Author: joeyh
Date: 2008-02-24 09:14:11 +0000 (Sun, 24 Feb 2008)
New Revision: 8207
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-02-23 22:38:03 UTC (rev 8206)
+++ data/CVE/list 2008-02-24 09:14:11 UTC (rev 8207)
@@ -918,6 +918,7 @@
CVE-2008-0411
RESERVED
CVE-2007-6694 (The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel
2.4.21 ...)
+ {DSA-1504-1 DSA-1503-1}
- linux-2.6 <unfixed>
CVE-2008-XXXX [openssh local users may hijack forwarded X connections]
- openssh <unfixed> (bug #463011)
@@ -2946,6 +2947,7 @@
{DSA-1476-1}
- pulseaudio 0.9.9-1
CVE-2008-0007 (Linux kernel before 2.6.22.17, when using certain drivers that
...)
+ {DSA-1504-1 DSA-1503-1}
- linux-2.6 <unfixed>
CVE-2008-0006 (Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the
libfont ...)
{DSA-1466-2 DTSA-110-1}
@@ -2971,7 +2973,7 @@
CVE-2007-6207 (Xen 3.x, possibly before 3.1.2, when running on IA64 systems,
does not ...)
- xen-3 3.1.2-1
CVE-2007-6206 (The do_coredump function in fs/exec.c in Linux kernel 2.4.x and
2.6.x ...)
- {DSA-1436-1}
+ {DSA-1504-1 DSA-1503-1 DSA-1436-1}
- linux-2.6 <unfixed>
NOTE: kernel-sec already tracks this
CVE-2007-6205 (Cross-site scripting (XSS) vulnerability in the remote RSS
sidebar ...)
@@ -3102,7 +3104,7 @@
CVE-2007-6152
RESERVED
CVE-2007-6151 (The isdn_ioctl function in isdn_common.c in Linux kernel 2.6.23
allows ...)
- {DSA-1479-1}
+ {DSA-1504-1 DSA-1503-1 DSA-1479-1}
- linux-2.6 2.6.23-2
CVE-2007-6149 (Multiple integer overflows in the Edge server in Adobe Flash
Media ...)
NOT-FOR-US: Adobe Flash Media Server
@@ -3283,7 +3285,7 @@
CVE-2007-6064
RESERVED
CVE-2007-6063 (Buffer overflow in the isdn_net_setcfg function in isdn_net.c
in Linux ...)
- {DSA-1436-1}
+ {DSA-1504-1 DSA-1503-1 DSA-1436-1}
- linux-2.6 2.6.23-2
NOTE: kernel-sec is aware of this
CVE-2007-6062 (irc-channel.c in ngIRCd before 0.10.3 allows remote attackers
to cause ...)
@@ -6104,6 +6106,7 @@
CVE-2004-2732 (nbmember.cgi in Netbilling 2.0 allows remote attackers to
obtain ...)
NOT-FOR-US: Netbilling
CVE-2004-2731 (Multiple integer overflows in Sbus PROM driver ...)
+ {DSA-1503-1}
- linux-2.6 2.6.18-1
NOTE: bufsize is unsigned since (at least) 2.6.18, might be fixed in
prior versions
CVE-2004-2730 (Sysinternals PsTools before 2.05, including (1) PsExec before
1.54, ...)
@@ -6611,7 +6614,7 @@
CVE-2007-5094 (Heap-based buffer overflow in iaspam.dll in the SMTP Server in
...)
NOT-FOR-US: Ipswitch IMail Server
CVE-2007-5093 (The disconnect method in the Philips USB Webcam (pwc) driver in
Linux ...)
- {DSA-1381-2}
+ {DSA-1504-1 DSA-1503-1 DSA-1381-2}
- linux-2.6 2.6.23-1
CVE-2007-5092 (Directory traversal vulnerability in index.php in the Dance
Music ...)
NOT-FOR-US: phpNuke module
@@ -7870,13 +7873,13 @@
NOTE: backport for stack unwinder fixes in the linux kernel made by
them.
NOTE: redhat sent a reproducer to the vendor-sec list
CVE-2007-4573 (The IA32 system call emulation functionality in Linux kernel
2.4.x and ...)
- {DSA-1381-2 DSA-1378-2 DSA-1378-1}
+ {DSA-1504-1 DSA-1381-2 DSA-1378-2 DSA-1378-1}
- linux-2.6 2.6.22-5 (medium)
CVE-2007-4572 (Stack-based buffer overflow in nmbd in Samba 3.0.0 through
3.0.26a, ...)
{DSA-1409-3 DSA-1409-2 DSA-1409-1}
- samba 3.0.27-1 (high; bug #451385)
CVE-2007-4571 (The snd_mem_proc_read function in sound/core/memalloc.c in the
...)
- {DSA-1479-1}
+ {DSA-1505-1 DSA-1479-1}
- linux-2.6 2.6.22-5 (low; bug #444571)
NOTE:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=600
NOTE:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ccec6e2c4a74adf76ed4e2478091a311b1806212
@@ -8508,13 +8511,14 @@
CVE-2007-4312 (SQL injection vulnerability in index.php in Php Blue Dragon CMS
3.0.0 ...)
NOT-FOR-US: Php Blue Dragon CMS
CVE-2007-4311 (The xfer_secondary_pool function in drivers/char/random.c in
the Linux ...)
+ {DSA-1503-1}
- linux-2.6 <not-affected> (buffer is local to the function that uses
sizeof on it)
CVE-2007-4310 (The finger daemon (in.fingerd) in Sun Solaris 7 through 9
allows ...)
NOT-FOR-US: Solaris
CVE-2007-4309 (IBM Lotus Notes 5.x through 7.0.2 allows user-assisted remote
...)
NOT-FOR-US: IBM Lotus Notes
CVE-2007-4308 (The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the
SCSI ...)
- {DSA-1363-1}
+ {DSA-1504-1 DSA-1503-1 DSA-1363-1}
- linux-2.6 2.6.22-4 (medium; bug #443694)
CVE-2007-4307 (Multiple cross-site scripting (XSS) vulnerabilities in
Storesprite 7 ...)
NOT-FOR-US: Storesprite
@@ -8893,7 +8897,7 @@
- star 1.5a67-1.1 (bug #440100; low)
[etch] - star <no-dsa> (Minor issue)
CVE-2007-4133 (The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate
functions ...)
- {DSA-1381-2}
+ {DSA-1504-1 DSA-1381-2}
- linux-2.6 2.6.20-1
CVE-2007-4132 (Unspecified vulnerability in Red Hat Network Satellite Server
5.0.0 ...)
NOT-FOR-US: Red Hat Satellite Server
@@ -9539,7 +9543,7 @@
CVE-2007-3849 (Red Hat Enterprise Linux (RHEL) 5 ships the rpm for the
Advanced ...)
NOT-FOR-US: RedHat Advanced Intrusion Detection Environment
CVE-2007-3848 (Linux kernel 2.4.35 and other versions allows local users to
send ...)
- {DSA-1356-1}
+ {DSA-1504-1 DSA-1503-1 DSA-1356-1}
- linux-2.6 2.6.22-4
CVE-2007-3847 (The date handling code in modules/proxy/proxy_util.c
(mod_proxy) in ...)
- apache2 2.2.6-1 (bug #441845; low)
@@ -9819,10 +9823,10 @@
- gimp 2.2.17-1 (unimportant)
NOTE: Only DoS by memleaks or double-frees, not treated as security
problems
CVE-2007-3740 (The CIFS filesystem in the Linux kernel before 2.6.22, when
Unix ...)
- {DSA-1378-2 DSA-1378-1}
+ {DSA-1504-1 DSA-1378-2 DSA-1378-1}
- linux-2.6 <unfixed>
CVE-2007-3739 (mm/mmap.c in the hugetlb kernel, when run on PowerPC systems,
does not ...)
- {DSA-1378-2 DSA-1378-1}
+ {DSA-1504-1 DSA-1378-2 DSA-1378-1}
- linux-2.6 2.6.20-1
CVE-2007-3738 (Multiple unspecified vulnerabilities in Mozilla Firefox before
2.0.0.5 ...)
{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
@@ -11413,7 +11417,7 @@
{DSA-1471-1}
- libvorbis 1.2.0.dfsg-1 (medium)
CVE-2007-3105 (Stack-based buffer overflow in the random number generator
(RNG) ...)
- {DSA-1363-1}
+ {DSA-1504-1 DSA-1363-1}
- linux-2.6 2.6.22-4
CVE-2007-3104 (The sysfs_readdir function in the Linux kernel 2.6, as used in
Red Hat ...)
{DSA-1428-1}
@@ -12629,6 +12633,7 @@
- wu-ftpd 2.6.2-26 (unimportant; bug #425162)
NOTE: Linux' limit is 4096 chars
CVE-2006-7203 (The compat_sys_mount function in fs/compat.c in Linux kernel
2.6.20 ...)
+ {DSA-1504-1}
- linux-2.6 2.6.18.dfsg.1-9 (low)
CVE-2007-2588 (Multiple buffer overflows in the Office Viewer OCX ActiveX
control ...)
NOT-FOR-US: Office Viewer OCX ActiveX
@@ -12760,7 +12765,7 @@
CVE-2007-2526 (Heap-based buffer overflow in the ConnectAsyncEx function in
VNC ...)
NOT-FOR-US: VNC Viewer ActiveX control
CVE-2007-2525 (Memory leak in the PPP over Ethernet (PPPoE) socket
implementation in ...)
- {DSA-1356-1}
+ {DSA-1504-1 DSA-1503-1 DSA-1356-1}
- linux-2.6 2.6.22-1
NOTE: Fixed in commit 202a03acf9994076055df40ae093a5c5474ad0bd in
NOTE: Linus' tree.
@@ -13592,7 +13597,7 @@
CVE-2007-2173 (Eval injection vulnerability in (1) courier-imapd.indirect and
(2) ...)
NOT-FOR-US: Gentoo's packaging of courier
CVE-2007-2172 (A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before
2.4.35 ...)
- {DSA-1363-1 DSA-1356-1}
+ {DSA-1504-1 DSA-1503-1 DSA-1363-1 DSA-1356-1}
- linux-2.6 2.6.21-1 (medium)
CVE-2007-2171 (Stack-based buffer overflow in the base64_decode function in
...)
NOT-FOR-US: Novell GroupWise
@@ -14958,7 +14963,7 @@
CVE-2007-1593 (The administrative service in Symantec Veritas Volume
Replicator (VVR) ...)
NOT-FOR-US: Symantec
CVE-2007-1592 (net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 ...)
- {DSA-1304 DSA-1286-1}
+ {DSA-1503-1 DSA-1304 DSA-1286-1}
- linux-2.6 2.6.20-1 (medium)
CVE-2007-1591 (VsapiNT.sys in the Scan Engine 8.0 for Trend Micro AntiVirus
...)
NOT-FOR-US: Trend Micro
@@ -15591,7 +15596,7 @@
CVE-2007-1354 (The Access Control functionality (JMXOpsAccessControlFilter) in
JMX ...)
NOT-FOR-US: JBoss Application Server
CVE-2007-1353 (The setsockopt function in the L2CAP and HCI Bluetooth support
in the ...)
- {DSA-1356-1}
+ {DSA-1504-1 DSA-1503-1 DSA-1356-1}
- linux-2.6 2.6.22-1 (low)
CVE-2007-1352 (Integer overflow in the FontFileInitTable function in X.Org
libXfont ...)
{DSA-1294-1}
@@ -21170,7 +21175,7 @@
- dbus 1.0.2-1 (low)
[sarge] - dbus <no-dsa> (Minor issue)
CVE-2006-6106 (Multiple buffer overflows in the cmtp_recv_interopmsg function
in the ...)
- {DSA-1304}
+ {DSA-1503-1 DSA-1304}
- linux-2.6 2.6.18.dfsg.1-9
CVE-2006-6105 (Format string vulnerability in the host chooser window
(gdmchooser) in ...)
- gdm 2.16.4-1 (medium; bug #403219)
@@ -21283,7 +21288,7 @@
CVE-2006-6059 (Buffer overflow in MA521nd5.SYS driver 5.148.724.2003 for
NetGear ...)
NOT-FOR-US: NetGear
CVE-2006-6058 (The minix filesystem code in Linux kernel 2.6.x before 2.6.24,
...)
- {DSA-1436-1}
+ {DSA-1504-1 DSA-1436-1}
- linux-2.6 2.6.22-6 (unimportant)
NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6057 (The Linux kernel 2.6.x up to 2.6.18, and possibly other
versions, on ...)
@@ -21295,10 +21300,11 @@
CVE-2006-6055 (Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the
D-Link ...)
NOT-FOR-US: D-Link
CVE-2006-6054 (The ext2 file system code in Linux kernel 2.6.x allows local
users to ...)
+ {DSA-1504-1 DSA-1503-1}
- linux-2.6 2.6.18.dfsg.1-10 (unimportant)
NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6053 (The ext3fs_dirhash function in Linux kernel 2.6.x allows local
users ...)
- {DSA-1304}
+ {DSA-1503-1 DSA-1304}
- linux-2.6 2.6.18.dfsg.1-10 (unimportant)
NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6052 (NetEpi Case Manager before 0.98 generates different error
messages ...)
@@ -21788,6 +21794,7 @@
- kfreebsd-5 <unfixed>
[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
CVE-2006-5823 (The zlib_inflate function in Linux kernel 2.6.x allows local
users to ...)
+ {DSA-1504-1 DSA-1503-1}
- linux-2.6 2.6.18.dfsg.1-10 (low)
CVE-2006-5822 (Stack-based buffer overflow in the NetBackup bpcd daemon
(bpcd.exe) in ...)
NOT-FOR-US: Symantec Veritas NetBackup
@@ -21944,7 +21951,7 @@
{DSA-1304}
- linux-2.6 <not-affected> (Fixed before initial upload; 2.6.10)
CVE-2006-5753 (Unspecified vulnerability in the listxattr system call in Linux
...)
- {DSA-1356-1 DSA-1304}
+ {DSA-1503-1 DSA-1356-1 DSA-1304}
- linux-2.6 2.6.20-1
CVE-2006-5752 (Cross-site scripting (XSS) vulnerability in mod_status.c in the
...)
- apache2 2.2.4-2 (low)
@@ -23995,7 +24002,7 @@
CVE-2006-4815
RESERVED
CVE-2006-4814 (The mincore function in the Linux kernel before 2.4.33.6 does
not ...)
- {DSA-1304}
+ {DSA-1503-1 DSA-1304}
- linux-2.6 2.6.18.dfsg.1-9 (low)
- kernel-patch-openvz 028.18.1
CVE-2006-4813 (The __block_prepare_write function in fs/buffer.c for Linux
kernel ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
