Author: joeyh
Date: 2009-03-30 21:14:15 +0000 (Mon, 30 Mar 2009)
New Revision: 11494
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-03-30 20:45:07 UTC (rev 11493)
+++ data/CVE/list 2009-03-30 21:14:15 UTC (rev 11494)
@@ -14512,7 +14512,7 @@
CVE-2008-1448 (The MHTML protocol handler in a component of Microsoft Outlook
Express ...)
NOT-FOR-US: Microsoft Outlook Express
CVE-2008-1447 (The DNS protocol, as implemented in (1) BIND 8 and 9 before
9.5.0-P1, ...)
- {DSA-1623-1 DSA-1619-1 DSA-1617-1 DSA-1603-1 DTSA-147-1}
+ {DSA-1605-1 DSA-1604-1 DSA-1623-1 DSA-1619-1 DSA-1617-1 DSA-1603-1
DTSA-147-1}
- bind9 1:9.5.0.dfsg-5 (high)
NOTE: glibc stub resolver relies on source port randomisation in kernel
- dnsmasq 2.43-1 (medium; bug #490123)
@@ -16889,6 +16889,7 @@
CVE-2008-0468 (SQL injection vulnerability in category.php in Flinx 1.3 and
earlier ...)
NOT-FOR-US: Flinx
CVE-2008-0467 (Stack-based buffer overflow in Firebird before 2.0.4, and 2.1.x
before ...)
+ {DSA-1529-1}
- firebird2 <removed>
[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
- firebird2.0 2.0.3.12981.ds1-5 (medium; bug #463596)
@@ -17106,6 +17107,7 @@
CVE-2008-0388 (SQL injection vulnerability in the WP-Forum 1.7.4 plugin for
WordPress ...)
NOT-FOR-US: WP-Forum plugin for WordPress
CVE-2008-0387 (Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x
before ...)
+ {DSA-1529-1}
- firebird2.0 2.0.3.12981.ds1-4 (bug #460048)
[lenny] - firebird2.0 2.0.3.12981.ds1-1+lenny1
- firebird2 <removed>
@@ -23853,26 +23855,32 @@
- php4 <removed> (unimportant)
NOTE: This refers to an improved fix for MOPB 03-2007, which is
CVE-2007-1285 and a non-issue
CVE-2007-4669 (The Services API in Firebird before 2.0.2 allows remote
authenticated ...)
+ {DSA-1529-1}
- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
[sarge] - firebird2 <unfixed>
CVE-2007-4668 (Unspecified vulnerability in the server in Firebird before
2.0.2 ...)
+ {DSA-1529-1}
- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
[sarge] - firebird2 <unfixed>
CVE-2007-4667 (Unspecified vulnerability in the Services API in Firebird
before 2.0.2 ...)
+ {DSA-1529-1}
- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
[sarge] - firebird2 <unfixed>
CVE-2007-4666 (Unspecified vulnerability in the server in Firebird before
2.0.2, when ...)
+ {DSA-1529-1}
- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
[sarge] - firebird2 <unfixed>
CVE-2007-4665 (Unspecified vulnerability in the server in Firebird before
2.0.2 ...)
+ {DSA-1529-1}
- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
[sarge] - firebird2 <unfixed>
CVE-2007-4664 (Unspecified vulnerability in the (1) attach database and (2)
create ...)
+ {DSA-1529-1}
- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
[sarge] - firebird2 <unfixed>
@@ -26567,6 +26575,7 @@
[etch] - dar <no-dsa> (Minor issue)
[sarge] - dar <no-dsa> (Minor issue)
CVE-2007-3527 (Integer overflow in Firebird 2.0.0 allows remote authenticated
users ...)
+ {DSA-1529-1}
- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
[sarge] - firebird2 <unfixed>
@@ -26784,21 +26793,25 @@
[sarge] - flashplugin-nonfree <no-dsa> (non-free not supported)
[etch] - flashplugin-nonfree <no-dsa> (non-free not supported)
CVE-2006-7214 (Multiple unspecified vulnerabilities in Firebird 1.5 allow
remote ...)
+ {DSA-1529-1}
- firebird1.5 <removed> (bug #432753)
- firebird2 <removed>
[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
- firebird2.0 <not-affected> (fixed in 2.0)
CVE-2006-7213 (Firebird 1.5 allows remote authenticated users without SYSDBA
and ...)
+ {DSA-1529-1}
- firebird1.5 <removed> (bug #432753)
- firebird2 <removed>
[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
- firebird2.0 <not-affected> (fixed in 2.0)
CVE-2006-7212 (Multiple buffer overflows in Firebird 1.5, one of which affects
WNET, ...)
+ {DSA-1529-1}
- firebird1.5 <removed> (bug #432753)
- firebird2 <removed>
[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
- firebird2.0 <not-affected> (fixed in 2.0)
CVE-2006-7211 (fb_lock_mgr in Firebird 1.5 uses weak permissions (0666) for
the ...)
+ {DSA-1529-1}
- firebird1.5 <not-affected> (fixed before rename to firebird1.5)
- firebird2 1.5.3.4870-4 (low; bug #362001)
[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
@@ -27472,6 +27485,7 @@
CVE-2007-3182 (Multiple cross-site scripting (XSS) vulnerabilities in
Calendarix ...)
NOT-FOR-US: Calendarix
CVE-2007-3181 (Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1
allows ...)
+ {DSA-1529-1}
- firebird2.0 2.0.3.12981.ds1-1 (medium)
[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
[sarge] - firebird2 <unfixed> (medium)
@@ -28861,6 +28875,7 @@
CVE-2007-2607 (PHP remote file inclusion vulnerability in
views/print/printbar.php in ...)
NOT-FOR-US: LaVague
CVE-2007-2606 (Multiple buffer overflows in Firebird 2.1 allow attackers to
trigger ...)
+ {DSA-1529-1}
- firebird2.0 2.0.3.12981.ds1-1 (low; bug #444976)
[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
[sarge] - firebird2 <unfixed> (low)
@@ -40961,6 +40976,7 @@
CVE-2006-4536 (SQL injection vulnerability in module/rejestracja.php in CMS
Frogss ...)
NOT-FOR-US: CMS Frogss
CVE-2006-4535 (The Linux kernel 2.6.17.10 and 2.6.17.11 and 2.6.18-rc5 allows
local ...)
+ {DSA-1184-2 DSA-1183-1}
- linux-2.6 2.6.18-1
CVE-2006-4534 (Unspecified vulnerability in Microsoft Word 2000, 2002, and
Office ...)
NOT-FOR-US: Microsoft
@@ -41885,6 +41901,7 @@
- gdb <unfixed> (unimportant)
NOTE: Every sensible use of gdb involves executing the debugged binary
CVE-2006-4145 (The Universal Disk Format (UDF) filesystem driver in Linux
kernel ...)
+ {DSA-1184-2}
- linux-2.6 2.6.17-7
CVE-2006-4143 (Netgear FVG318 running firmware 1.0.40 allows remote attackers
to ...)
NOT-FOR-US: Netgear
@@ -41991,7 +42008,7 @@
CVE-2006-4094
RESERVED
CVE-2006-4093 (Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on
...)
- {DSA-1237}
+ {DSA-1184-2 DSA-1237}
- linux-2.6 2.6.17-7
CVE-2006-4092 (Simpliciti Locked Browser does not properly limit a user's
actions to ...)
NOT-FOR-US: Simpliciti Locked Browser
@@ -42832,6 +42849,7 @@
- gnupg 1.4.5-1 (medium; bug #381204)
- gnupg2 1.9.20-2 (medium)
CVE-2006-3745 (Unspecified vulnerability in the sctp_make_abort_user function
in the ...)
+ {DSA-1184-2 DSA-1183-1}
- linux-2.6 2.6.17-7
CVE-2006-3744 (Multiple integer overflows in ImageMagick before 6.2.9 allows
...)
{DSA-1168-1}
@@ -43450,6 +43468,7 @@
{DSA-1112}
- mysql-dfsg-5.0 5.0.22-1 (bug #375694)
CVE-2006-3468 (Linux kernel 2.6.x, when using both NFS and EXT3, allows remote
...)
+ {DSA-1184-2}
- linux-2.6 2.6.17-6
CVE-2006-3467 (Integer overflow in FreeType before 2.2 allows remote attackers
to ...)
{DSA-1193-1 DSA-1178-1}
@@ -44612,8 +44631,10 @@
- openssl097 0.9.7k-2
- openssl096 <not-affected>
CVE-2006-2936 (The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel
2.6.x up ...)
+ {DSA-1184-2}
- linux-2.6 2.6.17-5 (low)
CVE-2006-2935 (The dvd_read_bca function in the DVD handling code in ...)
+ {DSA-1184-2 DSA-1183-1}
- linux-2.6 2.6.17-5 (low)
CVE-2006-2934 (SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for
Linux ...)
- linux-2.6 2.6.17-3
@@ -45414,6 +45435,7 @@
CVE-2006-2608 (artmedic newsletter 4.1 and possibly other versions, when ...)
NOT-FOR-US: artmedic newsletter
CVE-2004-2660 (Memory leak in direct-io.c in Linux kernel 2.6.x before 2.6.10
allows ...)
+ {DSA-1184-2}
- linux-2.6 <not-affected> (fixed before the first upload)
CVE-2003-1301 (Sun Java Runtime Environment (JRE) 1.x before 1.4.2_11 and
1.5.x ...)
- sun-java5 1.5.0-06-1 (low; bug #384734)
@@ -45784,12 +45806,14 @@
{DSA-1090-1}
- spamassassin 3.1.3-1 (medium)
CVE-2006-2446 (Race condition between the kfree_skb and __skb_unlink functions
in the ...)
+ {DSA-1184-2 DSA-1183-1}
- linux-2.6 2.6.16-1
NOTE: I'm not sure at which point this was merged, but I checked 2.6.16
and the
NOTE: patch is included there
CVE-2006-2445 (Race condition in run_posix_cpu_timers in Linux kernel before
...)
- linux-2.6 2.6.16-15
CVE-2006-2444 (The snmp_trap_decode function in the SNMP NAT helper for Linux
kernel ...)
+ {DSA-1184-2 DSA-1183-1}
- linux-2.6 2.6.16-15
CVE-2006-2442 (kphone 4.2 creates .qt/kphonerc with world-readable
permissions, which ...)
{DSA-1062-1}
@@ -46183,6 +46207,7 @@
{DSA-1103 DSA-1097-1}
- linux-2.6 2.6.16-13
CVE-2005-4798 (Buffer overflow in NFS readlink handling in the Linux Kernel
2.4 up to ...)
+ {DSA-1184-2 DSA-1183-1}
- linux-2.6 <not-affected>
CVE-2006-2270 (PHP remote file inclusion vulnerability in includes/config.php
in ...)
NOT-FOR-US: Jetbox CMS
@@ -47175,8 +47200,10 @@
{DSA-1103 DSA-1097-1}
- linux-2.6 2.6.16-14
CVE-2006-1856 (Certain modifications to the Linux kernel 2.6.16 and earlier do
not ...)
+ {DSA-1184-2}
- linux-2.6 2.6.16-12
CVE-2006-1855 (choose_new_parent in Linux kernel before 2.6.11.12 includes
certain ...)
+ {DSA-1184-2}
NOTE: probably fixed before, but this is the oldest linux-2.6 in the
changelog
- linux-2.6 2.6.12-1
CVE-2006-1854 (** DISPUTED ** ...)
@@ -48111,6 +48138,7 @@
NOTE: Thunderbird is potentially affected as well, but not in the
NOTE: default configuration.
CVE-2006-1528 (Linux kernel before 2.6.13 allows local users to cause a denial
of ...)
+ {DSA-1184-2 DSA-1183-1}
- linux-2.6 2.6.13-1
CVE-2006-1527 (The SCTP-netfilter code in Linux kernel before 2.6.16.13 allows
remote ...)
- linux-2.6 2.6.16-12 (low)
@@ -48559,7 +48587,7 @@
CVE-2006-1344 (Cross-site scripting (XSS) vulnerability in VeriSign haydn.exe,
as ...)
NOT-FOR-US: VeriSign haydn.exe
CVE-2006-1343 (net/ipv4/netfilter/ip_conntrack_core.c in Linux kernel 2.4 and
2.6, ...)
- {DSA-1097-1}
+ {DSA-1184-2 DSA-1097-1}
- linux-2.6 2.6.16-15
CVE-2006-1342 (net/ipv4/af_inet.c in Linux kernel 2.4 does not clear ...)
- linux-2.6 <not-affected> (Only affects 2.4 kernels)
@@ -49227,6 +49255,7 @@
CVE-2006-1053
RESERVED
CVE-2006-1052 (The selinux_ptrace logic in hooks.c in SELinux for Linux 2.6.6
allows ...)
+ {DSA-1184-2}
- linux-2.6 2.6.15+2.6.16-rc5-0experimental.1 (low)
CVE-2006-1051 (SQL injection vulnerability in Akarru Social BookMarking Engine
before ...)
NOT-FOR-US: Akurru Social BookMarking Engine
@@ -57711,7 +57740,7 @@
CVE-2005-2559 (doping.php in ePing plugin 1.02 and earlier for e107 portal
allows ...)
NOT-FOR-US: e107 portal
CVE-2005-2558 (Stack-based buffer overflow in the init_syms function in MySQL
4.0 ...)
- {DSA-831-1 DSA-829-1}
+ {DSA-833-2 DSA-831-1 DSA-829-1}
- mysql-dfsg-4.1 4.1.13 (medium)
- mysql-dfsg-5.0 5.0.7beta-1 (medium)
- mysql-dfsg 4.0.24-10sarge1 (bug #322133; medium)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
