11
- kernel-source-2.4.27 2.4.27-9
@@ -21819,7 +21818,7 @@
[sarge] - kernel-source-2.6.8 2.6.8-11
- kernel-source-2.4.27 <not-affected>
CVE-2004-1333 (Integer overflow in the vc_resize function in the Linux kernel
2.4 and ...)
- {DSA-1067-1}
+ {DSA-1069-1 DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
[sarge] - kernel-source-2.6.8 2.6.8-11
- kernel-source-2.4.27 2.4.27-9
@@ -22028,12 +22027,12 @@
CVE-2004-1236 (Buffer overflow in the LDAP component for Netscape Directory
Server ...)
NOT-FOR-US: Netscape Directory Server on HP-UX
CVE-2004-1235 (Race condition in the (1) load_elf_library and (2) binfmt_aout
...)
- {DSA-1067-1}
+ {DSA-1069-1 DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive)
TODO: Check, when this was fixed
- kernel-source-2.4.27 2.4.27-8 (bug #289202; bug #289708; bug #291053; high)
CVE-2004-1234 (load_elf_binary in Linux before 2.4.26 allows local users to
cause a ...)
- {DSA-1067-1}
+ {DSA-1069-1 DSA-1067-1}
- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive;
2.4.26)
CVE-2004-1233 (Integer overflow in Gadu-Gadu allows remote attackers to cause a
...)
NOT-FOR-US: Gadu-Gadu
@@ -22414,28 +22413,28 @@
CVE-2004-1075 (Cross-site scripting (XSS) vulnerability in
standard_error_message.dtml ...)
- zope-zwiki 0.37.0-1
CVE-2004-1074 (The binfmt functionality in the Linux kernel, when
"memory overcommit" ...)
- {DSA-1067-1}
+ {DSA-1069-1 DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive)
TODO: Check, which version fixed this
[sarge] - kernel-source-2.6.8 2.6.8-11
- kernel-source-2.4.27 2.4.27-7
CVE-2004-1073 (The open_exec function in the execve functionality (exec.c) in
Linux ...)
- {DSA-1067-1}
+ {DSA-1069-1 DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive)
TODO: Check, which version fixed this
- kernel-source-2.4.27 2.4.27-6
CVE-2004-1072 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to
...)
- {DSA-1067-1}
+ {DSA-1069-1 DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive)
TODO: Check, which version fixed this
- kernel-source-2.4.27 2.4.27-6
CVE-2004-1071 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to
...)
- {DSA-1067-1}
+ {DSA-1069-1 DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive)
TODO: Check, which version fixed this
- kernel-source-2.4.27 2.4.27-6
CVE-2004-1070 (The load_elf_binary function in the binfmt_elf loader
(binfmt_elf.c) ...)
- {DSA-1067-1}
+ {DSA-1069-1 DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive)
TODO: Check, which version fixed this
- kernel-source-2.4.27 2.4.27-6
@@ -22445,7 +22444,7 @@
- kernel-source-2.4.27 <not-affected> (2.6 only issue)
[sarge] - kernel-source-2.6.8 2.6.8-11
CVE-2004-1068 (A "missing serialization" error in the
unix_dgram_recvmsg function in ...)
- {DSA-1067-1}
+ {DSA-1069-1 DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.9)
- kernel-source-2.4.27 2.4.27-7
[sarge] - kernel-source-2.6.8 2.6.8-11
@@ -22567,10 +22566,10 @@
- php4 4:4.3.10-1
- php3 3:3.0.18-29
CVE-2004-1017 (Multiple "overflows" in the io_edgeport driver
for Linux kernel 2.4.x ...)
- {DSA-1067-1 DSA-1017-1}
+ {DSA-1069-1 DSA-1067-1 DSA-1017-1}
- linux-2.6 <not-affected> (2.4 specific vulnerability)
CVE-2004-1016 (The scm_send function in the scm layer for Linux kernel 2.4.x up
to ...)
- {DSA-1067-1}
+ {DSA-1069-1 DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive)
- kernel-source-2.4.27 2.4.27-7
CVE-2004-1015 (Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and
earlier, ...)
@@ -22637,7 +22636,7 @@
- netkit-telnet-ssl 0.17.24+0.1-6
CVE-2004-0997
RESERVED
- {DSA-1067-1}
+ {DSA-1069-1 DSA-1067-1}
CVE-2004-0996 (main.c in cscope 15-4 and 15-5 creates temporary files with ...)
{DSA-610-1}
- cscope 15.5-1.1 (bug #282815)
@@ -22768,7 +22767,7 @@
CVE-2004-0950 (NetOp Host before 7.65 build 2004278 allows remote attackers to
obtain ...)
NOT-FOR-US: NetOp Host
CVE-2004-0949 (The smb_recv_trans2 function call in the samba filesystem
(smbfs) in ...)
- {DSA-1067-1}
+ {DSA-1069-1 DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.9)
- kernel-source-2.4.27 <unfixed>
CVE-2004-0948
@@ -22954,7 +22953,7 @@
- cyrus-sasl <removed>
- cyrus-sasl2 2.1.19-1.3 (bug #275431; bug #276865; bug #275432; bug #275553)
CVE-2004-0883 (Multiple vulnerabilities in the samba filesystem (smbfs) in
Linux ...)
- {DSA-1067-1}
+ {DSA-1069-1 DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive)
TODO: Check, when this was fixed
- kernel-source-2.4.27 2.4.27-6
@@ -23457,7 +23456,7 @@
CVE-2004-0686 (Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4,
when the ...)
- samba 3.0.5 (bug #260839; bug #260838)
CVE-2004-0685 (Certain USB drivers in the Linux 2.4 kernel use the copy_to_user
...)
- {DSA-1067-1}
+ {DSA-1069-1 DSA-1067-1}
- kernel-source-2.4.27 2.4.27-1
CVE-2004-0684 (WebSphere Edge Component Caching Proxy in WebSphere Edge Server
5.02, ...)
NOT-FOR-US: WebSphere Edge Server
@@ -23743,7 +23742,7 @@
CVE-2004-0566 (Integer overflow in imgbmp.cxx for Windows 2000 allows remote
...)
NOT-FOR-US: Windows
CVE-2004-0565 (Floating point information leak in the context switch code for
Linux ...)
- {DSA-1067-1}
+ {DSA-1069-1 DSA-1067-1}
- kernel-source-2.4.27 2.4.27-1
TODO: Check 2.6
CVE-2004-0564 (Roaring Penguin pppoe (rp-ppoe), if installed or configured to
run ...)
@@ -23778,7 +23777,7 @@
{DSA-643-1}
- queue 1.30.1-5
CVE-2004-0554 (Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause
a ...)
- {DSA-1067-1}
+ {DSA-1069-1 DSA-1067-1}
- kernel-source-2.4.27 2.4.27-1
- linux-2.6 2.6.12-1 (bug #261521)
TODO: Check 2.6, entries look flaky
@@ -24020,7 +24019,7 @@
{DSA-510}
- jftpgw 0.13.4-1
CVE-2004-0447 (Unknown vulnerability in Linux before 2.4.26 for IA64 allows
local ...)
- {DSA-1067-1}
+ {DSA-1069-1 DSA-1067-1}
- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive;
2.4.26)
CVE-2004-0446
RESERVED
@@ -24063,7 +24062,7 @@
CVE-2004-0428 (Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and
Mac OS ...)
NOT-FOR-US: Mac OS X)
CVE-2004-0427 (The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x
before ...)
- {DSA-1067-1}
+ {DSA-1069-1 DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload of linux-2.6 package
into the archive; 2.6.6)
- kernel-source-2.4.27 <not-affected> (Fixed before upload of package
into the archive; 2.4.26)
CVE-2004-0426 (rsync before 2.6.1 does not properly sanitize paths when running
a ...)
@@ -24159,7 +24158,7 @@
{DSA-509}
- gatos 0.0.5-12
CVE-2004-0394 (A "potential" buffer overflow exists in the
panic() function in Linux ...)
- {DSA-1067-1}
+ {DSA-1069-1 DSA-1067-1}
- linux-2.6 <not-affected>
NOTE: patch: http://www.ultramonkey.org/bugs/cve-patch/CVE-2004-0394.patch
TODO: not fixed in 2.4.27 by inspection, didn''t bother with a bug
@@ -24654,7 +24653,7 @@
NOT-FOR-US: SGI IRIX
CVE-2004-0138
RESERVED
- {DSA-1067-1}
+ {DSA-1069-1 DSA-1067-1}
CVE-2004-0137 (Unknown vulnerability in init for IRIX 6.5.20 through 6.5.24
allows ...)
NOT-FOR-US: IRIX init
CVE-2004-0136 (The mapelf32exec function call in IRIX 6.5.20 through 6.5.24
allows ...)
@@ -25010,7 +25009,7 @@
CVE-2003-0986 (Various routines for the ppc64 architecture on Linux kernel 2.6
prior ...)
TODO: check
CVE-2003-0984 (Real time clock (RTC) routines in Linux kernel 2.4.23 and
earlier do ...)
- {DSA-1067-1}
+ {DSA-1069-1 DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.2)
- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive;
2.4.24-rc1)
CVE-2003-0983 (Cisco Unity on IBM servers is shipped with default settings that
...)