Author: joeyh
Date: 2006-05-25 21:14:23 +0000 (Thu, 25 May 2006)
New Revision: 4075
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-05-25 10:54:00 UTC (rev 4074)
+++ data/CVE/list 2006-05-25 21:14:23 UTC (rev 4075)
@@ -199,6 +199,7 @@
CVE-2006-2490 (Multiple cross-site scripting (XSS) vulnerabilities in Mobotix
IP ...)
NOT-FOR-US: Mobotix
CVE-2006-2489 (Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and
2.x ...)
+ {DSA-1072-1}
- nagios 2:1.4-1 (bug #366682; bug #366803; high)
- nagios2 2.3-1 (bug #366683; high)
CVE-2006-2488 (Multiple cross-site scripting (XSS) vulnerabilities in Spymac
WebOS ...)
@@ -904,6 +905,7 @@
CVE-2006-2163 (Cross-site scripting (XSS) vulnerability in index.php in
Pinnacle Cart ...)
NOT-FOR-US: Pinnacle
CVE-2006-2162 (Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x
before ...)
+ {DSA-1072-1}
- nagios 2:1.4-1 (bug #366682; bug #366803; medium)
- nagios2 2.3-1 (bug #366683; medium)
CVE-2006-2161 (Buffer overflow in (1) TZipBuilder 1.79.03.01, (2) Abakt 0.9.2
and ...)
@@ -2203,6 +2205,7 @@
CVE-2006-1656 (vserver in util-vserver 0.30.209 executes a command as root when
the ...)
- util-vserver 0.30.210-1 (bug #360438; unimportant)
CVE-2006-1655 (Unspecified vulnerability in mpg123 0.59r allows user-complicit
...)
+ {DSA-1074-1}
- mpg123 0.59r-22 (bug #361863; unknown)
[sarge] - mpg123 <no-dsa> (Non-free software)
CVE-2006-1654 (Directory traversal vulnerability in the HP Color LaserJet 2500
...)
@@ -2568,16 +2571,19 @@
CVE-2006-1519
REJECTED
CVE-2006-1518 (Buffer overflow in the open_table function in sql_base.cc in
MySQL ...)
+ {DSA-1073-1 DSA-1071-1}
- mysql-dfsg-5.0 5.0.21-1 (bug #365939; medium)
- mysql-dfsg-4.1 <unfixed> (bug #365939; medium)
- mysql-dfsg <unfixed> (bug #365939; medium)
- mysql <unfixed> (bug #365939; medium)
CVE-2006-1517 (sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18,
and ...)
+ {DSA-1073-1 DSA-1071-1}
- mysql-dfsg-5.0 5.0.21-1 (bug #365939; low)
- mysql-dfsg-4.1 <unfixed> (bug #365939; low)
- mysql-dfsg <unfixed> (bug #365939; low)
- mysql <unfixed> (bug #365939; low)
CVE-2006-1516 (The check_connection function in sql_parse.cc in MySQL 4.0.x up
to ...)
+ {DSA-1073-1 DSA-1071-1}
- mysql-dfsg-5.0 5.0.21-1 (bug #365939; low)
- mysql-dfsg-4.1 <unfixed> (bug #365939; low)
- mysql-dfsg <unfixed> (bug #365939; low)
@@ -3967,6 +3973,7 @@
CVE-2006-0904
RESERVED
CVE-2006-0903 (MySQL 5.0.18 and earlier allows local users to bypass logging
...)
+ {DSA-1073-1 DSA-1071-1}
- mysql-dfsg-5.0 5.0.19-3 (bug #359701; bug #366162; bug #366163)
CVE-2006-0902
RESERVED
@@ -19897,7 +19904,7 @@
TODO: check, when this was fixed in 2.6
CVE-2005-0528 [mremap kernel issue]
RESERVED
- {DSA-1069-1 DSA-1067-1}
+ {DSA-1070-1 DSA-1069-1 DSA-1067-1}
TODO: Fixed for Woody, check 2.4 and 2.6
CVE-2005-0527 (Firefox 1.0 allows remote attackers to execute arbitrary code
via ...)
- mozilla-firefox 1.0.1
@@ -19955,7 +19962,7 @@
CVE-2005-0505 (Unknown vulnerability in Information Resource Manager (IRM)
before ...)
- irm 1.5.3.1-1
CVE-2005-0504 (Buffer overflow in the MoxaDriverIoctl function for the moxa
serial ...)
- {DSA-1069-1 DSA-1067-1}
+ {DSA-1070-1 DSA-1069-1 DSA-1067-1}
- kernel-source-2.6.8 2.6.8-12
- kernel-source-2.6.9 2.6.9-5
- kernel-source-2.6.10 2.6.10-2
@@ -19990,7 +19997,7 @@
- curl 7.13.0-2
CVE-2005-0489
RESERVED
- {DSA-1069-1 DSA-1067-1}
+ {DSA-1070-1 DSA-1069-1 DSA-1067-1}
CVE-2004-1702 (The AuthenticationDialogue function in cfservd for Cfengine
2.0.0 to ...)
- cfengine2 2.1.8-1
CVE-2004-1701 (Heap-based buffer overflow in the AuthenticationDialogue
function in ...)
@@ -20693,7 +20700,7 @@
{DSA-693-1}
- luxman 0.41-20 (bug #299857)
CVE-2005-0384 (Unknown vulnerability in the PPP driver for the Linux kernel
2.6.8.1 ...)
- {DSA-1069-1 DSA-1067-1}
+ {DSA-1070-1 DSA-1069-1 DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive)
TODO: Check, when this was fixed upstream
- kernel-source-2.4.27 2.4.27-9
@@ -21577,7 +21584,7 @@
TODO: Check, whether 2.4 is affected
[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0135 (The unw_unwind_to_user function in unwind.c on Itanium (ia64)
...)
- {DSA-1069-1 DSA-1067-1}
+ {DSA-1070-1 DSA-1069-1 DSA-1067-1}
TODO: Check, when this was fixed upstream
TODO: Check, whether 2.4 is affected
[sarge] - kernel-source-2.6.8 2.6.8-14
@@ -21608,7 +21615,7 @@
CVE-2005-0125 (The "at" commands on Mac OS X 10.3.7 and
earlier do not properly drop ...)
NOT-FOR-US: MacOS
CVE-2005-0124 (The coda_pioctl function in the coda functionality (pioctl.c)
for ...)
- {DSA-1069-1 DSA-1067-1 DSA-1017-1}
+ {DSA-1070-1 DSA-1069-1 DSA-1067-1 DSA-1017-1}
TODO: Check, when this was fixed upstream
CVE-2005-0123
RESERVED
@@ -22007,14 +22014,14 @@
- mysql-dfsg-4.1 4.1.8a-6
- mysql-dfsg 4.0.23-3
CVE-2005-0003 (The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on
64-bit ...)
- {DSA-1069-1 DSA-1067-1}
+ {DSA-1070-1 DSA-1069-1 DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
- kernel-source-2.4.27 2.4.27-9
[sarge] - kernel-source-2.6.8 2.6.8-9
CVE-2005-0002 (poppassd_pam 1.0 and earlier, when changing a user password,
does not ...)
NOT-FOR-US: poppassd_pam
CVE-2005-0001 (Race condition in the page fault handler (fault.c) for Linux
kernel ...)
- {DSA-1069-1 DSA-1067-1}
+ {DSA-1070-1 DSA-1069-1 DSA-1067-1}
NOTE: i386 and smp specific
TODO: Check, when this was fixed upstream
- linux-2.6 <not-affected> (Fixed before upload into archive)
@@ -22031,7 +22038,7 @@
CVE-2004-1336 (The xdvizilla script in tetex-bin 2.0.2 creates temporary files
with ...)
- tetex-bin 2.0.2-25
CVE-2004-1335 (Memory leak in the ip_options_get function in the Linux kernel
before ...)
- {DSA-1069-1 DSA-1067-1}
+ {DSA-1070-1 DSA-1069-1 DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
[sarge] - kernel-source-2.6.8 2.6.8-11
- kernel-source-2.4.27 2.4.27-9
@@ -22040,7 +22047,7 @@
[sarge] - kernel-source-2.6.8 2.6.8-11
- kernel-source-2.4.27 <not-affected>
CVE-2004-1333 (Integer overflow in the vc_resize function in the Linux kernel
2.4 and ...)
- {DSA-1069-1 DSA-1067-1}
+ {DSA-1070-1 DSA-1069-1 DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
[sarge] - kernel-source-2.6.8 2.6.8-11
- kernel-source-2.4.27 2.4.27-9
@@ -22249,12 +22256,12 @@
CVE-2004-1236 (Buffer overflow in the LDAP component for Netscape Directory
Server ...)
NOT-FOR-US: Netscape Directory Server on HP-UX
CVE-2004-1235 (Race condition in the (1) load_elf_library and (2) binfmt_aout
...)
- {DSA-1069-1 DSA-1067-1}
+ {DSA-1070-1 DSA-1069-1 DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive)
TODO: Check, when this was fixed
- kernel-source-2.4.27 2.4.27-8 (bug #289202; bug #289708; bug #291053; high)
CVE-2004-1234 (load_elf_binary in Linux before 2.4.26 allows local users to
cause a ...)
- {DSA-1069-1 DSA-1067-1}
+ {DSA-1070-1 DSA-1069-1 DSA-1067-1}
- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive;
2.4.26)
CVE-2004-1233 (Integer overflow in Gadu-Gadu allows remote attackers to cause a
...)
NOT-FOR-US: Gadu-Gadu
@@ -22635,28 +22642,28 @@
CVE-2004-1075 (Cross-site scripting (XSS) vulnerability in
standard_error_message.dtml ...)
- zope-zwiki 0.37.0-1
CVE-2004-1074 (The binfmt functionality in the Linux kernel, when
"memory overcommit" ...)
- {DSA-1069-1 DSA-1067-1}
+ {DSA-1070-1 DSA-1069-1 DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive)
TODO: Check, which version fixed this
[sarge] - kernel-source-2.6.8 2.6.8-11
- kernel-source-2.4.27 2.4.27-7
CVE-2004-1073 (The open_exec function in the execve functionality (exec.c) in
Linux ...)
- {DSA-1069-1 DSA-1067-1}
+ {DSA-1070-1 DSA-1069-1 DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive)
TODO: Check, which version fixed this
- kernel-source-2.4.27 2.4.27-6
CVE-2004-1072 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to
...)
- {DSA-1069-1 DSA-1067-1}
+ {DSA-1070-1 DSA-1069-1 DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive)
TODO: Check, which version fixed this
- kernel-source-2.4.27 2.4.27-6
CVE-2004-1071 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to
...)
- {DSA-1069-1 DSA-1067-1}
+ {DSA-1070-1 DSA-1069-1 DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive)
TODO: Check, which version fixed this
- kernel-source-2.4.27 2.4.27-6
CVE-2004-1070 (The load_elf_binary function in the binfmt_elf loader
(binfmt_elf.c) ...)
- {DSA-1069-1 DSA-1067-1}
+ {DSA-1070-1 DSA-1069-1 DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive)
TODO: Check, which version fixed this
- kernel-source-2.4.27 2.4.27-6
@@ -22666,7 +22673,7 @@
- kernel-source-2.4.27 <not-affected> (2.6 only issue)
[sarge] - kernel-source-2.6.8 2.6.8-11
CVE-2004-1068 (A "missing serialization" error in the
unix_dgram_recvmsg function in ...)
- {DSA-1069-1 DSA-1067-1}
+ {DSA-1070-1 DSA-1069-1 DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.9)
- kernel-source-2.4.27 2.4.27-7
[sarge] - kernel-source-2.6.8 2.6.8-11
@@ -22788,10 +22795,10 @@
- php4 4:4.3.10-1
- php3 3:3.0.18-29
CVE-2004-1017 (Multiple "overflows" in the io_edgeport driver
for Linux kernel 2.4.x ...)
- {DSA-1069-1 DSA-1067-1 DSA-1017-1}
+ {DSA-1070-1 DSA-1069-1 DSA-1067-1 DSA-1017-1}
- linux-2.6 <not-affected> (2.4 specific vulnerability)
CVE-2004-1016 (The scm_send function in the scm layer for Linux kernel 2.4.x up
to ...)
- {DSA-1069-1 DSA-1067-1}
+ {DSA-1070-1 DSA-1069-1 DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive)
- kernel-source-2.4.27 2.4.27-7
CVE-2004-1015 (Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and
earlier, ...)
@@ -22858,7 +22865,7 @@
- netkit-telnet-ssl 0.17.24+0.1-6
CVE-2004-0997
RESERVED
- {DSA-1069-1 DSA-1067-1}
+ {DSA-1070-1 DSA-1069-1 DSA-1067-1}
CVE-2004-0996 (main.c in cscope 15-4 and 15-5 creates temporary files with ...)
{DSA-610-1}
- cscope 15.5-1.1 (bug #282815)
@@ -22989,7 +22996,7 @@
CVE-2004-0950 (NetOp Host before 7.65 build 2004278 allows remote attackers to
obtain ...)
NOT-FOR-US: NetOp Host
CVE-2004-0949 (The smb_recv_trans2 function call in the samba filesystem
(smbfs) in ...)
- {DSA-1069-1 DSA-1067-1}
+ {DSA-1070-1 DSA-1069-1 DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.9)
- kernel-source-2.4.27 <unfixed>
CVE-2004-0948
@@ -23175,7 +23182,7 @@
- cyrus-sasl <removed>
- cyrus-sasl2 2.1.19-1.3 (bug #275431; bug #276865; bug #275432; bug #275553)
CVE-2004-0883 (Multiple vulnerabilities in the samba filesystem (smbfs) in
Linux ...)
- {DSA-1069-1 DSA-1067-1}
+ {DSA-1070-1 DSA-1069-1 DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive)
TODO: Check, when this was fixed
- kernel-source-2.4.27 2.4.27-6
@@ -23678,7 +23685,7 @@
CVE-2004-0686 (Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4,
when the ...)
- samba 3.0.5 (bug #260839; bug #260838)
CVE-2004-0685 (Certain USB drivers in the Linux 2.4 kernel use the copy_to_user
...)
- {DSA-1069-1 DSA-1067-1}
+ {DSA-1070-1 DSA-1069-1 DSA-1067-1}
- kernel-source-2.4.27 2.4.27-1
CVE-2004-0684 (WebSphere Edge Component Caching Proxy in WebSphere Edge Server
5.02, ...)
NOT-FOR-US: WebSphere Edge Server
@@ -23964,7 +23971,7 @@
CVE-2004-0566 (Integer overflow in imgbmp.cxx for Windows 2000 allows remote
...)
NOT-FOR-US: Windows
CVE-2004-0565 (Floating point information leak in the context switch code for
Linux ...)
- {DSA-1069-1 DSA-1067-1}
+ {DSA-1070-1 DSA-1069-1 DSA-1067-1}
- kernel-source-2.4.27 2.4.27-1
TODO: Check 2.6
CVE-2004-0564 (Roaring Penguin pppoe (rp-ppoe), if installed or configured to
run ...)
@@ -23999,7 +24006,7 @@
{DSA-643-1}
- queue 1.30.1-5
CVE-2004-0554 (Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause
a ...)
- {DSA-1069-1 DSA-1067-1}
+ {DSA-1070-1 DSA-1069-1 DSA-1067-1}
- kernel-source-2.4.27 2.4.27-1
- linux-2.6 2.6.12-1 (bug #261521)
TODO: Check 2.6, entries look flaky
@@ -24241,7 +24248,7 @@
{DSA-510}
- jftpgw 0.13.4-1
CVE-2004-0447 (Unknown vulnerability in Linux before 2.4.26 for IA64 allows
local ...)
- {DSA-1069-1 DSA-1067-1}
+ {DSA-1070-1 DSA-1069-1 DSA-1067-1}
- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive;
2.4.26)
CVE-2004-0446
RESERVED
@@ -24284,7 +24291,7 @@
CVE-2004-0428 (Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and
Mac OS ...)
NOT-FOR-US: Mac OS X)
CVE-2004-0427 (The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x
before ...)
- {DSA-1069-1 DSA-1067-1}
+ {DSA-1070-1 DSA-1069-1 DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload of linux-2.6 package
into the archive; 2.6.6)
- kernel-source-2.4.27 <not-affected> (Fixed before upload of package
into the archive; 2.4.26)
CVE-2004-0426 (rsync before 2.6.1 does not properly sanitize paths when running
a ...)
@@ -24380,7 +24387,7 @@
{DSA-509}
- gatos 0.0.5-12
CVE-2004-0394 (A "potential" buffer overflow exists in the
panic() function in Linux ...)
- {DSA-1069-1 DSA-1067-1}
+ {DSA-1070-1 DSA-1069-1 DSA-1067-1}
- linux-2.6 <not-affected>
NOTE: patch: http://www.ultramonkey.org/bugs/cve-patch/CVE-2004-0394.patch
TODO: not fixed in 2.4.27 by inspection, didn''t bother with a bug
@@ -24875,7 +24882,7 @@
NOT-FOR-US: SGI IRIX
CVE-2004-0138
RESERVED
- {DSA-1069-1 DSA-1067-1}
+ {DSA-1070-1 DSA-1069-1 DSA-1067-1}
CVE-2004-0137 (Unknown vulnerability in init for IRIX 6.5.20 through 6.5.24
allows ...)
NOT-FOR-US: IRIX init
CVE-2004-0136 (The mapelf32exec function call in IRIX 6.5.20 through 6.5.24
allows ...)
@@ -25231,7 +25238,7 @@
CVE-2003-0986 (Various routines for the ppc64 architecture on Linux kernel 2.6
prior ...)
TODO: check
CVE-2003-0984 (Real time clock (RTC) routines in Linux kernel 2.4.23 and
earlier do ...)
- {DSA-1069-1 DSA-1067-1}
+ {DSA-1070-1 DSA-1069-1 DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.2)
- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive;
2.4.24-rc1)
CVE-2003-0983 (Cisco Unity on IBM servers is shipped with default settings that
...)