automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@3678 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: Joey Hess <joeyh@debian.org> 2006-03-24 09:14:27 +0000
committer: Joey Hess <joeyh@debian.org> 2006-03-24 09:14:27 +0000
commit: 02b5481d7bc5d3d2487e02aef6ab1098c3b85143 (patch)
tree: 637b9772c87bc4eb20ef7ded1fd4d7214ab0cb0b
parent: e6c7718e06ba0d0bd5b697d7352bf61fcc2008d0 (diff)
5 files changed, 136 insertions, 31 deletions
diff --git a/data/CVE/2000.list b/data/CVE/2000.list
index 9d3356370b..c981a00820 100644
--- a/data/CVE/2000.list
+++ b/data/CVE/2000.list
@@ -1,3 +1,5 @@
+CVE-2000-1240 (Unspecified vulnerability in siteman.php3 in AnyPortal(php) before 22 ...)
+	TODO: check
 CVE-2000-1239 (The HTTP interface of Tivoli Lightweight Client Framework (LCF) in IBM ...)
 	NOT-FOR-US: Tivoli
 CVE-2000-1238 (BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows ...)
diff --git a/data/CVE/2003.list b/data/CVE/2003.list
index 0321921fb4..5550824374 100644
--- a/data/CVE/2003.list
+++ b/data/CVE/2003.list
@@ -1,3 +1,5 @@
+CVE-2003-1298 (Multiple directory traversal vulnerabilities in siteman.php3 in ...)
+	TODO: check
 CVE-2003-1297 (Easy File Sharing (EFS) Web Server 1.2 stores the (1) option.ini (aka ...)
 	TODO: check
 CVE-2003-1296 (Easy File Sharing (EFS) Web Server 1.2 allows remote authenticated ...)
diff --git a/data/CVE/2004.list b/data/CVE/2004.list
index 8ef0fdaf03..5a3a6497c4 100644
--- a/data/CVE/2004.list
+++ b/data/CVE/2004.list
@@ -93,6 +93,7 @@ CVE-2004-2609 (The stuffit.com executable on Symantec PowerQuest DeployCenter 5.
 CVE-2004-2608 (SmartWebby Smart Guest Book stores SmartGuestBook.mdb (aka the &quot;news ...)
 	NOT-FOR-US: SmartWebby Smart Guest Book
 CVE-2004-2607 (A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to ...)
+	{DSA-1018-1}
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.6)
 CVE-2004-2606 (The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with ...)
 	NOT-FOR-US: Linksys hardware
@@ -3382,6 +3383,7 @@ CVE-2004-1060 (Multiple TCP/IP and ICMP implementations, when using Path MTU (PM
 CVE-2004-1059 (Multiple cross-site scripting (XSS) vulnerabilities in mnoGoSearch ...)
 	- mnogosearch 3.2.18-2.2
 CVE-2004-1058 (Race condition in Linux kernel 2.6 allows local users to read the ...)
+	{DSA-1018-1}
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
 	[sarge] - kernel-source-2.6.8 2.6.8-14
 CVE-2004-1057 (Multiple drivers in Linux kernel 2.4.19 and earlier do not properly ...)
@@ -3480,6 +3482,7 @@ CVE-2004-1018 (Multiple integer handling errors in PHP before 4.3.10 allow attac
 	- php4 4:4.3.10-1
 	- php3 3:3.0.18-29
 CVE-2004-1017 (Multiple &quot;overflows&quot; in the io_edgeport driver for Linux kernel 2.4.x ...)
+	{DSA-1017-1}
 	- linux-2.6 <not-affected> (2.4 specific vulnerability)
 CVE-2004-1016 (The scm_send function in the scm layer for Linux kernel 2.4.x up to ...)
 	- linux-2.6 <not-affected> (Fixed before upload into archive)
@@ -3848,6 +3851,7 @@ CVE-2004-0888 (Multiple integer overflows in xpdf 2.0 and 3.0, and other package
 	NOTE: In version 1.1.20final+rc1-10, the dormant code in the source
 	NOTE: package was fixed.
 CVE-2004-0887 (SUSE Linux Enterprise Server 9 on the S/390 platform does not properly ...)
+	{DSA-1018-1}
 	- linux-2.6 <not-affected> (Fixed before upload into archive)
 	- kernel-source-2.6.8 2.6.8-10
 CVE-2004-0886 (Multiple integer overflows in libtiff 3.6.1 and earlier allow remote ...)
diff --git a/data/CVE/2005.list b/data/CVE/2005.list
index b31f4be982..915f54a7b9 100644
--- a/data/CVE/2005.list
+++ b/data/CVE/2005.list
@@ -256,6 +256,7 @@ CVE-2005-4620 (Buffer overflow in WinRAR 3.50 and earlier allows local users to
 CVE-2005-4619 (SQL injection vulnerability in index.php in phpoutsourcing Zorum Forum ...)
 	NOT-FOR-US: phpoutsourcing Zorum Forum 
 CVE-2005-4618 (Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15 allows ...)
+	{DSA-1018-1 DSA-1017-1}
 	- linux-2.6 2.6.15-1
 CVE-2005-XXXX [World-readable config file with sensitive data in b2evolution]
 	- b2evolution 0.9.1b-4 (bug #344000)
@@ -284,6 +285,7 @@ CVE-2005-4607 (Cross-site scripting (XSS) vulnerability in index.php in BugPort
 CVE-2005-4606 (SQL injection vulnerability in check_user.asp in multiple Web Wiz ...)
 	NOT-FOR-US: Web Wiz
 CVE-2005-4605 (The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions ...)
+	{DSA-1017-1}
 	- linux-2.6 2.6.15-1
 	- kernel-source-2.4.27 <not-affected> (2.4's proc_file_lseek contains a sanity check)
 CVE-2005-XXXX [xshisen follows symlinks for shared gid games files]
@@ -847,12 +849,10 @@ CVE-2005-4349 (** DISPUTED ** ...)
 CVE-2005-4348 (fetchmail before 6.3.1 and before 6.2.5.5, when configured for ...)
 	{DSA-939-1}
 	- fetchmail 6.3.1-1 (bug #343836; bug #345944; low)
-CVE-2005-4418 [Default policy in util-vserver prior to 0.30.208 trusted unknown capabilities]
-	RESERVED
+CVE-2005-4418 (util-vserver before 0.30.208-1 with kernel-patch-vserver before ...)
 	{DSA-1011-1}
 	- util-vserver 0.30.208-1
-CVE-2005-4347 [Improper barrier code allows for chroot escape]
-	RESERVED
+CVE-2005-4347 (The Linux 2.4 kernel patch in kernel-patch-vserver before 1.9.5.5 and ...)
 	{DSA-1011-1}
 	- util-vserver 0.30.208-1 (bug #329090; medium)
 	- kernel-patch-vserver 2.3 (bug #329087; medium)
@@ -1888,6 +1888,7 @@ CVE-2005-3860 (PHP remote file inclusion vulnerability in athena.php in Oliver M
 CVE-2005-3859 (PHP remote file inclusion vulnerability in q-news.php in Q-News 2.0 ...)
 	NOT-FOR-US: Q-News
 CVE-2005-3858 (Memory leak in the ip6_input_finish function in ip6_input.c in Linux ...)
+	{DSA-1018-1 DSA-1017-1}
 	- linux-2.6 2.6.12-6
 CVE-2005-3856 (The Popular URL capability (popularurls.cpp) in Krusader 1.60.0 and ...)
 	- krusader <unfixed> (bug #336169; low)
@@ -1976,6 +1977,7 @@ CVE-2005-3812 (freeFTPd 1.0.10 allows remote authenticated users to cause a deni
 CVE-2005-3811 (Directory traversal vulnerability in admin/main.php in AMAX Magic ...)
 	NOT-FOR-US: AMAX Magic Winmail Server 
 CVE-2005-3806 (The IPv6 flow label handling code (ip6_flowlabel.c) in Linux kernels ...)
+	{DSA-1018-1 DSA-1017-1}
 	- linux-2.6 2.6.14-1 (medium)
 CVE-2005-3805 (A locking problem in POSIX timer cleanup handling on exit in Linux ...)
 	- linux-2.6 <unfixed> (medium)
@@ -2023,15 +2025,19 @@ CVE-2005-3786 (Novell ZENworks for Desktops 4.0.1, ZENworks for Servers 3.0.2, a
 CVE-2005-3785 (Second-order symlink vulnerability in eix-sync.in in Ebuild IndeX ...)
 	NOT-FOR-US: Ebuild IndeX
 CVE-2005-3784 (The auto-reap of child processes in Linux kernel 2.6 before 2.6.15 ...)
+	{DSA-1017-1}
 	- linux-2.6 <unfixed> (medium)
 	- kernel-source-2.4.27 <not-affected>
 CVE-2005-3783 (The ptrace functionality (ptrace.c) in Linux kernel 2.6 before ...)
+	{DSA-1018-1 DSA-1017-1}
 	- linux-2.6 2.6.14-3 (medium)
 CVE-2005-3782
 	RESERVED
 CVE-2005-3848 (Memory leak in the icmp_push_reply function in Linux 2.6 before ...)
+	{DSA-1018-1 DSA-1017-1}
 	- linux-2.6 2.6.13-1
 CVE-2005-3847 (The handle_stop_signal function in signal.c in Linux kernel 2.6.11 up ...)
+	{DSA-1017-1}
 	- linux-2.6 2.6.13-1
 CVE-2005-3849 (Cross-site scripting (XSS) vulnerability in the Search module in ...)
 	- pmwiki <itp> (bug #330117)
@@ -2719,6 +2725,7 @@ CVE-2005-3524 (Buffer overflow in the SSL-ready version of linux-ftpd ...)
 CVE-2005-3807 (Memory leak in the VFS file lease handling in locks.c in Linux kernels ...)
 	- linux-2.6 2.6.14-4
 CVE-2005-3857 (The time_out_leases function in locks.c for Linux kernel before ...)
+	{DSA-1018-1 DSA-1017-1}
 	- linux-2.6 2.6.14-4 (low)
 CVE-2005-XXXX [user logout in drupal has no effect]
 	[sarge] - drupal <not-affected> (bug was introduced after 4.5.3)
@@ -3014,11 +3021,13 @@ CVE-2005-3360 (The installation of Trend Micro PC-Cillin Internet Security 2005
 CVE-2005-3359 (The atm module in Linux kernel 2.6 before 2.6.14 allows local users to ...)
 	TODO: check
 CVE-2005-3358 (Linux kernel before 2.6.15 allows local users to cause a denial of ...)
+	{DSA-1017-1}
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
 	TODO: check 2.4
 CVE-2005-3357 (mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost ...)
 	- apache2 2.0.55-4 (bug #351246)
 CVE-2005-3356 (The mq_open system call in Linux kernel 2.6.9, in certain situations, ...)
+	{DSA-1017-1}
 	- linux-2.6 2.6.15-4
 CVE-2005-3355 (Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has ...)
 	{DSA-901-1}
@@ -3364,6 +3373,7 @@ CVE-2005-3240 (Race condition in Microsoft Internet Explorer allows user-complic
 CVE-2005-3238 (Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket Option ...)
 	NOT-FOR-US: Solaris
 CVE-2005-3257 (The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and ...)
+	{DSA-1018-1 DSA-1017-1}
 	- linux-2.6 2.6.14-4 (bug #334113; medium)
 CVE-2005-3237 (Cross-site scripting (XSS) vulnerability in Cyphor 0.19 allows remote ...)
 	NOT-FOR-US: Cyphor
@@ -3528,12 +3538,14 @@ CVE-2005-3239 (The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allo
 	{DSA-887-1 DTSA-21-1}
 	- clamav 0.87.1-1 (bug #333566; medium)
 CVE-2005-3181 (The audit system in Linux kernel before 2.6.13.4, when ...)
+	{DSA-1017-1}
 	- linux-2.6 2.6.13+2.6.14-rc4-0experimental1 (low)
 	- kernel-source-2.4.27 <not-affected> (2.4 kernels don't have CONFIG_AUDITSYSCALL)
 CVE-2005-XXXX [Missing safemode checks in PHP's _php_image_output functions]
 	- php5 5.0.5-2 (low)
 	- php4 4:4.4.0-3 (low)
 CVE-2005-3180 (The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does ...)
+	{DSA-1017-1}
 	- linux-2.6 2.6.13+2.6.14-rc4-0experimental.1 (medium)
 CVE-2005-3119 (Memory leak in the request_key_auth_destroy function in ...)
 	- linux-2.6 2.6.13-2 (low)
@@ -3890,12 +3902,14 @@ CVE-2005-3056 [TWiki INCLUDE function allows arbitrary shell command execution ]
 	RESERVED
 	- twiki 20040902-2 (bug #330733; high)
 CVE-2005-3055 (Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial ...)
+	{DSA-1017-1}
 	- linux-2.6 <unfixed> (bug #330287; bug #332587; medium)
 	- kernel-source-2.4.27 <not-affected>
 CVE-2005-3054 (fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not ...)
 	- php4 4:4.4.0-3 (bug #353585; bug #354685; medium)
 	- php5 5.0.5-2 (bug #353585; medium)
 CVE-2005-3053 (The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x ...)
+	{DSA-1017-1}
 	- linux-2.6 2.6.12-3 (bug #330343; bug #330353; medium)
 CVE-2005-3052 (SQL injection vulnerability in module/down.inc.php in jportal 2.3.1 ...)
 	NOT-FOR-US: jportal
@@ -4085,6 +4099,7 @@ CVE-2005-2974 (libungif library before 4.1.0 allows attackers to cause a denial
 	{DSA-890-1}
 	- libungif4 4.1.3-4 (bug #337972; medium)
 CVE-2005-2973 (The udp_v6_get_port function in udp.c in Linux 2.6 before 2.6.14-rc5, ...)
+	{DSA-1018-1 DSA-1017-1}
 	- linux-2.6 2.6.13+2.6.14-rc4-0experimental.1 (low)
 CVE-2005-2972 (Multiple stack-based buffer overflows in the RTF import feature in ...)
 	{DSA-894-1}
@@ -4209,8 +4224,8 @@ CVE-2005-2924
 	RESERVED
 CVE-2005-2923 (The IMAP server in IMail Server 8.20 in Ipswitch Collaboration Suite ...)
 	NOT-FOR-US: Ipswitch Collaboration Suite
-CVE-2005-2922
-	RESERVED
+CVE-2005-2922 (Heap-based buffer overflow in the embedded player in multiple ...)
+	TODO: check
 CVE-2005-2921
 	RESERVED
 CVE-2005-2916 (Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions ...)
@@ -4314,6 +4329,7 @@ CVE-2005-2918 (The open_cmd_tube function in mount.c for gtkdiskfree 1.9.3 and .
 	{DSA-822-1}
 	- gtkdiskfree 1.9.3-4sarge1 (bug #328566; low)
 CVE-2005-3044 (Multiple vulnerabilities in Linux kernel before 2.6.13.2 allow local ...)
+	{DSA-1017-1}
 	- linux-2.6 2.6.12-7 (medium)
 	- kernel-source-2.4.27 <not-affected> (code is vulnerable but there is no amd64 for 2.4 in Sarge)
 CVE-2005-2877 (The history (revision control) function in TWiki 02-Sep-2004 and ...)
@@ -4485,6 +4501,7 @@ CVE-2005-2803 (Cross-site scripting (XSS) vulnerability in Hiki 0.8.1 to 0.8.2 a
 	[sarge] - hiki <not-affected> (code not present in sarge)
 	- hiki 0.8.3-1
 CVE-2005-2800 (Memory leak in the seq_file implemenetation in the SCSI procfs ...)
+	{DSA-1017-1}
 	- linux-2.6 2.6.12-6 (low)
 	- kernel-source-2.4.27 <not-affected> (seq_file introduced in 2.6)
 CVE-2005-2799 (Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and ...)
@@ -4676,13 +4693,14 @@ CVE-2005-2713 (passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and
 	TODO: check
 CVE-2005-2712 (The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1, 6.5.5, ...)
 	TODO: check
-CVE-2005-2711
-	RESERVED
+CVE-2005-2711 (ISS BlackIce 3.6, as used in multiple products including BlackICE PC ...)
+	TODO: check
 CVE-2005-2710 (Format string vulnerability in Real HelixPlayer and RealPlayer 10 ...)
 	{DSA-826-1}
 	NOTE: see  http://www.open-security.org/advisories/13
 	- helix-player 1.0.6-1 (bug #330364; high)
 CVE-2005-2709 (The sysctl functionality (sysctl.c) in Linux kernel before 2.6.14.1 ...)
+	{DSA-1018-1 DSA-1017-1}
 	- linux-2.6 2.6.14-3
 CVE-2005-2708 (The search_binary_handler function in exec.c in Linux 2.4 kernel on ...)
 	- kernel-source-2.4.27 <not-affected> (amd64/2.4 not supported)
@@ -5086,7 +5104,7 @@ CVE-2005-2556 (core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with ..
 	{DSA-778-1}
 	- mantis 0.19.2-4 (medium)
 CVE-2005-2555 (Linux kernel 2.6.x does not properly restrict socket policy access to ...)
-	{DTSA-16-1}
+	{DSA-1018-1 DSA-1017-1 DTSA-16-1}
 	- linux-2.6 2.6.12-6 (medium)
 CVE-2005-XXXX [DoS against clamav through infinite loop in cli_rmdirs]
 	- clamav 0.86.2-1 (low)
@@ -5242,6 +5260,7 @@ CVE-2005-2491 (Integer overflow in pcre_compile.c in Perl Compatible Regular ...
 	- python2.2 2.2.3dfsg-4 (medium)
 	- python2.3 2.3.5-8 (medium)
 CVE-2005-2490 (Stack-based buffer overflow in the sendmsg function call in the Linux ...)
+	{DSA-1017-1}
 	- linux-2.6 2.6.12-7 (bug #327416; medium)
 CVE-2005-XXXX [Buffer overflow in Description parsing]
 	- bidwatcher <removed> (bug #319489; low)
@@ -5362,7 +5381,7 @@ CVE-2005-XXXX [bugzilla: Maintainer's postinst script use temporary files in an
 CVE-2005-XXXX [Crypto weakness in Tor's handshaking process]
 	- tor 0.1.0.14-1 (medium)
 CVE-2005-2457 (The driver for compressed ISO file systems (zisofs) in the Linux ...)
-	{DTSA-16-1}
+	{DSA-1018-1 DSA-1017-1 DTSA-16-1}
 	- linux-2.6 2.6.12-3 (medium)
 CVE-2005-2456 (Array index overflow in the xfrm_sk_policy_insert function in ...)
 	{DSA-922-1 DSA-921-1 DTSA-16-1}
@@ -6271,7 +6290,7 @@ CVE-2005-2090 (Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0)
 	NOTE: tomcat5 in experimental has this fix as well
 CVE-2005-2089 (Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web ...)
 	NOT-FOR-US: Microsoft
-CVE-2005-2088 (Apache 2.0.45 and 1.3.29, when acting as an HTTP proxy, allows remote ...)
+CVE-2005-2088 (The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when ...)
 	{DSA-805-1 DSA-803-1}
 	- apache 1.3.33-8 (bug #322607; medium)
 	- apache2 2.0.54-5 (bug #316173; medium)
@@ -7013,7 +7032,7 @@ CVE-2005-1762 (The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AM
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc5)
 	- kernel-source-2.4.27 2.4.27-11
 CVE-2005-1761 (Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users ...)
-	{DSA-922-1 DTSA-16-1}
+	{DSA-1018-1 DSA-922-1 DTSA-16-1}
 	- linux-2.6 2.6.12-1 (medium)
 CVE-2005-1760 (sysreport 1.3.15 and earlier includes contents of the up2date file in ...)
 	NOT-FOR-US: sysreport
@@ -9993,6 +10012,7 @@ CVE-2005-0451 (Sami HTTP Server 1.0.5 allows remote attackers to cause a denial
 CVE-2005-0450 (Directory traversal vulnerability in Sami HTTP Server 1.0.5 allows ...)
 	NOT-FOR-US: Sami HTTP Server
 CVE-2005-0449 (The netfilter/iptables module in Linux before 2.6.8.1 allows remote ...)
+	{DSA-1018-1 DSA-1017-1}
 	- linux-2.6 <not-affected> (Vulnerable code was removed betwen 2.6.11 and 2.6.12)
 CVE-2005-0448 (Race condition in the rmtree function in File::Path.pm in Perl before ...)
 	{DSA-696-1}
@@ -10748,6 +10768,7 @@ CVE-2005-0126 (ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to execu
 CVE-2005-0125 (The &quot;at&quot; commands on Mac OS X 10.3.7 and earlier do not properly drop ...)
 	NOT-FOR-US: MacOS
 CVE-2005-0124 (The coda_pioctl function in the coda functionality (pioctl.c) for ...)
+	{DSA-1017-1}
 	TODO: Check, when this was fixed upstream
 CVE-2005-0123
 	RESERVED
diff --git a/data/CVE/2006.list b/data/CVE/2006.list
index 3ba8b845e5..1bc5a320dc 100644
--- a/data/CVE/2006.list
+++ b/data/CVE/2006.list
@@ -1,3 +1,77 @@
+CVE-2006-1378 (PasswordSafe 3.0, when running on Windows before XP, uses a weak ...)
+	TODO: check
+CVE-2006-1377 (Cross-site scripting (XSS) vulnerability in img.php in (1) EasyMoblog ...)
+	TODO: check
+CVE-2006-1376 (The installation of Debian GNU/Linux 3.1r1 from the network install CD ...)
+	TODO: check
+CVE-2006-1375 (AdMan 1.0.20051221 and earlier allows remote attackers to obtain the ...)
+	TODO: check
+CVE-2006-1374 (SQL injection vulnerability in viewStatement.php in AdMan 1.0.20051221 ...)
+	TODO: check
+CVE-2006-1373 (Cross-site scripting (XSS) vulnerability in status_image.php in PHP ...)
+	TODO: check
+CVE-2006-1372 (Multiple SQL injection vulnerabilities in 1WebCalendar 4.0 and earlier ...)
+	TODO: check
+CVE-2006-1371 (Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows ...)
+	TODO: check
+CVE-2006-1370 (Buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1040 through ...)
+	TODO: check
+CVE-2006-1369 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) ...)
+	TODO: check
+CVE-2006-1368 (Buffer overflow in the USB Gadget RNDIS implementation in the Linux ...)
+	TODO: check
+CVE-2006-1367 (The Motorola PEBL U6 08.83.76R, the Motorola V600, and possibly the ...)
+	TODO: check
+CVE-2006-1366 (Buffer overflow in the Motorola PEBL U6 08.83.76R, and possibly other ...)
+	TODO: check
+CVE-2006-1365 (The Motorola PEBL U6, the Motorola V600, and possibly the Motorola ...)
+	TODO: check
+CVE-2006-1364 (Microsoft w3wp (aka w3wp.exe) does not properly handle when the ...)
+	TODO: check
+CVE-2006-1363 (images.php in Justin White (aka YTZ) Free Web Publishing System ...)
+	TODO: check
+CVE-2006-1362 (Multiple SQL injection vulnerabilities in Mini-Nuke CMS System 1.8.2 ...)
+	TODO: check
+CVE-2006-1361 (Cross-site scripting (XSS) vulnerability in OSWiki before 0.3.1 allows ...)
+	TODO: check
+CVE-2006-1360 (Multiple SQL injection vulnerabilities in MusicBox 2.3 Beta 2 allow ...)
+	TODO: check
+CVE-2006-1359 (Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to ...)
+	TODO: check
+CVE-2006-1358 (Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes ...)
+	TODO: check
+CVE-2006-1357 (Cross-site scripting (XSS) vulnerability in my.support.php3 in F5 ...)
+	TODO: check
+CVE-2006-1356 (Stack-based buffer overflow in the count_vcards function in LibVC 3, ...)
+	TODO: check
+CVE-2006-1355 (avast! Antivirus 4.6.763 and earlier sets &quot;BUILTIN\Everyone&quot; ...)
+	TODO: check
+CVE-2006-1354 (Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows ...)
+	TODO: check
+CVE-2006-1353 (Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier ...)
+	TODO: check
+CVE-2006-1352 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 ...)
+	TODO: check
+CVE-2006-1351 (BEA WebLogic Server 6.1 SP7 and earlier allows remote ...)
+	TODO: check
+CVE-2006-1350 (PHP remote file include vulnerability in index.php in 99Articles.com ...)
+	TODO: check
+CVE-2006-1349 (Multiple cross-site scripting (XSS) vulnerabilities in Musicbox 2.3 ...)
+	TODO: check
+CVE-2006-1348 (Cross-site scripting (XSS) vulnerability in index.php in Greg ...)
+	TODO: check
+CVE-2006-1347 (SQL injection vulnerability in loginfunction.php in Greg Neustaetter ...)
+	TODO: check
+CVE-2006-1346 (Directory traversal vulnerability in inc/setLang.php in Greg ...)
+	TODO: check
+CVE-2006-1345 (polls.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers ...)
+	TODO: check
+CVE-2006-1344 (Cross-site scripting (XSS) vulnerability in VeriSign haydn.exe, as ...)
+	TODO: check
+CVE-2006-1343 (net/ipv4/netfilter/ip_conntrack_core.c in Linux kernel 2.4 and 2.6, ...)
+	TODO: check
+CVE-2006-1342 (net/ipv4/af_inet.c in Linux kernel 2.4 does not clear ...)
+	TODO: check
 CVE-2006-1341 (SQL injection vulnerability in events.php in Maian Events 1.0 allows ...)
 	NOT-FOR-US: Maian Events
 CVE-2006-1340 (CuteNews 1.4.1 and possibly other versions allows remote attackers to ...)
@@ -110,8 +184,8 @@ CVE-2006-1285 (SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Gh
 CVE-2006-1284 (The installation of SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used ...)
 	TODO: check
 end claimed by jmm
-CVE-2006-1283
-	RESERVED
+CVE-2006-1283 (opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD ...)
+	TODO: check
 CVE-2006-1282 (CRLF injection vulnerability in inc/function.php in MyBulletinBoard ...)
 	TODO: check
 CVE-2006-1281 (Cross-site scripting (XSS) in member.php in MyBulletinBoard (MyBB) ...)
@@ -130,7 +204,7 @@ CVE-2006-1275 (GGZ Gaming Zone 0.0.12 allows remote attackers to cause a denial
 	TODO: check
 CVE-2006-1274 (Classic Planer in AntiVir PersonalEdition Classic 7 does not drop ...)
 	TODO: check
-CVE-2006-1273 (Mozilla Firefox 1.0.7 and 1.5.0.1 allows remote attackers to cause a ...)
+CVE-2006-1273 (** DISPUTED ** ...)
 	TODO: check
 CVE-2006-1272 (Multiple cross-site scripting (XSS) vulnerabilities in member.php in ...)
 	TODO: check
@@ -567,6 +641,7 @@ CVE-2006-1067 (Linksys WRT54G routers version 5 (running VXWorks) allow remote .
 	NOT-FOR-US: VXWorks
 CVE-2006-1066
 	RESERVED
+	{DSA-1017-1}
 CVE-2006-1065 (SQL injection vulnerability in search.php in MyBulletinBoard (MyBB) ...)
 	NOT-FOR-US: MyBulletinBoard
 CVE-2006-1064 (Multiple cross-site scripting (XSS) vulnerabilities in Lurker 2.0 and ...)
@@ -708,12 +783,12 @@ CVE-2006-1001 (SQL injection vulnerability in the board module in LanSuite LanPa
 	NOT-FOR-US: LanSuite LanParty Intranet System
 CVE-2006-1000 (Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 ...)
 	NOT-FOR-US: Pentacle In-Out Board
-CVE-2006-0999
-	RESERVED
-CVE-2006-0998
-	RESERVED
-CVE-2006-0997
-	RESERVED
+CVE-2006-0999 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and ...)
+	TODO: check
+CVE-2006-0998 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and ...)
+	TODO: check
+CVE-2006-0997 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and ...)
+	TODO: check
 CVE-2006-0996
 	RESERVED
 CVE-2006-0995 (EMC Dantz Retrospect 7 backup client 7.0.107, and other versions ...)
@@ -918,8 +993,8 @@ CVE-2006-0907 (SQL injection vulnerability in PHP-Nuke before 7.8 Patched 3.2 al
 	TODO: check
 CVE-2006-0906 (SQL injection vulnerability in D3Jeeb Pro 3 allows remote attackers to ...)
 	TODO: check
-CVE-2006-0905
-	RESERVED
+CVE-2006-0905 (A &quot;programming error&quot; in fast_ipsec in FreeBSD 4.8-RELEASE through ...)
+	TODO: check
 CVE-2006-0904
 	RESERVED
 CVE-2006-0903 (MySQL 5.0.18 and earlier allows local users to bypass logging ...)
@@ -1829,6 +1904,7 @@ CVE-2006-0484 (Directory traversal vulnerability in Vis.pl, as part of the FACE
 CVE-2006-0483 (Cisco VPN 3000 series concentrators running software 4.7.0 through ...)
 	NOT-FOR-US: Cisco VPN 3000
 CVE-2006-0482 (Linux kernel 2.6.15.1 and earlier, when running on SPARC ...)
+	{DSA-1017-1}
 	- linux-2.6 2.6.15-4
 CVE-2006-0481 (Heap-based buffer overflow in the alpha strip capability in libpng ...)
 	- libpng 1.2.8rel-3 (bug #352902; bug #352918)
@@ -2173,8 +2249,8 @@ CVE-2006-0325 (Etomite Content Management System 0.6, and possibly earlier versi
 	NOT-FOR-US: Etomite CMS
 CVE-2006-0324 (SQL injection vulnerability in WebspotBlogging 3.0 allows remote ...)
 	NOT-FOR-US: WebspotBlogging
-CVE-2006-0323
-	RESERVED
+CVE-2006-0323 (Buffer overflow in multiple RealNetworks products and versions ...)
+	TODO: check
 CVE-2006-0322 (Unspecified vulnerability the edit comment formatting functionality in ...)
 	- mediawiki <unfixed> (low)
 CVE-2006-0353 (unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to ...)
@@ -2702,9 +2778,11 @@ CVE-2006-0097 (Stack-based buffer overflow in the create_named_pipe function in
 	- php4 <not-affected> (Windows specific)
 	- php5 <not-affected> (Windows specific)
 CVE-2006-0096 (wan/sdla.c in Linux kernel 2.6.x before 2.6.11 and 2.4.x before 2.4.29 ...)
+	{DSA-1017-1}
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
 	- kernel-source-2.4.27 2.4.27-8
 CVE-2006-0095 (dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure ...)
+	{DSA-1017-1}
 	- linux-2.6 <unfixed>
 	- kernel-source-2.4.27 <not-affected> (2.4 doesn't have dm-crypt)
 CVE-2006-0094 (PHP remote file include vulnerability in forum.php in oaBoard 1.0 ...)
@@ -2792,8 +2870,7 @@ CVE-2006-0060
 	RESERVED
 CVE-2006-0059
 	RESERVED
-CVE-2006-0058 [sendmail sighandler attacks]
-	RESERVED
+CVE-2006-0058 (Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows ...)
 	{DSA-1015-1}
 	- sendmail 8.13.6-1 (high)
 CVE-2006-0057 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers ...)
@@ -2811,8 +2888,7 @@ CVE-2006-0052
 	RESERVED
 CVE-2006-0051
 	RESERVED
-CVE-2006-0050 [insecure temp file in snmptrapfmt]
-	RESERVED
+CVE-2006-0050 (snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary ...)
 	{DSA-1013-1}
 	- snmptrapfmt 1.10
 CVE-2006-0049 (gpg in GnuPG before 1.4.2.2 does not properly verify non-detached ...)
@@ -2846,8 +2922,8 @@ CVE-2006-0040 (GNOME Evolution 2.4.2.1 and earlier allows remote attackers to ca
 	- evolution <unfixed>
 CVE-2006-0039
 	RESERVED
-CVE-2006-0038
-	RESERVED
+CVE-2006-0038 (Integer overflow in the do_replace function in netfilter for Linux ...)
+	TODO: check
 CVE-2006-0037 (ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in ...)
 	- linux-2.6 2.6.15-3
 	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not present)
author	Joey Hess <joeyh@debian.org>	2006-03-24 09:14:27 +0000
committer	Joey Hess <joeyh@debian.org>	2006-03-24 09:14:27 +0000
commit	02b5481d7bc5d3d2487e02aef6ab1098c3b85143 (patch)
tree	637b9772c87bc4eb20ef7ded1fd4d7214ab0cb0b
parent	e6c7718e06ba0d0bd5b697d7352bf61fcc2008d0 (diff)