path: root/data/CVE/2005.list

CVE-2005-4900
	NOT-FOR-US: Generic protocol issue
CVE-2005-4899
	RESERVED
CVE-2005-4898
	RESERVED
CVE-2005-4897
	RESERVED
CVE-2005-4896
	RESERVED
CVE-2005-XXXX [more related to CVE-2005-4890]
	- shadow <unfixed> (unimportant; bug #628843)
	NOTE: only affects the su executable, so if you use sudo you're not affected
CVE-2005-4895
	- google-perftools 0.7-1
CVE-2005-4894
	RESERVED
CVE-2005-4893
	RESERVED
CVE-2005-4892
	RESERVED
CVE-2005-4891
	RESERVED
CVE-2005-4890 [login: tty hijacking possible in "su" via TIOCSTI ioctl]
	RESERVED
	- shadow 1:4.1.5-1 (low; bug #628843)
	[squeeze] - shadow <no-dsa> (Minor issue)
	[lenny] - shadow <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=173008
	- sudo 1.7.4p4 (low; bug #657784)
	NOTE: sudo might be fixed earlier, use_pty present in stable
CVE-2005-4889
	- rpm 4.7.0-1 (bug #584257; unimportant)
	NOTE: Marking as unimportant since rpm isn't used as a package manager
CVE-2005-4888
	NOT-FOR-US: Novell NetWare
CVE-2005-4887
	NOT-FOR-US: Novell NetWare
CVE-2005-4886
	- linux-2.6 2.6.12-1
	- linux-2.6.24 <not-affected> (fixed before 2.6.24)
CVE-2005-4885
	NOT-FOR-US: Sun StorEdge 6130
CVE-2005-4884
	NOT-FOR-US: Oracle Database Server
CVE-2005-4883
	NOT-FOR-US: Tftpd32
CVE-2005-4882
	NOT-FOR-US: Tftpd32
CVE-2005-4881
	- linux-2.6 2.6.13-1 (low)
	- linux-2.6.24 <not-affected> (fixed prior to first upload of 2.6.24)
CVE-2005-4880
	NOT-FOR-US: Jax Guestbook
CVE-2005-4879
	NOT-FOR-US: Jax Guestbook
CVE-2005-4878
	- acidbase 1.2.1-1
CVE-2005-4877
	NOT-FOR-US: Openfire
CVE-2005-4876
	NOT-FOR-US: Openfire
CVE-2005-4875
	- typo3-src 4.0.2-1
CVE-2005-4874
	- iceweasel <not-affected> (old version and CVE)
CVE-2005-4873
	- cups 1.1.23-10sarge1
	- cupsys 1.1.23-10sarge1
CVE-2005-4872
	- pcre3 6.2-1
	[sarge] - pcre3 4.5+7.4-1
	NOTE: http://www.pcre.org/changelog.txt states fixed in 6.2
CVE-2005-4871
	NOT-FOR-US: IBM DB2
CVE-2005-4870
	NOT-FOR-US: IBM DB2
CVE-2005-4869
	NOT-FOR-US: IBM DB2
CVE-2005-4868
	NOT-FOR-US: IBM DB2
CVE-2005-4867
	NOT-FOR-US: IBM DB2
CVE-2005-4866
	NOT-FOR-US: IBM DB2
CVE-2005-4865
	NOT-FOR-US: IBM DB2
CVE-2005-4864
	NOT-FOR-US: IBM DB2
CVE-2005-4863
	NOT-FOR-US: IBM DB2
CVE-2005-4862
	NOT-FOR-US: Xwiki
CVE-2005-4861
	NOT-FOR-US: Ragnarok
CVE-2005-4860
	NOT-FOR-US: Spectrum Cash Receipting System
CVE-2005-4859
	NOT-FOR-US: mimicboard2
CVE-2005-4858
	NOT-FOR-US: mimicboard2
CVE-2005-4857
	- ezpublish <removed>
CVE-2005-4856
	- ezpublish <removed>
CVE-2005-4855
	- ezpublish <removed> (bug #424790)
CVE-2005-4854
	- ezpublish <removed> (bug #424790)
CVE-2005-4853
	- ezpublish <removed> (bug #424790)
CVE-2005-4852
	- ezpublish <removed> (bug #424790)
CVE-2005-4851
	- ezpublish <removed> (bug #424790)
CVE-2005-4850
	- ezpublish <removed> (bug #424790)
CVE-2005-4849
	- derby <not-affected> (Fixed before initial upload to Debian)
	NOTE: http://issues.apache.org/jira/browse/DERBY-530
	NOTE: http://issues.apache.org/jira/browse/DERBY-559
CVE-2005-4848
	NOT-FOR-US: BlackBerry Enterprise Server
CVE-2005-4847
	NOT-FOR-US: Spey
CVE-2005-4846
	NOT-FOR-US: Spey
CVE-2005-4845
	NOT-FOR-US: Sun Java on Microsoft Windows
CVE-2005-4844
	NOT-FOR-US: Microsoft
CVE-2005-4843
	NOT-FOR-US: Microsoft
CVE-2005-4842
	NOT-FOR-US: Microsoft
CVE-2005-4841
	NOT-FOR-US: Microsoft
CVE-2005-4840
	NOT-FOR-US: Microsoft
CVE-2005-4839
	NOT-FOR-US: PureTLS
CVE-2005-4838
	- tomcat5.5 5.5.15-1 (low)
CVE-2005-4837
	- net-snmp 5.2.2-1 (medium)
CVE-2005-4836
	[sarge] - tomcat4 <no-dsa> (affects deprecated HTTP/1.1 connector only)
CVE-2005-4835
	- madwifi 1:0.9.2+r1842.20061207-2 (low)
	[etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2005-4834
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2005-4833
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2005-4832
	NOT-FOR-US: Oracle Database Server
CVE-2005-4831
	- viewvc 0.9.4+svn20060318-1 (low)
CVE-2005-4830
	- viewvc 0.9.4+svn20060318-1 (low)
	NOTE: referring to http://www.securityfocus.com/archive/1/461427/100/0/threaded this
	NOTE: has been fixed in cvs for 0.9.3
CVE-2005-4829
	NOT-FOR-US: VirtueMart
CVE-2005-4828
	- kolabd <not-affected> (Only vulnerable in 2.0-2.1; not packaged Debian)
CVE-2005-4827
	NOT-FOR-US: Microsoft
CVE-2005-4826
	NOT-FOR-US: Cisco
CVE-2005-4825
	NOT-FOR-US: Cisco
CVE-2005-4824
	NOT-FOR-US: siteframe
CVE-2005-4823
	NOT-FOR-US: HP
CVE-2005-4822
	NOT-FOR-US: Digger Solutions Intranet Open Source (IOS)
CVE-2005-4821
	NOT-FOR-US: Land Down Under
CVE-2005-4820
	NOT-FOR-US: SMC
CVE-2005-4819
	NOT-FOR-US: Lotus Domino
CVE-2005-4818
	NOT-FOR-US: Copernicus Europa
CVE-2005-4817
	- tmsnc 0.2.5-1
CVE-2005-4816
	{DSA-1245-1}
	- proftpd-dfsg 1.2.10+1.3.0rc5-1 (bug #404751; medium)
CVE-2005-4815
	NOT-FOR-US: SAP
CVE-2005-4814
	NOT-FOR-US: Segue CMS
CVE-2005-4813
	NOT-FOR-US: Business Objects Crystal Reports
CVE-2005-4812
	NOT-FOR-US: SISCO OSI stack for Windows
CVE-2005-4811
	{DSA-1304}
	- linux-2.6 2.6.14
CVE-2005-4810
	NOT-FOR-US: Microsoft
CVE-2005-4809
	- mozilla <removed> (low)
	- firefox <not-affected> (at least 1.5.0.6 is not vulnerable)
	- xulrunner <not-affected>
	[sarge] - mozilla <no-dsa> (Conceptual problem, not fixable in a backport)
CVE-2005-4808
	- binutils 2.17-1 (low)
	[sarge] - binutils <no-dsa> (Only a security-problems in far-fetched configurations)
CVE-2005-4807
	- binutils 2.17-1 (low)
	[sarge] - binutils <no-dsa> (Only a security-problems in far-fetched configurations)
CVE-2005-2468
	NOT-FOR-US: MySQL Eventum
CVE-2005-2467
	NOT-FOR-US: MySQL Eventum
CVE-2005-2466
	NOT-FOR-US: OpenBook
CVE-2005-2465
	NOT-FOR-US: PC-EXPERIENCE/TOPPE CMS
CVE-2005-2464
	NOT-FOR-US: PC-EXPERIENCE/TOPPE CMS
CVE-2005-2463
	NOT-FOR-US: Kayako liveResponse
CVE-2005-2462
	NOT-FOR-US: Kayako liveResponse
CVE-2005-2461
	NOT-FOR-US: Kayako liveResponse
CVE-2005-2460
	NOT-FOR-US: Kayako liveResponse
CVE-2005-4806
	NOT-FOR-US: Sun Java System Web Proxy Server
CVE-2005-4805
	NOT-FOR-US: Sun Java System Application Server
CVE-2005-4804
	NOT-FOR-US: Sun Java System Application Server
CVE-2005-1755
	NOT-FOR-US: PHP Poll Creator
CVE-2005-1754
	NOT-FOR-US: JavaMail API
	NOTE: vulnerable file not in Debian
CVE-2005-1753
	NOT-FOR-US: JavaMail API
	NOTE: vulnerable file not in Debian
CVE-2005-1752
	- gforge 3.1-30
	NOTE: viewFile.php disabled in 3.1-30
CVE-2005-4803
	{DSA-857-1}
	- graphviz 2.2.1-1sarge1 (bug #336985; low)
CVE-2005-4802
	{DSA-1216}
	- flexbackup 1.2.1-3 (bug #334350; low)
CVE-2005-4801
	NOT-FOR-US: YaPIG
CVE-2005-4800
	NOT-FOR-US: YaPIG
CVE-2005-4799
	NOT-FOR-US: YaPIG
CVE-2005-4798
	{DSA-1184-2 DSA-1183-1}
	- linux-2.6 <not-affected>
CVE-2005-4797
	NOT-FOR-US: Solaris
CVE-2005-4796
	- xview <not-affected> (xview on Solaris)
	NOTE: Is only relevant for suid binaries, but xview is not really suitable for
	NOTE: those anyway. Exact information is not available, but a similar problem
	NOTE: is already fixed in the Debian package.
CVE-2005-4795
	NOT-FOR-US: Solaris
CVE-2005-4794
	NOT-FOR-US: Cisco
CVE-2005-4793
	NOT-FOR-US: Hitachi
CVE-2005-4792
	NOT-FOR-US: phpWebSite
CVE-2005-4791
	{DTSA-107-1}
	- beagle 0.2.13-1 (low)
	[etch] - beagle <no-dsa> (Minor issue)
	- banshee 0.11.2+dfsg-1 (low)
	- liferea 1.4.9-1 (low; bug #451548)
	[etch] - liferea <no-dsa> (Minor issue)
	- blam 1.8.4-1 (low)
	[etch] - blam <no-dsa> (Minor issue)
	NOTE: lintian bug filed: #451559
CVE-2005-4790
	- tomboy 0.8.1-2 (low)
	[etch] - tomboy <no-dsa> (Minor issue)
CVE-2005-4789
	- resmgr <not-affected>
CVE-2005-4788
	- resmgr <not-affected>
CVE-2005-4787
	NOT-FOR-US: Turnkey Web Tools SunShop Shopping Cart
CVE-2005-4786
	NOT-FOR-US: HAURI anti-virus
CVE-2005-4785
	NOT-FOR-US: QuickBlogger
CVE-2005-4784
	NOTE: this does not affect linux
CVE-2005-4783
	NOT-FOR-US: NetBSD
CVE-2005-4782
	NOT-FOR-US: NetBSD
CVE-2005-4781
	NOT-FOR-US: SergiD Top Music module
CVE-2005-4780
	NOT-FOR-US: LightHouse CMS
CVE-2005-4779
	NOT-FOR-US: NetBSD
CVE-2005-4778
	- powersave 0.12.7-1
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=119628&x=18&y=11&=Find
CVE-2005-4777
	NOT-FOR-US: Tashcom ASPEdit
CVE-2005-4776
	NOT-FOR-US: NetBSD
CVE-2005-4775
	NOT-FOR-US: Contineo
CVE-2005-4774
	NOT-FOR-US: Xerver
CVE-2005-4773
	NOT-FOR-US: VMware
CVE-2005-4772
	NOT-FOR-US: YaST
CVE-2005-4771
	NOT-FOR-US: Trusted Mobility Agent
CVE-2005-4770
	NOT-FOR-US: Accelerated E Solutions
CVE-2005-4769
	NOT-FOR-US: Belchior Foundry vCard
CVE-2005-4768
	NOT-FOR-US: Tux Racer TuxBank
CVE-2005-4767
	NOT-FOR-US: BEA WebLogic
CVE-2005-4766
	NOT-FOR-US: BEA WebLogic
CVE-2005-4765
	NOT-FOR-US: BEA WebLogic
CVE-2005-4764
	NOT-FOR-US: BEA WebLogic
CVE-2005-4763
	NOT-FOR-US: BEA WebLogic
CVE-2005-4762
	NOT-FOR-US: BEA WebLogic
CVE-2005-4761
	NOT-FOR-US: BEA WebLogic
CVE-2005-4760
	NOT-FOR-US: BEA WebLogic
CVE-2005-4759
	NOT-FOR-US: BEA WebLogic
CVE-2005-4758
	NOT-FOR-US: BEA WebLogic
CVE-2005-4757
	NOT-FOR-US: BEA WebLogic
CVE-2005-4756
	NOT-FOR-US: BEA WebLogic
CVE-2005-4755
	NOT-FOR-US: BEA WebLogic
CVE-2005-4754
	NOT-FOR-US: BEA WebLogic
CVE-2005-4753
	NOT-FOR-US: BEA WebLogic
CVE-2005-4752
	NOT-FOR-US: BEA WebLogic
CVE-2005-4751
	NOT-FOR-US: BEA WebLogic
CVE-2005-4750
	NOT-FOR-US: BEA WebLogic
CVE-2005-4749
	NOT-FOR-US: BEA WebLogic
CVE-2005-4748
	NOT-FOR-US: Virtual War
CVE-2005-4747
	NOT-FOR-US: WebHost Automation Ltd Helm
CVE-2005-4746
	{DSA-1145-1}
	- freeradius 1.0.5-1
CVE-2005-4745
	{DSA-1145-1}
	- freeradius 1.0.5-1
CVE-2005-4744
	{DSA-1089-1}
	- freeradius 1.0.5-1
CVE-2005-4743
	NOT-FOR-US: NeLogic Nephp Publisher
CVE-2005-4742
	NOT-FOR-US: Echelog
CVE-2005-4741
	NOT-FOR-US: NetBSD
CVE-2005-4740
	NOT-FOR-US: IBM DB2
CVE-2005-4739
	NOT-FOR-US: IBM DB2
CVE-2005-4738
	NOT-FOR-US: IBM DB2
CVE-2005-4737
	NOT-FOR-US: IBM DB2
CVE-2005-4736
	NOT-FOR-US: IBM DB2
CVE-2005-4735
	NOT-FOR-US: IBM DB2
CVE-2005-4734
	NOT-FOR-US: RSA Authentication Agent for Web
CVE-2005-4733
	NOT-FOR-US: NetBSD
CVE-2005-4732
	NOT-FOR-US: TuxBank
CVE-2005-XXXX [xsupplicant information leak]
	- xsupplicant 1.0.1-5 (bug #317703; low)
CVE-2005-4731
	NOT-FOR-US: PEAR HTML_QuickForm_Controller
CVE-2005-4730
	NOT-FOR-US: PEAR Text_Password
CVE-2005-4729
	NOT-FOR-US: VBZooM
CVE-2005-4728
	- amaya 9.4-1 (bug #341424)
	[sarge] - amaya <not-affected> (The Sarge version doesn't have an rpath set)
CVE-2005-4727
	NOT-FOR-US: gBook
CVE-2005-4726
	NOT-FOR-US: MUTE
CVE-2005-4725
	NOT-FOR-US: Geeklog
CVE-2005-4724
	NOT-FOR-US: PhpTagCool
CVE-2005-4723
	NOT-FOR-US: D-Link hardware
CVE-2005-4722
	NOT-FOR-US: tmsPUBLISHER
CVE-2005-4721
	NOT-FOR-US: tmsPUBLISHER
CVE-2005-4720
	{DSA-1044-1}
	- mozilla-firefox 1.5.dfsg+1.5.0.2 (low)
	- firefox 1.5.dfsg-1
CVE-2005-4719
	NOT-FOR-US: Sysbotz Systems Panel
CVE-2005-4718
	NOT-FOR-US: Opera
CVE-2005-4717
	NOT-FOR-US: Microsoft
CVE-2005-4716
	NOT-FOR-US: Hitachi TP1
CVE-2005-4715
	NOT-FOR-US: PHP-Nuke
CVE-2005-4714
	NOT-FOR-US: OpenVMPS
CVE-2005-4713
	- pam-mysql 0.6.2-1 (bug #353589; low)
	[sarge] - pam-mysql <not-affected> (Vulnerable code not present)
CVE-2005-4712
	NOT-FOR-US: Handicapper
CVE-2005-4711
	NOT-FOR-US: Land Down Under
CVE-2005-4710
	NOT-FOR-US: AutoCAD
CVE-2005-4709
	NOT-FOR-US: JBoss Enterprise Java Beans
CVE-2005-4708
	NOT-FOR-US: Adobe Macromedia MX products (Captivate, Contribute and eLicensing client)
CVE-2005-4707
	NOT-FOR-US: PHP GEN
CVE-2005-4706
	NOT-FOR-US: Solaris 10
CVE-2005-4705
	NOT-FOR-US: BEA WebLogic
CVE-2005-4704
	NOT-FOR-US: BEA WebLogic
CVE-2005-4703
	NOT-FOR-US: Windows Tomcat vulnerability
CVE-2005-4702
	NOT-FOR-US: IPBProArcade
CVE-2005-4701
	NOT-FOR-US: Solaris 10
CVE-2005-4700
	NOT-FOR-US: TellMe
CVE-2005-4699
	NOT-FOR-US: TellMe
CVE-2005-4698
	NOT-FOR-US: TellMe
CVE-2005-4697
	NOT-FOR-US: Microsoft
CVE-2005-4696
	NOT-FOR-US: Microsoft
CVE-2005-4695
	NOT-FOR-US: Symantec Brightmail AntiSpam
CVE-2005-4694
	NOT-FOR-US: WebGUI
CVE-2005-4693
	- gaim-encryption 3.0~beta5-3 (low; bug #337127)
	[sarge] - gaim-encryption <no-dsa> (Minor issue)
CVE-2005-4692
	NOT-FOR-US: mroovca
CVE-2005-4691
	NOT-FOR-US: NetBSD
CVE-2005-4690
	NOT-FOR-US: Six Apart Movable Type
CVE-2005-4689
	NOT-FOR-US: Six Apart Movable Type
CVE-2005-4688
	NOT-FOR-US: PunBB
CVE-2005-4687
	NOT-FOR-US: PunBB
CVE-2005-4686
	NOT-FOR-US: PunBB
CVE-2005-4685
	NOTE: see CVE-2005-4684
	- firefox <removed> (unimportant)
	- iceweasel <removed> (unimportant)
	- mozilla <removed> (unimportant)
	[sarge] - mozilla <no-dsa> (Hardly exploitable)
	- xulrunner <unfixed> (unimportant)
CVE-2005-4684
	NOTE: http://www.redhat.com/archives/fedora-extras-commits/2006-August/msg01104.html says "ignore (kdebase) not fixed upstream, low, can't fix"
	- kdebase <unfixed> (unimportant)
	[sarge] - kdebase <no-dsa> (Hardly exploitable)
CVE-2005-4683
	- migrationtools 46-2.1 (bug #338920; unimportant)
	NOTE: The temp fix makes use of TMPDIR
CVE-2005-4682
	NOT-FOR-US: AudienceView
CVE-2005-4681
	NOT-FOR-US: mIRC
CVE-2005-4680
	NOT-FOR-US: Sophos Anti-Virus
CVE-2005-4679
	NOT-FOR-US: Internet Explorer 6
CVE-2005-4678
	NOT-FOR-US: Apple
CVE-2005-4677
	NOT-FOR-US: osCommerce
CVE-2005-4676
	- exiv2 0.9
CVE-2005-4675
	NOT-FOR-US: Complete PHP Counter
CVE-2005-4674
	NOT-FOR-US: Complete PHP Counter
CVE-2005-4673
	NOT-FOR-US: ioFTPD
CVE-2005-4672
	NOT-FOR-US: CityPost Simple Image-Editor
CVE-2005-4671
	NOT-FOR-US: CityPost Simple PHP Upload
CVE-2005-4670
	NOT-FOR-US: CityPost Simple PHP Upload
CVE-2005-4669
	NOT-FOR-US: RT Internet Solutions (RTIS) WebAdmin
CVE-2005-4668
	NOT-FOR-US: ParoxProxy
CVE-2005-4667
	{DSA-1012-1}
	- unzip 5.52-7 (low; bug #349794)
CVE-2005-4666
	NOT-FOR-US: PHlyMail
CVE-2005-4665
	NOT-FOR-US: PunBB
CVE-2005-4664
	NOT-FOR-US: OcoMon
CVE-2005-4663
	NOT-FOR-US: OcoMon
CVE-2005-4662
	NOT-FOR-US: OcoMon
CVE-2005-4661
	NOT-FOR-US: Campsite
CVE-2005-4660
	NOT-FOR-US: IPCop
CVE-2005-4659
	NOT-FOR-US: IPCop
CVE-2005-4658
	NOT-FOR-US: ASP-Programmers.com ASPKnowledgebase
CVE-2005-4657
	NOT-FOR-US: Ocean12
CVE-2005-4656
	NOT-FOR-US: TClanPortal
CVE-2005-4655
	NOT-FOR-US: PHP-Fusion
CVE-2005-4654
	NOT-FOR-US: Oracle
CVE-2005-4653
	NOT-FOR-US: AL-Caricatier
CVE-2005-4652
	NOT-FOR-US: PHlyMail
CVE-2005-4651
	NOT-FOR-US: AlstraSoft EPay Pro
CVE-2005-4650
	NOT-FOR-US: Joomla!
CVE-2005-4649
	NOT-FOR-US: Advanced Guestbook
CVE-2005-4648
	NOT-FOR-US: Illustrate dBpowerAMP Music Converter
CVE-2005-4647
	NOT-FOR-US: PEARLINGER Pearl Forums
CVE-2005-4646
	NOT-FOR-US: PEARLINGER Pearl Forums
CVE-2005-4645
	NOT-FOR-US: 3CFR
CVE-2005-4644
	{DSA-951-2}
	- trac 0.9.3-1
	[sarge] - trac 0.8.1-3sarge4 (medium)
CVE-2005-4643
	NOT-FOR-US: Antharia OnContent
CVE-2005-4642
	NOT-FOR-US: HydroBB
CVE-2005-4641
	NOT-FOR-US: eazyCMS
CVE-2005-4640
	NOT-FOR-US: class-1 Poll
CVE-2005-4639
	- linux-2.6 2.6.15-1 (low)
CVE-2005-4638
	NOT-FOR-US: Kayako SupportSuite
CVE-2005-4637
	NOT-FOR-US: Kayako SupportSuite
CVE-2005-4636
	- openoffice.org <unfixed> (unimportant)
	NOTE: This is a non-issue IMO (neilm). OOo just launches a web browser.
	NOTE: If the admin doesn't web browsing, why is one installed/enabled?
CVE-2005-4635
	NOTE: Unclear, whether this is really exploitable, re-pinged Dann and Horms
CVE-2005-4634
	NOT-FOR-US: ActiveCampaign SupportTrio
CVE-2005-4633
	REJECTED
CVE-2005-4632
	NOT-FOR-US: Vote!Pro
CVE-2005-4631
	NOT-FOR-US: Zina
CVE-2005-4630
	NOT-FOR-US: ClientExec
CVE-2005-4629
	NOT-FOR-US: SMBCMS
CVE-2005-4628
	NOT-FOR-US: HelpDeskPoint
CVE-2005-4627
	NOT-FOR-US: GmailSite
CVE-2005-4626
	NOT-FOR-US: Recruitment Software
CVE-2005-4625
	NOT-FOR-US: Strange Windows drivers
CVE-2005-4624
	NOT-FOR-US: PTnet ircd
CVE-2005-4623
	NOT-FOR-US: eFileGo
CVE-2005-4622
	NOT-FOR-US: eFileGo
CVE-2005-4621
	NOT-FOR-US: vBulletin
CVE-2005-4620
	NOT-FOR-US: WinRAR
CVE-2005-4619
	NOT-FOR-US: phpoutsourcing Zorum Forum
CVE-2005-4618
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.15-1
CVE-2005-XXXX [World-readable config file with sensitive data in b2evolution]
	- b2evolution 0.9.1b-4 (bug #344000)
CVE-2005-4617
	NOT-FOR-US: cSupport
CVE-2005-4616
	NOT-FOR-US: iSupport
CVE-2005-4615
	NOT-FOR-US: DapperDesk
CVE-2005-4614
	NOT-FOR-US: digiSHOP
CVE-2005-4613
	NOT-FOR-US: VUBB alpha
CVE-2005-4612
	NOT-FOR-US: VUBB alpha
CVE-2005-4611
	NOT-FOR-US: Free ClickBank
CVE-2005-4610
	- dopewars <not-affected> (According to upstream Windows-specific)
CVE-2005-4609
	NOT-FOR-US: BugPort
CVE-2005-4608
	NOT-FOR-US: BugPort
CVE-2005-4607
	NOT-FOR-US: BugPort
CVE-2005-4606
	NOT-FOR-US: Web Wiz
CVE-2005-4605
	{DSA-1017-1}
	- linux-2.6 2.6.15-1
	- kernel-source-2.4.27 <not-affected> (2.4's proc_file_lseek contains a sanity check)
CVE-2005-XXXX [xshisen follows symlinks for shared gid games files]
	- xshisen 1.51-1-2 (bug #291613)
CVE-2005-4604
	- mtink <not-affected> (mtink not installed SUID root)
CVE-2005-4603
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-4602
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-4600
	- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
	- moodle <not-affected> (has newer version)
	- wordpress 2.5.1-3
	[etch] - wordpress <not-affected> (Vulnerable code not present)
	NOTE: this was possibly fixed before 2.5.1 in wordpress but since 2.5.1-3 wordpress
	NOTE: uses the system copy of tinymce and the exact fixed version is not
	NOTE: really determinably anymore
CVE-2005-4599
	- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
CVE-2005-4598
	NOT-FOR-US: OoApp Guestbook
CVE-2005-4597
	NOT-FOR-US: iPei Guestbook
CVE-2005-4596
	NOT-FOR-US: AdesGuestbook
CVE-2005-4595
	NOT-FOR-US: NView and XnView, different from nview from nvi
CVE-2005-4594
	NOT-FOR-US: TUGZip
CVE-2005-4593
	NOT-FOR-US: phpDocumentor
CVE-2005-4592
	- bogofilter 0.96.3
	[sarge] - bogofilter <not-affected> (Only some 0.96 CVS versions were affected)
CVE-2005-4591
	- bogofilter 0.96.3
	[sarge] - bogofilter <not-affected> (Sarge version doesn't include Unicode)
CVE-2005-4590
	NOT-FOR-US: Spb Kiosk Engine
CVE-2005-4589
	NOT-FOR-US: Spb Kiosk Engine
CVE-2005-4588
	NOT-FOR-US: Koobi
CVE-2005-4587
	NOT-FOR-US: Juniper
CVE-2005-4586
	NOT-FOR-US: PHPSurveyor
CVE-2005-XXXX [snort: DoS in verbose mode]
	- snort 2.3.3-2 (bug #328134; low)
	[woody] - snort <no-dsa> (Only exploitable in obscure setups not used in production environments, see #328134)
	[sarge] - snort <no-dsa> (Only exploitable in obscure setups not used in production environments, see #328134)
CVE-2005-4601
	{DSA-957-2}
	- imagemagick 6:6.2.4.5-0.6 (bug #345238; medium)
	NOTE: Exploitable through Gnus and Thunderbird.
	- graphicsmagick 1.1.7-1
CVE-2005-4585
	- ethereal 0.10.14-1 (bug #345243; low)
	NOTE: This affects Woody and Sarge
CVE-2005-4584
	- bzflag 2.0.6.20060412-1 (bug #345245; low)
	[sarge] - bzflag <no-dsa> (Minor DoS against a game)
CVE-2005-4583
	NOT-FOR-US: VMWare
CVE-2005-4582
	- electricsheep 2.6.3+cvs20051206-1 (unimportant)
	NOTE: Even an authenticated server might serve unwanted content, so
	NOTE: this can't be considered a real vulnerability.
CVE-2005-4581
	- electricsheep 2.6.3+cvs20051206-1 (unimportant)
	NOTE: This does not seem to be exploitable.
CVE-2005-4580
	NOT-FOR-US: Day Communique
CVE-2005-4579
	NOT-FOR-US: Hitachi Business Logic
CVE-2005-4578
	NOT-FOR-US: Hitachi Business Logic
CVE-2005-4577
	NOT-FOR-US: Hitachi Business Logic
CVE-2005-4576
	NOT-FOR-US: Fatwire Update Engine
CVE-2005-4575
	NOT-FOR-US: CommonSpot Content Server
CVE-2005-4574
	{DSA-1201-1}
	NOT-FOR-US: CommonSpot Content Server
CVE-2005-4573
	NOT-FOR-US: Plogger
CVE-2005-4572
	NOT-FOR-US: myEZshop Shopping Cart
CVE-2005-4571
	NOT-FOR-US: myEZshop Shopping Cart
CVE-2005-4570
	NOT-FOR-US: FortiOS
CVE-2005-4569
	NOT-FOR-US: FTGate
CVE-2005-4568
	NOT-FOR-US: FTGate
CVE-2005-4567
	NOT-FOR-US: FTGate
CVE-2005-4566
	NOT-FOR-US: NetVanta
CVE-2005-4565
	NOT-FOR-US: NetVanta
CVE-2005-4564
	NOT-FOR-US: NetVanta
CVE-2005-4563
	NOT-FOR-US: Enterprise Heart Enterprise Connector
CVE-2005-4562
	REJECTED
CVE-2005-4561
	REJECTED
CVE-2005-4560
	{CVE-2006-0106}
	NOT-FOR-US: Microsoft
CVE-2005-4559
	NOT-FOR-US: IceWarp Web Mail
CVE-2005-4558
	NOT-FOR-US: IceWarp Web Mail
CVE-2005-4557
	NOT-FOR-US: IceWarp Web Mail
CVE-2005-4556
	NOT-FOR-US: IceWarp Web Mail
CVE-2005-4555
	NOT-FOR-US: DEV web management system
CVE-2005-4554
	NOT-FOR-US: DEV web management system
CVE-2005-4553
	NOT-FOR-US: Golden FTP Server
CVE-2005-4552
	NOT-FOR-US: Sun Solaris PC NetLink
CVE-2005-4551
	NOT-FOR-US: codegrrl SimpBook
CVE-2005-4550
	NOT-FOR-US: Oracle
CVE-2005-4549
	NOT-FOR-US: Oracle
CVE-2005-4548
	NOT-FOR-US: RWS Statistics Counter
CVE-2005-4547
	NOT-FOR-US: eggblog
CVE-2005-4546
	NOT-FOR-US: eggblog
CVE-2005-4545
	NOT-FOR-US: NetDirect ShopEngine
CVE-2005-4544
	REJECTED
CVE-2005-4543
	REJECTED
CVE-2005-4542
	REJECTED
CVE-2005-4541
	REJECTED
CVE-2005-4540
	REJECTED
CVE-2005-4539
	REJECTED
CVE-2005-4538
	REJECTED
CVE-2005-4537
	REJECTED
CVE-2005-4536
	{DSA-960-3}
	- libmail-audit-perl 2.1-5.1 (bug #344029; medium)
CVE-2005-4535
	REJECTED
CVE-2005-4533
	{DSA-969-1}
	- scponly 4.6-1 (bug #344418)
CVE-2005-4532
	{DSA-969-1}
	- scponly 4.6-1 (bug #344418)
CVE-2005-4531
	REJECTED
CVE-2005-4530
	NOT-FOR-US: EPay Enterprise
CVE-2005-4529
	NOT-FOR-US: phpBB addon
CVE-2005-4528
	NOT-FOR-US: phpBB addon
CVE-2005-4527
	NOT-FOR-US: Direct News
CVE-2005-4526
	NOT-FOR-US: MIMEsweeper For Web
CVE-2005-4525
	NOT-FOR-US: Sygate
CVE-2005-4524
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4523
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4522
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4521
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4520
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4519
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4518
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4517
	NOT-FOR-US: PHP-Fusion
CVE-2005-4516
	NOT-FOR-US: PHP-Fusion
CVE-2005-4515
	NOT-FOR-US: WebDB
CVE-2005-4514
	NOT-FOR-US: Webwasher
CVE-2005-4513
	NOT-FOR-US: WANDSOFT e-SEARCH
CVE-2005-4512
	NOT-FOR-US: WAXTRAPP
CVE-2005-4511
	NOT-FOR-US: TN3270 Resource Gateway
CVE-2005-4510
	NOT-FOR-US: Netpublish Server
CVE-2005-4509
	NOT-FOR-US: pTools
CVE-2005-4508
	NOT-FOR-US: Nexus Concepts Dev Hound
CVE-2005-4507
	NOT-FOR-US: Nexus Concepts Dev Hound
CVE-2005-4506
	NOT-FOR-US: Nexus Concepts Dev Hound
CVE-2005-4505
	NOT-FOR-US: McAfee
CVE-2005-4504
	- kdelibs <not-affected>
	NOTE: Konqueror from sid doesn't crash, will test an older version later
CVE-2005-4503
	NOT-FOR-US: httprint
CVE-2005-4502
	NOT-FOR-US: httprint
CVE-2005-4501
	- mediawiki 1.4.13-1 (bug #345280)
CVE-2005-4500
	NOT-FOR-US: MusicBox
CVE-2005-4499
	NOT-FOR-US: Cisco
CVE-2005-4498
	NOT-FOR-US: Text-e
CVE-2005-4497
	NOT-FOR-US: Tangora Portal
CVE-2005-4496
	NOT-FOR-US: Syntax CMS
CVE-2005-4495
	NOT-FOR-US: SpireMedia
CVE-2005-4494
	- spip 2.0.6-1 (medium; bug #352078)
CVE-2005-4493
	NOT-FOR-US: SpearTek
CVE-2005-4492
	NOT-FOR-US: Starphire SiteSage
CVE-2005-4491
	NOT-FOR-US: Sitekit CMS
CVE-2005-4490
	NOT-FOR-US: SCOOP!
CVE-2005-4489
	NOT-FOR-US: Scoop
CVE-2005-4488
	NOT-FOR-US: Redakto WCMS
CVE-2005-4487
	NOT-FOR-US: RAMSite
CVE-2005-4486
	NOT-FOR-US: Quantum Art
CVE-2005-4485
	NOT-FOR-US: ProjectApp
CVE-2005-4484
	NOT-FOR-US: IntranetApp
CVE-2005-4483
	NOT-FOR-US: SiteEnable
CVE-2005-4482
	NOT-FOR-US: PortalApp
CVE-2005-4481
	NOT-FOR-US: Polypoly
CVE-2005-4480
	NOT-FOR-US: Plexcor CMS
CVE-2005-4479
	NOT-FOR-US: phpSlash
CVE-2005-4478
	NOT-FOR-US: Papoo
CVE-2005-4477
	NOT-FOR-US: papaya CMS
CVE-2005-4476
	NOT-FOR-US: OpenEdit
CVE-2005-4475
	NOT-FOR-US: OpenCms
CVE-2005-4534
	{DSA-1208-1}
	- bugzilla 2.18 (bug #329387; low)
	NOTE: The vulnerable script has been removed in the 2.18 upstream release
CVE-2005-XXXX [Insecure tempfile in libjpeg6b's exifautotran]
	- libjpeg6b 6b-11 (bug #340079; low)
	[woody] - libjpeg6b <not-affected> (Does not include exifautotran)
	[sarge] - libjpeg6b <no-dsa> (Creates tempfile in cwd, only very far-fetched attack vectors applicable)
CVE-2005-4474
	NOT-FOR-US: WinRAR
CVE-2005-4473
	NOT-FOR-US: Macromedia JRun 4 web server
CVE-2005-4472
	NOT-FOR-US: Macromedia JRun 4 web server
CVE-2005-4471
	NOT-FOR-US: Avaya Modular Messaging Message Storage Server
CVE-2005-4470
	{DSA-1039-1 DTSA-29-1}
	- blender 2.40-1 (bug #344398; medium)
	[woody] - blender <no-dsa> (Woody has it in non-free and it is binary-only)
CVE-2005-4469
	NOT-FOR-US: PHPGedView
CVE-2005-4468
	NOT-FOR-US: PHPGedView
CVE-2005-4467
	NOT-FOR-US: PHPGedView
CVE-2005-4466
	NOT-FOR-US: SIP Proxy
CVE-2005-4465
	NOT-FOR-US: NEC UNIVERGE IX1000, IX2000, and IX3000
CVE-2005-4464
	NOT-FOR-US: Ingate Firewall / SIParator
CVE-2005-4463
	- wordpress 1.5.2-1 (unimportant)
	NOTE: Only path disclosure
CVE-2005-4462
	NOT-FOR-US: Tolva PHP website system
CVE-2005-4461
	NOT-FOR-US: Beehive Forum
CVE-2005-4460
	NOT-FOR-US: Beehive Forum
CVE-2005-4459
	NOT-FOR-US: VMWare
CVE-2005-4458
	NOT-FOR-US: Metadot Portal Server
CVE-2005-4457
	NOT-FOR-US: MailEnable
CVE-2005-4456
	NOT-FOR-US: MailEnable
CVE-2005-4455
	NOT-FOR-US: livejournal
	NOTE: liblivejournal-perl doesn't seem to embed any of the affected code
CVE-2005-4454
	NOT-FOR-US: livejournal
	NOTE: liblivejournal-perl doesn't seem to embed any of the affected code
CVE-2005-4453
	NOT-FOR-US: Ultraapps Issue Manager
CVE-2005-4452
	NOT-FOR-US: Information Call Center
CVE-2005-4451
	NOT-FOR-US: HP-UX
CVE-2005-4450
	NOTE: According to the description possibly a dupe of the non-issue CVE-2005-4349
CVE-2005-4449
	NOT-FOR-US: FlatNuke
CVE-2005-4448
	NOT-FOR-US: FlatNuke
CVE-2005-4447
	NOT-FOR-US: phpCOIN
CVE-2005-4446
	NOT-FOR-US: ASPBite
CVE-2005-4445
	NOT-FOR-US: Pegasus Mail
CVE-2005-4444
	NOT-FOR-US: Pegasus Mail
CVE-2005-4443
	- gauche <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-4442
	- openldap2 <not-affected> (Gentoo-specific packaging flaw)
	- openldap2.2 <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-4441
	NOT-FOR-US: VLAN protocol flaws, likely fixed in current kernels
CVE-2005-4440
	NOT-FOR-US: VLAN protocol flaws, likely fixed in current kernels
CVE-2005-4439
	{DSA-967-1}
	- elog 2.6.1+r1642-1 (bug #349528; high)
CVE-2005-4438
	NOT-FOR-US: Dec2Rar
CVE-2005-4437
	NOT-FOR-US: IOS
CVE-2005-4436
	NOT-FOR-US: IOS
CVE-2005-4435
	NOT-FOR-US: AbleDesign D-Man
CVE-2005-4434
	NOT-FOR-US: AbleDesign ReSearch
CVE-2005-4433
	NOT-FOR-US: Esselbach Storyteller CMS
CVE-2005-4432
	NOT-FOR-US: PlaySMS
CVE-2005-4431
	NOT-FOR-US: WowBB
CVE-2005-4430
	NOT-FOR-US: LogicBill
CVE-2005-4429
	NOT-FOR-US: CS-Cart
CVE-2005-4428
	NOT-FOR-US: Cerberus Helpdesk
CVE-2005-4427
	NOT-FOR-US: Cerberus Helpdesk
CVE-2005-4426
	NOT-FOR-US: YaBB
CVE-2005-4425
	NOT-FOR-US: Kerio Firewall
CVE-2005-4424
	NOT-FOR-US: PHPKIT
CVE-2005-4423
	NOT-FOR-US: PHPFM
CVE-2005-4422
	NOT-FOR-US: toendaCMS
CVE-2005-4421
	NOT-FOR-US: Dev-Editor
CVE-2005-4420
	NOT-FOR-US: Honeycomb Archive Enterprise
CVE-2005-4419
	NOT-FOR-US: Honeycomb Archive Enterprise
CVE-2005-4417
	NOT-FOR-US: Widcomm Bluetooth for Windows
CVE-2005-4416
	NOT-FOR-US: TML CMS
CVE-2005-4415
	NOT-FOR-US: TML CMS
CVE-2005-4414
	NOT-FOR-US: Teamwork 3
CVE-2005-4413
	NOT-FOR-US: Websphere
CVE-2005-4412
	NOT-FOR-US: Citrix
CVE-2005-4411
	NOT-FOR-US: Mercury Mail Transport System
CVE-2005-4410
	NOT-FOR-US: NQcontent
CVE-2005-4409
	NOT-FOR-US: MMBase
CVE-2005-4408
	NOT-FOR-US: Miraserver
CVE-2005-4407
	NOT-FOR-US: Mercury CMS
CVE-2005-4406
	NOT-FOR-US: Mercury CMS
CVE-2005-4405
	NOT-FOR-US: Red Queen
CVE-2005-4404
	NOT-FOR-US: Media2 CMS
CVE-2005-4403
	NOT-FOR-US: Marwel
CVE-2005-4402
	NOT-FOR-US: MailEnable Professional
CVE-2005-4401
	NOT-FOR-US: Lutece
CVE-2005-4400
	NOT-FOR-US: Liferay Portal Professional
CVE-2005-4399
	NOT-FOR-US: Libertas Enterprise CMS
CVE-2005-4398
	NOT-FOR-US: lemoon
CVE-2005-4397
	NOT-FOR-US: iCMS
CVE-2005-4396
	NOT-FOR-US: iCMS
CVE-2005-4395
	NOT-FOR-US: FarCry
CVE-2005-4394
	NOT-FOR-US: EPiX
CVE-2005-4393
	NOT-FOR-US: e-publish CMS
CVE-2005-4392
	NOT-FOR-US: e-publish CMS
CVE-2005-4391
	NOT-FOR-US: damoon
CVE-2005-4390
	NOT-FOR-US: ContentServ
CVE-2005-4389
	NOT-FOR-US: CONTENS
CVE-2005-4388
	NOT-FOR-US: CONTENS
CVE-2005-4387
	NOT-FOR-US: contenite
CVE-2005-4386
	NOT-FOR-US: Colony CMS
CVE-2005-4385
	NOT-FOR-US: Cofax
CVE-2005-4384
	NOT-FOR-US: CitySoft Community Enterprise
CVE-2005-4383
	NOT-FOR-US: CitySoft Community Enterprise
CVE-2005-4382
	NOT-FOR-US: CitySoft Community Enterprise
CVE-2005-4381
	NOT-FOR-US: Caravel CMS
CVE-2005-4380
	NOT-FOR-US: Bitweaver
CVE-2005-4379
	NOT-FOR-US: Bitweaver
CVE-2005-4378
	NOT-FOR-US: Baseline CMS
CVE-2005-4377
	NOT-FOR-US: Baseline CMS
CVE-2005-4376
	NOT-FOR-US: Amaxus
CVE-2005-4375
	NOT-FOR-US: Amaxus
CVE-2005-4374
	NOT-FOR-US: Allinta
CVE-2005-4373
	NOT-FOR-US: Adaptive Website Framework
CVE-2005-4372
	NOT-FOR-US: Adaptive Website Framework
CVE-2005-4371
	NOT-FOR-US: Acidcat
CVE-2005-4370
	NOT-FOR-US: Acidcat
CVE-2005-4369
	NOT-FOR-US: Acuity CMS
CVE-2005-4368
	- roundcube <not-affected> (Quotes are stripped now and if the task can't be found there is a default of mail)
CVE-2005-4367
	NOT-FOR-US: DRZES HMS
CVE-2005-4366
	NOT-FOR-US: DRZES HMS
CVE-2005-4365
	NOT-FOR-US: FLIP
CVE-2005-4364
	NOT-FOR-US: Hot Banana Web Content Management Suite
CVE-2005-4363
	NOT-FOR-US: Komodo CMS
CVE-2005-4362
	NOT-FOR-US: Komodo CMS
CVE-2005-4361
	NOT-FOR-US: Magnolia Content Management Suite
CVE-2005-4360
	NOT-FOR-US: IIS
CVE-2005-4359
	NOT-FOR-US: ODFaq
CVE-2005-4358
	- phpbb2 <unfixed> (unimportant)
CVE-2005-4357
	- phpbb2 2.0.21-1 (bug #344674; low)
	[sarge] - phpbb2 <no-dsa> (Affects only an inherently unsafe option only suitable for trusted users)
	NOTE: According to the maintainer only affects a config option that is strongly
	NOTE: discouraged due to potential security problems
CVE-2005-4356
	NOT-FOR-US: UStore
CVE-2005-4355
	NOT-FOR-US: UStore
CVE-2005-4354
	NOT-FOR-US: Webglimpse
CVE-2005-4353
	NOT-FOR-US: toendaCMS
CVE-2005-4352
	- linux-2.6 2.6.18-3
CVE-2005-4351
	- linux-2.6 2.6.18-3
CVE-2005-4350
	NOT-FOR-US: WBEM Services
CVE-2005-4349
	- phpmyadmin <unfixed> (unimportant)
	NOTE: Only for authenticated used, will possibly be rejected
CVE-2005-4348
	{DSA-939-1}
	- fetchmail 6.3.1-1 (bug #343836; bug #345944; low)
CVE-2005-4418
	{DSA-1011-1}
	- util-vserver 0.30.208-1
CVE-2005-4347
	{DSA-1011-1}
	- util-vserver 0.30.208-1 (bug #329090; medium)
	- kernel-patch-vserver 2.3 (bug #329087; medium)
	NOTE: both util-vserver and the kernel-patch-vserver need to be upgraded to fix this vulnerability
CVE-2005-4346
	NOT-FOR-US: phpBB Blog
CVE-2005-4345
	NOT-FOR-US: ColdFusion MX
CVE-2005-4344
	NOT-FOR-US: ColdFusion MX
CVE-2005-4343
	NOT-FOR-US: ColdFusion MX
CVE-2005-4342
	NOT-FOR-US: ColdFusion MX
CVE-2005-4341
	NOT-FOR-US: Academic Suite
CVE-2005-4340
	REJECTED
CVE-2005-4339
	NOT-FOR-US: Academic Suite
CVE-2005-4338
	NOT-FOR-US: Academic Suite
CVE-2005-4337
	NOT-FOR-US: Academic Suite
CVE-2005-4336
	NOT-FOR-US: ProjectForum
CVE-2005-4335
	NOT-FOR-US: ProjectForum
CVE-2005-4334
	NOT-FOR-US: ZixForum
CVE-2005-4333
	NOT-FOR-US: Binary Board System
CVE-2005-4332
	NOT-FOR-US: Secure Smart Manager
CVE-2005-4331
	NOT-FOR-US: iHTML Merchant
CVE-2005-4330
	NOT-FOR-US: iHTML Merchant
CVE-2005-4329
	NOT-FOR-US: paFileDB
CVE-2005-4328
	NOT-FOR-US: WebGlimpse
CVE-2005-4327
	NOT-FOR-US: Michael Arndt WebCal
CVE-2005-4326
	NOT-FOR-US: APC hardware issue
CVE-2005-4325
	NOT-FOR-US: Driverse
CVE-2005-4324
	NOT-FOR-US: Hitachi Groupmax Mail SMTP
CVE-2005-4323
	NOT-FOR-US: Hitachi Cosminexus Collaboration Portal
CVE-2005-4322
	NOT-FOR-US: Hitachi Cosminexus Collaboration Portal
CVE-2005-4321
	NOT-FOR-US: Apani Networks EpiForce
CVE-2005-4320
	NOT-FOR-US: Limbo CMS
CVE-2005-4319
	NOT-FOR-US: Limbo CMS
CVE-2005-4318
	NOT-FOR-US: Limbo CMS
CVE-2005-4317
	NOT-FOR-US: Limbo CMS
CVE-2005-4316
	NOT-FOR-US: HP-UX
CVE-2005-4315
	NOT-FOR-US: Plexum PLEXCART
CVE-2005-4314
	NOT-FOR-US: PPCal Shopping Cart
CVE-2005-4313
	NOT-FOR-US: AlmondSoft Almond Personals
CVE-2005-4312
	NOT-FOR-US: AlmondSoft Almond Personals
CVE-2005-4311
	NOT-FOR-US: DCForum
CVE-2005-4310
	NOT-FOR-US: SSH Tectia Server
CVE-2005-4309
	NOT-FOR-US: ezUpload Pro
CVE-2005-4308
	NOT-FOR-US: ezUpload Pro
CVE-2005-4307
	NOT-FOR-US: ScareCrow
CVE-2005-4306
	NOT-FOR-US: SiteNet BBS
CVE-2005-4305
	- trac 0.9.3-1 (bug #344006)
	[sarge] - trac <unfixed> (medium)
	NOTE: upstream bts at http://trac.edgewall.org/ticket/2473 claims this is
	NOTE: fixed in http://trac.edgewall.org/changeset/2724 but it's a fairly
	NOTE: invasive set of patches to backport. basically most instances
	NOTE: of input being escape()'d are no longer done so, and instead a
	NOTE: Markup() function replaces them, and special checks are done
	NOTE: on rendered HTML output to prevent XSS code from being displayed.
CVE-2005-4304
	NOT-FOR-US: ezDatabase
CVE-2005-4303
	NOT-FOR-US: ezDatabase
CVE-2005-4302
	NOT-FOR-US: ezDatabase
CVE-2005-4301
	NOT-FOR-US: pgpXplorer
CVE-2005-4300
	NOT-FOR-US: libremail
CVE-2005-4299
	NOT-FOR-US: Atlant Pro
CVE-2005-4298
	NOT-FOR-US: AtlantForum
CVE-2005-4297
	NOT-FOR-US: bbBoard
CVE-2005-4296
	NOT-FOR-US: AppServ Open Project
CVE-2005-4295
	NOT-FOR-US: Absolute Image Gallery XE
CVE-2005-4294
	NOT-FOR-US: Alkacon OpenCms
CVE-2005-4293
	NOT-FOR-US: ClickCartPro
CVE-2005-4292
	NOT-FOR-US: CommerceSQL
CVE-2005-4291
	NOT-FOR-US: ECTOOLS Onlineshop
CVE-2005-4290
	NOT-FOR-US: ECW-Cart
CVE-2005-4289
	NOT-FOR-US: eDatCat
CVE-2005-4288
	NOT-FOR-US: MarmaraWeb E-commerce
CVE-2005-4287
	NOT-FOR-US: MarmaraWeb E-commerce
CVE-2005-4286
	NOT-FOR-US: PhpLogCon
CVE-2005-4285
	NOT-FOR-US: Dick Copits PDEstore
CVE-2005-4284
	NOT-FOR-US: StaticStore Search Engine
CVE-2005-4283
	NOT-FOR-US: The CITY Shop
CVE-2005-4282
	NOT-FOR-US: Zaygo DomainCart
CVE-2005-4281
	NOT-FOR-US: Zaygo HostingCart
CVE-2005-4280
	- cmake <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-4279
	- qt-x11-free <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-4278
	- perl <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-4277
	NOT-FOR-US: toendaCMS
CVE-2005-4276
	NOT-FOR-US: Westell Versalink
CVE-2005-4275
	NOT-FOR-US: Scientific Atlanta DPX2100 Cable Modem
CVE-2005-4274
	NOT-FOR-US: Business Objects WebIntelligence
CVE-2005-4273
	NOT-FOR-US: AIX
CVE-2005-4272
	NOT-FOR-US: AIX
CVE-2005-4271
	NOT-FOR-US: AIX
CVE-2005-4270
	NOT-FOR-US: Watchfire AppScan
CVE-2005-4269
	NOT-FOR-US: Microsoft Windows
CVE-2005-4268
	- cpio 2.6-10 (bug #344134; medium)
	[sarge] - cpio <unfixed> (medium)
	[woody] - cpio <unfixed> (medium)
CVE-2005-4267
	NOT-FOR-US: Qualcomm WorldMail
CVE-2005-XXXX [rageirc IRC daemon always allows login with empty password]
	NOTE: not reproducible
	- rageircd <not-affected> (bug #343543; medium)
CVE-2005-4266
	NOT-FOR-US: Alt-N MDaemon and WorldClient
CVE-2005-4265
	REJECTED
CVE-2005-4264
	NOT-FOR-US: PHP Support Tickets
CVE-2005-4263
	NOT-FOR-US: Envolution
CVE-2005-4262
	NOT-FOR-US: Envolution
CVE-2005-4261
	NOT-FOR-US: CP+
CVE-2005-4260
	NOT-FOR-US: PHP-Nuke
CVE-2005-4259
	NOT-FOR-US: ASPBB
CVE-2005-4258
	NOT-FOR-US: Cisco
CVE-2005-4257
	NOT-FOR-US: Linksys hardware
CVE-2005-4256
	NOT-FOR-US: ASP-DEV XM Forum
CVE-2005-4255
	NOT-FOR-US: WikkaWiki
CVE-2005-4254
	NOT-FOR-US: DreamLevels DreamPoll
CVE-2005-4253
	NOT-FOR-US: Torrential
CVE-2005-4252
	NOT-FOR-US: mcGallery PRO
CVE-2005-4251
	NOT-FOR-US: mcGallery PRO
CVE-2005-4250
	NOT-FOR-US: mcGallery PRO
CVE-2005-4249
	NOT-FOR-US: ADP Forum
CVE-2005-4248
	NOT-FOR-US: QuickPayPro
CVE-2005-4247
	NOT-FOR-US: Plogger
CVE-2005-4246
	NOT-FOR-US: Plogger
CVE-2005-4245
	NOT-FOR-US: Snipe Gallery
CVE-2005-4244
	NOT-FOR-US: Snipe Gallery
CVE-2005-4243
	NOT-FOR-US: QuickPayPro
CVE-2005-4241
	NOT-FOR-US: VCD-db
CVE-2005-4240
	NOT-FOR-US: VCD-db
CVE-2005-4239
	NOT-FOR-US: PHP JackKnife
CVE-2005-4238
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4237
	NOT-FOR-US: MySQL Auction
CVE-2005-4236
	NOT-FOR-US: CKGOLD
CVE-2005-4235
	NOT-FOR-US: WHMCompleteSolution
CVE-2005-4234
	NOT-FOR-US: EncapsGallery
CVE-2005-4233
	NOT-FOR-US: Ad Manager Pro
CVE-2005-4232
	NOT-FOR-US: Jamit Job Board
CVE-2005-4231
	NOT-FOR-US: Link Up Gold
CVE-2005-4230
	NOT-FOR-US: Link Up Gold
CVE-2005-4229
	NOT-FOR-US: EveryAuction
CVE-2005-4228
	NOT-FOR-US: PhpWebGallery
CVE-2005-4227
	NOT-FOR-US: DCP-Portal
CVE-2005-4226
	NOT-FOR-US: pgpWebThings
CVE-2005-4225
	NOT-FOR-US: myBloggie
CVE-2005-4224
	NOT-FOR-US: e107
CVE-2005-4223
	NOT-FOR-US: Utopia News Pro
CVE-2005-4222
	NOT-FOR-US: Lars Ellingsen Guestserver
CVE-2005-4221
	NOT-FOR-US: Arab Portal System
CVE-2005-4220
	NOT-FOR-US: Netgear hardware issue
CVE-2005-4219
	NOT-FOR-US: Innovative CMS
CVE-2005-4218
	NOT-FOR-US: PHPWebThings
CVE-2005-4217
	- perl <not-affected> (MacOS specific vulnerability)
CVE-2005-4216
	NOT-FOR-US: Macromedia Flash Media Server
CVE-2005-4215
	NOT-FOR-US: Motorola hardware
CVE-2005-4214
	NOT-FOR-US: phpCOIN
CVE-2005-4213
	NOT-FOR-US: phpCOIN
CVE-2005-4212
	NOT-FOR-US: phpCOIN
CVE-2005-4211
	NOT-FOR-US: phpCOIN
CVE-2005-4210
	NOT-FOR-US: Opera
CVE-2005-4209
	NOT-FOR-US: Alt-N MDaemon
CVE-2005-4208
	NOT-FOR-US: Flatnuke
CVE-2005-4207
	NOT-FOR-US: BTGrup Admin WebController Script
CVE-2005-4206
	NOT-FOR-US: Blackboard Learning and Community Port Systems
CVE-2005-4205
	NOT-FOR-US: LocazoList
CVE-2005-4204
	NOT-FOR-US: LogiSphere
CVE-2005-4203
	NOT-FOR-US: LogiSphere
CVE-2005-4202
	NOT-FOR-US: LogiSphere
CVE-2005-4201
	NOT-FOR-US: My Album Online
CVE-2005-4200
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-4199
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-4198
	NOT-FOR-US: Netref
CVE-2005-4197
	NOT-FOR-US: Nortel SSL VPN
CVE-2005-4196
	NOT-FOR-US: Scout Portal Toolkit
CVE-2005-4195
	NOT-FOR-US: Scout Portal Toolkit
CVE-2005-4194
	NOT-FOR-US: Sights 'n Sounds Streaming Media Server
CVE-2005-4193
	NOT-FOR-US: UseBB
CVE-2005-4242
	- turba2 2.0.5-1 (bug #342946; medium)
CVE-2005-4192
	- mnemo2 2.0.3-1 (bug #342944; medium)
CVE-2005-4191
	- nag2 2.0.4-1 (bug #342945; medium)
CVE-2005-4190
	{DSA-1033-1}
	- horde3 3.0.9-1 (bug #342942; bug #354512; medium)
CVE-2005-4189
	{DSA-970-1}
	- kronolith2 2.0.6-1 (bug #342943; medium)
	- kronolith <removed> (bug #349261; medium)
CVE-2005-4188
	RESERVED
CVE-2005-4187
	RESERVED
CVE-2005-4186
	RESERVED
CVE-2005-4185
	RESERVED
CVE-2005-4184
	RESERVED
CVE-2005-4183
	RESERVED
CVE-2005-4182
	RESERVED
CVE-2005-4181
	RESERVED
CVE-2005-4180
	RESERVED
CVE-2005-4179
	RESERVED
CVE-2005-4177
	NOT-FOR-US: Magic Book Personal and Professional
CVE-2005-4176
	NOT-FOR-US: AWARD BIOS
CVE-2005-4175
	NOT-FOR-US: Insyde BIOS
CVE-2005-4174
	NOT-FOR-US: eFiction
CVE-2005-4173
	NOT-FOR-US: eFiction
CVE-2005-4172
	NOT-FOR-US: eFiction
CVE-2005-4171
	NOT-FOR-US: eFiction
CVE-2005-4170
	NOT-FOR-US: eFiction
CVE-2005-4169
	NOT-FOR-US: eFiction
CVE-2005-4168
	NOT-FOR-US: eFiction
CVE-2005-4167
	NOT-FOR-US: eFiction
CVE-2005-4166
	NOT-FOR-US: DUportal
CVE-2005-4165
	NOT-FOR-US: ASP-DEV ASP Resources Forum
CVE-2005-4178
	{DSA-923-1}
	- dropbear 0.47-1 (high)
CVE-2005-4164
	NOT-FOR-US: PHP-addressbook
CVE-2005-4163
	NOT-FOR-US: Captcha
CVE-2005-4162
	NOT-FOR-US: ACME PerlCal
CVE-2005-4161
	NOT-FOR-US: MilliScripts
CVE-2005-4160
	NOT-FOR-US: Torrential
CVE-2005-4159
	NOT-FOR-US: Simple Machines Forum
CVE-2005-4158
	{DSA-946-2}
	- sudo 1.6.8p12-1 (bug #342948; medium)
CVE-2005-4157
	NOT-FOR-US: Kerio Firewall
CVE-2005-4156
	NOT-FOR-US: Mambo
CVE-2005-4155
	NOT-FOR-US: ATutor
CVE-2005-4154
	- php5 5.1.1-1
	NOTE: PHP 5 in Debian is vulnerable according to the changelog.
CVE-2005-4153
	{DSA-955-1}
	- mailman 2.1.5-10
CVE-2005-4152
	NOT-FOR-US: Soti Pocket Controller-Professional
CVE-2005-4151
	NOT-FOR-US: PGP Desktop Home
CVE-2005-4150
	NOT-FOR-US: CA Clever Path
CVE-2005-4149
	NOT-FOR-US: Lyris ListManager
CVE-2005-4148
	NOT-FOR-US: Lyris ListManager
CVE-2005-4147
	NOT-FOR-US: Lyris ListManager
CVE-2005-4146
	NOT-FOR-US: Lyris ListManager
CVE-2005-4145
	NOT-FOR-US: Lyris ListManager
CVE-2005-4144
	NOT-FOR-US: Lyris ListManager
CVE-2005-4143
	NOT-FOR-US: Lyris ListManager
CVE-2005-4142
	NOT-FOR-US: Lyris ListManager
CVE-2005-4141
	NOT-FOR-US: ASPMForum
CVE-2005-4140
	NOT-FOR-US: Website Baker
CVE-2005-4139
	NOT-FOR-US: ThWboard
CVE-2005-4138
	NOT-FOR-US: ThWboard
CVE-2005-4137
	NOT-FOR-US: DRZES HMS
CVE-2005-4136
	NOT-FOR-US: DRZES HMS
CVE-2005-4135
	NOT-FOR-US: SimpleBBS
CVE-2005-4134
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (unimportant)
	- mozilla 2:1.7.13-0.1 (unimportant)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (unimportant)
	NOTE: Not exploitable beyond a sluggish browser startup, see
	NOTE: http://web.archive.org/web/20141206010602/https://www.mozilla.org/security/history-title.html
CVE-2005-4133
	NOT-FOR-US: Solaris
CVE-2005-4132
	NOT-FOR-US: Contenido
CVE-2005-4131
	NOT-FOR-US: Excel
CVE-2005-4130
	NOT-FOR-US: Pre-Notification for RealMedia vulnerability, which never appeared
CVE-2005-4129
	REJECTED
CVE-2005-4128
	REJECTED
CVE-2005-4127
	REJECTED
CVE-2005-4126
	NOT-FOR-US: Pre-Notification for RealMedia vulnerability, which never appeared
CVE-2005-4125
	REJECTED
CVE-2005-4124
	REJECTED
CVE-2005-4123
	REJECTED
CVE-2005-4122
	REJECTED
CVE-2005-4121
	REJECTED
CVE-2005-4120
	REJECTED
CVE-2005-4119
	REJECTED
CVE-2005-4118
	REJECTED
CVE-2005-4117
	REJECTED
CVE-2005-4116
	REJECTED
CVE-2005-4115
	REJECTED
CVE-2005-4114
	REJECTED
CVE-2005-4113
	REJECTED
CVE-2005-4112
	REJECTED
CVE-2005-4111
	REJECTED
CVE-2005-4110
	REJECTED
CVE-2005-4109
	REJECTED
CVE-2005-4108
	REJECTED
CVE-2005-4107
	REJECTED
CVE-2005-4106
	REJECTED
CVE-2005-4105
	REJECTED
CVE-2005-4104
	REJECTED
CVE-2005-4103
	REJECTED
CVE-2005-4102
	REJECTED
CVE-2005-4101
	REJECTED
CVE-2005-4100
	REJECTED
CVE-2005-4099
	REJECTED
CVE-2005-4098
	REJECTED
CVE-2005-4097
	REJECTED
CVE-2005-4096
	REJECTED
CVE-2005-4095
	NOT-FOR-US: DoceboLMS
CVE-2005-4094
	NOT-FOR-US: DoceboLMS
CVE-2005-4093
	NOT-FOR-US: Check Point
CVE-2005-4092
	NOT-FOR-US: Apple QuickTime
CVE-2005-4091
	NOT-FOR-US: 1-Script 1-Search
CVE-2005-4090
	NOT-FOR-US: HP-UX
CVE-2005-4089
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2005-4088
	NOT-FOR-US: phpForumPro
CVE-2005-4087
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2005-4086
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2005-4085
	NOT-FOR-US: BlueCoat WinProxy
CVE-2005-4084
	NOT-FOR-US: phpBB eXtreme Styles module
CVE-2005-4083
	NOT-FOR-US: phpBB eXtreme Styles module
CVE-2005-4082
	NOT-FOR-US: QNX
CVE-2005-4081
	NOT-FOR-US: Alisveristr E-commerce
CVE-2005-4080
	- imp4 4.0.4-1 (bug #342654; unimportant)
	NOTE: Internet Explorer bug, most definitely fixed since long, didn't check though
CVE-2005-4079
	- phpmyadmin <not-affected> (Affects only 2.7.0)
CVE-2005-4078
	NOT-FOR-US: Ideal BB.NET
CVE-2005-4076
	NOT-FOR-US: Appfluent Technology Database IDS 2.0
CVE-2005-4075
	NOT-FOR-US: CF_Nuke
CVE-2005-4074
	NOT-FOR-US: CF_Nuke
CVE-2005-4073
	NOT-FOR-US: Magic List Pro
CVE-2005-4072
	NOT-FOR-US: Magic Personal Forum
CVE-2005-4071
	NOT-FOR-US: Magic Personal Forum
CVE-2005-4070
	REJECTED
CVE-2005-4069
	NOT-FOR-US: Sony root kit
CVE-2005-4068
	NOT-FOR-US: AIX
CVE-2005-4067
	REJECTED
CVE-2005-4066
	NOT-FOR-US: Total Commander
CVE-2005-4065
	{DSA-951-2}
	- trac 0.9.2-1 (bug #342232; medium)
	[sarge] - trac 0.8.1-3sarge4
CVE-2005-4064
	NOT-FOR-US: A-FAQ
CVE-2005-4063
	NOT-FOR-US: NetAuctionHelp
CVE-2005-4062
	NOT-FOR-US: XcClassified
CVE-2005-4061
	NOT-FOR-US: XcPhotoAlbum
CVE-2005-4060
	NOT-FOR-US: rwAuction
CVE-2005-4059
	NOT-FOR-US: LocazoList
CVE-2005-4058
	NOT-FOR-US: saralblog
CVE-2005-4057
	NOT-FOR-US: PluggedOut Nexus
CVE-2005-4056
	NOT-FOR-US: PluggedOut Nexus
CVE-2005-4055
	NOT-FOR-US: Cars Portal
CVE-2005-4054
	NOT-FOR-US: PluggedOut Bot
CVE-2005-4053
	NOT-FOR-US: coWiki
CVE-2005-4052
	NOT-FOR-US: e107
CVE-2005-4051
	NOT-FOR-US: e107
CVE-2005-4050
	NOT-FOR-US: MultiVOIP hardware
CVE-2005-4049
	NOT-FOR-US: Blog System
CVE-2005-4048
	{DSA-1005-1 DSA-1004-1 DSA-992-1}
	- ffmpeg 0.cvs20050918-5.1 (bug #342207; medium)
	- xmovie <removed>
	- xine-lib 1.0.1-1.5 (bug #342208; medium)
	- mplayer <not-affected> (Fixed before initial upload)
	- gst-ffmpeg 0.8.7-5 (bug #343503; medium)
	- vlc 0.8.4.debian-2 (medium)
	NOTE: kino, smilutils, motion and vlc link statically against libavcodec, need a recompile once ffmpeg is fixed
	NOTE: smilutils, motion, kino link statically against libavcodec, but don't use the vulnerable function
CVE-2005-4047
	NOT-FOR-US: IISWorks ASPKnowledgeBase
CVE-2005-4046
	NOT-FOR-US: Sun Java System Application Server
CVE-2005-4045
	NOT-FOR-US: Sun Java System Messaging Server
CVE-2005-4044
	NOT-FOR-US: Amazon Search Directory
CVE-2005-4043
	NOT-FOR-US: Hobosworld HobSR
CVE-2005-4042
	NOT-FOR-US: Warm Links
CVE-2005-4041
	NOT-FOR-US: MR CGI Guy Hot Links SQL
CVE-2005-4040
	NOT-FOR-US: FileLister
CVE-2005-4039
	NOT-FOR-US: Web4Future Portal Solutions News Portal
CVE-2005-4038
	NOT-FOR-US: Web4Future Portal Solutions News Portal
CVE-2005-4037
	NOT-FOR-US: Web4Future Affiliate Manager
CVE-2005-4036
	NOT-FOR-US: Web4Future Keyboard Frequency Counter
CVE-2005-4035
	NOT-FOR-US: Web4Future eCommerce Enterprise Edition
CVE-2005-4034
	NOT-FOR-US: Web4Future eDating Professional
CVE-2005-4033
	NOT-FOR-US: Nodezilla
CVE-2005-4032
	NOT-FOR-US: Easy Search System
CVE-2005-4031
	- mediawiki <not-affected> (Only affects the 1.5 branch)
CVE-2005-4030
	NOT-FOR-US: Quicksilver Forums
CVE-2005-4029
	NOT-FOR-US: WebEOC
CVE-2005-4028
	NOT-FOR-US: aMember
CVE-2005-4027
	NOT-FOR-US: SimpleBBS
CVE-2005-4026
	NOT-FOR-US: Geeklog
CVE-2005-4025
	NOT-FOR-US: Help Desk Reloaded Free Help Desk
CVE-2005-4024
	NOT-FOR-US: Interspire FastFind
CVE-2005-4023
	- gallery2 2.0.2-1 (medium)
CVE-2005-4022
	- gallery2 2.0.2-1 (medium)
CVE-2005-4021
	- gallery2 2.0.2-1 (low)
CVE-2005-4020
	NOT-FOR-US: Widget Imprint
CVE-2005-4019
	NOT-FOR-US: Relative Real Estate Systems
CVE-2005-4018
	NOT-FOR-US: Landshop Real Estate Commerce System
CVE-2005-4017
	NOT-FOR-US: Widget Property
CVE-2005-4016
	NOT-FOR-US: Widget Property
CVE-2005-4015
	NOT-FOR-US: PHP Web Statistik
CVE-2005-4014
	NOT-FOR-US: PHP Web Statistik
CVE-2005-4013
	NOT-FOR-US: PHP Web Statistik
CVE-2005-4012
	NOT-FOR-US: PHP Web Statistik
CVE-2005-4011
	NOT-FOR-US: Codewalkers ltwCalendar
CVE-2005-4010
	NOT-FOR-US: Kbase Express
CVE-2005-4009
	NOT-FOR-US: PHP Lite Calender Express
CVE-2005-4008
	NOT-FOR-US: Jax Calendar
CVE-2005-4077
	{DSA-919-2}
	- curl 7.15.1-1 (bug #342339; bug #342696; medium)
CVE-2005-4007
	NOT-FOR-US: SAPID CMS
CVE-2005-4006
	NOT-FOR-US: SAPID CMS
CVE-2005-4005
	NOT-FOR-US: PHP-Fusion
CVE-2005-4004
	NOT-FOR-US: MyTemplateSite
CVE-2005-4003
	NOT-FOR-US: Absolute Shopping Package Solutions (ASPS) Shopping Cart
CVE-2005-4002
	NOT-FOR-US: WebEOC
CVE-2005-4001
	NOT-FOR-US: phpYellowTM Pro Edition
CVE-2005-4000
	NOT-FOR-US: SiteBeater News System
CVE-2005-3999
	NOT-FOR-US: SiteBeater MP3 Catalog
CVE-2005-3998
	NOT-FOR-US: Solupress News
CVE-2005-3997
	NOT-FOR-US: Zen Cart
CVE-2005-3996
	NOT-FOR-US: Zen Cart
CVE-2005-3995
	NOT-FOR-US: Sobexsrv
	NOTE: Checked obexserver source package, not vulnerable
CVE-2005-3994
	REJECTED
CVE-2005-3993
	NOT-FOR-US: MailEnable
CVE-2005-3992
	NOT-FOR-US: WinEggDropShell
CVE-2005-3991
	NOT-FOR-US: phpMyChat
CVE-2005-3990
	REJECTED
CVE-2005-3989
	NOT-FOR-US: Avaya hardware
CVE-2005-3988
	NOT-FOR-US: Pineapple Technologies Lore
CVE-2005-3987
	NOT-FOR-US: Tradesoft CMS
CVE-2005-3986
	NOT-FOR-US: Instant Photo Gallery
CVE-2005-3985
	NOT-FOR-US: Astaro Security Linux
CVE-2005-3984
	{DSA-1002-1}
	- webcalendar 1.0.2-1 (bug #342090)
CVE-2005-3983
	NOT-FOR-US: HP Systems Insight Manager
CVE-2005-3982
	{DSA-1002-1}
	- webcalendar 1.0.2-1 (bug #342090)
CVE-2005-3981
	NOT-FOR-US: Windows
CVE-2005-3980
	- trac 0.9.1-1 (bug #341697; medium)
	[sarge] - trac <not-affected>
CVE-2005-3979
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2005-3978
	NOT-FOR-US: NetClassifieds Premium Edition
CVE-2005-3977
	NOT-FOR-US: QualityEBiz Quality PPC
CVE-2005-3976
	NOT-FOR-US: Multipke DuWare products
CVE-2005-3975
	{DSA-958-1}
	- drupal 4.5.6-1 (bug #348811; medium)
CVE-2005-3974
	{DSA-958-1}
	- drupal 4.5.6-1 (low)
CVE-2005-3973
	{DSA-958-1}
	- drupal 4.5.6-1 (bug #348811; medium)
CVE-2005-3972
	NOT-FOR-US: Extreme Search Corporate Edition
CVE-2005-3971
	NOT-FOR-US: Citrix
CVE-2005-3970
	NOT-FOR-US: MXChange
CVE-2005-3969
	NOT-FOR-US: MXChange
CVE-2005-3968
	NOT-FOR-US: PHPX
CVE-2005-3967
	NOT-FOR-US: Atlassian Confluence
CVE-2005-3966
	NOT-FOR-US: Java Search Engine
CVE-2005-3965
	REJECTED
CVE-2005-3964
	- openmotif 2.2.3-1.4 (bug #342092; medium)
	[sarge] - openmotif <no-dsa> (Non-free)
CVE-2005-3963
	NOT-FOR-US: DotClear
CVE-2005-3962
	{DSA-943-1}
	- perl 5.8.7-9 (bug #341542; medium)
CVE-2005-3961
	{DSA-1002-1}
	- webcalendar 1.0.2-1 (bug #341208; medium)
CVE-2005-3960
	NOT-FOR-US: Kadu
CVE-2005-3959
	NOT-FOR-US: FreeWebStat
CVE-2005-3958
	NOT-FOR-US: Entergal MX
CVE-2005-3957
	NOT-FOR-US: DotClear
CVE-2005-3956
	NOT-FOR-US: DMANews
CVE-2005-3955
	NOT-FOR-US: MagpieRSS
CVE-2005-3954
	NOT-FOR-US: blogBuddies
CVE-2005-3953
	NOT-FOR-US: Bedeng PSP
CVE-2005-3952
	NOT-FOR-US: PHP Labs Top Auction
CVE-2005-3951
	NOT-FOR-US: PHP Labs Survey Wizard
CVE-2005-3950
	- nufw 1.0.16-1 (bug #341544; medium)
CVE-2005-3949
	{DSA-1002-1}
	- webcalendar 1.0.2-1 (bug #341208; medium)
CVE-2005-3948
	NOT-FOR-US: PHPAlbum
CVE-2005-3947
	NOT-FOR-US: PHP Upload Center
CVE-2005-3946
	NOT-FOR-US: Opera
CVE-2005-3945
	NOT-FOR-US: Microsoft
CVE-2005-3944
	NOT-FOR-US: ilyav Survey System
CVE-2005-3943
	NOT-FOR-US: ilyav Survey System
CVE-2005-3942
	NOT-FOR-US: Orca Knowledgebase
CVE-2005-3941
	NOT-FOR-US: Orca Blog
CVE-2005-3940
	NOT-FOR-US: Orca Ringmaker
CVE-2005-3939
	NOT-FOR-US: WSN Knowledge Base
CVE-2005-3938
	NOT-FOR-US: Softbiz FAQ
CVE-2005-3937
	NOT-FOR-US: Softbiz B2B
CVE-2005-3936
	NOT-FOR-US: SocketKB
CVE-2005-3935
	NOT-FOR-US: SocketKB
CVE-2005-3934
	NOT-FOR-US: pcAnywhere
CVE-2005-3933
	NOT-FOR-US: 88Script's Event Calendar
CVE-2005-3932
	NOT-FOR-US: O-Kiraku Nikki
CVE-2005-3931
	NOT-FOR-US: ASP-Rider
CVE-2005-3930
	NOT-FOR-US: N-13 News
CVE-2005-3929
	NOT-FOR-US: Xaraya
	NOTE: xarMLSXML2PHPBackend.php, 'nuff said
CVE-2005-3928
	NOT-FOR-US: QNX
CVE-2005-3927
	NOT-FOR-US: GuppY
CVE-2005-3926
	NOT-FOR-US: GuppY
CVE-2005-3925
	NOT-FOR-US: Central Manchester CLC Helpdesk Issue Manager
CVE-2005-3924
	NOT-FOR-US: Randshop
CVE-2005-3923
	NOT-FOR-US: NetObjects Fusion
CVE-2005-3922
	NOT-FOR-US: Panda Antivirus
CVE-2005-3921
	NOT-FOR-US: IOS
CVE-2005-3920
	NOT-FOR-US: Babe Logger
CVE-2005-3919
	NOT-FOR-US: PBLang
CVE-2005-3918
	NOT-FOR-US: OvBB
CVE-2005-3917
	NOT-FOR-US: CommidityRentals
CVE-2005-3916
	NOT-FOR-US: WSN Forum
CVE-2005-3915
	NOT-FOR-US: Clavister Web Client
CVE-2005-3914
	NOT-FOR-US: AFFcommerce
CVE-2005-3913
	NOT-FOR-US: Virtual Hosting Control System
CVE-2005-3912
	{DSA-1199-1}
	- webmin <not-affected> (Fixed through corrected Perl)
	NOTE: No longer exploitable with Perl 5.8.7-9, thus no dedicated Webmin updated
CVE-2005-3911
	NOT-FOR-US: BosDates
CVE-2005-3910
	NOT-FOR-US: Post Affiliate Pro
CVE-2005-3909
	NOT-FOR-US: Post Affiliate Pro
CVE-2005-3908
	NOT-FOR-US: GhostScripter Amazon Shop
CVE-2005-3907
	NOT-FOR-US: Sun Java
CVE-2005-3906
	NOT-FOR-US: Sun Java
CVE-2005-3905
	NOT-FOR-US: Sun Java
CVE-2005-3904
	NOT-FOR-US: Sun Java
CVE-2005-3903
	NOT-FOR-US: SCO Unixware
CVE-2005-3902
	NOT-FOR-US: Virtual Hosting Control System
CVE-2005-3901
	NOT-FOR-US: Flash MX
CVE-2005-3900
	NOT-FOR-US: Macromedia Breeze
CVE-2005-3899
	NOT-FOR-US: Google Talk
CVE-2005-3898
	REJECTED
CVE-2005-3897
	NOT-FOR-US: Safari
	NOTE: Not reproducible with konqueror 4:3.4.2-4.
CVE-2005-3896
	NOTE: maintainers don't believe it is a security bug and can't reproduce after 1.5.dfsg-1
	- firefox 1.5.dfsg-1 (bug #340283; bug #345469; unimportant)
	- mozilla-firefox 1.4.99+1.5rc3.dfsg-2 (bug #340283; bug #345469; unimportant)
	- mozilla <removed> (bug #340282; unimportant)
CVE-2005-3895
	{DSA-973-1}
	- otrs 2.0.4p01-1 (bug #340352; medium)
CVE-2005-3894
	{DSA-973-1}
	- otrs 2.0.4p01-1 (bug #340352; medium)
CVE-2005-3893
	{DSA-973-1}
	- otrs 2.0.4p01-1 (bug #340352; medium)
CVE-2005-3892
	NOT-FOR-US: Gadu-Gadu
CVE-2005-3891
	NOT-FOR-US: Gadu-Gadu
CVE-2005-3890
	NOT-FOR-US: Gadu-Gadu
CVE-2005-3889
	NOT-FOR-US: Gadu-Gadu
CVE-2005-3888
	NOT-FOR-US: Gadu-Gadu
CVE-2005-3887
	NOT-FOR-US: Gadu-Gadu
CVE-2005-3886
	NOT-FOR-US: Cisco
CVE-2005-3885
	{DSA-916-1}
	- inkscape 0.42-1 (bug #321501; low)
CVE-2005-3884
	NOT-FOR-US: Zaimu
CVE-2005-3883
	- php4 4:4.4.2-1 (bug #341726; medium)
	- php5 5.1.1-1 (bug #341368; medium)
	[sarge] - php4 <no-dsa> (application's job to sanitize input)
CVE-2005-3882
	NOT-FOR-US: FAQRing Knowledge Base
CVE-2005-3881
	NOT-FOR-US: AtlantisFAQ Knowledge Base
CVE-2005-3880
	NOT-FOR-US: Omnistar KBase
CVE-2005-3879
	NOT-FOR-US: Softbiz Resource Repository Script
CVE-2005-3878
	NOT-FOR-US: PHP Doc System
CVE-2005-3877
	NOT-FOR-US: Simple Document Management System
CVE-2005-3876
	NOT-FOR-US: AD Center ADC2000 NG Pro
CVE-2005-3875
	NOT-FOR-US: Enterprise Connector
CVE-2005-3874
	NOT-FOR-US: Netzbrett
CVE-2005-3873
	NOT-FOR-US: ShockBoard
CVE-2005-3872
	NOT-FOR-US: Ugroup
CVE-2005-3871
	NOT-FOR-US: JBB
CVE-2005-3870
	NOT-FOR-US: edmoBBS
CVE-2005-3869
	NOT-FOR-US: Google API
CVE-2005-3868
	NOT-FOR-US: K-Search
CVE-2005-3867
	NOT-FOR-US: RevenuePilot Search Engine
CVE-2005-3866
	NOT-FOR-US: SearchFeed Search Engine
CVE-2005-3865
	NOT-FOR-US: AllWeb search
CVE-2005-3864
	NOT-FOR-US: SourceWell
CVE-2005-3863
	{DSA-1088-1 DSA-1083-1 DTSA-23-1}
	- centericq 4.21.0-6 (bug #340959; medium)
	- orpheus 1.5-5 (bug #368402; medium)
	- motor 2:3.4.0-6 (bug #368400; medium)
	NOTE: DTSA is for centericq only
	NOTE: This affects Sarge and Woody centericq
	NOTE: This affects Sarge and Woody motor
CVE-2005-3862
	{DSA-959-1}
	- unalz 0.55-1 (bug #340842; medium)
CVE-2005-3861
	NOT-FOR-US: phpGreetz
CVE-2005-3860
	NOT-FOR-US: Oliver May Athena PHP Website Administration
CVE-2005-3859
	NOT-FOR-US: Q-News
CVE-2005-3858
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.12-6
CVE-2005-3856
	- krusader 1.70.0-1 (bug #336169; low)
	[sarge] - krusader <not-affected>
	NOTE: This seems to be a dupe of CVE-2006-3816, pinged MITRE
CVE-2005-3855
	NOT-FOR-US: 1-2-3 music store
CVE-2005-3854
	NOT-FOR-US: EasyPageCMS
CVE-2005-3853
	NOT-FOR-US: sNews
CVE-2005-3852
	NOT-FOR-US: Online Work Order Suite
CVE-2005-3851
	NOT-FOR-US: Online Attendance System
CVE-2005-3850
	NOT-FOR-US: Online Knowledge Base System
CVE-2005-3846
	NOT-FOR-US: Fantastic News
CVE-2005-3845
	NOT-FOR-US: EZ Invoice Inc
CVE-2005-3844
	NOT-FOR-US: phpWordpress, this is not the same as Wordpress
CVE-2005-3843
	NOT-FOR-US: Nicecode iDesk
CVE-2005-3842
	NOT-FOR-US: pdjk-support suite
CVE-2005-3841
	NOT-FOR-US: kPlaylist
CVE-2005-3840
	NOT-FOR-US: Omnistar Live
CVE-2005-3839
	NOT-FOR-US: SupportPRO Supportdesk
CVE-2005-3838
	NOT-FOR-US: IsolSoft Support Center
CVE-2005-3837
	NOT-FOR-US: sCssBoard
CVE-2005-3836
	NOT-FOR-US: DeskLance
CVE-2005-3835
	NOT-FOR-US: DeskLance
CVE-2005-3834
	NOT-FOR-US: Tunez
CVE-2005-3833
	NOT-FOR-US: Tunez
CVE-2005-3832
	NOT-FOR-US: SpeedProject products
CVE-2005-3831
	NOT-FOR-US: SpeedProject products
CVE-2005-3830
	NOT-FOR-US: ActiveCampaign SupportTrio
CVE-2005-3829
	NOT-FOR-US: ActiveCampaign SupportTrio
CVE-2005-3828
	NOT-FOR-US: ActiveCampaign SupportTrio
CVE-2005-3827
	NOT-FOR-US: AgileBill
CVE-2005-3826
	NOT-FOR-US: Ezyhelpdesk
CVE-2005-3825
	NOT-FOR-US: Comdev Vote Caster
CVE-2005-3824
	NOT-FOR-US: vTiger CRM
CVE-2005-3823
	NOT-FOR-US: vTiger CRM
CVE-2005-3822
	NOT-FOR-US: vTiger CRM
CVE-2005-3821
	NOT-FOR-US: vTiger CRM
CVE-2005-3820
	NOT-FOR-US: vTiger CRM
CVE-2005-3819
	NOT-FOR-US: vTiger CRM
CVE-2005-3818
	NOT-FOR-US: vTiger CRM
CVE-2005-3817
	NOT-FOR-US: Softbiz Web Host Directory
CVE-2005-3816
	NOT-FOR-US: freeForum
CVE-2005-3815
	NOT-FOR-US: Orca Forum
CVE-2005-3814
	NOT-FOR-US: SmartPPC Pro
CVE-2005-3813
	NOT-FOR-US: MailEnable
CVE-2005-3812
	NOT-FOR-US: freeFTPd
CVE-2005-3811
	NOT-FOR-US: AMAX Magic Winmail Server
CVE-2005-3806
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.14-1 (medium)
CVE-2005-3805
	- linux-2.6 2.6.14-1 (medium)
CVE-2005-3804
	NOT-FOR-US: Cisco
CVE-2005-3803
	NOT-FOR-US: Cisco
CVE-2005-3802
	NOT-FOR-US: Belkin hardware
CVE-2005-3801
	NOT-FOR-US: PasswordSafe
CVE-2005-3800
	NOT-FOR-US: Macromedia Contribute Publishing Server
CVE-2005-3799
	- phpbb2 <unfixed> (unimportant)
	NOTE: Not a real security problem, error messages might disclose the installation
	NOTE: which is known for the Debian package anyway
CVE-2005-3798
	NOT-FOR-US: AlstraSoft Template Seller
CVE-2005-3797
	NOT-FOR-US: AlstraSoft Template Seller
CVE-2005-3796
	NOT-FOR-US: AlstraSoft Affiliate Network
CVE-2005-3795
	NOT-FOR-US: AlstraSoft Affiliate Network
CVE-2005-3794
	NOT-FOR-US: AlstraSoft Affiliate Network
CVE-2005-3793
	NOT-FOR-US: AlstraSoft Affiliate Network
CVE-2005-3792
	NOT-FOR-US: PHP-Nuke
CVE-2005-3791
	NOT-FOR-US: phpAdsNew and phpPgAds
CVE-2005-3790
	NOT-FOR-US: phpwcms
CVE-2005-3789
	NOT-FOR-US: phpwcms
CVE-2005-3788
	NOT-FOR-US: Cisco
CVE-2005-3787
	{DSA-880-1}
	- phpmyadmin 4:2.6.4-pl4-1 (bug #360726)
CVE-2005-3786
	NOT-FOR-US: Novell ZENworks
CVE-2005-3785
	NOT-FOR-US: Ebuild IndeX
CVE-2005-3784
	{DSA-1017-1}
	- linux-2.6 2.6.15-1 (medium)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3783
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.14-3 (medium)
CVE-2005-3782
	NOT-FOR-US: Apple
CVE-2005-3848
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.13-1
CVE-2005-3847
	{DSA-1017-1}
	- linux-2.6 2.6.13-1
CVE-2005-3849
	NOT-FOR-US: PmWiki
CVE-2005-3781
	NOT-FOR-US: Solaris
CVE-2005-3780
	NOT-FOR-US: IPUpdate
CVE-2005-3779
	NOT-FOR-US: HP-UX
CVE-2005-3778
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-3777
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-3776
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-3775
	NOT-FOR-US: PollVote
CVE-2005-3774
	NOT-FOR-US: Cisco
CVE-2005-3773
	NOT-FOR-US: Joomla!
CVE-2005-3772
	NOT-FOR-US: Joomla!
CVE-2005-3771
	NOT-FOR-US: Joomla!
CVE-2005-3770
	NOT-FOR-US: PHP-Post
CVE-2005-3769
	NOT-FOR-US: PHP Download Manager
CVE-2005-3768
	NOT-FOR-US: Symantec appliances
CVE-2005-3767
	NOT-FOR-US: Exponent CMS
CVE-2005-3766
	NOT-FOR-US: Exponent CMS
CVE-2005-3765
	NOT-FOR-US: Exponent CMS
CVE-2005-3764
	NOT-FOR-US: Exponent CMS
CVE-2005-3763
	NOT-FOR-US: Exponent CMS
CVE-2005-3762
	NOT-FOR-US: Exponent CMS
CVE-2005-3761
	NOT-FOR-US: Exponent CMS
CVE-2005-3760
	NOT-FOR-US: WebSphere
CVE-2005-3758
	NOT-FOR-US: Google search appliance
CVE-2005-3757
	NOTE: XSLTs can call arbitrary java methods in libsaxon-java. This behaviour
	NOTE: is well documented and can be switched off. Let's hope that all users
	NOTE: of saxon are aware of this. A warning has been added to the readme.
	NOTE: Current rdependencies:
	- ooo2dbk <not-affected> (uses it's own xslt unless overridden by command line arg)
CVE-2005-3756
	NOT-FOR-US: Google search appliance
CVE-2005-3755
	NOT-FOR-US: Google search appliance
CVE-2005-3754
	NOT-FOR-US: Google search appliance
CVE-2005-3750
	NOT-FOR-US: Opera
CVE-2005-3749
	NOT-FOR-US: AIX
CVE-2005-3748
	NOT-FOR-US: Tru-Zone Nuke ET
CVE-2005-3747
	- jetty 5.1.8-1 (bug #340582; medium)
CVE-2005-3746
	NOT-FOR-US: APBoard
CVE-2005-3745
	- libstruts1.2-java 1.2.8-1 (bug #340583; medium)
	[sarge] - libstruts1.2-java <no-dsa> (Only in contrib, relies on proprietary Java)
CVE-2005-3744
	NOT-FOR-US: phpComasy
CVE-2005-3743
	NOT-FOR-US: SimplePoll
CVE-2005-3742
	NOT-FOR-US: Advanced Poll
CVE-2005-3741
	NOT-FOR-US: Almond Classifieds
CVE-2005-3740
	NOT-FOR-US: PHP-Fusion
CVE-2005-3739
	NOT-FOR-US: PHP-Fusion
CVE-2005-3738
	NOT-FOR-US: Mambo
CVE-2005-3737
	{DSA-916-1 DTSA-24-1}
	- inkscape 0.43-1 (bug #330894; medium)
CVE-2005-3736
	NOT-FOR-US: e-Quick Cart
CVE-2005-3735
	NOT-FOR-US: e-Quick Cart
CVE-2005-3734
	NOT-FOR-US: phpMyFAQ
CVE-2005-3733
	NOT-FOR-US: Juniper products using IKE
CVE-2005-3732
	{DSA-965-1}
	- ipsec-tools 1:0.6.3-1 (bug #340584; low)
CVE-2005-3808
	- linux-2.6 2.6.14-4 (medium)
	[sarge] - kernel-source-2.4.27 <not-affected> (Vulnerable code not present)
	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not present)
CVE-2005-3809
	- linux-2.6 2.6.14-4 (medium)
	[sarge] - kernel-source-2.4.27 <not-affected> (Vulnerable code not present)
	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not present)
CVE-2005-3810
	- linux-2.6 2.6.14-4 (medium)
	[sarge] - kernel-source-2.4.27 <not-affected> (Vulnerable code not present)
	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not present)
CVE-2005-3759
	{DSA-909-1}
	- horde3 3.0.7-1 (bug #340323; medium)
CVE-2005-3731
	- cyassl <not-affected> (Fixed before initial upload to archive)
CVE-2005-3730
	NOT-FOR-US: Revize CMS
CVE-2005-3729
	NOT-FOR-US: Revize CMS
CVE-2005-3728
	NOT-FOR-US: Revize CMS
CVE-2005-3727
	NOT-FOR-US: Revize CMS
CVE-2005-3726
	NOT-FOR-US: ArticleLive NX
CVE-2005-3725
	NOT-FOR-US: Zyxel WIFI Phone
CVE-2005-3724
	NOT-FOR-US: Zyxel WIFI Phone
CVE-2005-3723
	NOT-FOR-US: Hitachi WIFI Phone
CVE-2005-3722
	NOT-FOR-US: Hitachi WIFI Phone
CVE-2005-3721
	NOT-FOR-US: Hitachi WIFI Phone
CVE-2005-3720
	NOT-FOR-US: Hitachi WIFI Phone
CVE-2005-3719
	NOT-FOR-US: Hitachi WIFI Phone
CVE-2005-3718
	NOT-FOR-US: UTStarcom WIFI Phone
CVE-2005-3717
	NOT-FOR-US: UTStarcom WIFI Phone
CVE-2005-3716
	NOT-FOR-US: UTStarcom WIFI Phone
CVE-2005-3715
	NOT-FOR-US: Senao Wireless VoIP Phone
CVE-2005-3699
	NOT-FOR-US: Opera
CVE-2005-3698
	NOT-FOR-US: PHP Easy Download
CVE-2005-3697
	NOT-FOR-US: Uresk Links Lite
CVE-2005-3696
	NOT-FOR-US: Arki-DB
CVE-2005-3695
	NOT-FOR-US: LiteSpeed Webserver
CVE-2005-3694
	{DSA-912-1}
	- centericq 4.21.0-4 (bug #334089; low)
CVE-2005-3693
	NOT-FOR-US: SunnComm MediaMax DRM
CVE-2005-3692
	NOT-FOR-US: AMAX Magic Winmail Server
CVE-2005-3691
	NOT-FOR-US: MailEnable Professional
CVE-2005-3690
	NOT-FOR-US: MailEnable Professional
CVE-2005-3689
	NOT-FOR-US: XMB
CVE-2005-3688
	NOT-FOR-US: XMB
CVE-2005-3687
	NOT-FOR-US: WHM AutoPilot
CVE-2005-3686
	NOT-FOR-US: Unclassified Newsboard
CVE-2005-3685
	NOT-FOR-US: VP-ASP Shopping Cart
CVE-2005-3684
	NOT-FOR-US: freeFTPd
CVE-2005-3683
	NOT-FOR-US: freeFTPd
CVE-2005-3682
	NOT-FOR-US: Wizz Forum
CVE-2005-3681
	NOT-FOR-US: Xoops
CVE-2005-3680
	NOT-FOR-US: Xoops
CVE-2005-3679
	NOT-FOR-US: ActiveCampaign 1-2-All Broadcast Email
CVE-2005-3678
	NOT-FOR-US: Google Talk
CVE-2005-3677
	- helix-player <not-affected>
CVE-2005-3676
	NOT-FOR-US: PhpWebThings
CVE-2005-3675
	NOTE: Generic protocol weakness, likely hard to fix at the kernel
	NOTE: level without performance impact.
CVE-2005-3674
	NOT-FOR-US: libike from Solaris
CVE-2005-3673
	NOT-FOR-US: Check Point's IKE implementation
CVE-2005-3672
	NOT-FOR-US: StoneGate's IKE implementation
CVE-2005-3671
	- openswan 1:2.4.4-1 (bug #339082; low)
	[sarge] - openswan <no-dsa> (Only exploitable in inherently insecure mode of operation)
	NOTE: Initial 2.4.3 didn't fix all the issues from the NISCC report
CVE-2005-3670
	NOT-FOR-US: HP-UX's IKE implementation
CVE-2005-3669
	NOT-FOR-US: Cisco
CVE-2005-3668
	NOT-FOR-US: Just a "meta CVE" for all the IKE issues, will possibly be rejected
CVE-2005-3667
	NOT-FOR-US: Just a "meta CVE" for all the IKE issues, will possibly be rejected
CVE-2005-3666
	NOT-FOR-US: Just a "meta CVE" for all the IKE issues, will possibly be rejected
CVE-2005-3665
	{DSA-1207-1}
	- phpmyadmin 4:2.6.4-pl4-2 (bug #340438; medium)
CVE-2005-XXXX [unsafe file permissions in vpnc]
	- vpnc 0.3.3+SVN20051028-3 (bug #340105; unimportant)
	NOTE: Only an example file
CVE-2005-3714
	NOT-FOR-US: Apple AirPort
CVE-2005-3713
	NOT-FOR-US: Apple Quicktime
CVE-2005-3712
	NOT-FOR-US: Apple
CVE-2005-3711
	NOT-FOR-US: Apple Quicktime
CVE-2005-3710
	NOT-FOR-US: Apple Quicktime
CVE-2005-3709
	NOT-FOR-US: Apple Quicktime
CVE-2005-3708
	NOT-FOR-US: Apple Quicktime
CVE-2005-3707
	NOT-FOR-US: Apple Quicktime
CVE-2005-3706
	NOT-FOR-US: Mac OS X
CVE-2005-3705
	NOT-FOR-US: Mac OS X
CVE-2005-3704
	NOT-FOR-US: Mac OS X
CVE-2005-3703
	REJECTED
CVE-2005-3702
	NOT-FOR-US: Safari
CVE-2005-3701
	NOT-FOR-US: Mac OS X
CVE-2005-3700
	NOT-FOR-US: Mac OS X
CVE-2005-3664
	NOT-FOR-US: Kaspersky AV
CVE-2005-3663
	NOT-FOR-US: Kaspersky AV
CVE-2005-3662
	{DSA-904-1}
	- netpbm-free 2:10.0-10.1 (medium; bug #351639)
CVE-2005-3661
	NOT-FOR-US: Dell hardware issue
CVE-2005-3660
	- linux <unfixed> (unimportant)
	- linux-2.6 <removed> (unimportant)
	NOTE: Design limitation, for rare corner cases, where this poses a problem advanced
	NOTE: resource management systems can be deployed
CVE-2005-3659
	NOT-FOR-US: EMC Legato NetWorker
CVE-2005-3658
	NOT-FOR-US: EMC Legato NetWorker
CVE-2005-3657
	NOT-FOR-US: McAfee
CVE-2005-3656
	{DSA-935-1}
	[sarge] - libapache2-mod-auth-pgsql 2.0.2b1-5sarge0
	- libapache2-mod-auth-pgsql 2.0.2b1-7
	- libapache-mod-auth-pgsql <not-affected> (Does not contain the vulnerable ap_log_rerror() function)
CVE-2005-3655
	NOT-FOR-US: Novell Open Enterprise Server
CVE-2005-3654
	NOT-FOR-US: Blue Coat WinProxy
CVE-2005-3653
	NOT-FOR-US: IGateway
CVE-2005-3652
	NOT-FOR-US: Citrix
CVE-2005-3651
	{DSA-920-1}
	- ethereal 0.10.13-1.1 (bug #342911; medium)
CVE-2005-3650
	NOT-FOR-US: Sony Root Kit Uninstaller
CVE-2005-3649
	NOTE: only exploitable in certian configurations (non-default)
	NOTE: warning added..
	- moodle 1.5.3+20060108-1 (bug #338592; low)
	[sarge] - moodle <not-affected> (Isn't explotable in sarge)
CVE-2005-3648
	- moodle 1.5.3+20060108-1 (bug #338592; low)
	[sarge] - moodle <no-dsa> (Only exploitable in strange PHP setups)
CVE-2005-3647
	NOT-FOR-US: Folder Guard
CVE-2005-3646
	NOT-FOR-US: phpAdsNews
CVE-2005-3645
	NOT-FOR-US: phpAdsNews
CVE-2005-3644
	NOT-FOR-US: Windows
CVE-2005-3643
	NOT-FOR-US: DB2
CVE-2005-3642
	NOT-FOR-US: Informix
CVE-2005-3641
	NOT-FOR-US: Oracle
CVE-2005-3640
	NOT-FOR-US: FTGate
CVE-2005-3639
	NOT-FOR-US: Help Center Live
CVE-2005-3638
	NOT-FOR-US: Ekinboard
CVE-2005-3637
	REJECTED
CVE-2005-3636
	NOT-FOR-US: SAP Web Application Server
CVE-2005-3635
	NOT-FOR-US: SAP Web Application Server
CVE-2005-3634
	NOT-FOR-US: SAP Web Application Server
CVE-2005-3633
	NOT-FOR-US: SAP Web Application Server
CVE-2005-3632
	{DSA-904-1}
	- netpbm-free 2:10.0-10.1 (medium; bug #351639)
CVE-2005-3631
	- udev <not-affected> (Red Hat specific)
CVE-2005-3630
	NOT-FOR-US: Fedora Directory Server
CVE-2005-3629
	NOTE: current sudo cleans the environment, so we are not affected
	- sysvconfig <not-affected> (sudo cleans env anyway)
CVE-2005-3628
	{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
	- kdegraphics 4:3.5.0-3
	- gpdf 2.10.0-2 (bug #342286)
	- xpdf 3.01-4
	- koffice 1:1.4.2-6 (bug #342294)
	- libextractor 0.5.9-1
	- pdfkit.framework 0.8-4
	- pdftohtml 0.36-12
	- cupsys 1.1.22-7
	- cups 1.1.22-7
	NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
	- tetex-bin 3.0-12
	NOTE: tetex-bin switched to poppler in 3.0-12.
CVE-2005-3627
	{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
	- poppler 0.4.4-1 (bug #346076)
	- kdegraphics 4:3.5.0-3
	- gpdf 2.10.0-2 (bug #342286)
	- xpdf 3.01-4
	- koffice 1:1.4.2-6 (bug #342294)
	- libextractor 0.5.9-1
	- pdfkit.framework 0.8-4
	- pdftohtml 0.36-12
	- cupsys 1.1.22-7
	- cups 1.1.22-7
	NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
	- tetex-bin 3.0-12
	NOTE: tetex-bin switched to poppler in 3.0-12.
CVE-2005-3626
	{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
	- poppler 0.4.3-2
	- kdegraphics 4:3.5.0-3
	- xpdf 3.01-4
	- gpdf 2.10.0-2 (bug #342286)
	- koffice 1:1.4.2-6 (bug #342294)
	- libextractor 0.5.9-1
	- pdfkit.framework 0.8-4
	- pdftohtml 0.36-12
	- cupsys 1.1.22-7
	- cups 1.1.22-7
	NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
	- tetex-bin 3.0-12
	NOTE: tetex-bin switched to poppler in 3.0-12.
CVE-2005-3625
	{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
	- poppler 0.4.4-1 (bug #346076)
	- tetex-bin 3.0-12
	- kdegraphics 4:3.5.0-3
	- xpdf 3.01-4
	- gpdf 2.10.0-2 (bug #342286)
	- koffice 1:1.4.2-6 (bug #342294)
	- libextractor 0.5.9-1
	- pdfkit.framework 0.8-4
	- pdftohtml 0.36-12
	- cups 1.1.22-7
	- cupsys 1.1.22-7
	NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
	NOTE: tetex-bin switched to poppler in 3.0-12.
CVE-2005-3624
	{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
	- poppler 0.4.4-1 (bug #346076)
	- tetex-bin 3.0-12
	- gpdf 2.10.0-2 (bug #342286)
	- kdegraphics 4:3.5.0-3
	- xpdf 3.01-4
	- koffice 1:1.4.2-6 (bug #342294)
	- libextractor 0.5.9-1
	- pdfkit.framework 0.8-4
	- pdftohtml 0.36-12
	- cups 1.1.22-7
	- cupsys 1.1.22-7
	NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
	NOTE: tetex-bin switched to poppler in 3.0-12.
CVE-2005-3623
	[sarge] - kernel-source-2.6.8 <not-affected> (Does not contain NFS ACLs)
	- linux-2.6 2.6.14-7
CVE-2005-3622
	- phpmyadmin <unfixed> (unimportant)
CVE-2005-3620
	NOT-FOR-US: VMware ESX
CVE-2005-3619
	NOT-FOR-US: VMware ESX
CVE-2005-3618
	NOT-FOR-US: VMWare ESX
CVE-2005-3617
	RESERVED
CVE-2005-3616
	RESERVED
CVE-2005-3615
	RESERVED
CVE-2005-3614
	RESERVED
CVE-2005-3613
	RESERVED
CVE-2005-3612
	RESERVED
CVE-2005-3611
	RESERVED
CVE-2005-3610
	RESERVED
CVE-2005-3609
	RESERVED
CVE-2005-3608
	RESERVED
CVE-2005-3607
	RESERVED
CVE-2005-3606
	RESERVED
CVE-2005-3605
	RESERVED
CVE-2005-3604
	RESERVED
CVE-2005-3603
	RESERVED
CVE-2005-3602
	RESERVED
CVE-2005-3601
	RESERVED
CVE-2005-3600
	RESERVED
CVE-2005-3599
	RESERVED
CVE-2005-3598
	RESERVED
CVE-2005-3597
	REJECTED
CVE-2005-3596
	NOT-FOR-US: ASPKnowledgebase
CVE-2005-3595
	NOT-FOR-US: Windows XP
CVE-2005-3594
	NOT-FOR-US: e107
CVE-2005-3592
	NOT-FOR-US: CuteNews
CVE-2005-3591
	- flashplugin-nonfree 7.0.61-1 (bug #339290; high)
	[sarge] - flashplugin-nonfree <no-dsa> (Only affects proprietary Flash plugin)
CVE-2005-3589
	NOT-FOR-US: FileZilla Server
CVE-2005-3588
	NOT-FOR-US: Advanced Guestbook
CVE-2005-3587
	{DSA-947-1}
	- clamav 0.87.1-1 (medium)
	NOTE: sarge is affected (not in oldstable)
CVE-2005-3586
	NOT-FOR-US: Mambo
CVE-2005-3585
	NOT-FOR-US: PhpWebThings
CVE-2005-3584
	NOT-FOR-US: PhpWebThings
CVE-2005-3583
	NOT-FOR-US: Sun Java
CVE-2005-3582
	- imagemagick <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-3581
	- gdal <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-3580
	- qdbm <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-3579
	NOT-FOR-US: Walla TeleSite
CVE-2005-3578
	NOT-FOR-US: Walla TeleSite
CVE-2005-3577
	NOT-FOR-US: Walla TeleSite
CVE-2005-3576
	NOT-FOR-US: Walla TeleSite
CVE-2005-3575
	NOT-FOR-US: Cyphor
CVE-2005-3574
	NOT-FOR-US: iCMS
CVE-2005-3573
	{DSA-955-1}
	- mailman 2.1.5-10 (bug #327732; bug #339095; medium)
CVE-2005-3572
	NOT-FOR-US: Peel
CVE-2005-3571
	NOT-FOR-US: protection.php from several crappy web apps not in Debian
CVE-2005-3570
	{DSA-914-1}
	- horde2 2.2.9-1 (bug #338983)
CVE-2005-3569
	NOT-FOR-US: DB2
CVE-2005-3568
	NOT-FOR-US: DB2
CVE-2005-3567
	NOT-FOR-US: Tivoli
CVE-2005-3566
	NOT-FOR-US: VERITAS Cluster Server
CVE-2005-3565
	NOT-FOR-US: HP-UX
CVE-2005-3564
	NOT-FOR-US: HP-UX
CVE-2005-3563
	REJECTED
CVE-2005-3562
	REJECTED
CVE-2005-3561
	REJECTED
CVE-2005-3560
	NOT-FOR-US: Zone Labs
CVE-2005-3559
	{DSA-1048-1}
	- asterisk 1:1.2.7.1.dfsg-2 (bug #338116; medium)
CVE-2005-3558
	NOT-FOR-US: OSTE
CVE-2005-3557
	NOT-FOR-US: PHPList
CVE-2005-3556
	NOT-FOR-US: PHPList
CVE-2005-3555
	NOT-FOR-US: PHPList
CVE-2005-3554
	NOT-FOR-US: PHPKIT
CVE-2005-3553
	NOT-FOR-US: PHPKIT
CVE-2005-3552
	NOT-FOR-US: PHPKIT
CVE-2005-3551
	NOT-FOR-US: toendaCMS
CVE-2005-3550
	NOT-FOR-US: toendaCMS
CVE-2005-3549
	NOT-FOR-US: Invision Power Board
CVE-2005-3548
	NOT-FOR-US: Invision Power Board
CVE-2005-3547
	NOT-FOR-US: Invision Power Board
CVE-2005-3546
	NOT-FOR-US: F-Secure Internet Gatekeeper and Antivirus Gateway
CVE-2005-3545
	NOT-FOR-US: ibProArcade
CVE-2005-3544
	NOT-FOR-US: XMB
CVE-2005-3543
	NOT-FOR-US: Phorum
CVE-2005-3542
	REJECTED
CVE-2005-3541
	RESERVED
CVE-2005-3540
	{DSA-929-1}
	- petris 1.0.1-5
CVE-2005-3539
	{DSA-933-1}
	- hylafax 2:4.2.4-2 (bug #347298)
	NOTE: First patch had regressions
CVE-2005-3538
	- hylafax 2:4.2.4-1
	[sarge] - hylafax <not-affected> (Affected only 4.2.3)
	[woody] - hylafax <not-affected> (Affected only 4.2.3)
CVE-2005-3537
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; medium)
CVE-2005-3536
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; medium)
CVE-2005-3535
	{DSA-926-1}
	- ketm 0.0.6-17sarge1 (low)
CVE-2005-3534
	{DSA-924-1}
	- nbd 1:2.8.3-1
CVE-2005-3533
	{DSA-918-1}
	- osh 1.7-15
CVE-2005-3532
	{DSA-917-1}
	- courier 0.47-12 (bug #211920; medium)
CVE-2005-3531
	{DTSA-27-1}
	- fuse 2.4.1-0.1 (bug #340398; low)
	[sarge] - fuse <no-dsa> (Minor local DoS)
CVE-2005-3530
	NOT-FOR-US: Antville
CVE-2005-3529
	NOT-FOR-US: TikiWiki
CVE-2005-3528
	NOT-FOR-US: TikiWiki
CVE-2005-3527
	- linux-2.6 2.6.14-1 (low)
	- kernel-source-2.4.27 <not-affected> (Vulnerable code was introduced later)
	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code was introduced later)
	NOTE: http://svn.debian.org/wsvn/kernel/patch-tracking/CVE-2005-3527?op=file&rev=0&sc=0
CVE-2005-3526
	NOT-FOR-US: Ipswitch Collaboration Suite
CVE-2005-3525
	NOT-FOR-US: Adobe
CVE-2005-3522
	NOT-FOR-US: ManageEngine NetflowAnalyzer
CVE-2005-3521
	NOT-FOR-US: e107
CVE-2005-3520
	NOT-FOR-US: MySource
CVE-2005-3519
	NOT-FOR-US: MySource
CVE-2005-3518
	NOT-FOR-US: PunBB
CVE-2005-3517
	NOT-FOR-US: Chipmunk Scripts Guestbook
CVE-2005-3516
	NOT-FOR-US: Chipmunk Directory
CVE-2005-3515
	NOT-FOR-US: Chipmunk Topsites
CVE-2005-3514
	NOT-FOR-US: Chipmunk Forum
CVE-2005-3513
	NOT-FOR-US: VUBB
CVE-2005-3512
	NOT-FOR-US: VUBB
CVE-2005-3511
	NOT-FOR-US: Spymac Web OS
CVE-2005-3510
	- tomcat5 <not-affected> (Debian's 5.0 version is not vulnerable)
CVE-2005-3509
	NOT-FOR-US: JPortal
CVE-2005-3508
	NOT-FOR-US: Tonio gallery (not the one in the gallery debian package)
CVE-2005-3507
	NOT-FOR-US: CuteNews
CVE-2005-3506
	NOT-FOR-US: Sambar
CVE-2005-3505
	NOT-FOR-US: Entropy Chat Script
CVE-2005-3504
	NOT-FOR-US: AIX
CVE-2005-3503
	NOT-FOR-US: SuSE fork of passwd
CVE-2005-3502
	NOT-FOR-US: Cerberus Helpdesk
CVE-2005-3499
	NOT-FOR-US: F-Prot Antivirus
CVE-2005-3498
	NOT-FOR-US: WebSphere
CVE-2005-3497
	NOT-FOR-US: PHP Handicapper
CVE-2005-3496
	NOT-FOR-US: PHP Handicapper
CVE-2005-3495
	NOT-FOR-US: Ar-blog
CVE-2005-3494
	NOT-FOR-US: Ar-blog
CVE-2005-3493
	NOT-FOR-US: Battle Carry
CVE-2005-3492
	NOT-FOR-US: FlatFrag
CVE-2005-3491
	NOT-FOR-US: FlatFrag
CVE-2005-3490
	NOT-FOR-US: Asus Video Security
CVE-2005-3489
	NOT-FOR-US: Asus Video Security
CVE-2005-3488
	- scorched3d 39.1+cvs20050929-2 (bug #337403; medium)
CVE-2005-3487
	- scorched3d 39.1+cvs20050929-2 (bug #337403; medium)
CVE-2005-3486
	- scorched3d 39.1+cvs20050929-2 (bug #337403; medium)
CVE-2005-3485
	NOT-FOR-US: Glider Collect'n kill
CVE-2005-3484
	NOT-FOR-US: NeroNET
CVE-2005-3483
	NOT-FOR-US: GO-Global
CVE-2005-3621
	{DSA-1207-1}
	- phpmyadmin 4:2.6.4-pl4-1 (bug #339437; medium)
CVE-2005-3524
	{DSA-896-1}
	- linux-ftpd-ssl 0.17.18+0.3-5 (bug #339074; high)
CVE-2005-3807
	- linux-2.6 2.6.14-4
CVE-2005-3857
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.14-4 (low)
CVE-2005-XXXX [user logout in drupal has no effect]
	[sarge] - drupal <not-affected> (bug was introduced after 4.5.3)
	- drupal 4.5.5-3 (bug #336719; medium)
CVE-2005-XXXX [double free() in libungif]
	- libungif4 4.1.4-1 (bug #338542; medium)
CVE-2005-3523
	{DSA-891-1}
	- gpsdrive 2.09-2sarge1 (bug #337495; medium)
CVE-2005-XXXX [Insecure temp files in note]
	- note 1.3.1-3 (bug #337492; unimportant)
	NOTE: Second issue not shipped in binary, only example, first issue not sufficiently
	NOTE: predictable for a real world attack
CVE-2005-3500
	{DSA-887-1 DTSA-21-1}
	- clamav 0.87.1-1 (medium)
CVE-2005-3501
	{DSA-887-1 DTSA-21-1}
	- clamav 0.87.1-1 (medium)
CVE-2005-3482
	NOT-FOR-US: Cisco
CVE-2005-3481
	NOT-FOR-US: IOS
CVE-2005-3480
	NOT-FOR-US: Ringtail CaseBook
CVE-2005-3479
	NOT-FOR-US: Ringtail CaseBook
CVE-2005-3478
	NOT-FOR-US: PHPCafe Tutorial Manager
CVE-2005-3477
	NOT-FOR-US: Invision Gallery
CVE-2005-3476
	NOT-FOR-US: OpenVMS
CVE-2005-3475
	NOT-FOR-US: Hasbani Web Server
CVE-2005-3474
	NOT-FOR-US: XCP DRM
CVE-2005-3473
	NOT-FOR-US: Simple PHP Blog
CVE-2005-3472
	NOT-FOR-US: Sun Java System Communications Express
CVE-2005-3471
	NOT-FOR-US: MailWatch for MailScanner
CVE-2005-3470
	NOT-FOR-US: MailWatch for MailScanner
CVE-2005-3469
	NOT-FOR-US: News2Net
CVE-2005-3468
	NOT-FOR-US: F-Secure
CVE-2005-3467
	NOT-FOR-US: Serv-U FTP Server
CVE-2005-3466
	NOT-FOR-US: Oracle
CVE-2005-3465
	NOT-FOR-US: Oracle
CVE-2005-3464
	NOT-FOR-US: Oracle
CVE-2005-3463
	NOT-FOR-US: Oracle
CVE-2005-3462
	NOT-FOR-US: Oracle
CVE-2005-3461
	NOT-FOR-US: Oracle
CVE-2005-3460
	NOT-FOR-US: Oracle
CVE-2005-3459
	NOT-FOR-US: Oracle
CVE-2005-3458
	NOT-FOR-US: Oracle
CVE-2005-3457
	NOT-FOR-US: Oracle
CVE-2005-3456
	NOT-FOR-US: Oracle
CVE-2005-3455
	NOT-FOR-US: Oracle
CVE-2005-3454
	NOT-FOR-US: Oracle
CVE-2005-3453
	NOT-FOR-US: Oracle
CVE-2005-3452
	NOT-FOR-US: Oracle
CVE-2005-3451
	NOT-FOR-US: Oracle
CVE-2005-3450
	NOT-FOR-US: Oracle
CVE-2005-3449
	NOT-FOR-US: Oracle
CVE-2005-3448
	NOT-FOR-US: Oracle
CVE-2005-3447
	NOT-FOR-US: Oracle
CVE-2005-3446
	NOT-FOR-US: Oracle
CVE-2005-3445
	NOT-FOR-US: Oracle
CVE-2005-3444
	NOT-FOR-US: Oracle
CVE-2005-3443
	NOT-FOR-US: Oracle
CVE-2005-3442
	NOT-FOR-US: Oracle
CVE-2005-3441
	NOT-FOR-US: Oracle
CVE-2005-3440
	NOT-FOR-US: Oracle
CVE-2005-3439
	NOT-FOR-US: Oracle
CVE-2005-3438
	NOT-FOR-US: Oracle
CVE-2005-3437
	NOT-FOR-US: Oracle
CVE-2005-3436
	NOT-FOR-US: Nuked-Klan
CVE-2005-3435
	NOT-FOR-US: Archilles Newsworld
CVE-2005-3434
	NOT-FOR-US: Archilles Newsworld
CVE-2005-3433
	NOT-FOR-US: Mirabilis ICQ
CVE-2005-3432
	NOT-FOR-US: MiniGal2
CVE-2005-3431
	NOT-FOR-US: MailSite Express
CVE-2005-3430
	NOT-FOR-US: MailSite Express
CVE-2005-3429
	NOT-FOR-US: MailSite Express
CVE-2005-3428
	NOT-FOR-US: MailSite Express
CVE-2005-3427
	NOT-FOR-US: IPS Sensors
CVE-2005-3426
	NOT-FOR-US: Cisco
CVE-2005-3425
	{DSA-877-1}
	- gnump3d 2.9.6-1
CVE-2005-3424
	{DSA-877-1}
	- gnump3d 2.9.5-1 (low)
CVE-2005-3423
	NOT-FOR-US: Subdreamer
CVE-2005-3422
	NOT-FOR-US: ASP Fast Forum
CVE-2005-3421
	NOT-FOR-US: Hyper Estraier
CVE-2005-3420
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; bug #336587)
	NOTE: http://www.hardened-php.net/advisory_172005.75.html
	NOTE: http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=336756
	NOTE: Remote code execution may be possible, especially in conjunction
	NOTE: with PHP bugs.
CVE-2005-3419
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; bug #336587)
CVE-2005-3418
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; bug #336587)
CVE-2005-3417
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; bug #336587)
CVE-2005-3416
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; bug #336587)
CVE-2005-3415
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; bug #336587)
CVE-2005-3414
	NOT-FOR-US: eyeOS
CVE-2005-3413
	NOT-FOR-US: eyeOS
CVE-2005-3412
	NOT-FOR-US: Elite Forum
CVE-2005-3411
	NOT-FOR-US: Snitz Forums
CVE-2005-3410
	RESERVED
CVE-2005-3409
	{DSA-885-1}
	- openvpn 2.0.5-1 (bug #337334; low)
CVE-2005-3408
	NOT-FOR-US: gCards
CVE-2005-3407
	NOT-FOR-US: phpESP
CVE-2005-3406
	NOT-FOR-US: phpESP
CVE-2005-3405
	NOT-FOR-US: ATutor
CVE-2005-3404
	NOT-FOR-US: ATutor
CVE-2005-3403
	NOT-FOR-US: ATutor
CVE-2005-3402
	NOTE: That's a non-issue; only a feature request for an improvement in a corner case.
	NOTE: If someone wants to use security-sensitive communication a TLS-secured server
	NOTE: should be used.
CVE-2005-3401
	NOT-FOR-US: TheHacker
CVE-2005-3400
	NOT-FOR-US: Fortinet
CVE-2005-3399
	NOT-FOR-US: CAT-QuickHeal
CVE-2005-3398
	NOT-FOR-US: Solaris Management Console
CVE-2005-3397
	NOT-FOR-US: Comersus BackOffice
CVE-2005-3396
	NOT-FOR-US: AIX
CVE-2005-3395
	NOT-FOR-US: Invision Gallery
CVE-2005-3394
	NOT-FOR-US: oaboard
CVE-2005-3393
	{DSA-885-1}
	- openvpn 2.0.5-1 (bug #336751; medium)
CVE-2005-3392
	- php4 4:4.4.2-1 (bug #336645; bug #354681; low)
	[sarge] - php4 <no-dsa> (Safe mode violations not supported)
	- php5 5.1.1-1 (bug #336654; low)
	NOTE: According to CVE, this is a safe mode violation,
	NOTE: therefore low impact. (According to SuSE, it's an
	NOTE: information leak.)
CVE-2005-3391
	- php4 4:4.4.2-1 (bug #336645; bug #354678; low)
	[sarge] - php4 <no-dsa> (Safe mode violations not supported)
	- php5 5.1.1-1 (bug #336654; low)
	NOTE: This is a safe mode violation, therefore low impact.
CVE-2005-3390
	- php4 4:4.4.2-1 (bug #336645; bug #354680; low)
	- php5 5.1.1-1 (bug #336654; low)
	[sarge] - php4 <no-dsa> (Operation with register_globals not supported)
	NOTE: http://www.hardened-php.net/advisory_202005.79.html
	NOTE: http://www.hardened-php.net/globals-problem
CVE-2005-3389
	- php4 4:4.4.2-1 (bug #336645; bug #354690; low)
	- php5 5.1.1-1 (bug #336654; low)
	[sarge] - php4 <no-dsa> (application's job to sanitize input)
	NOTE: http://www.hardened-php.net/advisory_192005.78.html
CVE-2005-3388
	{CVE-2002-1954}
	- php4 4:4.4.2-1 (bug #336645; low)
	- php5 5.1.1-1 (bug #336654; low)
	[sarge] - php4 <no-dsa> (not worth an update)
	NOTE: http://www.hardened-php.net/advisory_182005.77.html
	NOTE: fixed in CVS, estimated release of PHP5.1 to fix this issue
CVE-2005-3387
	- ntop <not-affected> (Red Hat specific packaging flaw)
CVE-2005-3386
	NOT-FOR-US: Techno Dreams scripts
CVE-2005-3385
	NOT-FOR-US: Techno Dreams scripts
CVE-2005-3384
	NOT-FOR-US: Techno Dreams scripts
CVE-2005-3383
	NOT-FOR-US: Techno Dreams scripts
CVE-2005-3382
	NOT-FOR-US: Sophos
CVE-2005-3381
	NOT-FOR-US: Ukranian National Antivirus
CVE-2005-3380
	NOT-FOR-US: Panda Titanium
CVE-2005-3379
	NOT-FOR-US: Trend Micro
CVE-2005-3378
	NOT-FOR-US: Norman
CVE-2005-3377
	NOT-FOR-US: McAfee
CVE-2005-3376
	NOT-FOR-US: Kaspersky
CVE-2005-3375
	NOT-FOR-US: Ikarus
CVE-2005-3374
	NOT-FOR-US: F-Prot
CVE-2005-3373
	NOT-FOR-US: Dr. Web
CVE-2005-3372
	NOT-FOR-US: eTrust
CVE-2005-3371
	NOT-FOR-US: AVG
CVE-2005-3370
	NOT-FOR-US: ArcaVir
CVE-2005-3369
	NOT-FOR-US: Woltlab Burning Board
CVE-2005-3368
	NOT-FOR-US: PHP-Nuke
CVE-2005-3367
	NOT-FOR-US: SparkleBlog
CVE-2005-3366
	NOT-FOR-US: PHP iCalendar
CVE-2005-3365
	NOT-FOR-US: DCP-Portal
CVE-2005-3364
	NOT-FOR-US: DboardGear
CVE-2005-3363
	NOT-FOR-US: saphp Lesson
CVE-2005-3362
	REJECTED
CVE-2005-3361
	NOT-FOR-US: FlatNuke
CVE-2005-3360
	NOT-FOR-US: Trend Micro PC-Cillin Internet Security 2005
CVE-2005-3359
	{DSA-1103}
	- linux-2.6 2.6.14
CVE-2005-3358
	{DSA-1017-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
CVE-2005-3357
	- apache2 2.0.55-4 (bug #351246; low)
	[sarge] - apache2 2.0.54-5sarge2
CVE-2005-3356
	{DSA-1017-1}
	- linux-2.6 2.6.15-4
CVE-2005-3355
	{DSA-901-1}
	- gnump3d 2.9.8-1
CVE-2005-3354
	{DSA-908-1 DSA-906-1}
	- sylpheed 2.0.4-1 (bug #338434; medium)
	- sylpheed-gtk1 1.0.6-1 (medium)
	- sylpheed-claws 1.0.5-2 (bug #338436; medium)
	- sylpheed-claws-gtk2 1.9.100-1 (bug #339529; medium)
CVE-2005-3353
	{DSA-1206-1}
	- php4 4:4.4.2-1 (bug #339577; medium)
	- php5 5.1.1-1 (bug #336654; medium)
CVE-2005-3352
	{DSA-1167-1}
	- apache 1.3.34-2 (bug #343466; low)
	- apache2 2.0.55-4 (bug #343467; bug #349793; low)
	[sarge] - apache2 2.0.54-5sarge2
	NOTE: Version(s): prior to 1.3.35-dev, 2.0.56-dev are affected
	NOTE: Means oldstable and stable are affected
CVE-2005-3351
	- spamassassin 3.1.0a-1 (bug #339526; low)
	[sarge] - spamassassin <no-dsa> (DoS affects only a single message)
	[woody] - spamassassin <no-dsa> (DoS affects only a single message)
CVE-2005-3350
	{DSA-890-1}
	- libungif4 4.1.3-4 (bug #337972; high)
	- giflib 4.1.4-1 (bug #395382)
CVE-2005-3349
	{DSA-901-1}
	- gnump3d 2.9.8-1
CVE-2005-3348
	{DSA-899-1 DSA-898-1 DSA-897-1}
	- phpsysinfo 2.3-7 (bug #339079)
	- egroupware 1.0.0.009.dfsg-3-3
	- phpgroupware 0.9.16.008-2
CVE-2005-3347
	{DSA-899-1 DSA-898-1 DSA-897-1}
	- phpsysinfo 2.3-7 (bug #339079)
	- egroupware 1.0.0.009.dfsg-3-3
	- phpgroupware 0.9.16.008-2
CVE-2005-3346
	{DSA-918-1}
	- osh 1.7-15 (bug #338312; bug #323424; bug #323482; bug #311369; medium)
CVE-2005-3345
	- rssh 2.3.0-1 (bug #344395; bug #344424)
	[sarge] - rssh 2.2.3-1.sarge.1
	NOTE: Update was introduced through s-p-u, not a DSA
CVE-2005-3344
	{DSA-884-1}
	- horde3 3.0.5-2 (bug #332290; bug #332289; medium)
CVE-2005-3343
	{DSA-927-1}
	- tkdiff 1:4.0.2-2 (low)
CVE-2005-3342
	{DSA-968-1}
	- noweb 2.10c-3.2 (low)
CVE-2005-3340
	{DSA-941-1}
	- tuxpaint 1:0.9.15b-1 (low)
CVE-2005-XXXX [ntop format string vulnerability]
	- ntop 3:4.0.3+dfsg1-1 (bug #335996; unimportant)
	NOTE: Not exploitable
CVE-2005-3341
	{DSA-928-1}
	- dhis-tools-dns 5.0-5
CVE-2005-3339
	{DSA-905-1}
	- mantis 0.19.3-0.1 (bug #330682)
CVE-2005-3338
	{DSA-905-1}
	- mantis 0.19.3-0.1 (bug #330682; low)
CVE-2005-3337
	NOTE: This is a duplicate of CVE-2005-3091 (first issue) and CVE-2005-2557 (second
	NOTE: issue). This will be rejected.
CVE-2005-3336
	{DSA-905-1}
	- mantis 0.19.3-0.1 (high)
CVE-2005-3335
	{DSA-905-1}
	- mantis 0.19.3-0.1 (bug #335938; medium)
CVE-2005-3334
	{DSA-953-1}
	- flyspray 0.9.8-4 (bug #335997; low)
	NOTE: Sarge is confirmed vulnerable
CVE-2005-3333
	NOT-FOR-US: eBASEweb
CVE-2005-3332
	NOT-FOR-US: Belchior Foundry vCard
CVE-2005-3331
	- mgdiff 1.0-28 (bug #335188; unimportant)
CVE-2005-3330
	- wordpress <not-affected> (bug #335817; unimportant)
	NOTE: Upstream claims the modified Snoopy class is secure
CVE-2005-3329
	NOT-FOR-US: RSA Authentication Agent
CVE-2005-3328
	NOT-FOR-US: PunBB
CVE-2005-3327
	NOT-FOR-US: Data ONTAP
CVE-2005-3326
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-3325
	{DSA-893-1}
	- acidbase 1.2.1-1 (bug #335998; bug #336788; medium)
	NOTE: the fix from 1.2-2 did not address the problem fully
	- acidlab 0.9.6b20-13
CVE-2005-3324
	NOT-FOR-US: MWChat
CVE-2005-3323
	{DSA-910-1}
	- zope2.8 2.8.1-7 (bug #334055; bug #334054; high)
	- zope2.7 2.7.8-1 (bug #334055; bug #334054; high)
CVE-2005-3322
	- squid <not-affected>
	NOTE: see bug #334882 for details
CVE-2005-3321
	NOT-FOR-US: SuSE-specific tool
CVE-2005-3320
	NOT-FOR-US: SiteTurn Domain Manager
CVE-2005-3319
	- php4 4:4.4.2-1 (bug #336004; bug #354684; low)
	- php5 5.1.1-1 (bug #336005; low)
	[sarge] - php4 <not-affected>
	NOTE: can't reproduce, error may not be present in 4.3.
	NOTE: tentatively marking as not-affected in sarge.
CVE-2005-3318
	{DSA-886-1}
	- chmlib 0.37-1 (bug #335931; medium)
CVE-2005-3317
	NOT-FOR-US: ZipGenius
CVE-2005-3316
	NOT-FOR-US: Symantec Discovery
CVE-2005-3315
	NOT-FOR-US: Novell ZENworks
CVE-2005-3314
	NOT-FOR-US: Novell Netmail
CVE-2005-3313
	[woody] - ethereal <not-affected> (Only affects version 0.10.13)
	[sarge] - ethereal <not-affected> (Only affects version 0.10.13)
	- ethereal 0.10.14-1 (medium)
CVE-2005-3312
	NOT-FOR-US: Microsoft
CVE-2005-3311
	NOT-FOR-US: BMC Software Control-M
CVE-2005-3310
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #335662; low)
CVE-2005-3309
	NOT-FOR-US: Zomplog
CVE-2005-3308
	NOT-FOR-US: Zomplog
CVE-2005-3307
	NOT-FOR-US: FlatNuke
CVE-2005-3306
	NOT-FOR-US: FlatNuke
CVE-2005-3305
	NOT-FOR-US: Nuked Klan
CVE-2005-3304
	NOT-FOR-US: PHP-Nuke
CVE-2005-3303
	{DSA-887-1 DTSA-21-1}
	- clamav 0.87.1-1 (high)
CVE-2005-XXXX [kernel: Signedness problems in net/core/filter]
	- linux-2.6 2.6.12-2
	[sarge] - kernel-source-2.4.27 <not-affected>
	[sarge] - kernel-source-2.6.8 <not-affected>
	NOTE: http://kernel.suse.com/cgit/kernel/commit/?h=v2.6.12.5&id=4717ecd49ce5c556d38e8c7b6fdc9fac5d35c00e
CVE-2005-XXXX [Insecure temp file usage in thttpd's syslogtocern]
	- thttpd 2.23beta1-4 (low)
	[sarge] - thttpd <no-dsa> (Minor issue in addon package)
CVE-2005-3301
	{DSA-880-1}
	- phpmyadmin 4:2.6.4-pl3-1 (bug #335513; medium)
CVE-2005-3300
	{DSA-880-1}
	- phpmyadmin 4:2.6.4-pl3-1 (bug #335306; high)
CVE-2005-3299
	[sarge] - phpmyadmin <not-affected> (Not affected according to maintainer; #333433)
	- phpmyadmin 4:2.6.4-pl2-1 (bug #333433; high)
CVE-2005-3298
	NOT-FOR-US: OpenWBEM
CVE-2005-3297
	NOT-FOR-US: OpenWBEM
CVE-2005-3296
	NOT-FOR-US: HP-UX
CVE-2005-3295
	NOT-FOR-US: HP-UX
CVE-2005-3294
	NOT-FOR-US: Typsoft FTP Server
CVE-2005-3293
	NOT-FOR-US: Xerver
CVE-2005-3292
	NOT-FOR-US: Xeobook
CVE-2005-3291
	- spe <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-3290
	NOT-FOR-US: Accelerated Mortgage manager
CVE-2005-3289
	NOT-FOR-US: AIX
CVE-2005-3288
	NOT-FOR-US: Mailsite Express
CVE-2005-3287
	NOT-FOR-US: Mailsite Express
CVE-2005-3286
	NOT-FOR-US: Kerio Personal Firewall
CVE-2005-3285
	NOT-FOR-US: Comersus Backoffice Plus
CVE-2005-3284
	NOT-FOR-US: AhnLab
CVE-2005-3283
	NOT-FOR-US: TikiWiki
CVE-2005-3282
	NOT-FOR-US: Splatt Forum
CVE-2005-3281
	NOT-FOR-US: PHP-Nuke addon
CVE-2005-3280
	NOT-FOR-US: Paros
CVE-2005-3279
	- bmv 1.2-18 (bug #335497; unimportant)
	NOTE: Vulnerable code not activated in binary package
CVE-2005-3278
	{DSA-981-1}
	- bmv 1.2-18 (bug #335497; medium)
	NOTE: Sarge and Woody are affected (and the patch applied to fix this in unstable works on both of them, an easy DSA)
CVE-2005-3277
	NOT-FOR-US: HP-UX
CVE-2005-XXXX [adduser's deluser creates backup files with world readable permissions]
	- adduser 3.77 (bug #331720; low)
	[sarge] - adduser <no-dsa> (Very minimal security ramifications, admin's reponsibility)
CVE-2005-XXXX [Pavuk Digest Authentication Buffer Overflow]
	- pavuk 0.9.33-1 (bug #264684; high)
	NOTE: second hole mentioned in bug report
CVE-2005-3751
	{DSA-934-1}
	- pound 1.9.4-1 (low)
	NOTE: see http://www.apsis.ch/pound/pound_list/archive/2005/2005-10/1129827166000/index_html?fullMode=1#1129827166000
CVE-2005-3276
	{DSA-922-1}
	- linux-2.6 2.6.12-2
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3275
	{DSA-922-1 DSA-921-1}
	- linux-2.6 2.6.13-1 (low)
	- kernel-source-2.4.27 2.4.27-11 (low)
CVE-2005-3274
	{DSA-922-1}
	- linux-2.6 2.6.13-1 (low)
CVE-2005-3273
	{DSA-922-1}
	- linux-2.6 2.6.12-1
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3272
	{DSA-922-1}
	- linux-2.6 2.6.12-1
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3271
	{DSA-922-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.9)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3270
	NOT-FOR-US: Symantec Antivirus
CVE-2005-3269
	NOT-FOR-US: Sun Java System Directory Server
CVE-2005-3268
	- yiff 2.14.2-8 (bug #334616; low)
	[sarge] - yiff <no-dsa> (Only a minor privacy leak)
CVE-2005-3267
	NOT-FOR-US: Skype
CVE-2005-3266
	REJECTED
CVE-2005-3265
	NOT-FOR-US: Skype
CVE-2005-3264
	NOT-FOR-US: Zeroblog
CVE-2005-3263
	NOT-FOR-US: WinRAR
CVE-2005-3262
	NOT-FOR-US: WinRAR
CVE-2005-3261
	NOT-FOR-US: versatileBulletinBoard
CVE-2005-3260
	NOT-FOR-US: versatileBulletinBoard
CVE-2005-3259
	NOT-FOR-US: versatileBulletinBoard
CVE-2005-3258
	- squid <not-affected> (bug #334882; medium)
	NOTE: Bug was introduced in a patch to squid-2.5.STABLE10,
	NOTE: this patch was never applied to the Debian package.
CVE-2005-3256
	{DSA-889-1}
	- enigmail 2:0.93-1 (bug #335731; medium)
CVE-2005-3253
	NOT-FOR-US: Avaya Wireless Access Points
CVE-2005-3252
	- snort <not-affected> (Vulnerable code was introduced later, see bug #334606)
CVE-2005-3251
	- gallery2 2.0.1-1 (medium)
CVE-2005-3250
	NOT-FOR-US: Solaris
CVE-2005-3249
	{DSA-1171}
	[woody] - ethereal <not-affected> (This only affects Ethereal 0.10.1 to 0.10.12)
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: Sarge is vulnerable
CVE-2005-3248
	{DSA-1171}
	[woody] - ethereal <not-affected> (This only affects Ethereal 0.10.1 to 0.10.12)
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: Sarge is vulnerable
CVE-2005-3247
	[woody] - ethereal <not-affected> (This only affects Ethereal 0.10.12)
	[sarge] - ethereal <not-affected> (This only affects Ethereal 0.10.12)
	- ethereal 0.10.13-1 (bug #334880; medium)
CVE-2005-3246
	{DSA-1171}
	[woody] - ethereal <not-affected> (This only affects Ethereal 0.9.14 to 0.10.12)
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: Sarge is vulnerable
CVE-2005-3245
	- ethereal 0.10.13-1 (bug #334880; medium)
CVE-2005-3244
	{DSA-1171}
	[woody] - ethereal <not-affected> (This only affects Ethereal 0.10.3 to 0.10.12)
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: Sarge is vulnerable
CVE-2005-3243
	{DSA-1171}
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: The SLIMP3 issue affects Woody/Sarge, the AgentX issue only Sarge
CVE-2005-3242
	{DSA-1171}
	[woody] - ethereal <not-affected> (This only affects Ethereal 0.9.7 to 0.10.12)
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: Sarge is vulnerable
CVE-2005-3241
	{DSA-1171}
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: The ISAKMP issue only affects sid, the other three Woody and Sarge
CVE-2005-3240
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2005-3238
	NOT-FOR-US: Solaris
CVE-2005-3257
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.14-4 (bug #334113; medium)
CVE-2005-3237
	NOT-FOR-US: Cyphor
CVE-2005-3236
	NOT-FOR-US: Cyphor
CVE-2005-3235
	NOT-FOR-US: Proland Protector Plus
CVE-2005-3234
	NOT-FOR-US: Grisoft AVG Antivirus
CVE-2005-3233
	NOT-FOR-US: Trustix Antivirus
CVE-2005-3232
	NOT-FOR-US: TheHacker
CVE-2005-3231
	NOT-FOR-US: CAT Quick Heal
CVE-2005-3230
	NOT-FOR-US: Panda Antivirus
CVE-2005-3229
	- clamav <not-affected> (predates any supported Debian release)
	NOTE: Should rather be fixed in the buggy (fringe, proprietary) RAR unpackers
CVE-2005-3228
	NOT-FOR-US: Ikarus Antivirus
CVE-2005-3227
	NOT-FOR-US: UNA Antivirus
CVE-2005-3226
	NOT-FOR-US: ArcaVir
CVE-2005-3225
	NOT-FOR-US: eTrust Antivirus
CVE-2005-3224
	NOT-FOR-US: AntiVir
CVE-2005-3223
	NOT-FOR-US: Rising Antivirus
CVE-2005-3222
	NOT-FOR-US: VBA32 Antivirus
CVE-2005-3221
	NOT-FOR-US: Fortinet Antivirus
CVE-2005-3220
	NOT-FOR-US: Norman Antivirus
CVE-2005-3219
	NOT-FOR-US: Avira Antivirus
CVE-2005-3218
	NOT-FOR-US: Dr. Web Antivirus
CVE-2005-3217
	NOT-FOR-US: Symantec Antivirus
CVE-2005-3216
	NOT-FOR-US: Sophos Antivirus
CVE-2005-3215
	NOT-FOR-US: McAfee Antivirus
CVE-2005-3214
	NOT-FOR-US: Avast Antovirus
CVE-2005-3213
	NOT-FOR-US: F-Prot Antivirus
CVE-2005-3212
	NOT-FOR-US: NOD32 Antivirus
CVE-2005-3211
	NOT-FOR-US: BitDefender Antivirus
CVE-2005-3210
	NOT-FOR-US: Kaspersky Antivirus
CVE-2005-3209
	NOT-FOR-US: aeNovo apps
CVE-2005-3208
	NOT-FOR-US: aeNovo apps
CVE-2005-3207
	NOT-FOR-US: Oracle
CVE-2005-3206
	NOT-FOR-US: Oracle
CVE-2005-3205
	NOT-FOR-US: Oracle
CVE-2005-3204
	NOT-FOR-US: Oracle
CVE-2005-3203
	NOT-FOR-US: Oracle
CVE-2005-3202
	NOT-FOR-US: Oracle
CVE-2005-3201
	NOT-FOR-US: Utopia News Pro
CVE-2005-3200
	NOT-FOR-US: Utopia News Pro
CVE-2005-3199
	NOT-FOR-US: aspReady
CVE-2005-3198
	NOT-FOR-US: Webroot Desktop Firewall
CVE-2005-3197
	NOT-FOR-US: Webroot Desktop Firewall
CVE-2005-3196
	NOT-FOR-US: Planet Technology switch
CVE-2005-3195
	REJECTED
CVE-2005-3194
	NOT-FOR-US: ALZip
CVE-2005-3193
	{DSA-984-1 DSA-982-1 DSA-979-1 DSA-961-1 DSA-950-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
	- xpdf 3.01-3 (bug #342281; bug #342337; medium)
	- gpdf 2.10.0-1 (bug #342286; medium)
	- pdftohtml <not-affected> (Vulnerable xpdf code not contained)
	- kdegraphics 4:3.4.3-4 (bug #342287; medium)
	NOTE: Previous kdegraphics fix was incomplete
	- poppler 0.4.2-1.1 (bug #342288; medium)
	- tetex-bin 3.0-11 (bug #342292; medium)
	- koffice <not-affected> (Vulnerable xpdf code not contained)
	- libextractor 0.5.8-1 (medium)
	- cupsys 1.1.23-13 (unimportant)
	- cups 1.1.23-13 (unimportant)
	- pdfkit.framework 0.8-4
CVE-2005-3192
	{DSA-1019-1 DSA-983-1 DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
	- xpdf 3.01-3 (bug #342281; bug #342337; medium)
	- gpdf 2.10.0-1 (bug #342286; medium)
	- pdftohtml 0.36-12 (bug #342289; medium)
	- kdegraphics 4:3.4.3-4 (bug #342287; medium)
	NOTE: Previous kdegraphics fix was incomplete
	- poppler 0.4.3-2 (bug #342288; medium)
	NOTE: Intial poppler patch in 0.4.2-1.1 was incomplete
	- tetex-bin 3.0-11 (bug #342292; medium)
	- koffice 1:1.4.2-5 (bug #342294; medium)
	- libextractor 0.5.8-1 (medium)
	- cupsys 1.1.23-13 (unimportant)
	- cups 1.1.23-13 (unimportant)
	- pdfkit.framework 0.8-4
CVE-2005-3191
	{DSA-984-1 DSA-983-1 DSA-982-1 DSA-979-1 DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
	- xpdf 3.01-3 (bug #342281; bug #342337; medium)
	- gpdf 2.10.0-1 (bug #342286; medium)
	- pdftohtml 0.36-12 (bug #342289; medium)
	- kdegraphics 4:3.4.3-4 (bug #342287; medium)
	NOTE: Previous kdegraphics fix was incomplete
	- pdfkit.framework 0.8-4
	- poppler 0.4.2-1.1 (bug #342288; medium)
	- tetex-bin 3.0-11 (bug #342292; medium)
	- koffice 1:1.4.2-5 (bug #342294; medium)
	- libextractor 0.5.8-1 (medium)
	- cups 1.1.23-13 (unimportant)
	- cupsys 1.1.23-13 (unimportant)
CVE-2005-3190
	NOT-FOR-US: iGateway
CVE-2005-3189
	NOT-FOR-US: Qualcomm WorldMail IMAP Server
CVE-2005-3188
	NOT-FOR-US: Winamp
CVE-2005-3187
	NOT-FOR-US: WinProxy
CVE-2005-3186
	{DSA-913-1 DSA-911-1}
	- gtk+2.0 2.6.10-2 (bug #339431; medium)
	- gdk-pixbuf 0.22.0-11 (bug #339431; bug #339458; medium)
CVE-2005-3184
	[woody] - ethereal <not-affected> (Affects only Ethereal 0.10.10 to 0.10.12)
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: Sarge is vulnerable
CVE-2005-3183
	- w3c-libwww 5.4.0-11 (bug #334443; low)
	[sarge] - w3c-libwww <no-dsa> (Minor DoS)
CVE-2005-3182
	NOT-FOR-US: GFI MailSecurity
CVE-2005-XXXX [xscreensaver does not maintain screen locks during upgrade]
	- xscreensaver 4.23-2 (bug #334193; low)
	[sarge] - xscreensaver <no-dsa> (Unproblematic for users running stable)
CVE-2005-3185
	{DSA-919-2}
	- wget 1.10.2-1 (medium)
	[sarge] - wget <not-affected> (Does not contain NTML authentication code)
	[woody] - wget <not-affected> (Does not contain NTML authentication code)
	- curl 7.15.0-1 (bug #333734; medium)
CVE-2005-3239
	{DSA-887-1 DTSA-21-1}
	- clamav 0.87.1-1 (bug #333566; medium)
CVE-2005-3181
	{DSA-1017-1}
	- linux-2.6 2.6.13+2.6.14-rc4-0experimental1 (low)
	- kernel-source-2.4.27 <not-affected> (2.4 kernels don't have CONFIG_AUDITSYSCALL)
CVE-2005-XXXX [Missing safemode checks in PHP's _php_image_output functions]
	- php5 5.0.5-2 (unimportant)
	- php4 4:4.4.0-3 (unimportant)
	NOTE: Safe mode violations not supported
CVE-2005-3180
	{DSA-1017-1}
	- linux-2.6 2.6.13+2.6.14-rc4-0experimental.1 (medium)
CVE-2005-3119
	- linux-2.6 2.6.13-2 (low)
	- kernel-source-2.4.27 <not-affected>
	NOTE: 2.6.12 itself not affected, fixed in SVN
CVE-2005-3179
	- linux-2.6 2.6.13+2.6.14-rc4-0experimental.1 (medium)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3178
	{DSA-859-1 DSA-858-1}
	- xloadimage 4.1-15 (bug #332524; medium)
	- xli 1.17.0-20 (medium)
	NOTE: xli couldn't load the provided test images when I checked?
CVE-2005-3302
	{DSA-1039-1}
	- blender 2.37a-1 (bug #330895; medium)
	[woody] - blender <not-affected> (Woody's blender does not contain the bvh_import.py script)
CVE-2005-3177
	NOT-FOR-US: Microsoft
CVE-2005-3176
	NOT-FOR-US: Microsoft
CVE-2005-3175
	NOT-FOR-US: Microsoft
CVE-2005-3174
	NOT-FOR-US: Microsoft
CVE-2005-3173
	NOT-FOR-US: Microsoft
CVE-2005-3172
	NOT-FOR-US: Microsoft
CVE-2005-3171
	NOT-FOR-US: Microsoft
CVE-2005-3170
	NOT-FOR-US: Microsoft
CVE-2005-3169
	NOT-FOR-US: Microsoft
CVE-2005-3168
	NOT-FOR-US: Microsoft
CVE-2005-3167
	- mediawiki 1.4.11-1 (bug #332408; medium)
CVE-2005-3166
	- mediawiki 1.4.11-1 (bug #332408)
CVE-2005-3165
	- mediawiki 1.4.9
CVE-2005-3164
	NOT-FOR-US: Hitachi Cosminexus Application Server
CVE-2005-3163
	- polipo 0.9.9-1 (bug #332411; low)
	[sarge] - polipo <no-dsa> (Minor issue)
CVE-2005-3162
	REJECTED
CVE-2005-3161
	NOT-FOR-US: PHP-Fusion
CVE-2005-3160
	NOT-FOR-US: PHP-Fusion
CVE-2005-3159
	NOT-FOR-US: PHP-Fusion
CVE-2005-3158
	NOT-FOR-US: PHP-Fusion
CVE-2005-3157
	NOT-FOR-US: PHP-Fusion
CVE-2005-3156
	NOT-FOR-US: EasyGuppy
CVE-2005-3155
	NOT-FOR-US: MailEnable Enterprise
CVE-2005-3154
	NOT-FOR-US: Bitdefender Antivirus
CVE-2005-3153
	NOT-FOR-US: MyBloggie
CVE-2005-3152
	NOT-FOR-US: CubeCart
CVE-2005-3151
	- blender <unfixed> (bug #332413; unimportant)
	NOTE: To exploit this an attacker would need to trick a user into opening a file
	NOTE: with a very suspicious file, no automatic processing of Blender files
	NOTE: This might even be fixed in 2.42
CVE-2005-3150
	{DSA-855-1}
	- weex 2.6.1-6sarge1 (bug #332424; medium)
CVE-2005-3149
	{DSA-895-1 DTSA-22-1}
	- uim 1:0.4.7-2 (bug #331620; medium)
CVE-2005-3148
	{DSA-1022-1}
	- storebackup 1.19-1 (bug #332434)
CVE-2005-3147
	{DSA-1022-1}
	- storebackup 1.19-1 (bug #332434; medium)
CVE-2005-3146
	{DSA-1022-1}
	- storebackup 1.19-2 (bug #332434; medium)
	NOTE: The upstream fix only mitigated the issue, but didn't fix it
CVE-2005-3145
	NOT-FOR-US: Standard Based Linux Instrumentation
CVE-2005-3144
	NOT-FOR-US: Standard Based Linux Instrumentation
CVE-2005-3143
	NOT-FOR-US: Mailbox Server for 4D WebStar
CVE-2005-3142
	NOT-FOR-US: Kaspersky Antivirus
CVE-2005-3141
	NOT-FOR-US: Cerulean Trillian
CVE-2005-3140
	NOT-FOR-US: Procom NetFORCE
CVE-2005-3137
	{DSA-836-1 DSA-835-1}
	- cfengine <removed> (bug #332433; low)
	- cfengine2 2.1.17-1 (bug #332432; low)
	NOTE: maintainer does not think it's a hole, script is unused/broken
CVE-2005-3136
	NOT-FOR-US: Virtools Web Player
CVE-2005-3135
	NOT-FOR-US: Virtools Web Player
CVE-2005-3134
	NOT-FOR-US: Citrix
CVE-2005-3133
	NOT-FOR-US: MERAK Mail Server
CVE-2005-3132
	NOT-FOR-US: MERAK Mail Server
CVE-2005-3131
	NOT-FOR-US: MERAK Mail Server
CVE-2005-3130
	NOT-FOR-US: lucidCMS
CVE-2005-3129
	- serendipity 1.0-1
CVE-2005-3128
	NOT-FOR-US: Address Add Plugin for Squirrelmail
CVE-2005-3127
	NOT-FOR-US: lucidCMS
CVE-2005-3126
	{DSA-945-1}
	- antiword 0.35-2 (low)
CVE-2005-3125
	REJECTED
CVE-2005-3124
	{DSA-883-1}
	- thttpd 2.23beta1-4
CVE-2005-3123
	{DSA-877-1}
	- gnump3d 2.9.6-1 (medium)
CVE-2005-3122
	REJECTED
CVE-2005-3121
	{DSA-867-1}
	- module-assistant 0.9.10
CVE-2005-3120
	{DSA-1085-1 DSA-876-1 DSA-874-1}
	- lynx 2.8.5-2sarge1 (bug #335033; high)
	- lynx-cur 2.8.6-16 (bug #334423; high)
	- lynx-ssl <removed>
CVE-2005-3118
	{DSA-845-1}
	- mason 1.0.0-3
CVE-2005-3117
	REJECTED
CVE-2005-3116
	NOT-FOR-US: VERITAS Backup
CVE-2005-3115
	NOT-FOR-US: mpeg-tools
CVE-2005-3114
	NOT-FOR-US: NateOn Messenger
CVE-2005-3113
	NOT-FOR-US: NateOn Messenger
CVE-2005-3112
	NOT-FOR-US: Macromedia Breeze
CVE-2005-3110
	{DSA-922-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.11)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3109
	{DSA-922-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.12)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3108
	{DSA-922-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.12)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3107
	{DSA-922-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; in 2.6.11)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3106
	{DSA-922-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
CVE-2005-3105
	{DSA-922-1}
	- kernel-source-2.4.27 <unfixed> (bug #332569; unimportant)
	NOTE: Montecito CPUs are not available on the market yet
	- linux-2.6 2.6.12-1
CVE-2005-XXXX [Minor local DoS as libldap]
	- openldap 2.4.13 (bug #253838; low)
	- openldap2.3 <removed>
	[lenny] - openldap <no-dsa> (Minor issue)
	[etch] - openldap2.3 <no-dsa> (Minor issue)
CVE-2005-XXXX [Insecure bounds checking in mpack's content parser]
	- mpack 1.6-1 (bug #216566)
CVE-2005-XXXX [coreutils ignores umask when using -m in mkdir, mkfifo and mknod]
	- coreutils 5.93-1 (bug #306076; low)
	[sarge] - coreutils <no-dsa> (Minor issue, hardly exploitable)
	[woody] - coreutils <no-dsa> (Minor issue, hardly exploitable)
CVE-2005-XXXX [tar's rmt command may have undesired side effects]
	- tar <unfixed> (bug #290435; unimportant)
	[sarge] - tar <no-dsa> (Hardly exploitable)
CVE-2005-3752
	- ldapdiff <not-affected> (The version in Debian doesn't contain the vulnerable code, see #306878)
CVE-2005-XXXX [hdup inproperly preserves permissions on directories]
	- hdup 2.0.14-2 (bug #302790; low)
	NOTE: Minor issue, workaround and patch documented since version above
	[sarge] - hdup <no-dsa> (Mostly a design limitation, very limited security implications)
CVE-2005-XXXX [DoS triggering endless loops in findutils -follow option]
	- findutils 4.2.22-1 (bug #313081)
	[woody] - findutils <not-affected> (Only code between 4.2.18 and 4.2.22 affected)
	[sarge] - findutils <not-affected> (Only code between 4.2.18 and 4.2.22 affected)
CVE-2005-3138
	[woody] - bugzilla <not-affected> (Only Bugzilla >= 2.18 is affected)
	[sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.18 is affected)
	- bugzilla 2.18.4-1 (bug #331206; medium)
CVE-2005-3139
	[woody] - bugzilla <not-affected> (Only Bugzilla >= 2.19 is affected)
	[sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.19 is affected)
	- bugzilla 2.18.4-1 (bug #331206; medium)
CVE-2005-2966
	{DSA-847-1}
	- dia 0.94.0-15 (bug #330890; medium)
CVE-2005-XXXX [Insecure temp files in linux-wlan-ng]
	- linux-wlan-ng 0.2.0+0.2.1pre21-1.1 (bug #290047; low)
CVE-2005-XXXX [Heap overflow in libosip URI parsing]
	- libosip2 2.0.9-1 (bug #308737)
CVE-2005-XXXX [rkhunter: Insecure temporary file]
	- rkhunter 1.2.7-14 (bug #330627; medium)
CVE-2005-3104
	NOT-FOR-US: Movable Type
CVE-2005-3103
	NOT-FOR-US: Movable Type
CVE-2005-3102
	NOT-FOR-US: Movable Type
CVE-2005-3101
	NOT-FOR-US: Movable Type
CVE-2005-3100
	NOT-FOR-US: Astato Security Linux
CVE-2005-3099
	NOT-FOR-US: Solaris
CVE-2005-3098
	- qpopper <not-affected> (bug #330123; Vulnerable code not shipped in binary)
CVE-2005-3097
	NOT-FOR-US: Avi Alkalay
CVE-2005-3096
	NOT-FOR-US: Avi Alkalay
CVE-2005-3095
	NOT-FOR-US: Avi Alkalay
CVE-2005-3094
	NOT-FOR-US: Avi Alkalay
CVE-2005-3093
	NOT-FOR-US: Nokia cell phones
CVE-2005-3092
	NOT-FOR-US: Image-Line Software FL Studio
CVE-2005-3091
	{DSA-905-1}
	- mantis 0.19.3-0.1 (bug #330682; low)
CVE-2005-3090
	- mantis 0.19.2-4 (bug #330682; medium)
CVE-2005-3089
	- mozilla-firefox 1.0.7-1 (unimportant)
	NOTE: Browser crashes not treated as security problems
CVE-2005-3088
	{DSA-900-3}
	- fetchmail 6.2.5.4-1 (bug #336096; low)
CVE-2005-3111
	{DSA-827-1}
	- backupninja 0.8-2 (medium)
CVE-2005-XXXX [microcode.ctl downloads microcode w/o user confirmation]
	- microcode.ctl 0.20080131-1 (bug #282583; unimportant)
	NOTE: The validity of the microcode is ensure inside the CPU
CVE-2005-3087
	NOT-FOR-US: SecureW2 TLS
CVE-2005-3086
	NOT-FOR-US: contentSrv
CVE-2005-3085
	NOT-FOR-US: Riverdark Studios RSS Syndicator
CVE-2005-3084
	NOT-FOR-US: Sony PSP
CVE-2005-3083
	NOT-FOR-US: CMS Made Simple
CVE-2005-3082
	NOT-FOR-US: SEO-Board
CVE-2005-3081
	{DSA-1006-1}
	- wzdftpd 0.5.5-1 (high)
CVE-2005-3080
	NOT-FOR-US: GeSHi
CVE-2005-3079
	NOT-FOR-US: PunBB
CVE-2005-3078
	NOT-FOR-US: PunBB
CVE-2005-3077
	NOT-FOR-US: Microsoft
CVE-2005-3076
	NOT-FOR-US: Simplog
CVE-2005-3075
	NOT-FOR-US: Zengaia
CVE-2005-3074
	NOT-FOR-US: RSyslog
CVE-2005-3073
	- interchange 5.2.1-1 (bug #329705)
CVE-2005-3072
	- interchange 5.2.1-1 (bug #329705; medium)
CVE-2005-3071
	NOT-FOR-US: Solaris
CVE-2005-3070
	- hylafax 1:4.2.2+rc1 (bug #329384; unimportant)
	NOTE: This was judged non-exploitable
CVE-2005-3069
	{DSA-865-1}
	- hylafax 1:4.2.2+rc1 (bug #329384; low)
CVE-2005-3068
	{DSA-869-1}
	- eric 3.7.2-1 (bug #330608; medium)
CVE-2005-3067
	NOT-FOR-US: PerlDiver
CVE-2005-3066
	NOT-FOR-US: PerlDiver
CVE-2005-3065
	NOT-FOR-US: MultiTheftAuto
CVE-2005-3064
	NOT-FOR-US: MultiTheftAuto
CVE-2005-3063
	NOT-FOR-US: MailGust
CVE-2005-3062
	NOT-FOR-US: AlstraSoft E-Friends
CVE-2005-3061
	NOT-FOR-US: PowerArchiver
CVE-2005-XXXX [Multiple security issues when using distcc without ssh auth]
	- distcc 2.18.3-3 (bug #298929; low)
	[sarge] - distcc <no-dsa> (Only affects distcc in a very non-standard way not recommended for unstrusted environments)
CVE-2005-3060
	NOT-FOR-US: AIX
CVE-2005-3059
	NOT-FOR-US: Opera
CVE-2005-3058
	NOT-FOR-US: FortiGate
CVE-2005-3057
	NOT-FOR-US: FortiGate
CVE-2005-3056 [TWiki INCLUDE function allows arbitrary shell command execution ]
	RESERVED
	- twiki 20040902-2 (bug #330733; high)
CVE-2005-3055
	{DSA-1017-1}
	- linux-2.6 2.6.14-1 (bug #330287; bug #332587; medium)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3054
	- php4 4:4.4.0-3 (bug #353585; bug #354685; medium)
	- php5 5.0.5-2 (bug #353585; medium)
	[sarge] - php4 <no-dsa> (open_basedir violations not supported)
CVE-2005-3053
	{DSA-1017-1}
	- linux-2.6 2.6.12-3 (bug #330343; bug #330353; medium)
CVE-2005-3052
	NOT-FOR-US: jportal
CVE-2005-3051
	NOT-FOR-US: 7-Zip
CVE-2005-3050
	NOT-FOR-US: PhpMyFaq
CVE-2005-3049
	NOT-FOR-US: PhpMyFaq
CVE-2005-3048
	NOT-FOR-US: PhpMyFaq
CVE-2005-3047
	NOT-FOR-US: PhpMyFaq
CVE-2005-3046
	NOT-FOR-US: PhpMyFaq
CVE-2005-3045
	NOT-FOR-US: My Little Forum
CVE-2005-XXXX [egroupware unsafe use of /tmp for storing a log file]
	- egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low)
	[sarge] - egroupware <no-dsa> (Minor issue)
CVE-2005-XXXX [SQL injection vulnerability in egroupware in account deletion]
	- egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low)
	[sarge] - egroupware <no-dsa> (Minor issue)
CVE-2005-XXXX [Insecure pidfile handling in mailleds]
	- mailleds 0.93-11.1 (bug #329365; low)
	[sarge] - mailleds <no-dsa> (Hardly exploitable)
CVE-2005-XXXX [kdebase uses urandom as an entropy source]
	- kdebase <unfixed> (bug #325369; unimportant)
	NOTE: Only affects the unofficial BSD/Hurd ports or 2.2 kernels
	NOTE: on Linux urandom should provide sufficient entropy
CVE-2005-3753
	- linux-2.6 2.6.12-7 (low)
CVE-2005-3043
	NOT-FOR-US: Mall23 eCommerce
CVE-2005-3042
	- webmin 1.230-1 (high; bug #329741)
	[sarge] - webmin <not-affected> (Vulnerable code not present, see #329741)
	- usermin 1.160-1 (high; bug #329742)
	NOTE: SNS Advisory 83, http://marc.info:80/?m=112733083203821
CVE-2005-3041
	NOT-FOR-US: Opera
CVE-2005-3040
	NOT-FOR-US: TAC Vista
CVE-2005-3039
	NOT-FOR-US: Mall23 eCommerce
CVE-2005-3038
	NOT-FOR-US: Hosting Controller
CVE-2005-3037
	NOT-FOR-US: Handy Address Book Server
CVE-2005-3036
	NOT-FOR-US: File Transfer Anywhere
CVE-2005-3035
	NOT-FOR-US: Compuware DriverStudio
CVE-2005-3034
	NOT-FOR-US: Compuware DriverStudio
CVE-2005-3033
	NOT-FOR-US: vxWeb - WinCE software
CVE-2005-3032
	NOT-FOR-US: vxTfpSrv - WinCE software
CVE-2005-3031
	NOT-FOR-US: vxTfpSrv - WinCE software
CVE-2005-3030
	NOT-FOR-US: Ahnlab Anti virus
CVE-2005-3029
	NOT-FOR-US: Ahnlab Anti virus
CVE-2005-3028
	REJECTED
CVE-2005-3027
	NOT-FOR-US: Sybari Antigen anti spam solution
CVE-2005-3026
	NOT-FOR-US: Epay Pro
CVE-2005-3025
	NOT-FOR-US: vBulletin
CVE-2005-3024
	NOT-FOR-US: vBulletin
CVE-2005-3023
	NOT-FOR-US: vBulletin
CVE-2005-3022
	NOT-FOR-US: vBulletin
CVE-2005-3021
	NOT-FOR-US: vBulletin
CVE-2005-3020
	NOT-FOR-US: vBulletin
CVE-2005-3019
	NOT-FOR-US: vBulletin
CVE-2005-3018
	NOT-FOR-US: Safari
CVE-2005-3017
	NOT-FOR-US: Content2Web
CVE-2005-3016
	NOT-FOR-US: PHP-Nuke
CVE-2005-3015
	NOT-FOR-US: Lotus Domino
CVE-2005-3014
	NOT-FOR-US: Ensim webppliance
CVE-2005-3013
	NOT-FOR-US: YaST
CVE-2005-3012
	NOT-FOR-US: SimpleCDR-X
CVE-2005-3011
	{DSA-1219}
	- texinfo 4.8-1 (bug #328365; low)
	[sarge] - texinfo <no-dsa> (Minor issue, hardly exploitable)
CVE-2005-3010
	NOT-FOR-US: CuteNews
CVE-2005-3009
	NOT-FOR-US: CuteNews
CVE-2005-3008
	NOT-FOR-US: Tofu
CVE-2005-3007
	NOT-FOR-US: Opera
CVE-2005-3006
	NOT-FOR-US: Opera
CVE-2005-3005
	NOT-FOR-US: Helpdesk Software Hesk
CVE-2005-3004
	NOT-FOR-US: Interakt MX Shop
CVE-2005-3003
	NOT-FOR-US: NooTopList
CVE-2005-3002
	NOT-FOR-US: Multi-Computer Control System
CVE-2005-3001
	NOT-FOR-US: Solaris
CVE-2005-3000
	NOT-FOR-US: PHP Advanced Transfer Manager
CVE-2005-2999
	NOT-FOR-US: PHP Advanced Transfer Manager
CVE-2005-2998
	NOT-FOR-US: PHP Advanced Transfer Manager
CVE-2005-2997
	NOT-FOR-US: PHP Advanced Transfer Manager
CVE-2005-2996
	NOT-FOR-US: VERITAS storage solutions
CVE-2005-2995
	- bacula 1.38.9-1 (bug #329271; low)
	NOTE: Sarge affected, didn't exist in Woody
CVE-2005-2994
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2005-2993
	NOT-FOR-US: HP Tru64
CVE-2005-2991
	- ncompress <not-affected> (bug #329052; unimportant)
	NOTE: see bug close message,  Debian's ncompress doesn't expose affected scripts
CVE-2005-2992
	{DSA-843-1}
	- arc 5.21m-1 (low)
CVE-2005-2990
	NOT-FOR-US: LineControl Java Client
CVE-2005-2989
	NOT-FOR-US: DeluxeBB
CVE-2005-2988
	NOT-FOR-US: HP printers
CVE-2005-2987
	NOT-FOR-US: Digital Scribe
CVE-2005-2986
	NOT-FOR-US: AhnLab antivirus and related products
CVE-2005-2985
	NOT-FOR-US: aeDating script
CVE-2005-2984
	NOT-FOR-US: Avocent hardware issue
CVE-2005-2983
	NOT-FOR-US: Oracle
CVE-2005-2982
	NOT-FOR-US: CompaqHTTPServer
CVE-2005-2981
	NOT-FOR-US: Orion
CVE-2005-2980
	NOT-FOR-US: phpoutsourcing Noah's classifieds
CVE-2005-2979
	NOT-FOR-US: phpoutsourcing Noah's classifieds
CVE-2005-2978
	{DSA-878-1}
	- netpbm-free 2:10.0-10
CVE-2005-2977
	- pam 0.99.7.1-2 (bug #336344; low)
	[etch] - pam 0.79-5
	[sarge] - pam <not-affected> (Does not contain SELinux support)
	[woody] - pam <not-affected> (Does not contain SELinux support)
CVE-2005-2976
	{DSA-913-1 DSA-911-1}
	- gdk-pixbuf 0.22.0-11 (bug #339431; medium)
	- gtk+2.0 2.6.10-2
CVE-2005-2975
	{DSA-913-1 DSA-911-1}
	- gdk-pixbuf 0.22.0-11 (bug #339431; low)
	- gtk+2.0 2.6.10-2 (bug #339431; low)
CVE-2005-2974
	{DSA-890-1}
	- libungif4 4.1.3-4 (bug #337972; unimportant)
	- giflib 4.1.4-1 (bug #395382; unimportant)
	NOTE: Just a bug, hardly security implications
CVE-2005-2973
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.13+2.6.14-rc4-0experimental.1 (low)
CVE-2005-2972
	{DSA-894-1}
	- abiword 2.4.1-1 (bug #333740; medium)
CVE-2005-2971
	{DSA-872-1}
	- koffice 1:1.3.5-5 (bug #333497; medium)
CVE-2005-2970
	- apache2 2.0.55-1 (bug #340337; low)
	[sarge] - apache2 2.0.54-5sarge2
	NOTE: this occurs in the binary package apache2-mpm-worker
CVE-2005-2969
	{DSA-888-1 DSA-882-1 DSA-881-1 DSA-875-1}
	- openssl 0.9.8-3 (bug #333500; low)
	- openssl097 0.9.7g-5 (bug #333500; low)
	- openssl094 <removed>
	- openssl095 <removed>
	- openssl096 <removed>
CVE-2005-2968
	{DSA-868-1}
	- mozilla-firefox <not-affected> (Debian ships a non-vulnerable wrapper script)
	- mozilla <not-affected> (Debian ships a non-vulnerable wrapper script)
	- mozilla-thunderbird 1.0.6-4 (bug #329667; bug #329664; high)
CVE-2005-2967
	{DSA-863-1}
	- xine-lib 1.0.1-1.4 (bug #332919; bug #333682; medium)
CVE-2005-2965
	REJECTED
CVE-2005-2964
	{DSA-894-1}
	- abiword 2.2.10-1 (bug #329839; medium)
CVE-2005-2963
	{DSA-844-1}
	- mod-auth-shadow 1.4-2 (bug #323789; medium)
CVE-2005-2962
	{DSA-830-1}
	- ntlmaps 0.9.9-4
CVE-2005-2961
	{DSA-834-1}
	NOTE: prozilla is not in sarge or etch
CVE-2005-2960
	{DSA-836-1 DSA-835-1}
	- cfengine <removed> (bug #332433; low)
	- cfengine2 2.1.17-1 (bug #332432; low)
	NOTE: maintainer does not think it's a hole, script is unused/broken
CVE-2005-2959
	{DSA-870-1}
	- sudo 1.6.8p9-3 (medium)
CVE-2005-2958
	{DSA-871-1}
	- libgda2 1.2.2-1 (medium)
CVE-2005-2957
	NOT-FOR-US: AVIRA Desktop
CVE-2005-2956
	NOT-FOR-US: ATutor
CVE-2005-2955
	NOT-FOR-US: ATutor
CVE-2005-2954
	NOT-FOR-US: ATutor
CVE-2005-2953
	NOT-FOR-US: MIVA Merchant
CVE-2005-2952
	NOT-FOR-US: Subscribe Me Pro
CVE-2005-2951
	NOT-FOR-US: AzDGDating lite
CVE-2005-2950
	NOT-FOR-US: Sawmill
CVE-2005-2949
	NOT-FOR-US: pam_per_user (not in Debian)
CVE-2005-2948
	NOT-FOR-US: KillProcess
CVE-2005-2947
	NOT-FOR-US: KillProcess
CVE-2005-2946
	- openssl 0.9.8-1 (bug #314465; unimportant)
	NOTE: MD5 is still good enough for most applications, second preimage attacks
	NOTE: haven't been presented yet
CVE-2005-2944
	NOT-FOR-US: GNOME Workstation Command Center
CVE-2005-2943
	{DSA-902-1}
	- xmail 1.22-1 (bug #333863; medium)
CVE-2005-2942
	REJECTED
CVE-2005-2941
	RESERVED
CVE-2005-2940
	NOT-FOR-US: Microsoft Antispyware
CVE-2005-2939
	NOT-FOR-US: VMWare
CVE-2005-2938
	NOT-FOR-US: iTunes
CVE-2005-2937
	REJECTED
CVE-2005-2936
	NOT-FOR-US: Real Player
CVE-2005-2935
	NOT-FOR-US: Microsoft AntiSpyware
CVE-2005-2934
	NOT-FOR-US: SCO
CVE-2005-2933
	{DSA-861-1}
	- uw-imap 7:2002edebian1-12 (medium; bug #332215)
	- pine 4.64-1 (medium; bug #348407)
	- alpine <not-affected> (alpine is based on pine 4.64, this bug was in a previous version of pine)
	[sarge] - pine <no-dsa> (pine is non-free; doesn't permit distribution of modified binaries)
CVE-2005-2932
	NOT-FOR-US: Check Point Zone Labs ZoneAlarm
CVE-2005-2931
	NOT-FOR-US: Ipswitch Collaboration Suite
CVE-2005-2929
	- lynx <not-affected> (Debian's default config is not vulnerable)
CVE-2005-2928
	RESERVED
CVE-2005-2927
	NOT-FOR-US: SCO Unixware
CVE-2005-2926
	NOT-FOR-US: SCO Unixware
CVE-2005-2925
	NOT-FOR-US: IRIX
CVE-2005-2924
	RESERVED
CVE-2005-2923
	NOT-FOR-US: Ipswitch Collaboration Suite
CVE-2005-2922
	- helix-player 1.0.7-1 (bug #358754; medium)
CVE-2005-2921
	RESERVED
CVE-2005-2916
	NOT-FOR-US: Linksys routers
CVE-2005-2915
	NOT-FOR-US: Linksys routers
CVE-2005-2914
	NOT-FOR-US: Linksys routers
CVE-2005-2913
	REJECTED
CVE-2005-2912
	NOT-FOR-US: Linksys routers
CVE-2005-2911
	RESERVED
CVE-2005-2910
	RESERVED
CVE-2005-2909
	RESERVED
CVE-2005-2908
	RESERVED
CVE-2005-2907
	RESERVED
CVE-2005-2906
	RESERVED
CVE-2005-2905
	RESERVED
CVE-2005-2904
	NOT-FOR-US: Zebedee
CVE-2005-2903
	NOT-FOR-US: NOD32 Anti virus
CVE-2005-2902
	NOT-FOR-US: class-1 Forum
CVE-2005-2901
	NOT-FOR-US: CjWeb2Mail
CVE-2005-2900
	NOT-FOR-US: CjLinkOut
CVE-2005-2899
	NOT-FOR-US: CjTagBoard
CVE-2005-2898
	NOT-FOR-US: Filezilla
CVE-2005-2897
	NOT-FOR-US: WEB//NEWS
CVE-2005-2896
	NOT-FOR-US: WEB//NEWS
CVE-2005-2895
	NOT-FOR-US: PBLang
CVE-2005-2894
	NOT-FOR-US: PBLang
CVE-2005-2893
	NOT-FOR-US: PBLang
CVE-2005-2892
	NOT-FOR-US: PBLang
CVE-2005-2891
	NOT-FOR-US: WebArchiveX
CVE-2005-2890
	NOT-FOR-US: SecureOL
CVE-2005-2889
	NOT-FOR-US: Check Point
CVE-2005-2888
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-2887
	NOT-FOR-US: MAXDev MD-Pro
CVE-2005-2886
	NOT-FOR-US: MAXDev MD-Pro
CVE-2005-2885
	NOT-FOR-US: MAXDev MD-Pro
CVE-2005-2884
	NOT-FOR-US: Land Down Under
CVE-2005-2883
	REJECTED
CVE-2005-2882
	NOT-FOR-US: phpCommunityCalendar
CVE-2005-2881
	NOT-FOR-US: phpCommunityCalendar
CVE-2005-2880
	NOT-FOR-US: phpCommunityCalendar
CVE-2005-2879
	NOT-FOR-US: Advansysperu Software USB Lock Auto-Protect
CVE-2005-2945
	{DSA-843-1}
	- arc 5.21m-1 (bug #329053; low)
CVE-2005-2917
	{DSA-828-1}
	- squid 2.5.10-7
	NOTE: Patch was added to -6, but not listed in dpatch's list of patches
CVE-2005-XXXX [user password file created by gajim is world-readable]
	- gajim 0.8.2-1 (bug #325080; low)
CVE-2005-XXXX [mkzopeinstance.py creates world-readable inituser file]
	- zope2.7 2.7.8-1 (bug #313644; bug #313621; low)
	[sarge] - zope2.7 <no-dsa> (Inside the responsibility of the admin)
CVE-2005-XXXX [wine-safe does not prompt the user/is registered in mailcap]
	- wine 0.0.20050830-1 (bug #327261; bug #327262; low)
	[sarge] - wine <no-dsa> (Minor issue)
CVE-2005-2920
	{DSA-824-1 DTSA-19-1}
	- clamav 0.87-1 (bug #328660; bug #329280; medium)
CVE-2005-2919
	{DSA-824-1 DTSA-19-1}
	- clamav 0.87-1 (bug #328660; medium)
CVE-2005-2918
	{DSA-822-1}
	- gtkdiskfree 1.9.3-4sarge1 (bug #328566; low)
CVE-2005-3044
	{DSA-1017-1}
	- linux-2.6 2.6.12-7 (medium)
	- kernel-source-2.4.27 <not-affected> (code is vulnerable but there is no amd64 for 2.4 in Sarge)
CVE-2005-2877
	NOTE: proactively fixed by the robustness patch
	- twiki 20040902-2
CVE-2005-2876
	{DSA-825-1 DSA-823-1}
	- util-linux 2.12p-8 (bug #328141; bug #329063; medium)
	- loop-aes-utils 2.12p-9 (bug #328626; medium)
CVE-2005-2875
	{DSA-856-1}
	- py2play 0.1.8-1 (bug #326976; medium)
CVE-2005-2874
	- cups 1.1.23-1
	- cupsys 1.1.23-1
CVE-2005-2871
	{DSA-868-1 DSA-866-1 DSA-837-1}
	- mozilla-firefox 1.0.6-5 (bug #327452; bug #327802; bug #327366; medium)
	- mozilla 2:1.7.12-1 (bug #327455; medium)
	- mozilla-thunderbird 1.0.7-1
	NOTE: epiphany-browser is apparently fixed fix the mozilla
	NOTE: upload; see bug #327366
CVE-2005-2930
	{DSA-886-1}
	- chmlib 0.36-1 (bug #327431; medium)
CVE-2005-2802
	REJECTED
CVE-2005-2878
	{DSA-841-1 DTSA-20-1}
	- mailutils 1:0.6.90-3 (bug #327424; high)
CVE-2005-2870
	NOT-FOR-US: Solaris
CVE-2005-2869
	{DSA-880-1}
	- phpmyadmin 4:2.6.4-pl1-1 (bug #327345; bug #328501; medium)
CVE-2005-2868
	NOT-FOR-US: ZipTorrent
CVE-2005-2867
	NOT-FOR-US: BlueWhaleCRM
CVE-2005-2866
	NOT-FOR-US: Mercora IMRadio
CVE-2005-2865
	NOT-FOR-US: aMember Pro
CVE-2005-2864
	NOT-FOR-US: URBAN
CVE-2005-2863
	NOT-FOR-US: OpenWebmail
CVE-2005-2862
	NOT-FOR-US: ADSL hardware
CVE-2005-2861
	NOT-FOR-US: N-Stealth
CVE-2005-2860
	- nikto 1.35-1.1 (bug #327339; medium)
CVE-2005-2859
	NOT-FOR-US: Savant Web Server
CVE-2005-2858
	NOT-FOR-US: Rediff BOL)
CVE-2005-2857
	NOT-FOR-US: Free SMTP Server
CVE-2005-2856
	NOT-FOR-US: ALZip
CVE-2005-2855
	NOT-FOR-US: Unclassified Newsboard
CVE-2005-2854
	NOT-FOR-US: thesitewizard.com chfeedback.pl
CVE-2005-2853
	NOT-FOR-US: GuppY
CVE-2005-2852
	NOT-FOR-US: Novell Netware
CVE-2005-2851
	{DTSA-25-1}
	- smb4k 0.6.4-1 (bug #337471; medium)
	NOTE: fix in 0.6.3-1 was incomplete according to maintainer
CVE-2005-2850
	NOT-FOR-US: SlimFTPD
CVE-2005-2849
	NOT-FOR-US: Barracuda antispam solution
CVE-2005-2848
	NOT-FOR-US: Barracuda antispam solution
CVE-2005-2847
	NOT-FOR-US: Barracuda antispam solution
CVE-2005-2846
	NOT-FOR-US: CMS Made Simple
CVE-2005-2845
	NOT-FOR-US: Ariba Spend Management System
CVE-2005-2844
	NOT-FOR-US: Indiatimes Messenger
CVE-2005-2843
	NOT-FOR-US: Hesk
CVE-2005-2842
	NOT-FOR-US: DameWare Mini
CVE-2005-2841
	NOT-FOR-US: IOS
CVE-2005-2840
	NOT-FOR-US: MAXdev
CVE-2005-2839
	NOT-FOR-US: MAXdev
CVE-2005-2838
	NOT-FOR-US: myBloggie
CVE-2005-2837
	NOT-FOR-US: WebGUI
CVE-2005-2836
	NOT-FOR-US: Phorum
CVE-2005-2835
	RESERVED
CVE-2005-2834
	RESERVED
CVE-2005-2833
	RESERVED
CVE-2005-2832
	RESERVED
CVE-2005-2831
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2005-2830
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2005-2829
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2005-2828
	RESERVED
CVE-2005-2827
	NOT-FOR-US: Windows NT
CVE-2005-2826
	RESERVED
CVE-2005-2825
	RESERVED
CVE-2005-2824
	RESERVED
CVE-2005-2823
	RESERVED
CVE-2005-2822
	RESERVED
CVE-2005-2821
	RESERVED
CVE-2005-2820
	{DSA-820-1}
	- courier 0.47-9 (bug #327181; medium)
CVE-2005-2819
	NOT-FOR-US: DownFile
CVE-2005-2818
	NOT-FOR-US: DownFile
CVE-2005-2817
	NOT-FOR-US: Simple Machines Forum
CVE-2005-2816
	NOT-FOR-US: Greymatter
CVE-2005-2815
	NOT-FOR-US: FlatNuke
CVE-2005-2814
	NOT-FOR-US: FlatNuke
CVE-2005-2813
	NOT-FOR-US: FlatNuke
CVE-2005-2812
	NOT-FOR-US: man2web
CVE-2005-2811
	- net-snmp <not-affected> (Gentoo Portage specific configuration flaw)
CVE-2005-2810
	NOT-FOR-US: urban game
CVE-2005-2809
	NOT-FOR-US: silc daemon
CVE-2005-2808
	- frox 0.7.18-1 (medium)
CVE-2005-2807
	- frox <not-affected> (does not run setuid root in the Debian package)
CVE-2005-2806
	NOT-FOR-US: BNBT EasyTracker
CVE-2005-2805
	NOT-FOR-US: e107
CVE-2005-2804
	NOT-FOR-US: GroupWise
CVE-2005-2803
	[sarge] - hiki <not-affected> (code not present in sarge)
	- hiki 0.8.3-1
CVE-2005-2800
	{DSA-1017-1}
	- linux-2.6 2.6.12-6 (low)
	- kernel-source-2.4.27 <not-affected> (seq_file introduced in 2.6)
CVE-2005-2799
	NOT-FOR-US: Linksys routers
CVE-2005-2798
	- openssh 1:4.2p1-1 (bug #326065; unimportant)
	NOTE: Not enabled in the binary build, see #326065
	- openssh-krb5 <removed> (bug #327233; medium)
	[sarge] - openssh-krb5 <no-dsa> (Intended bahaviour, see #327233)
CVE-2005-2797
	- openssh 1:4.2p1-1 (bug #326065; unimportant)
	NOTE: GSSAPI features not activated in binary builds
CVE-2005-2796
	{DSA-809-1}
	- squid 2.5.10-5 (medium)
CVE-2005-2795
	RESERVED
CVE-2005-2794
	{DSA-809-3 DSA-809-1}
	- squid 2.5.10-5 (medium)
CVE-2005-2793
	[sarge] - phpldapadmin <not-affected> (code not present in sarge)
	- phpldapadmin 0.9.6c-7 (bug #325785; medium)
	- egroupware <not-affected> (copy included is older and not vulnerable; bug #339583)
CVE-2005-2792
	[sarge] - phpldapadmin <not-affected> (code not present in sarge)
	- phpldapadmin 0.9.6c-7 (bug #325785; medium)
	- egroupware <not-affected> (copy included is older and not vulnerable; bug #339583)
CVE-2005-2791
	NOT-FOR-US: BFCC
CVE-2005-2790
	NOT-FOR-US: BFCC
CVE-2005-2789
	NOT-FOR-US: BFCC
CVE-2005-2788
	NOT-FOR-US: Land Down Under
CVE-2005-2787
	NOT-FOR-US: Simple PHP Blog
CVE-2005-2786
	NOT-FOR-US: cosmoshop
CVE-2005-2785
	NOT-FOR-US: cosmoshop
CVE-2005-2784
	NOT-FOR-US: cosmoshop
CVE-2005-2783
	NOT-FOR-US: PHP-Fusion
CVE-2005-2782
	NOT-FOR-US: AutoLinks Pro
CVE-2005-2781
	{DSA-1063-1}
	- phpgroupware 0.9.16.009-1 (bug #340094; medium)
	- egroupware 1.0.0.009.dfsg-3-4 (bug #340495; medium)
	[woody] - phpgroupware <not-affected> (fudforum not included until 0.9.16)
	NOTE: Sarge affected, woody isn't
CVE-2005-2780
	NOT-FOR-US: Land Down Under
CVE-2005-2779
	NOT-FOR-US: iTAN
CVE-2005-2778
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-2777
	NOT-FOR-US: Looking Glass
CVE-2005-2776
	NOT-FOR-US: Looking Glass
CVE-2005-2775
	NOT-FOR-US: Looking Glass
CVE-2005-2774
	NOT-FOR-US: Litium Quake mod
CVE-2005-2773
	NOT-FOR-US: HP OpenView
CVE-2005-2772
	{DSA-832-1}
	- gopher 3.0.11 (bug #327722; high)
CVE-2005-2771
	NOT-FOR-US: Reflection for Secure IT
CVE-2005-2770
	NOT-FOR-US: Reflection for Secure IT
CVE-2005-2769
	{DSA-820-1}
	- courier 0.47-9 (bug #327727; medium)
CVE-2005-2768
	NOT-FOR-US: Sophos AntiVirus
CVE-2005-2767
	NOT-FOR-US: LeapFTP
CVE-2005-XXXX [Four potentially DoS exploitable deadlocks and leaks in kernel 2.6]
	- linux-2.6 2.6.12-6 (low)
CVE-2005-2766
	NOT-FOR-US: Symantec AntiVirus
CVE-2005-2765
	NOT-FOR-US: Microsoft Windows
CVE-2005-2764
	NOT-FOR-US: OpenTTD
CVE-2005-2763
	NOT-FOR-US: OpenTTD
CVE-2005-2762
	NOT-FOR-US: VPNRemote
CVE-2005-2760
	RESERVED
CVE-2005-2759
	NOT-FOR-US: Symantec Antivirus
CVE-2005-2758
	NOT-FOR-US: Symantec Antivirus
CVE-2005-2757
	NOT-FOR-US: Mac OS X
CVE-2005-2756
	NOT-FOR-US: Apple QuickTime
CVE-2005-2755
	NOT-FOR-US: Apple QuickTime
CVE-2005-2754
	NOT-FOR-US: Apple QuickTime
CVE-2005-2753
	NOT-FOR-US: Apple QuickTime
CVE-2005-2752
	NOT-FOR-US: Mac OS X
CVE-2005-2751
	NOT-FOR-US: Mac OS X
CVE-2005-2750
	NOT-FOR-US: Mac OS X
CVE-2005-2749
	NOT-FOR-US: Mac OS X
CVE-2005-2748
	NOT-FOR-US: Mac OS X
CVE-2005-2747
	NOT-FOR-US: Mac OS X
CVE-2005-2746
	NOT-FOR-US: Mac OS X
CVE-2005-2745
	NOT-FOR-US: Mac OS X
CVE-2005-2744
	NOT-FOR-US: Mac OS X
CVE-2005-2743
	NOT-FOR-US: Mac OS X
CVE-2005-2742
	NOT-FOR-US: Mac OS X
CVE-2005-2741
	NOT-FOR-US: Mac OS X
CVE-2005-2740
	REJECTED
CVE-2005-2739
	NOT-FOR-US: Mac OS X
CVE-2005-2738
	NOT-FOR-US: Java / Apple
CVE-2005-2737
	NOT-FOR-US: PhotoPost
CVE-2005-2736
	NOT-FOR-US: YaPig
CVE-2005-2735
	NOT-FOR-US: phpGraphy
CVE-2005-2734
	{DSA-1148-1}
	- gallery 1.5-2 (bug #325285; medium)
CVE-2005-2733
	NOT-FOR-US: Simple PHP Blog
CVE-2005-2732
	NOTE: path disclosure, so not very important on debian systems
	NOTE: unreproducible according to bug #327729
CVE-2005-2731
	NOT-FOR-US: Astato specific
CVE-2005-2730
	NOT-FOR-US: Astato specific
CVE-2005-2729
	NOT-FOR-US: Astato specific
CVE-2005-2728
	{DSA-805-1}
	NOTE: The CVE description is wrong, this has been merged for 2.0.55
	- apache2 2.0.54-5 (bug #326435; medium)
CVE-2005-2727
	NOT-FOR-US: Home Ftp Server
CVE-2005-2726
	NOT-FOR-US: Home Ftp Server
CVE-2005-2725
	NOT-FOR-US: QNX
CVE-2005-2723
	NOT-FOR-US: PaFileDB
CVE-2005-2722
	NOT-FOR-US: Foojan PHP Weblog
CVE-2005-2721
	NOT-FOR-US: Foojan PHP Weblog
CVE-2005-2720
	NOT-FOR-US: HAURI Antivirus
CVE-2005-2719
	NOT-FOR-US: Ventrilo
CVE-2005-2718
	NOT-FOR-US: MPlayer
CVE-2005-2717
	{DSA-799-1}
	- webcalendar 0.9.45-7 (bug #326223; medium)
CVE-2005-2715
	NOT-FOR-US: VERITAS NetBackup Data and Business Center
CVE-2005-2714
	NOT-FOR-US: Apple
CVE-2005-2713
	NOT-FOR-US: Apple
CVE-2005-2712
	NOT-FOR-US: IBM
CVE-2005-2711
	NOT-FOR-US: ISS
CVE-2005-2710
	{DSA-826-1}
	NOTE: see  http://www.open-security.org/advisories/13
	- helix-player 1.0.6-1 (bug #330364; high)
CVE-2005-2709
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.14-3
CVE-2005-2708
	- kernel-source-2.4.27 <not-affected> (amd64/2.4 not supported)
CVE-2005-2707
	{DSA-868-1 DSA-866-1 DSA-838-1}
	- mozilla-firefox 1.0.7-1 (bug #329778; medium)
	- mozilla 2:1.7.12-1 (medium)
	- mozilla-thunderbird 1.0.7-1
CVE-2005-2706
	{DSA-868-1 DSA-866-1 DSA-838-1}
	- mozilla-firefox 1.0.7-1 (bug #329778; high)
	- mozilla 2:1.7.12-1 (high)
	- mozilla-thunderbird 1.0.7-1
CVE-2005-2705
	{DSA-868-1 DSA-866-1 DSA-838-1}
	- mozilla-firefox 1.0.7-1 (bug #329778; high)
	- mozilla 2:1.7.12-1 (high)
	- mozilla-thunderbird 1.0.7-1
CVE-2005-2704
	{DSA-868-1 DSA-866-1 DSA-838-1}
	- mozilla-firefox 1.0.7-1 (bug #329778; medium)
	- mozilla 2:1.7.12-1 (medium)
	- mozilla-thunderbird 1.0.7-1
CVE-2005-2703
	{DSA-868-1 DSA-866-1 DSA-838-1}
	- mozilla-firefox 1.0.7-1 (bug #329778; medium)
	- mozilla 2:1.7.12-1 (medium)
	- mozilla-thunderbird 1.0.7-1
CVE-2005-2702
	{DSA-868-1 DSA-866-1 DSA-838-1}
	- mozilla-firefox 1.0.7-1 (bug #329778; high)
	- mozilla 2:1.7.12-1 (high)
	- mozilla-thunderbird 1.0.7-1
CVE-2005-2701
	{DSA-868-1 DSA-866-1 DSA-838-1}
	- mozilla-firefox 1.0.7-1 (bug #329778; medium)
	- mozilla 2:1.7.12-1 (bug #329778; medium)
	- mozilla-thunderbird 1.0.7-1
CVE-2005-2700
	{DSA-807-1 DSA-805-1}
	- libapache-mod-ssl 2.8.24-1 (medium)
	- apache2 2.0.54-5 (bug #327210; medium)
CVE-2005-2699
	NOT-FOR-US: PHPKit
CVE-2005-2698
	NOT-FOR-US: Nephp Publisher Enterprise
CVE-2005-2697
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-2696
	NOT-FOR-US: Notes
CVE-2005-2695
	NOT-FOR-US: Cisco
CVE-2005-2694
	NOT-FOR-US: WinAce
CVE-2005-2724
	{DSA-793-1}
	- courier 0.47-8 (medium; bug #325631)
CVE-2005-2801
	{DSA-922-1 DSA-921-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
CVE-2005-2873
	[sarge] - kernel-source-2.4.27 <no-dsa> (Unfixable design issues)
	[sarge] - kernel-source-2.6.8 <no-dsa> (Unfixable design issues)
	- kernel-source-2.6.8 <unfixed> (bug #332231; low)
	- linux-2.6 2.6.18-1 (bug #332381; low)
	NOTE: Dave Miller didn't like the proposed fix and considers a complete rewrite
	NOTE: of ipt_recent the best solution, which seems to occur soon
CVE-2005-2872
	{DSA-922-1 DSA-921-1}
	- kernel-source-2.4.27 2.4.27-11 (bug #322237; medium)
	- linux-2.6 2.6.12-1
CVE-2005-2761
	{DSA-798-1}
	- phpgroupware 0.9.16.008-1
CVE-2005-2716
	{DSA-796-1}
	- affix 2.1.2-3 (bug #325444; medium)
CVE-2005-XXXX [Insecure tempfile usage in tleds]
	- tleds 1.05beta10-9 (bug #276789; low)
CVE-2005-2693
	{DSA-806-1 DSA-802-1}
	NOTE: cvsbug was removed from the cvs binary package in 1:1.11.5-4.
	NOTE: The copy in the cvs source package was fixed in 1:1.12.9-15.
	- cvs 1:1.11.5-4 (bug #325106; low)
	- gcvs 1.0final-8 (bug #324969; low)
CVE-2005-2692
	NOT-FOR-US: RunCMS
CVE-2005-2691
	NOT-FOR-US: RunCMS
CVE-2005-2690
	NOT-FOR-US: PostNuke
CVE-2005-2689
	NOT-FOR-US: PostNuke
CVE-2005-2688
	NOT-FOR-US: SaveWebPortal
CVE-2005-2687
	NOT-FOR-US: SaveWebPortal
CVE-2005-2686
	NOT-FOR-US: SaveWebPortal
CVE-2005-2685
	NOT-FOR-US: SaveWebPortal
CVE-2005-XXXX [Insecure temp files in firehol]
	- firehol 1.231-4 (unimportant)
	NOTE: Only exploitable inside modified binary installation
CVE-2005-2684
	NOT-FOR-US: Virtual Edge Netquery
CVE-2005-2683
	NOT-FOR-US: PHPKit
CVE-2005-2682
	NOT-FOR-US: DTLink AreaEdit
CVE-2005-2681
	NOT-FOR-US: Cisco
CVE-2005-2680
	NOT-FOR-US: BEA WebLogic Portal
CVE-2005-2679
	NOT-FOR-US: Sysinternals Process Explorer
CVE-2005-2678
	NOT-FOR-US: MSIE
CVE-2005-2677
	NOT-FOR-US: ACNews
CVE-2005-2676
	NOT-FOR-US: Coppermine
CVE-2005-2675
	NOT-FOR-US: Land Down Under
CVE-2005-2674
	NOT-FOR-US: Land Down Under
CVE-2005-2673
	NOT-FOR-US: Burning Board
CVE-2005-2671
	REJECTED
CVE-2005-2670
	NOT-FOR-US: HAURI
CVE-2005-2669
	NOT-FOR-US: Computer Associates
CVE-2005-2668
	NOT-FOR-US: Computer Associates
CVE-2005-2667
	NOT-FOR-US: Computer Associates
CVE-2005-2666
	- openssh 1:4.0p1-1 (unimportant)
	NOTE: Lack of a security feature, not a vulnerability
CVE-2005-2665
	NOT-FOR-US: elm-me+ is no longer in unstable or testing
CVE-2005-2664
	NOT-FOR-US: Whisper
CVE-2005-2663
	{DSA-848-1}
	- masqmail 0.2.21-1 (low; bug #329307)
CVE-2005-2662
	{DSA-848-1}
	- masqmail 0.2.21-1 (high; bug #329307)
CVE-2005-2661
	{DSA-852-1}
	- up-imapproxy 1.2.4-2 (high)
CVE-2005-2660
	{DSA-839-1}
	- apachetop 0.12.5-3
CVE-2005-2659
	{DSA-886-1}
	- chmlib 0.37-2 (medium)
CVE-2005-2658
	{DSA-812-1}
	- turqstat 2.2.4-1 (medium)
CVE-2005-2657
	{DSA-811-2}
	- common-lisp-controller 4.18 (bug #328633; medium)
CVE-2005-2656
	{DSA-794-1}
	NOTE: Fix in -8 had problems
	- polygen 1.0.6-9 (bug #325468; low)
CVE-2005-2655
	{DSA-791-1 DTSA-11-1}
	- maildrop 2.0.2-7 (bug #325135; medium)
CVE-2005-2654
	{DSA-790-1}
	- phpldapadmin 0.9.6c-5 (bug #322423; medium)
	- egroupware <not-affected> (copy included is older and not vulnerable; bug #339583)
CVE-2005-XXXX [cplay - still unsafe temporary file handling vulnerable to symlink attacks]
	- cplay 1.49-8 (bug #324913; low)
	[woody] - cplay <not-affected> (CPLAY_TMP doesn't exist in this version)
	[sarge] - cplay <no-dsa> (Hardly exploitable)
CVE-2005-2672
	{DSA-814-1 DTSA-17-1}
	- lm-sensors 1:2.9.1-7 (bug #324193; medium)
CVE-2005-2653
	NOT-FOR-US: BBCaffe
CVE-2005-2652
	NOT-FOR-US: Zorum
CVE-2005-2651
	NOT-FOR-US: Zorum
CVE-2005-2650
	NOT-FOR-US: Emefa Guestbook
CVE-2005-2649
	NOT-FOR-US: ATutor
CVE-2005-2648
	NOT-FOR-US: W-Agora
CVE-2005-2647
	NOT-FOR-US: Xerox MicroServer Web Server in Document Centre
CVE-2005-2646
	NOT-FOR-US: Xerox MicroServer Web Server in Document Centre
CVE-2005-2645
	NOT-FOR-US: Xerox MicroServer Web Server in Document Centre
CVE-2005-2644
	NOT-FOR-US: JaguarControl
CVE-2005-2643
	- tor 0.1.0.14-1 (bug #323786; medium)
CVE-2005-2642
	- mutt <not-affected> (bug #323956; high)
	NOTE: Status is not clear; upstream is unresponsive.
	NOTE: this bug was closed as it was unreproducable in Debian
CVE-2005-2641
	{DSA-785-1}
	- libpam-ldap 178-1sarge1 (bug #324899)
CVE-2005-2640
	NOT-FOR-US: Juniper
CVE-2005-2639
	NOT-FOR-US: World Poker Championship
CVE-2005-2638
	NOT-FOR-US: PHPFreeNews
CVE-2005-2637
	NOT-FOR-US: PHPFreeNews
CVE-2005-2636
	NOT-FOR-US: phpAdsNew
CVE-2005-2635
	NOT-FOR-US: phpAdsNew
CVE-2005-2634
	NOT-FOR-US: WinFTP Server
CVE-2005-2633
	NOT-FOR-US: PHPTB Topic Board
CVE-2005-2632
	NOT-FOR-US: Mediabox 404
CVE-2005-2631
	NOT-FOR-US: Cisco
CVE-2005-2630
	- helix-player <not-affected> (Only Windows version of Real are affected)
CVE-2005-2629
	{DSA-915-1}
	- helix-player 1.0.6-1 (bug #340270; medium)
CVE-2005-2628
	- flashplugin-nonfree 7.0.61-1.1 (bug #339290; high)
	[sarge] - flashplugin-nonfree <no-dsa> (Only affects proprietary Flash plugin)
CVE-2005-2627
	{DSA-788-1 DTSA-1-1}
	- kismet 2005.08.R1-1 (bug #323386; high)
CVE-2005-2626
	{DSA-788-1 DTSA-1-1}
	- kismet 2005.08.R1-1 (bug #323386; high)
CVE-2005-2625
	NOT-FOR-US: CPAINT ajax toolkit
CVE-2005-2624
	NOT-FOR-US: CPAINT ajax toolkit
CVE-2005-2623
	NOT-FOR-US: ECW Shop
CVE-2005-2622
	NOT-FOR-US: ECW Shop
CVE-2005-2621
	NOT-FOR-US: ECW Shop
CVE-2005-2620
	NOT-FOR-US: Novell GroupWise
CVE-2005-2619
	NOT-FOR-US: Autonomy
CVE-2005-2618
	NOT-FOR-US: Autonomy
CVE-2005-2617
	{DTSA-16-1}
	NOTE: http://lists.debian.org/debian-kernel/2005/08/msg00991.html - amd64 specific DOS
	- linux-2.6 2.6.12-6
CVE-2005-2616
	NOT-FOR-US: ezUpload
CVE-2005-2615
	NOT-FOR-US: EQdkp
CVE-2005-2614
	NOT-FOR-US: Discuz
CVE-2005-2613
	NOT-FOR-US: CPAINT Ajax
CVE-2005-2612
	- wordpress 1.5.2-1 (bug #323040; high)
CVE-2005-2611
	NOT-FOR-US: VERITAS Backup Exec for Windows Servers
CVE-2005-2610
	NOT-FOR-US: VegaDNS
CVE-2005-2609
	NOT-FOR-US: VegaDNS
CVE-2005-2608
	NOT-FOR-US: SafeHTML
CVE-2005-2607
	NOT-FOR-US: PHPSimplicity
CVE-2005-2606
	NOT-FOR-US: PHlyMail
CVE-2005-2605
	NOT-FOR-US: Lasso Professional Server
CVE-2005-2604
	NOT-FOR-US: My Image Gallery (Mig)
CVE-2005-2603
	NOT-FOR-US: My Image Gallery (Mig)
CVE-2005-2602
	- mozilla-firefox <not-affected> (According to Bugzilla Windows/Mac only)
CVE-2005-2601
	NOT-FOR-US: MidiCart
CVE-2005-2600
	{DSA-899-1 DSA-798-1}
	- egroupware 1.0.0.009.dfsg-3-2 (bug #323928; medium)
	- phpgroupware 0.9.16.008-1 (bug #323929; medium)
CVE-2005-2599
	NOT-FOR-US: Hummingbird FTP for Connectivity
CVE-2005-2598
	NOT-FOR-US: Dokeos
CVE-2005-2597
	NOT-FOR-US: AOL Client
CVE-2005-2596
	{DSA-879-1}
	- gallery 1.5-2 (medium)
CVE-2005-2595
	NOT-FOR-US: Dada Mail
CVE-2005-2594
	NOT-FOR-US: Apple Safari
CVE-2005-2593
	NOT-FOR-US: MindAlign
CVE-2005-2592
	NOT-FOR-US: MindAlign
CVE-2005-2591
	NOT-FOR-US: MindAlign
CVE-2005-2590
	NOT-FOR-US: MindAlign
CVE-2005-2589
	NOT-FOR-US: WRT54GS wireless router
CVE-2005-2588
	NOT-FOR-US: DVBBS
CVE-2005-2587
	NOT-FOR-US: PHPTB Topic Boards
CVE-2005-2586
	NOT-FOR-US: Mentor ADSL-FR4II router
CVE-2005-2585
	NOT-FOR-US: Mentor ADSL-FR4II router
CVE-2005-2584
	NOT-FOR-US: Mentor ADSL-FR4II router
CVE-2005-2583
	NOT-FOR-US: Mentor ADSL-FR4II router
CVE-2005-2582
	NOT-FOR-US: Kaspersky
CVE-2005-2581
	NOT-FOR-US: Grandstream BudgeTone
CVE-2005-2580
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-2579
	NOT-FOR-US: Contivity
CVE-2005-2578
	REJECTED
CVE-2005-2577
	NOT-FOR-US: Wyse Winterm
CVE-2005-2576
	NOT-FOR-US: CaLogic
CVE-2005-2575
	NOT-FOR-US: XMB Forum
CVE-2005-2574
	NOT-FOR-US: XMB Forum
CVE-2005-2573
	- mysql <not-affected> (Windows specific mysql holes)
	- mysql-dfsg-4.1 <not-affected> (Windows specific mysql holes)
	- mysql-dfsg-5.0 <not-affected> (Windows specific mysql holes)
CVE-2005-2572
	- mysql <not-affected> (Windows specific mysql holes)
	- mysql-dfsg-4.1 <not-affected> (Windows specific mysql holes)
	- mysql-dfsg-5.0 <not-affected> (Windows specific mysql holes)
CVE-2005-2571
	NOT-FOR-US: FunkBoard
CVE-2005-2570
	NOT-FOR-US: FunkBoard
CVE-2005-2569
	NOT-FOR-US: FunkBoard
CVE-2005-2568
	NOT-FOR-US: SysCP
CVE-2005-2567
	NOT-FOR-US: SysCP
CVE-2005-2566
	NOT-FOR-US: OpenBB
CVE-2005-2565
	NOT-FOR-US: Gravity Board X (GBX)
CVE-2005-2564
	NOT-FOR-US: Gravity Board X (GBX)
CVE-2005-2563
	NOT-FOR-US: Gravity Board X (GBX)
CVE-2005-2562
	NOT-FOR-US: Gravity Board X (GBX)
CVE-2005-2561
	NOT-FOR-US: MYFAQ
CVE-2005-2560
	NOT-FOR-US: CFBB
CVE-2005-2559
	NOT-FOR-US: e107 portal
CVE-2005-2558
	{DSA-833-2 DSA-831-1 DSA-829-1}
	- mysql-dfsg-4.1 4.1.13 (medium)
	- mysql-dfsg-5.0 5.0.7beta-1 (medium)
	- mysql-dfsg 4.0.24-10sarge1 (bug #322133; medium)
CVE-2005-2557
	{DSA-778-1}
	- mantis 0.19.2-4 (low)
CVE-2005-2556
	{DSA-778-1}
	- mantis 0.19.2-4 (medium)
CVE-2005-2555
	{DSA-1018-1 DSA-1017-1 DTSA-16-1}
	- linux-2.6 2.6.12-6 (medium)
CVE-2005-XXXX [DoS against clamav through infinite loop in cli_rmdirs]
	- clamav 0.86.2-1 (low)
	[sarge] - clamav 0.84-2.sarge.2
CVE-2005-2554
	NOT-FOR-US: Network Associated ePolicy Orchestrator Agent
CVE-2005-2553
	{DSA-921-1}
	- kernel-source-2.4.27 2.4.27-12 (bug #323363; medium)
CVE-2005-2552
	NOT-FOR-US: Integrated Light Out in HP servers
CVE-2005-2551
	NOT-FOR-US: Novell eDirectory
CVE-2005-2547
	{DSA-782-1 DTSA-9-1}
	- bluez-utils 2.19-1 (bug #323365; medium)
CVE-2005-2546
	NOT-FOR-US: Arab Portal
CVE-2005-2545
	NOT-FOR-US: PHPOpenChat
CVE-2005-2544
	NOT-FOR-US: Comdev eCommerce
CVE-2005-2543
	NOT-FOR-US: Comdev eCommerce
CVE-2005-2542
	NOT-FOR-US: Invision Power Board
CVE-2005-2541
	NOTE: This is intended behaviour, after all tar is an archiving tool and you
	NOTE: need to give -p as a command line flag
	- tar <unfixed> (bug #328228; unimportant)
CVE-2005-2540
	NOT-FOR-US: FlatNuke
CVE-2005-2539
	NOT-FOR-US: FlatNuke
CVE-2005-2538
	NOT-FOR-US: FlatNuke
CVE-2005-2537
	NOT-FOR-US: FlatNuke
CVE-2005-2536
	{DSA-792-1}
	- pstotext 1.9-2 (bug #319758; medium)
CVE-2005-2535
	NOT-FOR-US: ARCserve Backup
CVE-2005-2534
	{DSA-851-1}
	- openvpn 2.0.2-1 (bug #324167; high)
CVE-2005-2533
	{DSA-851-1}
	- openvpn 2.0.2-1 (bug #324167; high)
CVE-2005-2532
	{DSA-851-1}
	- openvpn 2.0.2-1 (bug #324167; high)
CVE-2005-2531
	{DSA-851-1}
	- openvpn 2.0.2-1 (bug #324167; high)
CVE-2005-2530
	NOT-FOR-US: Java / Apple
CVE-2005-2529
	NOT-FOR-US: Java / Apple
CVE-2005-2528
	REJECTED
CVE-2005-2527
	NOT-FOR-US: Java / Apple
CVE-2005-2526
	NOT-FOR-US: MacOS X
CVE-2005-2525
	NOT-FOR-US: MacOS X
CVE-2005-2524
	NOT-FOR-US: MacOS X
CVE-2005-2523
	NOT-FOR-US: Weblog Server in Mac OS X
CVE-2005-2522
	NOT-FOR-US: Mac OS X
CVE-2005-2521
	NOT-FOR-US: Mac OS X
CVE-2005-2520
	NOT-FOR-US: Mac OS X
CVE-2005-2519
	NOT-FOR-US: Mac OS X
CVE-2005-2518
	NOT-FOR-US: Mac OS X
CVE-2005-2517
	NOT-FOR-US: Mac OS X
CVE-2005-2516
	NOT-FOR-US: Mac OS X
CVE-2005-2515
	NOT-FOR-US: Mac OS X
CVE-2005-2514
	NOT-FOR-US: Mac OS X
CVE-2005-2513
	NOT-FOR-US: Mac OS X
CVE-2005-2512
	NOT-FOR-US: Mac OS X
CVE-2005-2511
	NOT-FOR-US: Mac OS X
CVE-2005-2510
	NOT-FOR-US: Mac OS X
CVE-2005-2509
	NOT-FOR-US: Mac OS X
CVE-2005-2508
	NOT-FOR-US: Mac OS X
CVE-2005-2507
	NOT-FOR-US: Mac OS X
CVE-2005-2506
	NOT-FOR-US: Mac OS X
CVE-2005-2505
	NOT-FOR-US: Mac OS X
CVE-2005-2504
	NOT-FOR-US: Mac OS X
CVE-2005-2503
	NOT-FOR-US: Mac OS X
CVE-2005-2502
	NOT-FOR-US: Mac OS X
CVE-2005-2501
	NOT-FOR-US: Mac OS X
CVE-2005-2500
	- linux-2.6 2.6.12-1 (medium)
CVE-2005-2499
	- slocate <not-affected> (Uses secure glibc code, see #324951)
CVE-2005-2498
	{DSA-842-1 DSA-840-1 DSA-798-1 DSA-789-1 DTSA-15-1}
	- drupal 4.5.5-1 (bug #323347; high)
	- phpgroupware 0.9.16.008-1 (bug #323349; high)
	- egroupware 1.0.0.009.dfsg-1 (bug #323350; high)
	- phpwiki <unfixed> (unimportant)
	NOTE: phpwiki has disabled the XMLRPC in the last upload, it orphaned as well, should be fixed anyway
	- php4 4:4.3.10-16 (bug #323366; high)
	- php5 5.0.5-1 (high)
CVE-2005-2497
	REJECTED
CVE-2005-2496
	{DSA-801-1}
	NOTE: I suspect DSA-801 is fixed by the non-root patches from Ubuntu??
	- ntp 1:4.2.0a+stable-2sarge1 (medium)
	[etch] - ntp 1:4.2.0a+stable-2sarge1 (medium)
CVE-2005-2495
	{DSA-816-1}
	- xorg-x11 6.8.2.dfsg.1-7 (medium)
CVE-2005-2494
	{DSA-815-1}
	- kdebase 4:3.4.2-3 (bug #327039; medium)
CVE-2005-2493
	RESERVED
CVE-2005-2492
	- linux-2.6 2.6.12-7 (bug #327416; medium)
CVE-2005-2491
	{DSA-821-1 DSA-819-1 DSA-817-1 DSA-800-1 DTSA-10-1}
	- pcre3 6.3-1 (bug #324531; medium)
	- gnumeric 1.5.1-1 (bug #326628; bug #326898; unimportant)
	- goffice 0.1.0-3 (bug #326898; unimportant)
	- vfu <not-affected> (does not include the vulnerable part of pcre)
	NOTE: gnumeric/goffice includes one as well; not exploitable as affected code not used
	- python2.1 2.1.3dfsg-3 (medium)
	- python2.2 2.2.3dfsg-4 (medium)
	- python2.3 2.3.5-8 (medium)
CVE-2005-2490
	{DSA-1017-1}
	- linux-2.6 2.6.12-7 (bug #327416; medium)
CVE-2005-XXXX [Buffer overflow in Description parsing]
	- bidwatcher <removed> (bug #319489; low)
	[sarge] - bidwatcher <no-dsa> (Totally broken due to Ebay changes, no users, no exploits)
CVE-2005-XXXX [Does not do escaping in mysql version - both a worrying flaw and stops adduser working]
	- dbmail 2.2.1-1 (bug #303991; bug #290833; medium)
CVE-2005-XXXX [downloads.ini writable by group users, world-readable]
	- mldonkey 2.5.28.1-1 (bug #300560; low)
CVE-2005-XXXX [Should include "UNRESTRICTED access to your computer" warning somewhere]
	- classpath 2:0.92-1 (bug #267040; bug #301134; high)
	[etch] - classpath <not-affected> (Doesn't build the gcjwebplugin binary package)
CVE-2005-XXXX [Inconsistent escaping of user supplied data in dbauthpgsql.c]
	- dbmail 2.2.1-1 (bug #290833; medium)
CVE-2005-2548
	{DSA-922-1 DTSA-16-1}
	NOTE: Will appear in next kernel DSA, fixed in 2.6 since 2.6.9-rc2
	- kernel-source-2.6.8 2.6.8-16sarge1 (bug #309308; low)
	NOTE: 2.6.12-1 contained a partially broken fix
	- linux-2.6 2.6.12-6 (bug #309308; low)
CVE-2005-2489
	NOT-FOR-US: Web Content Management News System
CVE-2005-2488
	NOT-FOR-US: Web Content Management News System
CVE-2005-2487
	NOT-FOR-US: Sun switches
CVE-2005-2486
	NOT-FOR-US: PortailPHP
CVE-2005-2485
	NOT-FOR-US: Logicampus
CVE-2005-2484
	NOT-FOR-US: Denora IRC stats
CVE-2005-2483
	NOT-FOR-US: Karrigell
CVE-2005-2482
	NOT-FOR-US: Metasploit Framework
CVE-2005-2481
	NOT-FOR-US: Fusebox
CVE-2005-2480
	NOT-FOR-US: Fusebox
CVE-2005-2479
	NOT-FOR-US: Quick 'n Easy FTP Server
CVE-2005-2478
	NOT-FOR-US: Silvernews
CVE-2005-2477
	NOT-FOR-US: Naxtor Shopping Cart
CVE-2005-2476
	NOT-FOR-US: Naxtor Shopping Cart
CVE-2005-2475
	{DSA-903-1}
	- unzip 5.52-4 (bug #321927; low)
CVE-2005-2474
	NOT-FOR-US: ChurchInfo
CVE-2005-2473
	NOT-FOR-US: ChurchInfo
CVE-2005-2472
	NOT-FOR-US: BusinessMail
CVE-2005-2471
	{DSA-1021-1}
	- netpbm-free 2:10.0-9 (bug #319757; low)
CVE-2005-2470
	NOT-FOR-US: Adobe
CVE-2005-2469
	NOT-FOR-US: Novell NetMail
CVE-2005-2459
	{DSA-922-1 DSA-921-1 DTSA-16-1}
	- linux-2.6 2.6.12-3 (bug #323173)
	- kernel-source-2.4.27 2.4.27-12 (medium)
CVE-2005-2458
	{DSA-922-1 DSA-921-1 DTSA-16-1}
	- linux-2.6 2.6.12-3 (bug #323173; medium)
	- kernel-source-2.4.27 2.4.27-12 (medium)
CVE-2005-XXXX [wine: Unsafe use of temporary files in winelauncher]
	- wine 0.0.20050830-1 (bug #321470; unimportant)
	NOTE: Not shipped in binary package
CVE-2005-XXXX [DoS to users to prevent usage of showpartial through _hard_ links]
	- metamail 2.7-48 (bug #321473; low)
	[sarge] - metamail <no-dsa> (Hardly exploitable, minor Dos)
CVE-2005-XXXX [Insecure usage of temporary files in x11perfcomp and other security issues]
	- xfree86 <removed> (bug #321447; low)
	[woody] - xfree86 <no-dsa> (Hardly exploitable)
	[sarge] - xfree86 <no-dsa> (Hardly exploitable)
	- x11-apps 7.7~1 (bug #321447; low)
	[squeeze] - x11-apps <no-dsa> (Minor issue)
CVE-2005-XXXX [gs-esp: Insecure usage of /tmp in source code]
	- ghostscript 8.61.dfsg.1~svn8187-1 (bug #291452; unimportant)
	NOTE: Not included in the binary package
CVE-2005-XXXX [Format string bug in sysklogd's syslog_tst sources]
	NOTE: binary not shipped
	- sysklogd <unfixed> (bug #281448; unimportant)
CVE-2005-XXXX [fftw3-dev: Insecure tempfile usage in fftw-wisdom-to-conf script]
	- fftw3 3.0.1-12 (low; bug #321566)
	[sarge] - fftw3 <no-dsa> (Minor issue)
CVE-2005-XXXX [clamav-getfile: Insecure use of temporary files]
	- clamav-getfiles 0.5-1 (bug #321446; medium)
	[sarge] - clamav-getfiles <not-affected> (Sarge version uses mktemp)
CVE-2005-3254
	{DTSA-6-1}
	- cgiwrap 3.9-3.1 (bug #316881; low)
	[sarge] - cgiwrap <no-dsa> (Minor impact)
CVE-2005-3255
	{DTSA-6-1}
	- cgiwrap 3.9-3.1 (bug #316901; low)
	[sarge] - cgiwrap <no-dsa> (Minor information disclosure, only debugging libs)
CVE-2005-2550
	{DSA-1016-1 DTSA-13-1}
	- evolution 2.2.3-3 (high; bug #322535)
CVE-2005-2549
	{DSA-1016-1 DTSA-13-1}
	- evolution 2.2.3-3 (high; bug #322535)
CVE-2005-XXXX [libnet-ssleay-perl: /tmp/entropy insecure]
	- libnet-ssleay-perl 1.25-1.1 (bug #296112; low)
CVE-2005-XXXX [nvi: init.d recover file security bugs]
	- nvi 1.79-22 (bug #298114; medium)
CVE-2005-XXXX [bugzilla: Maintainer's postinst script use temporary files in an unsafe way]
	[woody] - bugzilla <not-affected> (Vulnerable script is not present)
	[sarge] - bugzilla <not-affected> (Vulnerable script is not present)
	- bugzilla 2.18.3-2 (bug #321567; low)
CVE-2005-XXXX [Crypto weakness in Tor's handshaking process]
	- tor 0.1.0.14-1 (medium)
CVE-2005-2457
	{DSA-1018-1 DSA-1017-1 DTSA-16-1}
	- linux-2.6 2.6.12-3 (medium)
CVE-2005-2456
	{DSA-922-1 DSA-921-1 DTSA-16-1}
	- linux-2.6 2.6.12-2 (bug #321401; medium)
	- kernel-source-2.4.27 2.4.27-11 (medium)
CVE-2005-2455
	NOT-FOR-US: Greasemonkey
CVE-2005-2454
	NOT-FOR-US: IBM Lotus Notes
CVE-2005-2453
	NOT-FOR-US: NetworkActiv Web Server
CVE-2005-2452
	NOTE: CVE description is broken, this only affects 3.6, it's been fixed in 3.7
	- tiff 3.7.0-1
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2005-2451
	NOT-FOR-US: IOS
CVE-2005-2450
	{DSA-776-1 DTSA-3-1}
	- clamav 0.86.2-1 (medium)
CVE-2005-2449
	NOT-FOR-US: sandbox
CVE-2005-2448
	{DSA-1318-1 DSA-813-1 DTSA-2-1 DTSA-4-1}
	- ekg 1:1.5+20050718+1.6rc3-1 (low)
	- centericq 4.20.0-9 (bug #323185; medium)
CVE-2005-2447
	REJECTED
CVE-2005-2446
	REJECTED
CVE-2005-2445
	NOT-FOR-US: Product Cart
CVE-2005-2444
	NOT-FOR-US: Cerulean Trillian
CVE-2005-2443
	NOT-FOR-US: KShout
CVE-2005-2442
	NOT-FOR-US: SPI Dynamics Web Inspect
CVE-2005-2441
	NOT-FOR-US: VBzoom
CVE-2005-2440
	NOT-FOR-US: Thomson Web Skill Vantage Manager
CVE-2005-2439
	NOT-FOR-US: UseBB
CVE-2005-2438
	NOT-FOR-US: UseBB
CVE-2005-2436
	NOT-FOR-US: Website Baker
CVE-2005-2435
	NOT-FOR-US: Website Baker
CVE-2005-2434
	NOT-FOR-US: Linksys hardware
CVE-2005-2433
	NOT-FOR-US: PhpList
CVE-2005-2432
	NOT-FOR-US: PhpList
CVE-2005-2431
	- gforge 4.5.14-2 (bug #328224; unimportant)
	NOTE: Direct flooding is possible as well in most circumstances.
	NOTE: (Upstream fix was in gforge 4.5.0.1.)
CVE-2005-2430
	{DSA-1094-1}
	- gforge 4.5.14-9 (bug #328224; medium)
CVE-2005-2429
	- mozilla-firefox <not-affected> (Only affects Firefox on Windows platforms)
CVE-2005-2428
	NOT-FOR-US: Lotus Domino
CVE-2005-2427
	NOT-FOR-US: CartWIZ
CVE-2005-2426
	NOT-FOR-US: FTPshell Server
CVE-2005-2425
	NOT-FOR-US: Ares FileShare
CVE-2005-2424
	NOT-FOR-US: Siemens hardware
CVE-2005-2423
	NOT-FOR-US: Beehive
CVE-2005-2422
	NOT-FOR-US: Beehive
CVE-2005-2421
	NOT-FOR-US: Beehive
CVE-2005-2420
	NOT-FOR-US: FtpLocate
CVE-2005-2419
	NOT-FOR-US: hardware issue
CVE-2005-2418
	REJECTED
CVE-2005-2417
	NOT-FOR-US: Contrexx
CVE-2005-2416
	NOT-FOR-US: Contrexx
CVE-2005-2415
	NOT-FOR-US: Contrexx
CVE-2005-2414
	- firefox 1.5.dfsg-1 (unimportant)
	- mozilla-firefox 1.5.dfsg-1 (bug #327549; unimportant)
	- mozilla 1.5.dfsg-1 (bug #327550; unimportant)
	- iceweasel <not-affected>
	NOTE: The turned out to be non-exploitable
CVE-2005-2413
	NOT-FOR-US: Atomic Photo Album
CVE-2005-2412
	NOT-FOR-US: First Post
CVE-2005-2411
	{DSA-808-1}
	- tdiary 2.0.2-1 (bug #319315; medium)
CVE-2005-2410
	NOT-FOR-US: Network Manager
CVE-2005-2409
	NOT-FOR-US: nbsmtp
CVE-2005-2408
	REJECTED
CVE-2005-2407
	NOT-FOR-US: Opera
CVE-2005-2406
	NOT-FOR-US: Opera
CVE-2005-2405
	NOT-FOR-US: Opera
CVE-2005-2404
	NOT-FOR-US: Sendcard
CVE-2005-2403
	NOT-FOR-US: RealChat
CVE-2005-2402
	NOT-FOR-US: PHPSiteSearch
CVE-2005-2401
	NOT-FOR-US: PHP-Fusion
CVE-2005-2400
	NOT-FOR-US: PHPFinance
CVE-2005-2399
	NOT-FOR-US: PHP Surveyor
CVE-2005-2398
	NOT-FOR-US: PHP Surveyor
CVE-2005-2397
	NOT-FOR-US: phpBook
CVE-2005-2396
	- mediawiki 1.4.9 (bug #276057)
CVE-2005-2395
	- firefox <removed> (bug #320539; unimportant)
	- iceweasel <removed> (bug #320539; unimportant)
	- mozilla-firefox 1.4.99+1.5rc3.dfsg-2 (bug #320539; unimportant)
	- mozilla <removed> (bug #320538; unimportant)
	NOTE: Firefox and Mozilla follow RFC behaviour. This is more a lack of security
	NOTE: feature (client-side preference for stronger methods) and not a vulnerabilit
	NOTE: This also seems like a rare setup.
CVE-2005-2394
	NOT-FOR-US: CuteNews
CVE-2005-2393
	NOT-FOR-US: CuteNews
CVE-2005-2392
	NOT-FOR-US: CMSimple
CVE-2005-2391
	NOT-FOR-US: 3Com OfficeConnect Wireless 11g AP
CVE-2005-2390
	{DSA-795-2}
	- proftpd 1.2.10-20 (low)
	NOTE: ftpshut fixed in -19, SQLShowInfo in -20
CVE-2005-2389
	NOT-FOR-US: Veritas NetBackup
CVE-2005-2388
	NOT-FOR-US: some windows USB driver
CVE-2005-2387
	NOT-FOR-US: GoodTech SMTP server
CVE-2005-2386
	NOT-FOR-US: CartWIZ
CVE-2005-2385
	NOT-FOR-US: UNACEV2.DLL
CVE-2005-2384
	NOT-FOR-US: UNACEV2.DLL
CVE-2005-2383
	NOT-FOR-US: PHPNews
CVE-2005-2382
	NOT-FOR-US: Oray PeanutHull
CVE-2005-2381
	NOT-FOR-US: PHP Surveyor
CVE-2005-2380
	NOT-FOR-US: PHP Surveyor
CVE-2005-2379
	NOT-FOR-US: Oracle Reports
CVE-2005-2378
	NOT-FOR-US: Oracle Reports
CVE-2005-2377
	- libnss-ldap <not-affected> (Mandrake specfic vulnerability)
CVE-2005-2376
	NOT-FOR-US: Race Driver
CVE-2005-2375
	NOT-FOR-US: Race Driver
CVE-2005-2374
	NOT-FOR-US: Belkin 54g wireless routers
CVE-2005-2373
	NOT-FOR-US: SlimFTPd
CVE-2005-2372
	NOT-FOR-US: Oracle Forms
CVE-2005-2371
	NOT-FOR-US: Oracle Reports
CVE-2005-2370
	{DSA-1318-1 DSA-813-1 DSA-769-1 DTSA-2-1 DTSA-5-1}
	- gaim 1:1.4.0-5 (low)
	- centericq 4.20.0-9 (bug #323185; low)
	- ekg 1:1.5+20050712+1.6rc2-1 (low)
CVE-2005-2369
	{DSA-813-1 DTSA-2-1}
	- centericq 4.20.0-9 (bug #323185; medium)
	- gaim 1:1.5.0-1 (bug #350071; medium)
	[woody] - gaim <not-affected> (affected code libgadu not present in woody)
	[sarge] - gaim <not-affected> (old version of libgadu in gaim is not affected)
	- ekg 1:1.5+20050712+1.6rc2-1 (medium)
	[sarge] - ekg <not-affected>
	NOTE: The fixes from centericq for integer overflows are all present in ekg from stable
CVE-2005-2368
	{DTSA-12-1}
	- vim 1:6.3-085+1 (bug #320017; medium)
	[sarge] - vim 1:6.3-071+1sarge1
	NOTE: For some reason this was fixed through an upload to s-p-u, not stable-security
CVE-2005-2367
	{DSA-853-1}
	- ethereal 0.10.12-1 (bug #320183; bug #320192; medium)
CVE-2005-2366
	{DSA-853-1}
	- ethereal 0.10.12-1 (bug #320183; low)
CVE-2005-2365
	{DSA-853-1}
	- ethereal 0.10.12-1 (bug #320183; low)
CVE-2005-2364
	{DSA-853-1}
	- ethereal 0.10.12-1 (bug #320183; low)
CVE-2005-2363
	{DSA-853-1}
	- ethereal 0.10.12-1 (bug #320183; low)
CVE-2005-2362
	- ethereal 0.10.12-1 (bug #320183; low)
	NOTE: This affects partially Woody and Sarge
CVE-2005-2361
	{DSA-853-1}
	- ethereal 0.10.12-1 (bug #320183; low)
CVE-2005-2360
	{DSA-853-1}
	- ethereal 0.10.12-1 (bug #320183; low)
CVE-2005-2359
	- kfreebsd-5 5.3-1 (medium)
CVE-2005-2358
	NOT-FOR-US: EMC Navisphere Manager
CVE-2005-2357
	NOT-FOR-US: EMC Navisphere Manager
CVE-2005-2355
	REJECTED
CVE-2005-2347
	RESERVED
CVE-2005-2346
	NOT-FOR-US: Novell
CVE-2005-2345
	REJECTED
CVE-2005-2344
	NOT-FOR-US: Research in Motion
CVE-2005-2343
	NOT-FOR-US: Research in Motion
CVE-2005-2342
	NOT-FOR-US: Research in Motion
CVE-2005-2341
	NOT-FOR-US: Research in Motion
CVE-2005-2340
	NOT-FOR-US: Apple Quicktime
CVE-2005-2339
	NOT-FOR-US: unicode msearch
CVE-2005-2338
	NOT-FOR-US: Xoops
CVE-2005-2337
	{DSA-864-1 DSA-862-1 DSA-860-1}
	- ruby <removed>
	- ruby1.6 1.6.8-13 (medium)
	- ruby1.8 1.8.3-1 (bug #332742; medium)
	- ruby1.9 1.9.0+20050921-1 (medium)
CVE-2005-2336
	[sarge] - hiki <not-affected> (code not present in sarge)
	- hiki 0.8.2-1
CVE-2005-2334
	NOT-FOR-US: Y.SAK
CVE-2005-2333
	NOT-FOR-US: smilies_popup.php
CVE-2005-2332
	NOT-FOR-US: PHPPageProtect
CVE-2005-2331
	NOT-FOR-US: MooseGallery
CVE-2005-2330
	NOT-FOR-US: osCommerce
CVE-2005-2329
	NOT-FOR-US: MRV Communications In-Reach LX-8000S, LX-4000S, and LX-1000S
CVE-2005-2328
	NOT-FOR-US: Laffer
CVE-2005-2327
	NOT-FOR-US: e107
CVE-2005-2326
	NOT-FOR-US: Clever Copy
CVE-2005-2325
	NOT-FOR-US: Clever Copy
CVE-2005-2324
	NOT-FOR-US: Clever Copy
CVE-2005-2323
	NOT-FOR-US: Class-1 Forum
CVE-2005-2322
	NOT-FOR-US: Class-1 Forum
CVE-2005-2321
	NOT-FOR-US: CaLogic
CVE-2005-2319
	NOT-FOR-US: Yawp
CVE-2005-2318
	NOT-FOR-US: DVBBS
CVE-2005-2317
	{DSA-849-1}
	- shorewall 2.4.1-2 (bug #318946; medium)
CVE-2005-2316
	NOT-FOR-US: dnrd
CVE-2005-2315
	NOT-FOR-US: dnrd
CVE-2005-2314
	NOT-FOR-US: PHPsFTPd
CVE-2005-2313
	NOT-FOR-US: Check Point SecuRemote NG with Application Intelligence
CVE-2005-2312
	NOT-FOR-US: Realnode Emilda
CVE-2005-2311
	- sms-pl 2.1.0-1 (bug #320540; unimportant)
	NOTE: vulnerable contrib file only in source package
CVE-2005-2310
	NOT-FOR-US: Winamp
CVE-2005-2309
	NOT-FOR-US: Opera
CVE-2005-2308
	NOT-FOR-US: MSIE
CVE-2005-2307
	NOT-FOR-US: Microsoft
CVE-2005-2306
	NOT-FOR-US: Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0
CVE-2005-2305
	NOT-FOR-US: DG Remote Control Server
CVE-2005-2304
	NOT-FOR-US: Microsoft
CVE-2005-2303
	REJECTED
CVE-2005-2302
	{DSA-771-1}
	- pdns 2.9.18-1 (medium; bug #318798)
CVE-2005-2301
	{DSA-771-1}
	- pdns 2.9.18-1 (medium; bug #318798)
CVE-2005-2300
	NOT-FOR-US: Skype
CVE-2005-2299
	NOT-FOR-US: Simple Message Board
CVE-2005-2298
	NOT-FOR-US: BitDefender can be used by AMaViS but is not shipped in Debian
CVE-2005-2297
	NOT-FOR-US: Sybase EAServer
CVE-2005-2296
	NOT-FOR-US: YabbSE
CVE-2005-2295
	- netpanzer 0.8+svn20060319-1 (bug #318329; low)
	[sarge] - netpanzer <no-dsa> (Minor DoS against a game)
CVE-2005-2294
	NOT-FOR-US: Oracle
CVE-2005-2293
	NOT-FOR-US: Oracle
CVE-2005-2292
	NOT-FOR-US: Oracle
CVE-2005-2291
	NOT-FOR-US: Oracle
CVE-2005-2290
	NOT-FOR-US: WPS
CVE-2005-2289
	NOT-FOR-US: PHPCounter
CVE-2005-2288
	NOT-FOR-US: PHPCounter
CVE-2005-2287
	NOT-FOR-US: SoftiaCom wMailServer
CVE-2005-2286
	NOT-FOR-US: WebEOC
CVE-2005-2285
	NOT-FOR-US: WebEOC
CVE-2005-2284
	NOT-FOR-US: WebEOC
CVE-2005-2283
	NOT-FOR-US: WebEOC
CVE-2005-2282
	NOT-FOR-US: WebEOC
CVE-2005-2281
	NOT-FOR-US: WebEOC
CVE-2005-2280
	NOT-FOR-US: Cisco
CVE-2005-2279
	NOT-FOR-US: Cisco
CVE-2005-2278
	NOT-FOR-US: MailEnable
CVE-2005-2277
	{DSA-762-1}
	- affix 2.1.2-2 (bug #318328; medium)
CVE-2005-2276
	NOT-FOR-US: Novell Groupwise WebAccess
CVE-2005-XXXX [SQL injecton vulnerabilities in vpopmail prior to 5.4.6]
	NOTE: see http://archives.neohapsis.com/archives/bugtraq/2004-08/0286.html
	NOTE: maintainer says does not apply to debian, see #320608
CVE-2005-XXXX [Integer overflow in ffmpeg's MPEG encoding]
	- ffmpeg 0.cvs20050811-1 (bug #320150; medium)
	- xmovie <removed>
CVE-2005-XXXX [xgalaga score file segfault]
	- xgalaga 2.0.34-31 (bug #319686; low)
	[sarge] - xgalaga <no-dsa> (Minor issue)
CVE-2005-XXXX [xemeraldia games file overwrite]
	- xemeraldia 0.4-1 (bug #319661; low)
	[sarge] - xemeraldia <no-dsa> (Very minor issue)
CVE-2005-2335
	{DSA-774-1}
	NOTE: previous fix in -15 was broken
	- fetchmail 6.2.5-16 (bug #320357; bug #212762; medium)
CVE-2005-2320
	{DSA-766-1}
	- webcalendar 0.9.45-7 (bug #315671; medium)
CVE-2005-2437
	NOT-FOR-US: Website Baker
CVE-2005-2275
	RESERVED
CVE-2005-2274
	NOT-FOR-US: MSIE
CVE-2005-2273
	NOT-FOR-US: Opera
CVE-2005-2272
	NOT-FOR-US: Sfari
CVE-2005-2271
	NOT-FOR-US: iCab
CVE-2005-2270
	{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (high)
	- mozilla 2:1.7.9-1 (bug #318062; bug #325851; high)
	- mozilla-thunderbird 1.0.6-1 (high)
CVE-2005-2269
	{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (high)
	- mozilla 2:1.7.9-1 (medium; bug #318062)
	- mozilla-thunderbird 1.0.6-1 (medium; bug #318728)
CVE-2005-2268
	{DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (medium)
	- mozilla 2:1.7.9-1 (medium; bug #318062)
CVE-2005-2267
	{DSA-779-2 DSA-779-1 DTSA-8-2}
	- mozilla-firefox 1.0.4-2sarge3 (medium)
CVE-2005-2266
	{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (medium)
	- mozilla 2:1.7.9-1 (medium; bug #318062)
	- mozilla-thunderbird 1.0.6-1 (low; bug #318728)
CVE-2005-2265
	{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (high)
	- mozilla 2:1.7.9-1 (medium; bug #318062)
	- mozilla-thunderbird 1.0.6-1 (medium; bug #318728)
CVE-2005-2264
	{DSA-779-2 DSA-779-1 DTSA-8-2}
	- mozilla-firefox 1.0.4-2sarge3 (medium)
CVE-2005-2263
	{DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (medium)
	- mozilla 2:1.7.9-1 (medium; bug #318062)
CVE-2005-2262
	{DSA-779-2 DSA-779-1 DTSA-8-2}
	- mozilla-firefox 1.0.4-2sarge3 (medium)
CVE-2005-2261
	{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (medium)
	- mozilla 2:1.7.9-1 (medium; bug #318062)
	- mozilla-thunderbird 1.0.6-1 (medium; bug #318728)
CVE-2005-2260
	{DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (medium)
	- mozilla 2:1.7.9-1 (medium; bug #318062)
CVE-2005-2259
	NOT-FOR-US: USANet
CVE-2005-2258
	NOT-FOR-US: Squito Gallery
CVE-2005-2257
	NOT-FOR-US: PhpSlash
CVE-2005-2256
	{DSA-759-1}
	- phppgadmin 3.5.4-1 (bug #318284; medium)
CVE-2005-2255
	NOT-FOR-US: PhpAuction
CVE-2005-2254
	NOT-FOR-US: PhpAuction
CVE-2005-2253
	NOT-FOR-US: PhpAuction
CVE-2005-2252
	NOT-FOR-US: PhpAuction
CVE-2005-2251
	NOT-FOR-US: PHPSecurePages (phpSP)
CVE-2005-2250
	{DSA-762-1}
	- affix 2.1.2-2 (bug #318327; medium)
CVE-2005-2249
	NOT-FOR-US: Jinzora
CVE-2005-2248
	NOT-FOR-US: DownloadProtect
CVE-2005-2247
	NOTE: no details available
	- moodle 1.5.1-1
CVE-2005-2246
	NOT-FOR-US: iPhotoAlbum
CVE-2005-2245
	NOT-FOR-US: BIG-IP
CVE-2005-2244
	NOT-FOR-US: Cisco
CVE-2005-2243
	NOT-FOR-US: Cisco
CVE-2005-2242
	NOT-FOR-US: Cisco
CVE-2005-2241
	NOT-FOR-US: Cisco
CVE-2005-2240
	{DSA-1003-1}
	- xpvm 1.2.5-8 (bug #318285; medium)
CVE-2005-2239
	- oftpd 20040304-1 (bug #318286; medium)
	NOTE: This was fixed in the patch set maintained by Werner Koch, it's included
CVE-2005-2238
	NOT-FOR-US: AIX
CVE-2005-2237
	NOT-FOR-US: AIX
CVE-2005-2236
	NOT-FOR-US: AIX
CVE-2005-2235
	NOT-FOR-US: AIX
CVE-2005-2234
	NOT-FOR-US: AIX
CVE-2005-2233
	NOT-FOR-US: AIX
CVE-2005-2232
	NOT-FOR-US: AIX
CVE-2005-2231
	{DSA-761-2}
	- heartbeat 1.2.3-12 (bug #318287; medium)
CVE-2005-2230
	- elmo 1.3.0-1.1 (bug #318291; low)
	[sarge] - elmo <no-dsa> (Minor issue)
CVE-2005-2229
	NOT-FOR-US: Blog Torrent
CVE-2005-2228
	NOT-FOR-US: Web Wiz Forums
CVE-2005-2227
	NOT-FOR-US: Softiacom wMailserver
CVE-2005-2226
	NOT-FOR-US: Outlook
CVE-2005-2225
	NOT-FOR-US: Microsoft
CVE-2005-2224
	NOT-FOR-US: Microsoft
CVE-2005-2223
	NOT-FOR-US: MailEnable
CVE-2005-2222
	NOT-FOR-US: MailEnable
CVE-2005-2221
	NOT-FOR-US: Dragonfly
CVE-2005-2220
	NOT-FOR-US: Dragonfly
CVE-2005-2219
	NOT-FOR-US: Hosting Controller
CVE-2005-2218
	- kfreebsd5-source 5.3-17 (medium)
CVE-2005-2217
	NOT-FOR-US: Dansie Shopping Cart
CVE-2005-2216
	NOT-FOR-US: PhotoGal
CVE-2005-2215
	- mediawiki 1.4.9
CVE-2005-2214
	- apt-setup <unfixed> (bug #305142; unimportant)
	NOTE: That's by design. We want to provide non-root users access to the source code,
	NOTE: thus it needs to be world-readable. Also, the password can't be too sensitive
	NOTE: as it'll be sent non-encrypted over the wire.
CVE-2005-2213
	NOT-FOR-US: MMS Ripper
CVE-2005-2212
	NOTE: duplicate of CVE-2005-1856
	NOTE: Mitre contacted - micah April 20, 2006
	NOTE: Mitre re-contacted - micah June 5, 2006
CVE-2005-2211
	NOTE: duplicate of CVE-2005-1855
	NOTE: Mitre contacted - micah April 20, 2006
	NOTE: Mitre re-contacted - micah June 5, 2006
CVE-2005-2210
	NOT-FOR-US: Internet Download Manager
CVE-2005-2209
	NOT-FOR-US: ScanShare
CVE-2005-2208
	NOT-FOR-US: PrivaShare
CVE-2005-2207
	NOT-FOR-US: CartWIZ
CVE-2005-2206
	NOT-FOR-US: CartWIZ
CVE-2005-2205
	NOT-FOR-US: kaiseki.cgi
CVE-2005-2204
	NOT-FOR-US: SiteMinder
CVE-2005-2203
	NOT-FOR-US: phpWishlist
CVE-2005-2202
	NOT-FOR-US: Xerox Hardware issue
CVE-2005-2201
	NOT-FOR-US: Xerox hardware
CVE-2005-2200
	NOT-FOR-US: Xerox hardware
CVE-2005-2199
	NOT-FOR-US: PPA web photo gallery
CVE-2005-2198
	NOT-FOR-US: SPiD
CVE-2005-2197
	NOT-FOR-US: Id Board
CVE-2005-2196
	NOT-FOR-US: Apple Airport
CVE-2005-2195
	NOT-FOR-US: Apple Darwin Streaming Server
CVE-2005-2194
	NOT-FOR-US: Apple
CVE-2005-2193
	NOT-FOR-US: PunBB
CVE-2005-2192
	NOT-FOR-US: SimplePHPBlog
CVE-2005-2191
	NOT-FOR-US: Comersus
CVE-2005-2190
	NOT-FOR-US: Comersus
CVE-2005-2189
	NOT-FOR-US: Lantronix SecureLinx
CVE-2005-2188
	NOT-FOR-US: McAfee IntruShield
CVE-2005-2187
	NOT-FOR-US: McAfee IntruShield
CVE-2005-2186
	NOT-FOR-US: McAfee IntruShield
CVE-2005-2185
	NOT-FOR-US: eRoom
CVE-2005-2184
	NOT-FOR-US: eRoom
CVE-2005-2183
	NOT-FOR-US: PhpXmail
CVE-2005-2182
	NOT-FOR-US: PhpXmail
CVE-2005-2181
	NOT-FOR-US: SIP phone hardware issue
CVE-2005-2180
	- gnats 4.0 (bug #318481; high)
CVE-2005-2179
	NOT-FOR-US: Jaws
CVE-2005-2178
	NOTE: How bizarre, they assign a CVE Id without knowing which product contains
	NOTE: the affected probe.cgi
CVE-2005-2177
	{DSA-873-1}
	- net-snmp 5.2.1.2-1 (bug #318420; low)
	- ucd-snmp 4.2.5-5.1 (bug #337394; low)
	[sarge] - ucd-snmp <no-dsa> (Minor issue)
CVE-2005-2176
	NOT-FOR-US: Novell NetMail
CVE-2005-2175
	NOT-FOR-US: Notes
CVE-2005-2174
	[woody] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
	[sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
	- bugzilla 2.18.3-1 (low)
CVE-2005-2173
	[woody] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
	[sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
	- bugzilla 2.18.3-1 (low)
CVE-2005-2172
	RESERVED
CVE-2005-2171
	RESERVED
CVE-2005-2170
	NOT-FOR-US: Tivoli
CVE-2005-2348
	REJECTED
CVE-2005-2169
	NOT-FOR-US: PHPSource Printer
CVE-2005-2168
	NOT-FOR-US: Plague
CVE-2005-2167
	NOT-FOR-US: Plague
CVE-2005-2166
	NOT-FOR-US: Plague
CVE-2005-2165
	NOT-FOR-US: GlobalNoteScript
CVE-2005-2164
	NOT-FOR-US: Covide
CVE-2005-2163
	NOT-FOR-US: AutoIndex PHP Script
CVE-2005-2162
	NOT-FOR-US: MyGuestbook
CVE-2005-2161
	{DSA-768-1}
	- phpbb2 2.0.13+1-6sarge1 (bug #317739; high)
CVE-2005-2160
	NOT-FOR-US: IMail
CVE-2005-2159
	NOT-FOR-US: PlanetDNS
CVE-2005-2158
	NOT-FOR-US: JBoss
CVE-2005-2157
	NOT-FOR-US: nabopoll
CVE-2005-2156
	NOT-FOR-US: PHPNews
CVE-2005-2155
	NOT-FOR-US: EasyPHPCalender
CVE-2005-2154
	NOT-FOR-US: osTicket
CVE-2005-2153
	NOT-FOR-US: osTicket
CVE-2005-2152
	NOT-FOR-US: Geeklog
CVE-2005-2151
	{DSA-784-1}
	- courier 0.47-6 (bug #320290; low)
CVE-2005-2150
	NOT-FOR-US: Microsoft
CVE-2005-2149
	{DSA-764-1}
	- cacti 0.8.6f-1 (bug #316590; high)
CVE-2005-2148
	{DSA-764-1}
	- cacti 0.8.6f-1 (bug #316590; high)
CVE-2005-2147
	{DSA-739-1}
	- trac 0.8.4-1
	[sarge] - trac 0.8.1-3sarge1
CVE-2005-2146
	NOT-FOR-US: SSH Tectia Server
CVE-2005-2145
	NOT-FOR-US: Prevx Pro
CVE-2005-2144
	NOT-FOR-US: Prevx Pro
CVE-2005-2143
	NOT-FOR-US: Microsoft
CVE-2005-2142
	NOT-FOR-US: Golden FTP Server
CVE-2005-2141
	NOT-FOR-US: TCP Chat
CVE-2005-2140
	NOT-FOR-US: FSboard
CVE-2005-2139
	NOT-FOR-US: Pavsta
CVE-2005-2138
	NOT-FOR-US: Comdev eCommerce
CVE-2005-2137
	NOT-FOR-US: NateOn Messenger
CVE-2005-2136
	NOT-FOR-US: Raritan Dominion SX
CVE-2005-2135
	NOT-FOR-US: EtoShop
CVE-2005-2134
	NOT-FOR-US: NetBSD
CVE-2005-2133
	REJECTED
CVE-2005-2132
	NOT-FOR-US: SCO UnixWare
CVE-2005-2131
	RESERVED
CVE-2005-2130
	RESERVED
CVE-2005-2129
	RESERVED
CVE-2005-2128
	NOT-FOR-US: Windows
CVE-2005-2127
	NOT-FOR-US: Windows
CVE-2005-2126
	NOT-FOR-US: Windows
CVE-2005-2125
	RESERVED
CVE-2005-2124
	NOT-FOR-US: Windows
CVE-2005-2123
	NOT-FOR-US: Windows
CVE-2005-2122
	NOT-FOR-US: Windows
CVE-2005-2121
	RESERVED
CVE-2005-2120
	NOT-FOR-US: Windows
CVE-2005-2119
	NOT-FOR-US: Microsoft
CVE-2005-2118
	NOT-FOR-US: Windows
CVE-2005-2117
	NOT-FOR-US: Windows
CVE-2005-2116
	REJECTED
CVE-2005-2115
	NOT-FOR-US: Soldier of Fortune
CVE-2005-2114
	NOTE: cannot reproduce with firefox 1.0.5-1 and Sarge's Mozilla using POC exploits
	[sarge] - mozilla <not-affected> (Unreproducible)
	- mozilla 2:1.7.10-1 (bug #318723; medium)
CVE-2005-2113
	NOT-FOR-US: Xoops
CVE-2005-2112
	NOT-FOR-US: Xoops
CVE-2005-2111
	NOT-FOR-US: Community Link Pro Web Editor
CVE-2005-2110
	- wordpress 1.5.1.3-1 (bug #316402)
CVE-2005-2109
	- wordpress 1.5.1.3-1 (bug #316402)
CVE-2005-2108
	- wordpress 1.5.1.3-1 (bug #316402)
CVE-2005-2107
	- wordpress 1.5.1.3-1 (bug #316402)
CVE-2005-2106
	{DSA-745-1}
	- drupal 4.5.4-1 (bug #316362)
CVE-2005-2105
	NOT-FOR-US: IOS
CVE-2005-2104
	NOT-FOR-US: sysreport
CVE-2005-2103
	{DTSA-5-1}
	- gaim 1:1.4.0-5 (high; bug #323706)
CVE-2005-2102
	{DTSA-5-1}
	- gaim 1:1.4.0-5 (medium; bug #323706)
CVE-2005-2101
	{DSA-818-1}
	- kdeedu 4:3.4.2-1 (low)
CVE-2005-2100
	- linux-2.6 <not-affected> (Red Hat specific according to Horms)
	- kernel-source-2.4.27 <not-affected> (Red Hat specific according to Horms)
CVE-2005-2099
	{DTSA-16-1}
	NOTE: 2.6.8 and 2.4.27 not affected
	- linux-2.6 2.6.12-3 (bug #323039; medium)
CVE-2005-2098
	{DTSA-16-1}
	NOTE: 2.6.8 and 2.4.27 not affected
	- linux-2.6 2.6.12-3 (bug #323039; medium)
CVE-2005-2097
	{DSA-1136-1 DSA-984-1 DSA-982-1 DSA-936-1 DSA-780-1 DTSA-28-1}
	- kdegraphics 4:3.4.2-1 (bug #322458; low)
	- xpdf 3.00-15 (bug #322462; low)
	[woody] - tetex-bin <not-affected> (pdftex doesn't include or use the vulnerable code)
	- tetex-bin 3.0-12
	NOTE: tetex links to poppler since 3.0-12
	[sarge] - tetex-bin <not-affected> (tetex2 uses an older version, which is not affected)
	- gpdf 2.10.0-4 (bug #334454; low)
	NOTE: Cups switched to xpdf-utils
	- cupsys 1.1.22-7 (bug #324464)
	- cups 1.1.22-7 (bug #324464)
	[woody] - cupsys <not-affected> (Vulnerable code not present)
	- poppler 0.4.0-1 (low)
	- libextractor 0.5.8-1 (medium)
CVE-2005-2096
	{DSA-1026-1 DSA-797-2 DSA-797-1 DSA-740-1}
	NOTE: Several packages ship embedded copies of zlib, there are a lot probably more
	NOTE: Florian Weimer is doing a comprehensive audit using clamav
	NOTE: to search for static zlib signatures in binaries in Debian
	NOTE: Not all of the listed packages have been checked for actual
	NOTE: exploitability using this hole.
	NOTE: oldstable (woody) had zlib 1.1, which is not affected
	[woody] - dpkg <not-affected> (Woody contains zlib 1.1, which is not affected)
	- dpkg 1.13.11 (bug #317967; unimportant)
	NOTE: You need to trust debs anyway, when installing them
	- zsync 0.4.0-2 (bug #317968; medium)
	[woody] - dump <not-affected> (Woody contains zlib 1.1, which is not affected)
	[sarge] - dump <no-dsa> (Backups do not contain untrusted data)
	- dump 0.4b40-1 (bug #317966; low)
	[woody] - aide <not-affected> (Woody contains zlib 1.1, which is not affected)
	- aide 0.10-6.1.1 (bug #317523; unimportant)
	NOTE: aide only uses zlib to compress/decompress internal data
	[woody] - amd64-libs <not-affected> (Woody contains zlib 1.1, which is not affected)
	- amd64-libs 1.3 (bug #317970; medium)
	[woody] - ia32-libs <not-affected> (Woody contains zlib 1.1, which is not affected)
	- ia32-libs 1.6 (bug #317971; medium)
	- dar <not-affected> (zlib not used on unstrusted input, see #317989)
	[woody] - bacula <not-affected> (Woody contains zlib 1.1, which is not affected)
	- bacula 1.36.3-2 (bug #318014; medium)
	[sarge] - bacula <no-dsa> (Backups do not contain untrusted data)
	[woody] - sash <not-affected> (Woody contains zlib 1.1, which is not affected)
	- sash 3.7-6 (bug #318246; bug #318069; medium)
	[woody] - libphysfs <not-affected> (Woody contains zlib 1.1, which is not affected)
	- libphysfs 1.0.0-5 (bug #318091; unimportant)
	- oops 1.5.23.cvs-3 (bug #318097; medium)
	[woody] - rpm <not-affected> (Woody contains zlib 1.1, which is not affected)
	- rpm 4.0.4-31.1 (bug #318099; unimportant)
	NOTE: You need to trust rpms anyway, when installing them
	- rageircd 2.0.0-3sid1 (bug #309196; medium)
	- systemimager-ssh <not-affected> (bug #318101; unimportant)
	NOTE: see dannf's first bug comment; systemimager-ssh doesn't use compression
	[woody] - texmacs <not-affected> (Woody contains zlib 1.1, which is not affected)
	- texmacs 1:1.0.5-3 (bug #318100; medium)
	[sarge] - texmacs <no-dsa> (Hardly exploitable)
	- zlib 1:1.2.2-7 (bug #317133; medium)
	- pvpgn 1.7.8-2 (bug #332236)
	- mysql-dfsg-4.1 4.1.13-1 (bug #319858; unimportant)
	- mrtg <not-affected> (Only used for internal compression, current versions link dynamically)
	- rsync <not-affected> (Uses zlib 1.1, which is not affected)
	NOTE: rsync upstream updated the internal zlib copy in 2.6.6 without real need,
	NOTE: as the included version was never affected, despite claiming them so.
CVE-2005-2095
	{DSA-756-1}
	- squirrelmail 2:1.4.4-6sarge1 (bug #317094)
CVE-2005-2094
	NOT-FOR-US: Sun
CVE-2005-2093
	NOT-FOR-US: Oracle
CVE-2005-2092
	NOT-FOR-US: BEA WebLogic
CVE-2005-2091
	NOT-FOR-US: Websphere
CVE-2005-2090
	- tomcat4 4.1.28-1
	NOTE: tomcat5 in experimental has this fix as well
CVE-2005-2089
	NOT-FOR-US: Microsoft
CVE-2005-2088
	{DSA-805-1 DSA-803-1}
	- apache 1.3.33-8 (bug #322607; medium)
	- apache2 2.0.54-5 (bug #316173; medium)
CVE-2005-2087
	NOT-FOR-US: Microsoft
CVE-2005-2086
	- phpbb2 <not-affected> (phpbb versions in Debian not affected)
CVE-2005-2085
	NOT-FOR-US: Inframail
CVE-2005-2084
	NOT-FOR-US: Community Forum
CVE-2005-2083
	NOT-FOR-US: IA eMailServer
CVE-2005-2082
	NOT-FOR-US: imTRSET
CVE-2005-2081
	- asterisk 1:1.0.9.dfsg-1 (bug #315532; unimportant)
	NOTE: Can only be exploited by users who already have the privilege to execute arbitrary commands
CVE-2005-2080
	NOT-FOR-US: Veritas Backup
CVE-2005-2079
	NOT-FOR-US: Veritas Backup
CVE-2005-1932
	NOT-FOR-US: Lpanel
CVE-2005-1931
	NOT-FOR-US: GoodTech SMTP Server
CVE-2005-2078
	NOT-FOR-US: BisonFTP Server
CVE-2005-2077
	NOT-FOR-US: Hosting Controller
CVE-2005-2076
	NOT-FOR-US: HP Version Control Repository Manager
CVE-2005-2075
	NOT-FOR-US: PHP-Fusion
CVE-2005-2074
	NOT-FOR-US: PHP-Fusion
CVE-2005-2073
	NOT-FOR-US: DB2
CVE-2005-2072
	NOT-FOR-US: Solaris
CVE-2005-2071
	NOT-FOR-US: Solaris
CVE-2005-2070
	{DSA-737-1 DTSA-3-1}
	- clamav 0.86.1 (bug #318755; medium)
CVE-2005-2069
	{DSA-785-1}
	- openldap2.2 2.2.26-3 (bug #316674; medium)
	- openldap2 2.1.30-11 (medium)
	- libpam-ldap 178-1sarge1 (bug #316972; medium)
	- libnss-ldap 238-1.1 (bug #316973; medium)
CVE-2005-2068
	- kfreebsd-source <unfixed>
CVE-2005-2067
	NOT-FOR-US: ASP Nuke
CVE-2005-2066
	NOT-FOR-US: ASP Nuke
CVE-2005-2065
	NOT-FOR-US: ASP Nuke
CVE-2005-2064
	NOT-FOR-US: ASP Nuke
CVE-2005-2063
	NOT-FOR-US: ActiveBuyAndSell
CVE-2005-2062
	NOT-FOR-US: ActiveBuyAndSell
CVE-2005-2061
	NOT-FOR-US: Infopop UBB.Threads
CVE-2005-2060
	NOT-FOR-US: Infopop UBB.Threads
CVE-2005-2059
	NOT-FOR-US: Infopop UBB.Threads
CVE-2005-2058
	NOT-FOR-US: Infopop UBB.Threads
CVE-2005-2057
	NOT-FOR-US: Infopop UBB.Threads
CVE-2005-2056
	{DSA-737-1 DTSA-3-1}
	- clamav 0.86.1-1 (bug #318756; medium)
CVE-2005-2055
	NOT-FOR-US: Affected only Real Player, not Helix Player
	NOTE: http://service.real.com/help/faq/security/050623_player/EN/
CVE-2005-2054
	NOT-FOR-US: Real Player
	NOTE: This didn't affected Helix, although the changelog claimed so, see
	NOTE: http://service.real.com/help/faq/security/050623_player/EN/
CVE-2005-2053
	NOT-FOR-US: JAF CMS
CVE-2005-2052
	NOT-FOR-US: Real Player
	NOTE: This didn't affected Helix, although the changelog claimed so, see
	NOTE: http://service.real.com/help/faq/security/050623_player/EN/
CVE-2005-2051
	NOT-FOR-US: BEWAC
CVE-2005-2050
	- tor 0.0.9.10-1 (medium)
CVE-2005-2049
	NOT-FOR-US: Duware
CVE-2005-2048
	NOT-FOR-US: Duware
CVE-2005-2047
	NOT-FOR-US: Duware
CVE-2005-2046
	NOT-FOR-US: Duware
CVE-2005-2045
	NOT-FOR-US: Duware
CVE-2005-2044
	NOT-FOR-US: ATutor
CVE-2005-2043
	NOT-FOR-US: XAMPP
CVE-2005-2042
	NOT-FOR-US: ajax-spell
CVE-2005-2041
	NOT-FOR-US: ViRobot
CVE-2005-2040
	{DSA-758-1}
	- heimdal 0.6.3-11 (bug #315065; bug #315086; high)
CVE-2005-2039
	- nanoblogger <not-affected> (3.1 version in Debian was not affected by this vulnerability, see #315492)
CVE-2005-2038
	NOT-FOR-US: Fortibus CMS
CVE-2005-2037
	NOT-FOR-US: Fortibus CMS
CVE-2005-2036
	NOT-FOR-US: Cool Cafe Chat
CVE-2005-2035
	NOT-FOR-US: Cool Cafe Chat
CVE-2005-2034
	NOT-FOR-US: iGallery
CVE-2005-2033
	NOT-FOR-US: iGallery
CVE-2005-2032
	NOT-FOR-US: Solaris
CVE-2005-2031
	NOT-FOR-US: socialMPN
CVE-2005-2030
	NOT-FOR-US: Ultimate PHP Board
CVE-2005-2029
	NOT-FOR-US: external script that allow interaction between amarok and a browser
CVE-2005-2028
	NOT-FOR-US: MercuryBoard
CVE-2005-2027
	NOT-FOR-US: Enterasys hardware issue
CVE-2005-2026
	NOT-FOR-US: Enterasys hardware issue
CVE-2005-2025
	NOT-FOR-US: Cisco
CVE-2005-2024
	{DSA-738-1}
	NOTE: varying and apparently innacurate info about what versions fix it
	- razor 2.720-1 (low)
CVE-2005-2023
	- gnupg2 1.9.15-1
CVE-2005-2022
	NOT-FOR-US: iPlanet
CVE-2005-2021
	NOT-FOR-US: cPanel
CVE-2005-2020
	NOT-FOR-US: 3com Network Supervisor
CVE-2005-2019
	NOT-FOR-US: FreeBSD ipfw
CVE-2005-2018
	RESERVED
CVE-2005-2017
	NOT-FOR-US: Symantec AntiVirus
CVE-2005-2016
	RESERVED
CVE-2005-2015
	RESERVED
CVE-2005-2014
	NOT-FOR-US: paFAQ
CVE-2005-2013
	NOT-FOR-US: paFAQ
CVE-2005-2012
	NOT-FOR-US: paFAQ
CVE-2005-2011
	NOT-FOR-US: paFAQ
CVE-2005-2010
	NOT-FOR-US: Ublog Reload
CVE-2005-2009
	NOT-FOR-US: Ublog Reload
CVE-2005-2008
	- yaws 1.56-1 (low)
CVE-2005-2007
	- trac 0.8.4-1 (bug #315145)
	[sarge] - trac 0.8.1-3sarge1
CVE-2005-2006
	NOT-FOR-US: JBOSS
CVE-2005-2005
	NOT-FOR-US: Ultimate PHP Board
CVE-2005-2004
	NOT-FOR-US: Ultimate PHP Board
CVE-2005-2003
	NOT-FOR-US: Ultimate PHP Board
CVE-2005-2002
	NOT-FOR-US: Mambo
CVE-2005-2001
	NOT-FOR-US: paFileDB
CVE-2005-2000
	NOT-FOR-US: paFileDB
CVE-2005-1999
	NOT-FOR-US: paFileDB
CVE-2005-1998
	NOT-FOR-US: McGallery
CVE-2005-1997
	NOT-FOR-US: McGallery
CVE-2005-1996
	NOT-FOR-US: Bitrix Site Manager
CVE-2005-1995
	NOT-FOR-US: Bitrix Site Manager
CVE-2005-1994
	NOT-FOR-US: Finjan SurfinGate
CVE-2005-1993
	{DSA-735-2 DSA-735-1}
	- sudo 1.6.8p9-1 (bug #315718; bug #315115; medium)
CVE-2005-1992
	{DSA-748-1}
	- ruby1.8 1.8.2-8 (bug #315064; medium)
	- ruby1.9 1.9.0+20050623-1 (bug #315064; medium)
CVE-2005-1991
	RESERVED
CVE-2005-1990
	NOT-FOR-US: MSIE
CVE-2005-1989
	NOT-FOR-US: MSIE
CVE-2005-1988
	NOT-FOR-US: MSIE
CVE-2005-1987
	NOT-FOR-US: Microsoft
CVE-2005-1986
	RESERVED
CVE-2005-1985
	NOT-FOR-US: Microsoft
CVE-2005-1984
	NOT-FOR-US: Spoolsv.exe
CVE-2005-1983
	NOT-FOR-US: Microsoft
CVE-2005-1982
	NOT-FOR-US: Microsoft
CVE-2005-1981
	NOT-FOR-US: Microsoft
CVE-2005-1980
	NOT-FOR-US: Microsoft
CVE-2005-1979
	NOT-FOR-US: Microsoft
CVE-2005-1978
	NOT-FOR-US: Microsoft
CVE-2005-1977
	RESERVED
CVE-2005-1976
	NOT-FOR-US: Novell NetMail
CVE-2005-1975
	NOT-FOR-US: Annuaire
CVE-2005-1974
	NOT-FOR-US: Sun Java
CVE-2005-1973
	NOT-FOR-US: Sun Java
CVE-2005-1972
	NOT-FOR-US: InteractivePHP FusionBB
CVE-2005-1971
	NOT-FOR-US: InteractivePHP FusionBB
CVE-2005-1970
	NOT-FOR-US: pcAnywhere
CVE-2005-1969
	NOT-FOR-US: Pragma Telnetserver
CVE-2005-1968
	NOT-FOR-US: ProductCart Ecommerce
CVE-2005-1967
	NOT-FOR-US: ProductCart Ecommerce
CVE-2005-1966
	NOT-FOR-US: e107
CVE-2005-1965
	NOT-FOR-US: Broadpool Siteframe
CVE-2005-1964
	NOT-FOR-US: Ovidentia Portal
CVE-2005-1963
	NOT-FOR-US: Cerberus Helpdesk
CVE-2005-1962
	NOT-FOR-US: Cerberus Helpdesk
CVE-2005-1961
	NOT-FOR-US: C-JDBC
CVE-2005-1960
	NOT-FOR-US: C.J. Steele Tattle
CVE-2005-1959
	NOT-FOR-US: JamMail
CVE-2005-1958
	REJECTED
CVE-2005-1957
	NOT-FOR-US: File Upload Manager
CVE-2005-1956
	NOT-FOR-US: File Upload Manager
CVE-2005-1955
	NOT-FOR-US: singapore
CVE-2005-1954
	NOT-FOR-US: singapore
CVE-2005-1953
	NOT-FOR-US: Pico Server
CVE-2005-1952
	NOT-FOR-US: Pico Server
CVE-2005-1951
	NOT-FOR-US: osCommerce
CVE-2005-1950
	NOT-FOR-US: Webhints
CVE-2005-1949
	NOT-FOR-US: e107
CVE-2005-1948
	NOT-FOR-US: Invision Gallery
CVE-2005-1947
	NOT-FOR-US: Invision Gallery
CVE-2005-1946
	NOT-FOR-US: Invision Blog
CVE-2005-1945
	NOT-FOR-US: Invision Blog
CVE-2005-1944
	NOT-FOR-US: xmysqladmin
CVE-2005-1943
	NOT-FOR-US: Loki download manager
CVE-2005-1942
	NOT-FOR-US: Cisco
CVE-2005-1941
	NOT-FOR-US: SilverCity
CVE-2005-1940
	RESERVED
CVE-2005-1939
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2005-1938
	REJECTED
CVE-2005-1937
	{DSA-810-1 DSA-777-1 DSA-775-1 DTSA-7-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.6-1 (medium)
	- mozilla 2:1.7.10-1 (medium)
	[woody] - mozilla <not-affected> (regression of a previous security fix)
CVE-2005-1936
	NOT-FOR-US: Xerox hardware issue
CVE-2005-1935
	NOT-FOR-US: Microsoft
CVE-2005-1933
	NOT-FOR-US: Apple
CVE-2005-1934
	{DSA-734-1}
	- gaim 1:1.3.1-1 (bug #315356; low)
CVE-2005-1930
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2005-1929
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2005-1928
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2005-1927
	RESERVED
CVE-2005-1926
	RESERVED
CVE-2005-1925
	NOT-FOR-US: Tikiwiki
CVE-2005-1924
	NOT-FOR-US: External Squirrelmail plugin not packaged in Debian
CVE-2005-1923
	{DSA-737-1 DTSA-3-1}
	- clamav 0.86.1 (bug #316401; bug #316462; medium)
CVE-2005-1922
	{DSA-737-1 DTSA-3-1}
	- clamav 0.86.1-1 (low)
CVE-2005-1921
	{DSA-789-1 DSA-746-1 DSA-747-1 DSA-745-1 DTSA-15-1}
	- serendipity 1.0-1
	- drupal 4.5.4-1 (high; bug #316362)
	- phpgroupware 0.9.16.006-1 (high)
	- egroupware 1.0.0.007-3.dfsg-1 (bug #317263; high)
	- phpwiki 1.3.7-4 (bug #316714; high)
	- php4 4:4.3.10-16 (high; bug #316447)
	- horde3 <not-affected> (horde3 ships different XMLRPC code)
CVE-2005-1920
	{DSA-804-2}
	- kdelibs 4:3.4.2-1 (bug #319016; medium)
CVE-2005-1919
	REJECTED
CVE-2005-1918
	- tar 1.14-2.2
	NOTE: 1.14-2.2 is ok, maybe Debian was not-affected anyway
CVE-2005-1917
	NOT-FOR-US: kpopper, there is a kpopper in kerberos4kth-servers, but this is not the same one
CVE-2005-1916
	{DSA-760-1 DTSA-4-1}
	- ekg 1:1.5+20050712+1.6rc2-1 (bug #318059; bug #317027; low)
CVE-2005-1915
	NOT-FOR-US: log4sh
CVE-2005-1914
	{DSA-754-1 DTSA-2-1}
	- centericq 4.20.0-7 (medium)
CVE-2005-1913
	{DTSA-16-1}
	- linux-2.6 2.6.12-1 (medium)
	- kernel-source-2.6.11 2.6.11-6 (medium)
CVE-2005-1912
	REJECTED
CVE-2005-1911
	- leafnode 1.11.3.rel-1 (bug #338886; low)
	[sarge] - leafnode 1.11.2.rel-1.0sarge0
CVE-2005-1910
	NOT-FOR-US: WWWeb Concepts Events System
CVE-2005-1909
	NOT-FOR-US: 602LAN SUITE
CVE-2005-1908
	NOT-FOR-US: Perception LiteWeb
CVE-2005-1907
	NOT-FOR-US: Microsoft
CVE-2005-1906
	NOT-FOR-US: livingmailing
CVE-2005-1905
	NOT-FOR-US: Kaspersky
CVE-2005-1904
	NOT-FOR-US: JiRo's Upload Systems
CVE-2005-1903
	NOT-FOR-US: SPA-PRO Mail
CVE-2005-1902
	NOT-FOR-US: SPA-PRO Mail
CVE-2005-1901
	NOT-FOR-US: Sawmill
CVE-2005-1900
	NOT-FOR-US: Sawmill
CVE-2005-1899
	NOT-FOR-US: RakNet
CVE-2005-1898
	NOT-FOR-US: phpThumb
CVE-2005-1897
	NOT-FOR-US: FlexCast
CVE-2005-1896
	NOT-FOR-US: FlatNuke
CVE-2005-1895
	NOT-FOR-US: FlatNuke
CVE-2005-1894
	NOT-FOR-US: FlatNuke
CVE-2005-1893
	NOT-FOR-US: FlatNuke
CVE-2005-1892
	NOT-FOR-US: FlatNuke
CVE-2005-1891
	NOT-FOR-US: AOL Instant Messenger
CVE-2005-1890
	NOT-FOR-US: Mortiforo
CVE-2005-1889
	NOT-FOR-US: Sun ONE
CVE-2005-1888
	- mediawiki 1.4.9 (bug #276057)
CVE-2005-1887
	NOT-FOR-US: Solaris
CVE-2005-1886
	NOT-FOR-US: YaPiG
CVE-2005-1885
	NOT-FOR-US: YaPiG
CVE-2005-1884
	NOT-FOR-US: YaPiG
CVE-2005-1883
	NOT-FOR-US: YaPiG
CVE-2005-1882
	NOT-FOR-US: YaPiG
CVE-2005-1881
	NOT-FOR-US: YaPiG
CVE-2005-1880
	NOT-FOR-US: everybuddy
CVE-2005-1879
	NOT-FOR-US: LutelWall
CVE-2005-1878
	NOT-FOR-US: GIPTables
CVE-2005-1877
	NOT-FOR-US: Lpanel
CVE-2005-1876
	NOT-FOR-US: CuteNews
CVE-2005-1875
	NOT-FOR-US: Exhibit Engine
CVE-2005-1874
	NOT-FOR-US: Dzip
CVE-2005-1873
	NOT-FOR-US: Crob
CVE-2005-1872
	NOT-FOR-US: WebSphere
CVE-2005-1871
	- drupal 4.5.3-1
CVE-2005-1870
	NOT-FOR-US: Popper
CVE-2005-1869
	NOT-FOR-US: MWChat
CVE-2005-1868
	NOT-FOR-US: I-Man
CVE-2005-1867
	NOT-FOR-US: Symantec
CVE-2005-1866
	NOT-FOR-US: Calendarix
CVE-2005-1865
	NOT-FOR-US: Calendarix
CVE-2005-1864
	NOT-FOR-US: Calendarix
CVE-2005-1863
	REJECTED
CVE-2005-1862
	REJECTED
CVE-2005-1861
	REJECTED
CVE-2005-1860
	REJECTED
CVE-2005-1859
	NOT-FOR-US: arshell
CVE-2005-1857
	{DSA-786-1}
	- simpleproxy 3.2-4 (medium)
CVE-2005-1856
	{DSA-787-1}
	- backup-manager 0.5.8-2 (bug #315582; low)
	NOTE: maybe a duplicate of CVE-2005-2212, author contacted
CVE-2005-1855
	{DSA-787-1}
	- backup-manager 0.5.8-2 (medium)
	NOTE: maybe a duplicate of CVE-2005-2211, author contacted
CVE-2005-1854
	{DSA-772-1}
	- apt-cacher 0.9.10 (high)
CVE-2005-1853
	{DSA-770-1}
	- gopher 3.0.8 (low)
CVE-2005-1852
	{DSA-767-1 DTSA-4-1}
	- kdenetwork 4:3.3.2-5 (bug #319443; unimportant)
	NOTE: Kopete embeds the vulnerable code, but it's only used as a fallback when
	NOTE: no shared lib version is found. As the Debian package has a dependency on
	NOTE: it the maintainer does not intent to fix it, see # 319443
	- ekg 1:1.5+20050712+1.6rc3-1 (bug #318970; medium)
CVE-2005-1851
	{DSA-760-1 DTSA-4-1}
	- ekg 1:1.5+20050712+1.6rc2-1 (low)
CVE-2005-1850
	{DSA-760-1 DTSA-4-1}
	- ekg 1:1.5+20050712+1.6rc2-1 (low)
CVE-2005-1849
	{DSA-1026-1 DSA-797-2 DSA-797-1 DSA-763-1}
	NOTE: This is only contrib code not built in the binary packages AFAIK
	- zlib 1:1.2.3-1 (low)
	- zsync 0.4.1-1 (low)
	- sash 3.7-5sarge1 (low)
	NOTE: zsync 0.4.0-2 (mentioned in DSA-797-1) was never uploaded.
CVE-2005-1848
	{DSA-750-1}
	- dhcpcd 1:1.3.22pl4-22 (medium)
CVE-2005-1847
	NOT-FOR-US: YaMT
CVE-2005-1846
	NOT-FOR-US: YaMT
CVE-2005-1845
	REJECTED
CVE-2005-1844
	REJECTED
CVE-2005-1843
	NOT-FOR-US: Windows
CVE-2005-1842
	NOT-FOR-US: Windows
CVE-2005-1841
	NOT-FOR-US: acroread
CVE-2005-1858
	{DSA-744-1}
	- fuse 2.3.0-1
CVE-2005-2349 [Directory traversal in zoo]
	RESERVED
	- zoo 2.10-4 (low; bug #309594)
CVE-2005-2350 [Cross Site Scripting in websieve]
	RESERVED
	- websieve <removed> (bug #311838; low)
CVE-2005-1840
	NOT-FOR-US: phpCMS
CVE-2005-1839
	NOT-FOR-US: Liberum
CVE-2005-1838
	NOT-FOR-US: Liberum
CVE-2005-1837
	NOT-FOR-US: Fortinet firewall
CVE-2005-1836
	NOT-FOR-US: NEXTWEB
CVE-2005-1835
	NOT-FOR-US: NEXTWEB
CVE-2005-1834
	NOT-FOR-US: NEXTWEB
CVE-2005-1833
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-1832
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-1831
	- sudo <not-affected> (Unreproducable, seems like a broken PAM setup on the submitter's side)
CVE-2005-1830
	NOT-FOR-US: SoftICE
CVE-2005-1829
	NOT-FOR-US: Microsoft
CVE-2005-1828
	NOT-FOR-US: D-Link hardware issue
CVE-2005-1827
	NOT-FOR-US: D-Link hardware issue
CVE-2005-1826
	NOT-FOR-US: HP Radia
CVE-2005-1825
	NOT-FOR-US: HP Radia
CVE-2005-1824
	- mailutils 1:0.6.1-2
CVE-2005-1823
	NOT-FOR-US: Qualiteam X-Cart
CVE-2005-1822
	NOT-FOR-US: Qualiteam X-Cart
CVE-2005-1821
	NOT-FOR-US: PowerDownload
CVE-2005-1820
	NOT-FOR-US: Zeroboard
CVE-2005-1819
	NOT-FOR-US: NikoSoft WebMail
CVE-2005-1818
	NOT-FOR-US: NewLife Blogger
CVE-2005-1817
	NOT-FOR-US: Invision Power Board
CVE-2005-1816
	NOT-FOR-US: Invision Power Board
CVE-2005-1815
	NOT-FOR-US: Hummingbird Connectivity
CVE-2005-1814
	NOT-FOR-US: PicoWebServer
CVE-2005-1813
	NOT-FOR-US: FutureSoft TFTP Server
CVE-2005-1812
	NOT-FOR-US: FutureSoft TFTP Server
CVE-2005-1811
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-1810
	- wordpress 1.5.1.2-1
CVE-2005-1809
	NOT-FOR-US: Sony hardware issue
CVE-2005-1808
	NOT-FOR-US: Stronghold game
CVE-2005-1807
	- libphp-phpmailer 1.73
CVE-2005-1806
	NOT-FOR-US: PeerCast
CVE-2005-1805
	NOT-FOR-US: Online Solutions for Educators
CVE-2005-1804
	NOT-FOR-US: Net Portal Dynamic System
CVE-2005-1803
	NOT-FOR-US: Net Portal Dynamic System
CVE-2005-1802
	NOT-FOR-US: Nortel hardware
CVE-2005-1801
	NOT-FOR-US: Nokia hardware
CVE-2005-1800
	NOT-FOR-US: Jaws glossary gadget
CVE-2005-1799
	NOT-FOR-US: FreeStyle Wiki
CVE-2005-1798
	NOT-FOR-US: ServersCheck
CVE-2005-1797
	NOTE: Cryptographic attack on AES, cannot be fixed
CVE-2005-1796
	{DSA-749-1}
	- ettercap 1:0.7.1-1.1 (bug #311615)
CVE-2005-1795
	NOT-FOR-US: ClamAV on Mac OS X
CVE-2005-1794
	NOT-FOR-US: Microsoft
CVE-2005-1793
	NOT-FOR-US: Microsoft
CVE-2005-1792
	NOT-FOR-US: Microsoft
CVE-2005-1791
	NOT-FOR-US: Microsoft
CVE-2005-1790
	{CVE-2005-3896}
	NOT-FOR-US: Microsoft
	NOTE: The exploit causes Mozilla to crash, see CVE-2005-3896.
CVE-2005-1789
	NOT-FOR-US: India Software Solution shopping cart
CVE-2005-1788
	NOT-FOR-US: Hosting Controller
CVE-2005-1787
	NOT-FOR-US: phpStat
CVE-2005-1786
	NOT-FOR-US: FunkyASP
CVE-2005-1785
	NOT-FOR-US: ZonGG
CVE-2005-1784
	NOT-FOR-US: Hosting Controller
CVE-2005-1783
	NOT-FOR-US: BookReview
CVE-2005-1782
	NOT-FOR-US: BookReview
CVE-2005-1781
	NOT-FOR-US: MailEnable
CVE-2005-1780
	NOT-FOR-US: Active News Manager
CVE-2005-1779
	NOT-FOR-US: MaxWebPortal
CVE-2005-1778
	NOT-FOR-US: PostNuke
CVE-2005-1777
	NOT-FOR-US: PostNuke
CVE-2005-1776
	NOT-FOR-US: C'Nedra
CVE-2005-1775
	NOT-FOR-US: Terminator game
CVE-2005-1774
	- davfs2 0.2.4-1 (bug #310757; medium)
CVE-2005-1773
	NOT-FOR-US: Listserv
CVE-2005-1772
	NOT-FOR-US: Terminator game
CVE-2005-1771
	NOT-FOR-US: HPUX
CVE-2005-1770
	NOT-FOR-US: Avast
CVE-2005-1769
	{DSA-756-1}
	- squirrelmail 2:1.4.4-6sarge1 (bug #314374; medium)
CVE-2005-1768
	{DSA-921-1}
	- kernel-source-2.4.27 2.4.27-11 (medium; bug #319629)
CVE-2005-1767
	{DSA-922-1 DSA-921-1}
	- linux-2.6 2.6.12-1
	- kernel-source-2.4.27 2.4.27-11
	NOTE: amd64 is not supported for 2.4 (the issue is amd64 speficic)
CVE-2005-1766
	{DSA-826-1}
	- helix-player 1.0.5-1 (bug #316276; high)
	NOTE: Helix Player is affected according to:
	NOTE: <http://service.real.com/help/faq/security/050623_player/EN/>
CVE-2005-1765
	{DSA-922-1 DTSA-16-1}
	- linux-2.6 2.6.12-1 (medium)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-1764
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-1763
	{DSA-922-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc5)
CVE-2005-1762
	{DSA-922-1 DSA-921-1 DTSA-16-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc5)
	- kernel-source-2.4.27 2.4.27-11
CVE-2005-1761
	{DSA-1018-1 DSA-922-1 DTSA-16-1}
	- linux-2.6 2.6.12-1 (medium)
CVE-2005-1760
	NOT-FOR-US: sysreport
CVE-2005-1759
	- shtool 2.0.1-2 (low)
	[sarge] - shtool <no-dsa> (Minor issue)
	- mysql-ocaml 1.0.3-6 (unimportant)
	- php4 4:4.4.0-1 (unimportant)
CVE-2005-1758
	NOT-FOR-US: Novell
CVE-2005-1757
	NOT-FOR-US: Novell
CVE-2005-1756
	NOT-FOR-US: Novell
CVE-2005-1751
	{DSA-789-1 DTSA-15-1}
	- shtool 2.0.1-2 (bug #311206; low)
	[sarge] - shtool <no-dsa> (Minor issue)
	- mysql-ocaml 1.0.3-6 (bug #314464; unimportant)
	- php4 4:4.3.10-16 (low)
CVE-2005-XXXX [Unspecified issue in moodle's admin/delete.php]
	- moodle 1.4.4.dfsg.1-3
CVE-2005-2351 [Minor DoS condition in mutt due to preditable tempfiles]
	RESERVED
	- mutt 1.5.20-7 (bug #311296; unimportant)
	[sarge] - mutt <no-dsa> (Minor annoyance, not a real DoS)
	NOTE: An "attacker" could achieve the same by simply filling up /tmp
CVE-2005-XXXX [gforge arbitrary code execution through viewFile.php]
	NOTE: viewFile.php has been removed along with other files in -26, so Debian is
	NOTE: no longer affected.
	- gforge 3.1-26
CVE-2005-XXXX [osh buffer overflow]
	- osh 1.7-13 (bug #311369)
CVE-2005-XXXX [xile buffer overrun in terminal code]
	- zile 2.0.4-2
CVE-2005-1750
	NOT-FOR-US: ezwdc NewsletterEz
CVE-2005-1749
	NOT-FOR-US: BEA Weblogic
CVE-2005-1748
	NOT-FOR-US: BEA Weblogic
CVE-2005-1747
	NOT-FOR-US: BEA Weblogic
CVE-2005-1746
	NOT-FOR-US: BEA Weblogic
CVE-2005-1745
	NOT-FOR-US: BEA Weblogic
CVE-2005-1744
	NOT-FOR-US: BEA Weblogic
CVE-2005-1743
	NOT-FOR-US: BEA Weblogic
CVE-2005-1742
	NOT-FOR-US: BEA Weblogic
CVE-2005-1741
	NOT-FOR-US: Halo
CVE-2005-1740
	- net-snmp <not-affected> (fixproc not installed in Debian package)
CVE-2005-1739
	- imagemagick 6:6.0.6.2-2.4 (bug #310690; bug #310812)
CVE-2005-1738
	NOT-FOR-US: Iron Bars Shell
CVE-2005-1737
	NOT-FOR-US: PROMS
CVE-2005-1736
	NOT-FOR-US: PROMS
CVE-2005-1735
	NOT-FOR-US: PROMS
CVE-2005-1734
	NOT-FOR-US: PROMS
CVE-2005-1733
	NOT-FOR-US: Cookie Cart
CVE-2005-1732
	NOT-FOR-US: Cookie Cart
CVE-2005-1731
	REJECTED
CVE-2005-1730
	NOT-FOR-US: Novell iManager
CVE-2005-1729
	NOT-FOR-US: Novell
CVE-2005-1728
	NOT-FOR-US: Apple
CVE-2005-1727
	NOT-FOR-US: Apple
CVE-2005-1726
	NOT-FOR-US: Apple
CVE-2005-1725
	NOT-FOR-US: Apple
CVE-2005-1724
	NOT-FOR-US: Apple
CVE-2005-1723
	NOT-FOR-US: Apple
CVE-2005-1722
	NOT-FOR-US: Apple
CVE-2005-1721
	NOT-FOR-US: Apple
CVE-2005-1720
	NOT-FOR-US: Apple
CVE-2005-1719
	NOT-FOR-US: avast! antivirus
CVE-2005-1718
	NOT-FOR-US: War Times
CVE-2005-1717
	NOT-FOR-US: Zyxel hardware
CVE-2005-1716
	NOT-FOR-US: TOPo
CVE-2005-1715
	NOT-FOR-US: TOPo
CVE-2005-1714
	NOT-FOR-US: SurgeMail
CVE-2005-1713
	NOT-FOR-US: Serendipity
CVE-2005-1712
	NOT-FOR-US: Serendipity
CVE-2005-1711
	NOT-FOR-US: Gibraltar Firewall
CVE-2005-1710
	NOT-FOR-US: Blue Coat
CVE-2005-1709
	NOT-FOR-US: Blue Coat
CVE-2005-1708
	NOT-FOR-US: Blue Coat
CVE-2005-1707
	NOT-FOR-US: Gentoo
CVE-2005-1706
	- mailscanner 4.42.9 (bug #310774; low)
	[sarge] - mailscanner <no-dsa> (Minor issue)
CVE-2005-1705
	- gdb 6.3-6
CVE-2005-1704
	- gdb 6.3-6
CVE-2005-1703
	NOT-FOR-US: Warrior Kings: Battles
CVE-2005-1702
	NOT-FOR-US: Warrior Kings: Battles
CVE-2005-1701
	NOT-FOR-US: PortailPHP
CVE-2005-1700
	NOT-FOR-US: PostNuke
CVE-2005-1699
	NOT-FOR-US: PostNuke
CVE-2005-1698
	NOT-FOR-US: PostNuke
CVE-2005-1697
	NOT-FOR-US: PostNuke
CVE-2005-1696
	NOT-FOR-US: PostNuke
CVE-2005-1695
	NOT-FOR-US: PostNuke
CVE-2005-1694
	NOT-FOR-US: PostNuke
CVE-2005-1693
	NOT-FOR-US: CA Antivirus
CVE-2005-1692
	- gxine 0.4.7-0.1 (bug #310712; medium)
CVE-2005-1691
	NOT-FOR-US: SAP
CVE-2005-1690
	REJECTED
CVE-2005-1689
	{DSA-757-1}
	- krb5 1.3.6-4 (medium)
CVE-2005-1688
	- wordpress 1.5.1-1
CVE-2005-1687
	- wordpress 1.5.1-1
CVE-2005-1686
	{DSA-753-1}
	NOTE: Only exploitable under rare circumstances
	- gedit 2.10.3-1 (low)
CVE-2005-1685
	NOT-FOR-US: episodex
CVE-2005-1684
	NOT-FOR-US: episodex
CVE-2005-1683
	NOT-FOR-US: Microsoft
CVE-2005-1682
	NOT-FOR-US: Solstice Internet Mail Server
CVE-2005-1681
	NOT-FOR-US: phpATM
CVE-2005-1680
	NOT-FOR-US: D-Link hardware
CVE-2005-1679
	- picasm 1.12c-1
CVE-2005-1678
	NOT-FOR-US: Groove
CVE-2005-1677
	NOT-FOR-US: Groove
CVE-2005-1676
	NOT-FOR-US: Groove
CVE-2005-1675
	NOT-FOR-US: Groove
CVE-2005-1674
	NOT-FOR-US: Help Center Live
CVE-2005-1673
	NOT-FOR-US: Help Center Live
CVE-2005-1672
	NOT-FOR-US: Help Center Live
CVE-2005-1671
	NOT-FOR-US: Yahoo Messenger
CVE-2005-1670
	NOT-FOR-US: Extreme BlackDiamond hardware
CVE-2005-1669
	NOT-FOR-US: Opera
CVE-2005-1668
	NOT-FOR-US: YusASP Web Asset Manager
CVE-2005-1667
	NOT-FOR-US: DataTrac Activity Console
CVE-2005-1666
	NOT-FOR-US: Orenosv
CVE-2005-1665
	NOT-FOR-US: Microsoft
CVE-2005-1664
	NOT-FOR-US: Microsoft
CVE-2005-1663
	NOT-FOR-US: Jeuce Personal Web Server
CVE-2005-1662
	NOT-FOR-US: Jeuce Personal Web Server
CVE-2005-1661
	NOT-FOR-US: Jeuce Personal Web Server
CVE-2005-1660
	NOT-FOR-US: EZGuestbook
CVE-2005-1659
	NOT-FOR-US: MyServer
CVE-2005-1658
	NOT-FOR-US: MyServer
CVE-2005-1657
	NOT-FOR-US: Mercur Messaging
CVE-2005-1656
	NOT-FOR-US: Mercur Messaging
CVE-2005-1655
	NOT-FOR-US: AOL Instant Messenger
CVE-2005-1654
	NOT-FOR-US: Hosting Controller
CVE-2005-XXXX [Two DoS condition in ekg]
	- ekg 1:1.5+20050411-3
CVE-2005-XXXX [lcrash affected by libbfd integer overflows]
	- lcrash 7.0.0.pre.cvs.20050322-3
CVE-2005-XXXX [Multiple security problems in lbreakout2]
	- lbreakout2 2.5.2-2
CVE-2005-1653
	NOT-FOR-US: Woppoware
CVE-2005-1652
	NOT-FOR-US: Woppoware
CVE-2005-1651
	NOT-FOR-US: Woppoware
CVE-2005-1650
	NOT-FOR-US: Woppoware
CVE-2005-1649
	NOT-FOR-US: Windows
CVE-2005-1648
	NOT-FOR-US: GASoft
CVE-2005-1647
	NOT-FOR-US: GASoft
CVE-2005-1646
	NOT-FOR-US: Fastream NETFile
CVE-2005-1645
	NOT-FOR-US: Keyvan1 Gallery
CVE-2005-1644
	NOT-FOR-US: Livre d'Or
CVE-2005-1643
	NOT-FOR-US: Zoidcom
CVE-2005-1642
	NOT-FOR-US: Woltlab Burning Board
CVE-2005-1641
	NOT-FOR-US: Ignition Project
CVE-2005-1640
	NOT-FOR-US: Ignition Project
CVE-2005-1639
	NOT-FOR-US: Sigma
CVE-2005-1638
	NOT-FOR-US: SafeHTML
CVE-2005-1637
	NOT-FOR-US: NPDS
CVE-2005-1636
	{DSA-783-1}
	- mysql-dfsg 4.0.12-2 (bug #319526; low)
	- mysql-dfsg-4.1 4.1.12 (medium; bug #319526)
	- mysql-dfsg-5.0 5.0.11beta-3 (medium)
CVE-2005-1635
	NOT-FOR-US: JGS-Portal
CVE-2005-1634
	NOT-FOR-US: JGS-Portal
CVE-2005-1633
	NOT-FOR-US: JGS-Portal
CVE-2005-1632
	- cheetah 0.9.16-1
CVE-2005-1631
	NOT-FOR-US: Booby
CVE-2005-1630
	NOT-FOR-US: phpbb attachment mod
CVE-2005-1629
	NOT-FOR-US: Photopost
CVE-2005-1628
	NOT-FOR-US: WebAPP
CVE-2005-1627
	- viewglob 2.0.1-1
	[sarge] - viewglob <not-affected> (1.x version in Sarge is not vulnerable)
CVE-2005-1626
	NOT-FOR-US: Pico Server
CVE-2005-1625
	NOT-FOR-US: Acrobat Reader
CVE-2005-1624
	RESERVED
CVE-2005-1623
	RESERVED
CVE-2005-1622
	NOT-FOR-US: MetaCart
CVE-2005-1621
	NOT-FOR-US: Postnuke mod
CVE-2005-1620
	NOT-FOR-US: Skull-Splitter Guestbook
CVE-2005-1619
	NOT-FOR-US: PHPMyChat
CVE-2005-1618
	NOT-FOR-US: Yahoo Messenger
CVE-2005-1617
	NOT-FOR-US: Willings WebCAM
CVE-2005-1616
	NOT-FOR-US: Ultimate PHP Board
CVE-2005-1615
	NOT-FOR-US: Ultimate PHP Board
CVE-2005-1614
	NOT-FOR-US: Ultimate PHP Board
CVE-2005-1613
	NOT-FOR-US: OpenBB
CVE-2005-1612
	NOT-FOR-US: OpenBB
CVE-2005-1611
	NOT-FOR-US: Web Crossing
CVE-2005-1610
	NOT-FOR-US: Tru-Zone NukeET
CVE-2005-1609
	NOT-FOR-US: Sun StorEdge 6130 Arrays
CVE-2005-1608
	NOT-FOR-US: Spidean AutoTheme 1.7 and AT-Lite for PostNuke
CVE-2005-1607
	NOT-FOR-US: Remote Cart
CVE-2005-1606
	NOT-FOR-US: H-Sphere Winbox
CVE-2005-1605
	NOT-FOR-US: guestbook for SiteStudio
CVE-2005-1604
	NOT-FOR-US: phpATM
CVE-2005-1603
	NOT-FOR-US: NiteEnterprises Remote File Manager
CVE-2005-1602
	NOT-FOR-US: Net56 Browser Based File Manager
CVE-2005-1601
	NOT-FOR-US: MRO Maximo Self Service
CVE-2005-1600
	NOT-FOR-US: LibTomCrypt
CVE-2005-1599
	NOT-FOR-US: Kryloff Technologies Subject Search Server
CVE-2005-1598
	NOT-FOR-US: Invision Power Board
CVE-2005-1597
	NOT-FOR-US: Invision Power Board
CVE-2005-1596
	NOT-FOR-US: Fusion SBX
CVE-2005-1595
	NOT-FOR-US: CodeThat ShoppingCart
CVE-2005-1594
	NOT-FOR-US: CodeThat ShoppingCart
CVE-2005-1593
	NOT-FOR-US: CodeThat ShoppingCart
CVE-2005-1592
	NOT-FOR-US: BirdBlog
CVE-2005-1591
	NOT-FOR-US: Solaris
CVE-2005-1590
	NOT-FOR-US: Altiris Client Service for Windows
CVE-2005-XXXX [clamav: DoS through multiple empty Content-Disposition header lines]
	- clamav 0.85.1-1 (low)
	[sarge] - clamav 0.84-2.sarge.1
CVE-2005-XXXX [libxpm4: new s_popen() function is insecure garbage]
	- xfree86 4.3.0.dfsg.1-14 (bug #308783)
	- xorg-x11 <not-affected> (Xfree-specific, inspected the Subversion tree)
CVE-2005-1589
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc5)
	[sarge] - kernel-source-2.6.8 <not-affected>
CVE-2005-1588
	NOT-FOR-US: Quick.cart
CVE-2005-1587
	NOT-FOR-US: Quick.cart
CVE-2005-1586
	NOT-FOR-US: Quick.Forum
CVE-2005-1585
	NOT-FOR-US: Quick.Forum
CVE-2005-1584
	NOT-FOR-US: Quick.Forum
CVE-2005-1583
	NOT-FOR-US: 1Two News
CVE-2005-1582
	NOT-FOR-US: 1Two News
CVE-2005-1581
	NOT-FOR-US: bug_list.php
CVE-2005-1580
	NOT-FOR-US: BoastMachine
CVE-2005-1579
	NOT-FOR-US: Apple
CVE-2005-1578
	NOT-FOR-US: EnCase
CVE-2005-1577
	NOT-FOR-US: APG Classmaster
CVE-2005-1576
	NOTE: appears windows specific
CVE-2005-1575
	NOTE: appears windows specific
CVE-2005-1574
	NOT-FOR-US: Windows
CVE-2005-1573
	NOT-FOR-US: ASP Virtual News Manager
CVE-2005-1572
	NOT-FOR-US: ShowOff
CVE-2005-1571
	NOT-FOR-US: ShowOff
CVE-2005-1570
	NOTE: for-for-us (bttlxeForum)
CVE-2005-1569
	NOT-FOR-US: DirectTopics
CVE-2005-1568
	NOT-FOR-US: DirectTopics
CVE-2005-1567
	NOT-FOR-US: DirectTopics
CVE-2005-1566
	NOT-FOR-US: Acrowave AAP-3100AR wireless router
CVE-2005-1565
	[woody] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
	[sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
	- bugzilla 2.18-7 (bug #308789; medium)
CVE-2005-1564
	- bugzilla 2.16.7-7sarge1
CVE-2005-1563
	- bugzilla 2.16.7-7sarge1
CVE-2005-1562
	NOT-FOR-US: MaxWebPortal
CVE-2005-1561
	NOT-FOR-US: MaxWebPortal
CVE-2005-1560
	NOT-FOR-US: Nexusway
CVE-2005-1559
	NOT-FOR-US: Nexusway
CVE-2005-1558
	NOT-FOR-US: Nexusway
CVE-2005-1557
	NOT-FOR-US: WebApp Guestbook PRO
CVE-2005-1556
	NOT-FOR-US: Gamespy cd-key validation system
CVE-2005-1555
	NOT-FOR-US: JRun
CVE-2005-1554
	NOT-FOR-US: WowBB
CVE-2005-1553
	NOT-FOR-US: GeoVision Digital Video Surveillance System
CVE-2005-1552
	NOT-FOR-US: GeoVision Digital Video Surveillance System
CVE-2005-1551
	NOT-FOR-US: Sophos Anti-Virus
CVE-2005-1550
	NOT-FOR-US: easy message board
CVE-2005-1549
	NOT-FOR-US: easy message board
CVE-2005-1548
	NOT-FOR-US: Advanced Guestbook
CVE-2005-1547
	NOT-FOR-US: Bakbone Netvault
CVE-2005-1546
	{DSA-743-1}
	- ht 0.8.0-3 (bug #308587)
CVE-2005-1545
	{DSA-743-1}
	- ht 0.8.0-3 (bug #308587)
CVE-2005-1544
	{DSA-755-1}
	NOTE: CVE info about vulnerable version number is bogus
	- tiff 3.7.2-3 (bug #309739)
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2005-1543
	NOT-FOR-US: Novell Zenworks
CVE-2005-1542
	RESERVED
CVE-2005-1541
	RESERVED
CVE-2005-1540
	RESERVED
CVE-2005-1539
	RESERVED
CVE-2005-1538
	RESERVED
CVE-2005-1537
	RESERVED
CVE-2005-1536
	RESERVED
CVE-2005-1535
	RESERVED
CVE-2005-1534
	RESERVED
CVE-2005-1533
	RESERVED
CVE-2005-1532
	{DSA-781-1}
	- mozilla-firefox 1.0.4
	- mozilla 2:1.7.8
	- mozilla-thunderbird 1.0.6-1 (bug #318728; high)
CVE-2005-1531
	- mozilla-firefox 1.0.4
	- mozilla 2:1.7.8
CVE-2005-1530
	NOT-FOR-US: Sophos
CVE-2005-1529
	RESERVED
CVE-2005-1528
	NOT-FOR-US: QNX
CVE-2005-1527
	{DSA-892-1}
	- awstats 6.4-1.1 (bug #322591; bug #334833; bug #336137; medium)
CVE-2005-1526
	{DSA-764-1}
	- cacti 0.8.6e-1 (bug #315703; high)
CVE-2005-1525
	{DSA-764-1}
	- cacti 0.8.6e-1 (bug #315703; high)
CVE-2005-1524
	{DSA-764-1}
	- cacti 0.8.6e-1 (bug #315703; high)
CVE-2005-1523
	{DSA-732-1}
	- mailutils 1:0.6.1-3
CVE-2005-1522
	{DSA-732-1}
	- mailutils 1:0.6.1-3
CVE-2005-1521
	{DSA-732-1}
	- mailutils 1:0.6.1-3
CVE-2005-1520
	{DSA-732-1}
	- mailutils 1:0.6.1-3
CVE-2005-1519
	{DSA-751-1}
	- squid 2.5.9-9 (bug #309504)
CVE-2005-1518
	NOT-FOR-US: Solaris
CVE-2005-1517
	NOT-FOR-US: Cisco
CVE-2005-XXXX [Buffer overflow in libotr]
	- libotr 2.0.2-1
CVE-2005-XXXX [vpnc: config file path security hole]
	- vpnc 0.3.2+SVN20050326-2
CVE-2005-XXXX [Several buffer overflows in termpkg]
	- termpkg 3.3-2
CVE-2005-XXXX [Integer overflow in binutils' ELF parsing]
	NOTE: 2.16.1cvs20050902-1 mentions this in the changelog as well, but it's
	NOTE: already fixed since 2.15-6
	- binutils 2.15-6
CVE-2005-XXXX [kmd affected by binutils's ELF parser vulnerability]
	- kmd 0.9.19-1.1
CVE-2005-XXXX [unrar: opens /tmp/debug_unrar.txt]
	NOTE: Source package has been renamed from unrar to unrar-free
	- unrar-free 1:0.0.1-2
CVE-2005-1512
	NOT-FOR-US: PwsPHP
CVE-2005-1511
	NOT-FOR-US: PwsPHP
CVE-2005-1510
	NOT-FOR-US: PwsPHP
CVE-2005-1509
	NOT-FOR-US: PwsPHP
CVE-2005-1508
	NOT-FOR-US: PwsPHP
CVE-2005-1507
	NOT-FOR-US: WebSTAR
CVE-2005-1506
	NOT-FOR-US: CJ Ultra Plus
CVE-2005-1505
	NOT-FOR-US: MacOS
CVE-2005-1504
	NOT-FOR-US: GameSpy SDK CD-Key Validation Toolkit
CVE-2005-1503
	NOT-FOR-US: MidiCart
CVE-2005-1502
	NOT-FOR-US: MidiCart
CVE-2005-1501
	NOT-FOR-US: MidiCart
CVE-2005-1500
	NOT-FOR-US: myBloggie
CVE-2005-1499
	NOT-FOR-US: myBloggie
CVE-2005-1498
	NOT-FOR-US: myBloggie
CVE-2005-1497
	NOT-FOR-US: myBloggie
CVE-2005-1496
	NOT-FOR-US: Oracle
CVE-2005-1495
	NOT-FOR-US: Oracle
CVE-2005-1494
	NOT-FOR-US: MegaBook
CVE-2005-1493
	NOT-FOR-US: SimpleCam
CVE-2005-1492
	NOT-FOR-US: Gossamer Threads Links
CVE-2005-1491
	NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2
CVE-2005-1490
	NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2
CVE-2005-1489
	NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2
CVE-2005-1488
	NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2
CVE-2005-1487
	NOT-FOR-US: FishCart
CVE-2005-1486
	NOT-FOR-US: FishCart
CVE-2005-1485
	NOT-FOR-US: Golden FTP Server Pro
CVE-2005-1484
	NOT-FOR-US: Golden FTP Server Pro
CVE-2005-1483
	NOT-FOR-US: ArticleLive
CVE-2005-1482
	NOT-FOR-US: ArticleLive
CVE-2005-1481
	NOT-FOR-US: ASP Inline Corporate Calendar
CVE-2005-1480
	NOT-FOR-US: RaidenFTPD
CVE-2005-1479
	NOT-FOR-US: JGS-Portal
CVE-2005-1478
	NOT-FOR-US: DMail
CVE-2005-1516
	NOT-FOR-US: DMail
CVE-2005-1515
	- qmail 1.03-38
CVE-2005-1514
	- qmail 1.03-38
CVE-2005-1513
	- qmail 1.03-38
CVE-2005-1477
	- mozilla-firefox 1.0.4-1
CVE-2005-1476
	- mozilla-firefox 1.0.4-1
CVE-2005-1475
	NOT-FOR-US: Opera
CVE-2005-1474
	NOT-FOR-US: Apple
CVE-2005-1473
	NOT-FOR-US: Apple
CVE-2005-1472
	NOT-FOR-US: Apple
CVE-2005-1471
	NOT-FOR-US: RSA SecurID Web Agent
CVE-2005-XXXX [mailutils: sql injection vulnerability in sql authentication module]
	- mailutils 1:0.6.1-2
CVE-2005-XXXX [maradns: More frequent rekeying to mitigate possible AES attacks]
	- maradns 1.0.27-1
CVE-2005-2352 [Temp file races in gs-gpl addons scripts]
	RESERVED
	- gs-gpl 8.56.dfsg.1-1 (bug #291373; unimportant)
CVE-2005-XXXX [Possible SQL injection in freeradius]
	- freeradius 1.0.2-4
CVE-2005-2353
	{DSA-1051-1 DSA-1046-1}
	- mozilla-thunderbird 1.0.6-1 (bug #306893; low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
	- firefox 1.5.dfsg+1.5.0.2-1
	- thunderbird 1.5.0.2-1
	- xulrunner 1.8.0.1-9
CVE-2005-XXXX [Directory traversal in unzoo]
	- unzoo 4.4-4
CVE-2005-XXXX [Logging bypassing through SIGHUP in syslog-ng]
	- syslog-ng 1.6.5-2.1
CVE-2005-XXXX [trackballs: Follows symlinks as gid games]
	- trackballs 1.1.1-1 (bug #302454; medium)
	[sarge] - trackballs <no-dsa> (Hardly exploitable)
	NOTE: CVE request sent to mitre (who sent this? any response?)
	NOTE: Trackballs doesn't run as gid games anymore, high-score files are
	NOTE: stored in user's home directories instead.
CVE-2005-1470
	- ethereal 0.10.10-2sarge2
CVE-2005-1469
	- ethereal 0.10.10-2sarge2
CVE-2005-1468
	- ethereal 0.10.10-2sarge2
CVE-2005-1467
	- ethereal 0.10.10-2sarge2
CVE-2005-1466
	- ethereal 0.10.10-2sarge2
CVE-2005-1465
	- ethereal 0.10.10-2sarge2
CVE-2005-1464
	- ethereal 0.10.10-2sarge2
CVE-2005-1463
	- ethereal 0.10.10-2sarge2
CVE-2005-1462
	- ethereal 0.10.10-2sarge2
CVE-2005-1461
	- ethereal 0.10.10-2sarge2
CVE-2005-1460
	- ethereal 0.10.10-2sarge2
CVE-2005-1459
	- ethereal 0.10.10-2sarge2
CVE-2005-1458
	- ethereal 0.10.10-2sarge2
CVE-2005-1457
	- ethereal 0.10.10-2sarge2
CVE-2005-1456
	- ethereal 0.10.10-2sarge2
CVE-2005-1455
	- freeradius 1.0.2-4
CVE-2005-1454
	- freeradius 1.0.2-4
CVE-2005-1453
	- leafnode 1.11.2.rel-1
CVE-2005-XXXX [Missing input validation in xtradius]
	- xtradius 1.2.1-beta2-2 (bug #307796; unimportant)
CVE-2005-XXXX [fai tempfile vulnerability]
	- fai 2.8.2
CVE-2005-2354 [nvu uses old copy of mozilla xpcom]
	RESERVED
	NOTE: have not checked to see which security holes are in it exactly
	- nvu <removed> (bug #306822; medium)
CVE-2005-2356
	RESERVED
	NOTE: This was assigned to an eskuel non-issue before due to Red Hat typos
CVE-2005-XXXX [Buffer overflow in elog's header buffer]
	- elog 2.5.7+r1558-3 (bug #349528; high)
CVE-2005-XXXX [Unspeficied security issue in ipsec-tool's single DES support]
	- ipsec-tools 1:0.5.2-1
CVE-2005-1452
	- serendipity 1.0-1
CVE-2005-1451
	- serendipity 1.0-1
CVE-2005-1450
	- serendipity 1.0-1
CVE-2005-1449
	- serendipity 1.0-1
CVE-2005-1448
	- serendipity 1.0-1
CVE-2005-1447
	NOT-FOR-US: SitePanel
CVE-2005-1446
	NOT-FOR-US: SitePanel
CVE-2005-1445
	NOT-FOR-US: SitePanel
CVE-2005-1444
	NOT-FOR-US: SitePanel
CVE-2005-1443
	NOT-FOR-US: Invision Power Board
CVE-2005-1442
	NOT-FOR-US: Lotus Domino
CVE-2005-1441
	NOT-FOR-US: Lotus Domino
CVE-2005-1440
	NOT-FOR-US: ViArt Shop
CVE-2005-1439
	NOT-FOR-US: osTicket
CVE-2005-1438
	NOT-FOR-US: osTicket
CVE-2005-1437
	NOT-FOR-US: osTicket
CVE-2005-1436
	NOT-FOR-US: osTicket
CVE-2005-1435
	- openwebmail <removed>
CVE-2005-1434
	NOT-FOR-US: HP OpenView
CVE-2005-1433
	NOT-FOR-US: HP OpenView
CVE-2005-1432
	RESERVED
CVE-2005-1431
	- gnutls11 1.0.16-13.1 (bug #309111; bug #307641)
CVE-2005-1430
	NOT-FOR-US: Mac OS X
CVE-2005-1429
	NOT-FOR-US: WWWguestbook
CVE-2005-1428
	NOT-FOR-US: Uapplication Uphotogallery
CVE-2005-1427
	NOT-FOR-US: Uapplication Uphotogallery
CVE-2005-1426
	NOT-FOR-US: Uapplication Ublog
CVE-2005-1425
	NOT-FOR-US: Uapplication Uguestbook
CVE-2005-1424
	NOT-FOR-US: GoText
CVE-2005-1423
	NOT-FOR-US: 602 LAN SUITE
CVE-2005-1422
	NOT-FOR-US: Raysoft Video Cam Server
CVE-2005-1421
	NOT-FOR-US: Raysoft Video Cam Server
CVE-2005-1420
	NOT-FOR-US: Raysoft Video Cam Server
CVE-2005-1419
	NOT-FOR-US: Ocean12 Mailing list manager
CVE-2005-1418
	NOT-FOR-US: Netleaf
CVE-2005-1417
	NOT-FOR-US: MaxWebPortal
CVE-2005-1416
	NOT-FOR-US: 04WebServer
CVE-2005-1415
	NOT-FOR-US: GlobalSCAPE Secure FTP Server
CVE-2005-1414
	NOT-FOR-US: FilePocket
CVE-2005-1413
	NOT-FOR-US: enVivo
CVE-2005-1412
	NOT-FOR-US: ECommPro
CVE-2005-1411
	NOT-FOR-US: ICUII
CVE-2005-1410
	- postgresql 7.4.7-6
CVE-2005-1409
	- postgresql 7.4.7-6
CVE-2005-1408
	NOT-FOR-US: Apple
CVE-2005-1407
	NOT-FOR-US: Skype
CVE-2005-1406
	- kfreebsd5-source 5.3-10
CVE-2005-1405
	NOT-FOR-US: Lotus Domino
CVE-2005-1404
	NOT-FOR-US: MyPHP Forum
CVE-2005-1403
	NOT-FOR-US: JW Amazon Web Store
CVE-2005-1402
	NOT-FOR-US: NeL libarary
CVE-2005-1401
	NOT-FOR-US: Mtp-Target
CVE-2005-1400
	- kfreebsd5-source 5.3-10
CVE-2005-1399
	- kfreebsd5-source 5.3-10
CVE-2005-1398
	NOT-FOR-US: PHPCart
CVE-2005-1397
	NOT-FOR-US: PHPCalender
CVE-2005-1396
	NOT-FOR-US: ARPUS Ceterm
CVE-2005-1395
	NOT-FOR-US: ARPUS Ceterm
CVE-2005-1394
	NOT-FOR-US: ArcGIS
CVE-2005-1393
	NOT-FOR-US: ArcGIS
CVE-2005-1392
	- phpmyadmin <not-affected> (Only part of examples that an admin would need to modify anyway)
CVE-2005-1391
	{DSA-934-1}
	[sarge] - pound 1.8.2-1sarge1
	- pound 1.8.2-1.1 (bug #307852; bug #311548; medium)
CVE-2005-1390
	REJECTED
CVE-2005-1389
	REJECTED
CVE-2005-1388
	NOT-FOR-US: SURVIVOR
CVE-2005-1387
	NOT-FOR-US: Mac OS X
CVE-2005-1386
	NOT-FOR-US: PHP-Nuke
CVE-2005-1385
	NOT-FOR-US: Safari
CVE-2005-1384
	NOT-FOR-US: phpCoin
CVE-2005-1383
	NOT-FOR-US: Oracle
CVE-2005-1382
	NOT-FOR-US: Oracle
CVE-2005-1381
	NOT-FOR-US: Oracle
CVE-2005-1380
	NOT-FOR-US: BEA Weblogic
CVE-2005-1379
	- lam <not-affected> (Mandrake specific packaging flaw)
CVE-2005-1378
	NOT-FOR-US: phpbb mod
CVE-2005-1377
	NOT-FOR-US: Claroline
CVE-2005-1376
	NOT-FOR-US: Claroline
CVE-2005-1375
	NOT-FOR-US: Claroline
CVE-2005-1374
	NOT-FOR-US: Claroline
CVE-2005-1373
	NOT-FOR-US: Koobi CMS
CVE-2005-1372
	NOT-FOR-US: NetVault
CVE-2005-1371
	NOT-FOR-US: NetVault
CVE-2005-1370
	NOT-FOR-US: HP OpenView
CVE-2005-1369
	- kernel-source-2.4.27 <not-affected>
	- kernel-source-2.6.8 2.6.8-16
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.8)
CVE-2005-1368
	[sarge] - kernel-source-2.6.8 <not-affected>
	- kernel-source-2.4.27 <not-affected>
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.8)
CVE-2005-1367
	NOT-FOR-US: pServ
CVE-2005-1366
	NOT-FOR-US: pServ
CVE-2005-1365
	NOT-FOR-US: pServ
CVE-2005-XXXX [Insecure mailbox generation in passwd's useradd]
	- shadow 4.0.8
	[sarge] - shadow <not-affected> (was introduced after version 4.0.3)
	[woody] - shadow <not-affected> (was introduced after version 4.0.3)
CVE-2005-1364
	NOT-FOR-US: MetaBid Auctions
CVE-2005-1363
	NOT-FOR-US: MetaCart
CVE-2005-1362
	NOT-FOR-US: MetaCart
CVE-2005-1361
	NOT-FOR-US: MetaCart
CVE-2005-1360
	NOT-FOR-US: GrayCMS
CVE-2005-1359
	NOT-FOR-US: text.cgi
CVE-2005-1358
	NOT-FOR-US: text.cgi
CVE-2005-1357
	NOT-FOR-US: text.cgi
CVE-2005-1356
	NOT-FOR-US: includer.cgi
CVE-2005-1355
	NOT-FOR-US: includer.cgi
CVE-2005-1354
	NOT-FOR-US: forum.pl
CVE-2005-1353
	NOT-FOR-US: forum.pl
CVE-2005-1352
	NOT-FOR-US: ad.cgi
CVE-2005-1351
	NOT-FOR-US: ad.cgi
CVE-2005-1350
	NOT-FOR-US: ad.cgi
CVE-2005-1349
	{DSA-727-1}
	- libconvert-uulib-perl 1.0.5.1
CVE-2005-1348
	NOT-FOR-US: MailEnable
CVE-2005-1347
	NOT-FOR-US: acrobat
CVE-2005-1346
	NOT-FOR-US: Symantec
CVE-2005-1345
	{DSA-721-1}
	- squid 2.5.9-7
CVE-2005-1344
	- apache2 2.0.54-3 (bug #322604)
CVE-2005-1343
	NOT-FOR-US: vpnd for Mac OS X
CVE-2005-1342
	NOT-FOR-US: Apple Terminal
CVE-2005-1341
	NOT-FOR-US: Apple Terminal
CVE-2005-1340
	NOT-FOR-US: Mac OS X
CVE-2005-1339
	- lukemftpd <not-affected> (our lukemftpd uses pw->pw_name when checking /etc/ftpchroot)
CVE-2005-1338
	NOT-FOR-US: Mac OS X
CVE-2005-1337
	NOT-FOR-US: Mac OS X
CVE-2005-1336
	NOT-FOR-US: Mac OS X
CVE-2005-1335
	NOT-FOR-US: Mac OS X
CVE-2005-1334
	REJECTED
CVE-2005-1333
	NOT-FOR-US: Mac OS X
CVE-2005-1332
	NOT-FOR-US: Mac OS X
CVE-2005-1331
	NOT-FOR-US: Mac OS X
CVE-2005-1330
	NOT-FOR-US: Mac OS X
CVE-2005-1329
	NOT-FOR-US: OneWorldStore
CVE-2005-1328
	NOT-FOR-US: OneWorldStore
CVE-2005-1327
	NOT-FOR-US: Woltlab Burning Board
CVE-2005-1326
	NOT-FOR-US: VooDoo cIRCle BOTNET
CVE-2005-1325
	NOT-FOR-US: phpMyVisites
CVE-2005-1324
	NOT-FOR-US: phpMyVisites
CVE-2005-1323
	NOT-FOR-US: NetTerm
CVE-2005-1322
	- nag 1.1-3.1 (bug #307173)
CVE-2005-1321
	- sork-vacation 2.2.2-1
CVE-2005-1320
	- mnemo 1.1-2.1 (bug #307180)
	- mnemo2 <not-affected> (fixed before 2.1.1)
CVE-2005-1319
	- imp4 <not-affected>
	- imp3 3.2.8-1 (bug #328218; low)
CVE-2005-1318
	- sork-forwards 2.2.2-1
CVE-2005-1317
	NOT-FOR-US: Hord Chora module
CVE-2005-1316
	- sork-accounts 2.1.2-1
CVE-2005-1315
	- turba 1.2.5-1
CVE-2005-1314
	- kronolith 1.1.4-1
CVE-2005-1313
	- sork-passwd 2.2.2-1
CVE-2005-1312
	NOT-FOR-US: Yappa-NG
CVE-2005-1311
	NOT-FOR-US: Yappa-NG
CVE-2005-1310
	NOT-FOR-US: bBlog
CVE-2005-1309
	NOT-FOR-US: bBlog
CVE-2005-1308
	- courier <unfixed> (bug #307575; unimportant)
CVE-2005-1307
	NOT-FOR-US: Adobe Version Cue
CVE-2005-1306
	NOT-FOR-US: Adobe Reader 7
CVE-2005-1305
	NOT-FOR-US: hyper.cgi
CVE-2005-1304
	NOT-FOR-US: citat.pl
CVE-2005-1303
	NOT-FOR-US: citat.pl
CVE-2005-1302
	NOT-FOR-US: Confixx
CVE-2005-1301
	NOT-FOR-US: nProtect:Netizen
CVE-2005-1300
	NOT-FOR-US: inserter.cgi
CVE-2005-1299
	NOT-FOR-US: inserter.cgi
CVE-2005-1298
	NOT-FOR-US: inserter.cgi
CVE-2005-1297
	NOT-FOR-US: include.cgi
CVE-2005-1296
	NOT-FOR-US: include.cgi
CVE-2005-1295
	NOT-FOR-US: include.cgi
CVE-2005-1294
	- affix-kernel 2.1.1-1.1
CVE-2005-1293
	NOT-FOR-US: StorePortal
CVE-2005-1292
	NOT-FOR-US: CartWIZ ASP Cart
CVE-2005-1291
	NOT-FOR-US: CartWIZ ASP Cart
CVE-2005-1290
	- phpbb2 2.0.13-6sarge1 (low)
CVE-2005-1289
	NOT-FOR-US: E-Cart
CVE-2005-1288
	NOT-FOR-US: ACS Blog
CVE-2005-1287
	NOT-FOR-US: BK Forum
CVE-2005-1286
	NOT-FOR-US: Bitdefender
CVE-2005-1285
	NOT-FOR-US: Woltlab Burning Board
CVE-2005-1284
	NOT-FOR-US: Argosoft Mail Server Pro
CVE-2005-1283
	NOT-FOR-US: Argosoft Mail Server Pro
CVE-2005-1282
	NOT-FOR-US: Argosoft Mail Server Pro
CVE-2005-1281
	- ethereal 0.10.10-2
CVE-2005-1280
	- ethereal 0.10.10-2
	- tcpdump 3.8.3-4
CVE-2005-1279
	{DSA-850-1}
	- tcpdump 3.8.3-4
CVE-2005-1278
	- tcpdump 3.8.3-4 (bug #307920)
CVE-2005-1277
	REJECTED
CVE-2005-1276
	RESERVED
CVE-2005-1275
	- imagemagick 6:6.0.6.2-2.3 (bug #306424)
CVE-2005-1274
	- maxdb-7.5.00 7.5.00.24-3
CVE-2005-1273
	RESERVED
CVE-2005-1272
	NOT-FOR-US: Backup Agent for Microsoft SQL
CVE-2005-1271
	REJECTED
CVE-2005-1270
	- rkhunter 1.2.7-14 (medium)
CVE-2005-XXXX [Unspecified buffer overflow in Convert::UUlib perl module]
	- libconvert-uulib-perl 1.0.5.1-1
CVE-2005-1269
	{DSA-734-1}
	- gaim 1:1.3.1-1 (bug #315356; low)
CVE-2005-1268
	{DSA-805-1}
	- apache2 2.0.54-5 (bug #320048; bug #320063; bug #322613; low)
	- apache <not-affected> (Not affected, see #322613)
CVE-2005-1267
	{DSA-854-1}
	- tcpdump 3.9.0.cvs.20050614-1 (medium)
CVE-2005-1266
	{DSA-736-2 DSA-736-1}
	- spamassassin 3.0.4-1 (bug #314447; medium)
CVE-2005-1265
	{DSA-922-1}
	- linux-2.6 2.6.12-1
CVE-2005-1264
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.10)
	[sarge] - kernel-source-2.6.8 2.6.8-16
CVE-2005-1263
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc4)
	[sarge] - kernel-source-2.6.8 2.6.8-16
	[sarge] - kernel-source-2.4.27 2.4.27-10
	NOTE: believed not to be exploitable in 2.6 after all, re Greg K-H
CVE-2005-1262
	- gaim 1:1.2.1-1.1
CVE-2005-1261
	- gaim 1:1.2.1-1.1
CVE-2005-1260
	{DSA-741-1}
	- bzip2 1.0.2-7
CVE-2005-1259
	RESERVED
CVE-2005-1258
	RESERVED
CVE-2005-1257
	RESERVED
CVE-2005-1256
	NOT-FOR-US: IMail
CVE-2005-1255
	NOT-FOR-US: IMail
CVE-2005-1254
	NOT-FOR-US: IMail
CVE-2005-1253
	RESERVED
CVE-2005-1252
	NOT-FOR-US: IMail
CVE-2005-1251
	RESERVED
CVE-2005-1250
	NOT-FOR-US: IpSwitch
CVE-2005-1249
	NOT-FOR-US: IMail
CVE-2005-1248
	NOT-FOR-US: Apple iTunes
CVE-2005-1247
	NOT-FOR-US: Novell Nsure Audit
CVE-2005-1246
	NOT-FOR-US: snmppd
CVE-2005-XXXX [Multiple security problems in Quake 2]
	NOTE: this release added lots of warnings about the security problems
	- quake2 1:0.3-1.1
CVE-2005-1245
	- mediawiki 1.4.9 (bug #276057)
CVE-2005-1244
	NOT-FOR-US: AS/400 FTP server addon
CVE-2005-1243
	NOT-FOR-US: AS/400 FTP server addon
CVE-2005-1242
	NOT-FOR-US: AS/400 FTP server addon
CVE-2005-1241
	NOT-FOR-US: AS/400 FTP server addon
CVE-2005-1240
	NOT-FOR-US: AS/400 FTP server addon
CVE-2005-1239
	NOT-FOR-US: AS/400 FTP server addon
CVE-2005-1238
	NOT-FOR-US: AS/400 FTP server
CVE-2005-1237
	NOT-FOR-US: FlexPHPNews
CVE-2005-1236
	NOT-FOR-US: DUPortal
CVE-2005-1235
	NOT-FOR-US: phpbb-Auction
CVE-2005-1234
	NOT-FOR-US: phpbb-Auction
CVE-2005-1233
	NOT-FOR-US: PHP Labs proFile
CVE-2005-1232
	NOT-FOR-US: Sun ONE Proxy Server
CVE-2005-1231
	NOT-FOR-US: JAWS
CVE-2005-1230
	NOT-FOR-US: Yawcan
CVE-2005-1229
	{DSA-846-1}
	- cpio 2.6-6 (bug #306693; medium)
CVE-2005-1228
	{DSA-752-1}
	- gzip 1.3.5-10
CVE-2005-1227
	NOT-FOR-US: PHPProjekt
CVE-2005-1226
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2005-1225
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2005-1224
	NOT-FOR-US: DUPortal
CVE-2005-1223
	NOT-FOR-US: Ocean12 Calender manager
CVE-2005-1222
	NOT-FOR-US: Annuaire Netref
CVE-2005-1221
	NOT-FOR-US: ECommPro
CVE-2005-1220
	NOT-FOR-US: Shoutbox
CVE-2005-1219
	NOT-FOR-US: Microsoft Color Management Module
CVE-2005-1218
	NOT-FOR-US: Microsoft Color Management Module
CVE-2005-1217
	RESERVED
CVE-2005-1216
	NOT-FOR-US: Microsoft
CVE-2005-1215
	NOT-FOR-US: Microsoft
CVE-2005-1214
	NOT-FOR-US: Microsoft
CVE-2005-1213
	NOT-FOR-US: Microsoft
CVE-2005-1212
	NOT-FOR-US: Microsoft
CVE-2005-1211
	NOT-FOR-US: Microsoft
CVE-2005-1210
	RESERVED
CVE-2005-1209
	RESERVED
CVE-2005-1208
	NOT-FOR-US: Microsoft
CVE-2005-1207
	NOT-FOR-US: Microsoft
CVE-2005-1206
	NOT-FOR-US: Microsoft
CVE-2005-1205
	NOT-FOR-US: Microsoft
CVE-2005-XXXX [libpam-ssh: Inproper caching of pwd data with potential security implications]
	- libpam-ssh 1.91.0-9
CVE-2005-1204
	NOT-FOR-US: Desktop Rover
CVE-2005-1203
	- egroupware 1.0.0.007-2.dfsg-1
CVE-2005-1202
	- egroupware 1.0.0.007-2.dfsg-1
CVE-2005-1201
	NOT-FOR-US: AZbb
CVE-2005-1200
	NOT-FOR-US: AZbb
CVE-2005-1199
	NOT-FOR-US: UBB.threads
CVE-2005-1198
	NOT-FOR-US: Anaconda Foundation Directory
CVE-2005-1197
	NOT-FOR-US: Oracle
CVE-2005-1196
	NOT-FOR-US: PHPBB Knowledgebase Mod
CVE-2005-1195
	- xine-lib 1.0.1-1
	- mplayer <not-affected> (fixed in 1.0-pre7, which was released before etch)
CVE-2005-1194
	- nasm 0.98.38-1.2 (bug #309049)
CVE-2005-1193
	- phpbb2 2.0.13-6sarge1 (medium)
CVE-2005-1192
	NOT-FOR-US: HP-UX
CVE-2005-1191
	NOT-FOR-US: Windows
CVE-2005-1190
	NOT-FOR-US: WebcamXP
CVE-2005-1189
	NOT-FOR-US: WebcamXP
CVE-2005-1188
	NOT-FOR-US: ComersusCart
CVE-2005-1187
	NOT-FOR-US: WinHex
CVE-2005-1186
	NOT-FOR-US: Musicmatch
CVE-2005-1185
	NOT-FOR-US: Musicmatch
CVE-2005-1184
	NOT-FOR-US: Apparently bogus report. at least on Linux it couldn't be reproduced
CVE-2005-1183
	NOT-FOR-US: mvnForum
CVE-2005-1182
	NOT-FOR-US: iSeries OS
CVE-2005-1181
	NOT-FOR-US: Ariadne CMS
CVE-2005-1180
	NOT-FOR-US: PHP-Nuke
CVE-2005-1179
	NOT-FOR-US: Xerox
CVE-2005-1178
	NOT-FOR-US: Oracle
CVE-2005-1177
	- webmin <not-affected>
	NOTE: I haven't found further information on this, but this appears to only
	NOTE: affect non-Debian setups
CVE-2005-1176
	NOT-FOR-US: AIX
CVE-2005-1175
	{DSA-757-1}
	- krb5 1.3.6-4 (bug #318437; medium)
CVE-2005-1174
	{DSA-757-1}
	- krb5 1.3.6-4 (bug #318437; medium)
CVE-2005-1173
	NOT-FOR-US: PMSoftware Simple Web Server
CVE-2005-1172
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2005-1171
	NOT-FOR-US: moddb phpbb2 add-on
CVE-2005-1170
	NOT-FOR-US: moddb phpbb2 add-on
CVE-2005-1169
	NOT-FOR-US: Mafia Blog
CVE-2005-1168
	NOT-FOR-US: Musicmatch
CVE-2005-1167
	NOT-FOR-US: Musicmatch
CVE-2005-1166
	NOT-FOR-US: Dameware
CVE-2005-1165
	NOT-FOR-US: Yager game
CVE-2005-1164
	NOT-FOR-US: Yager game
CVE-2005-1163
	NOT-FOR-US: Yager game
CVE-2005-1162
	NOT-FOR-US: OneWorldStore
CVE-2005-1161
	NOT-FOR-US: OneWorldStore
CVE-2005-1160
	{DSA-781-1}
	- mozilla-firefox 1.0.3-1
	- mozilla 2:1.7.7-1
	- mozilla-thunderbird 1.0.6-1 (bug #318728; high)
CVE-2005-1159
	{DSA-781-1}
	- mozilla-firefox 1.0.3-1
	- mozilla 2:1.7.7-1
	- mozilla-thunderbird 1.0.6-1 (bug #318728; medium)
CVE-2005-1158
	- mozilla-firefox 1.0.3-1
CVE-2005-1157
	- mozilla-firefox 1.0.3-1
	- mozilla 2:1.7.7-1
CVE-2005-1156
	- mozilla-firefox 1.0.3-1
	- mozilla 2:1.7.7-1
CVE-2005-1155
	- mozilla-firefox 1.0.3-1
	- mozilla 2:1.7.7-1
CVE-2005-1154
	- mozilla-firefox 1.0.3-1
	- mozilla 2:1.7.7-1
CVE-2005-1153
	- mozilla-firefox 1.0.3-1
	- mozilla 2:1.7.7-1
CVE-2005-1152
	{DSA-728-1}
	- qpopper 4.0.5-4sarge1
CVE-2005-1151
	{DSA-728-1}
	- qpopper 4.0.5-4sarge1
CVE-2005-1150
	NOT-FOR-US: Sun Java
CVE-2005-1149
	NOT-FOR-US: ACNews
CVE-2005-1148
	NOT-FOR-US: CalenderScript
CVE-2005-1147
	NOT-FOR-US: CalenderScript
CVE-2005-1146
	NOT-FOR-US: CalenderScript
CVE-2005-1145
	NOT-FOR-US: CalenderScript
CVE-2005-1144
	NOT-FOR-US: EasyPHPCalender
CVE-2005-1143
	NOT-FOR-US: EasyPHPCalender
CVE-2005-1142
	- gocr 0.39-5
CVE-2005-1141
	- gocr 0.39-5
CVE-2005-1140
	NOT-FOR-US: MyBloggie
CVE-2005-1139
	NOT-FOR-US: Opera
CVE-2005-1138
	NOT-FOR-US: Kerio
CVE-2005-1137
	NOT-FOR-US: sphpBlog
CVE-2005-1136
	NOT-FOR-US: sphpBlog
CVE-2005-1135
	NOT-FOR-US: sphpBlog
CVE-2005-1134
	NOT-FOR-US: Serendipity
CVE-2005-1133
	NOT-FOR-US: AS/400 system software
CVE-2005-1132
	NOT-FOR-US: LG mobile phone
CVE-2005-1131
	NOT-FOR-US: Veritas Focalpoint Server
CVE-2005-1130
	NOT-FOR-US: PinnacleCart
CVE-2005-1129
	- egroupware 1.0.0.007-2.dfsg-1
CVE-2005-1128
	NOT-FOR-US: VHCS
CVE-2005-1127
	{DSA-1122 DSA-1121}
	- libnet-server-perl 0.89-1 (bug #378640)
	NOTE: Net::Server was already fixed in 0.87-1, although the changelog doesn't mention
	NOTE: the security implication, which was noticed later. I've verified both fixes
	NOTE: are identical
	NOTE: but DSA-1122 thinks it was fixed in 0.89-1, so mark that version to make
	NOTE: scripts happy (at time of writing, 0.90-1 is in testing)
	- postgrey 1.22-1
CVE-2005-1126
	NOT-FOR-US: Free BSD
CVE-2005-1125
	- libsafe <removed>
CVE-2005-1124
	NOT-FOR-US: Solaris
CVE-2005-1123
	NOT-FOR-US: monkeyd
CVE-2005-1122
	NOT-FOR-US: monkeyd
CVE-2005-1121
	{DSA-726-1}
	- oops 1.5.23.cvs-2.2 (bug #307360; high)
CVE-2005-1120
	{DSA-1010-1}
	- ilohamail 0.8.14-0rc3sarge1 (bug #304525; medium)
CVE-2005-1119
	- sudo <unfixed> (bug #283161; unimportant)
	NOTE: That's a policy violation, but not a security problem
CVE-2005-1118
	NOT-FOR-US: RSA authentication agent
CVE-2005-1117
	NOT-FOR-US: All4WWW Homepage creator
CVE-2005-1116
	NOT-FOR-US: phpbb2 calendar addon
CVE-2005-1115
	NOT-FOR-US: Photo Album
CVE-2005-1114
	NOT-FOR-US: Photo Album
CVE-2005-1113
	NOT-FOR-US: PhpBB Plus
CVE-2005-1112
	NOT-FOR-US: IBM Websphere
CVE-2005-1111
	{DSA-846-1}
	- cpio 2.6-6 (bug #305372; low)
CVE-2005-1110
	NOT-FOR-US: Sumus web server
CVE-2005-1109
	{DSA-713-1}
	- junkbuster <removed> (bug #304793)
	- privoxy <not-affected>
CVE-2005-1108
	{DSA-713-1}
	- junkbuster <removed>
	- privoxy <not-affected>
CVE-2005-1107
	NOT-FOR-US: McAfee
CVE-2005-XXXX [Remote DoS vulnerabilities in postgrey]
	- postgrey 1.21-1
CVE-2005-1106
	NOT-FOR-US: Windows
CVE-2005-1105
	- libgnumail-java <unfixed> (bug #304712; unimportant)
	NOTE: This just provides an Java API function to receive a file name, sanitising
	NOTE: this file name for further use must be done inside the application calling
	NOTE: the function
CVE-2005-1104
	NOT-FOR-US: Centra
CVE-2005-1103
	NOT-FOR-US: Sygate Secure Enterprise
CVE-2005-1102
	NOTE: Upstream developers don't consider this an issue, see bug #304468
CVE-2005-1101
	NOT-FOR-US: Lotus Domino Server
CVE-2005-1100
	- postfix-gld 1.5-1
CVE-2005-1099
	- postfix-gld 1.5-1
CVE-2005-1098
	NOT-FOR-US: GetDataBack for NTFS (Windows)
CVE-2005-1097
	NOT-FOR-US: Rebrand P2P Share Spy
CVE-2005-1096
	NOT-FOR-US: Ocean12 Membership Manager Pro
CVE-2005-1095
	NOT-FOR-US: Ocean12 Membership Manager Pro
CVE-2005-1094
	NOT-FOR-US: FTP Now
CVE-2005-1093
	NOT-FOR-US: Miranda IM
CVE-2005-1092
	NOT-FOR-US: DeluxeFTP
CVE-2005-1091
	NOT-FOR-US: Maxthon
CVE-2005-1090
	NOT-FOR-US: Maxthon
CVE-2005-1089
	NOT-FOR-US: DC++
CVE-2005-1088
	NOT-FOR-US: DameWare NT Utilities and Mini Remote Control
CVE-2005-1087
	NOT-FOR-US: AN HTTPD
CVE-2005-1086
	NOT-FOR-US: AN HTTPD
CVE-2005-1085
	NOT-FOR-US: aeDating
CVE-2005-1084
	NOT-FOR-US: aeDating
CVE-2005-1083
	NOT-FOR-US: aeDating
CVE-2005-1082
	NOT-FOR-US: AtDGDatingPlatinum
CVE-2005-1081
	NOT-FOR-US: AtDGDatingPlatinum
CVE-2005-1080
	NOT-FOR-US: JAR in J2SE SDK
CVE-2005-1079
	NOT-FOR-US: zOOm Media Gallery
CVE-2005-1078
	NOT-FOR-US: XAMPP Apache distribution specific issue
CVE-2005-1077
	NOT-FOR-US: XAMPP Apache distribution specific issue
CVE-2005-1076
	NOT-FOR-US: WebCT
CVE-2005-1075
	NOT-FOR-US: RadScripts RadBids Gold
CVE-2005-1074
	NOT-FOR-US: RadScripts RadBids Gold
CVE-2005-1073
	NOT-FOR-US: RadScripts RadBids Gold
CVE-2005-1072
	NOT-FOR-US: PunBB
CVE-2005-1071
	NOT-FOR-US: JPortal
CVE-2005-1070
	NOT-FOR-US: Invision Power Board
CVE-2005-1069
	NOT-FOR-US: sCssBoard
CVE-2005-1068
	NOT-FOR-US: sCssBoard
CVE-2005-1067
	NOT-FOR-US: Access_user class
CVE-2005-1066
	- pine 4.63-1 (unimportant)
	- alpine <not-affected> (alpine is based on pine 4.64, this bug was in a previous version of pine)
	NOTE: Not shipped in the binary package
CVE-2005-1065
	- tetex-base <not-affected> (/var/cache/fonts is not writable by normal users in Debian)
CVE-2005-1064
	- rsnapshot 1.2.1-1
CVE-2005-1063
	NOT-FOR-US: Kerio
CVE-2005-1062
	NOT-FOR-US: Kerio
CVE-2005-1061
	- logwatch 5.0-1
CVE-2005-1060
	NOT-FOR-US: Novell Netware
CVE-2005-1059
	NOT-FOR-US: Linksys WET11
CVE-2005-1058
	NOT-FOR-US: Cisco
CVE-2005-1057
	NOT-FOR-US: Cisco
CVE-2005-1056
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2005-1055
	NOT-FOR-US: TowerBlog
CVE-2005-1054
	NOT-FOR-US: ModernBill
CVE-2005-1053
	NOT-FOR-US: ModernBill
CVE-2005-1052
	NOT-FOR-US: Microsoft
CVE-2005-1051
	NOT-FOR-US: PunBB
CVE-2005-1050
	NOT-FOR-US: PostNuke
CVE-2005-1049
	NOT-FOR-US: PostNuke
CVE-2005-1048
	NOT-FOR-US: PostNuke
CVE-2005-1047
	NOT-FOR-US: PunBB
CVE-2005-1046
	{DSA-714-1}
	- kdelibs 4:3.3.2-6
CVE-2005-1045
	NOT-FOR-US: OpenText
CVE-2005-1044
	REJECTED
CVE-2005-1043
	- php4 4:4.3.10-10 (bug #306003)
CVE-2005-1042
	- php4 4:4.3.10-10 (bug #306003)
CVE-2005-1041
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.5)
	[sarge] - kernel-source-2.6.8 2.6.8-16
	- kernel-source-2.4.27 <not-affected>
CVE-2005-1040
	- netapplet <not-affected> (Not vulnerable, see bug #310833)
CVE-2005-1039
	- coreutils 6.10-1 (bug #304556; unimportant)
	NOTE: Minor issue, generic UNIX design issue, see discussion in #304556)
CVE-2005-1038
	NOTE: long fixed in Debian's cron
CVE-2005-1037
	NOT-FOR-US: AIX
CVE-2005-1036
	NOT-FOR-US: FreeBSD
CVE-2005-1035
	- pavuk 0.9.32-1
CVE-2005-1034
	NOT-FOR-US: SurgeFTP
CVE-2005-1033
	NOT-FOR-US: CubeCart
CVE-2005-1032
	REJECTED
CVE-2005-1031
	NOT-FOR-US: exoops
CVE-2005-1030
	NOT-FOR-US: Active Auction House
CVE-2005-1029
	NOT-FOR-US: Active Auction House
CVE-2005-1028
	NOT-FOR-US: PHP-Nuke
CVE-2005-1027
	NOT-FOR-US: PHP-Nuke
CVE-2005-1026
	NOT-FOR-US: SnailSource phpBB mod
CVE-2005-1025
	NOT-FOR-US: IBM
CVE-2005-1024
	NOT-FOR-US: PHP-Nuke
CVE-2005-1023
	NOT-FOR-US: PHP-Nuke
CVE-2005-1022
	NOT-FOR-US: ColdFusion
CVE-2005-1021
	NOT-FOR-US: IOS
CVE-2005-1020
	NOT-FOR-US: IOS
CVE-2005-1019
	NOT-FOR-US: Aeon
CVE-2005-1018
	NOT-FOR-US: CA ArcServe Backup
CVE-2005-XXXX [Some security issues in mod_security]
	NOTE: I don't understand mod_security fully, so I'm not entirely sure which of
	NOTE: the changelog entries matches the security criteria, but the changelog
	NOTE: claims so.
	- libapache-mod-security 1.8.7-1
CVE-2005-XXXX [imms: Arbitrary command execution through inproper filename escaping]
	NOTE: Already fixed in 2.0.1-3.1, but 2.0.3 claims to have a better fix
	- imms 2.0.3-1
CVE-2005-XXXX [Variable function calls in Smarty allow bypassing security settings]
	- smarty 2.6.9-1
CVE-2005-XXXX [Possible problem with insecure usage of sscanf in obexftp client]
	- obexftp 0.10.7-3
CVE-2005-1017
	NOT-FOR-US: MaxWebPortal
CVE-2005-1016
	NOT-FOR-US: MaxWebPortal
CVE-2005-1015
	NOT-FOR-US: MailEnable
CVE-2005-1014
	NOT-FOR-US: MailEnable
CVE-2005-1013
	NOT-FOR-US: MailEnable
CVE-2005-1012
	NOT-FOR-US: SiteEnable
CVE-2005-1011
	NOT-FOR-US: SiteEnable
CVE-2005-1010
	NOT-FOR-US: ComersusCart
CVE-2005-1009
	NOT-FOR-US: NetVault
CVE-2005-1008
	NOT-FOR-US: XM Forum
CVE-2005-1007
	NOT-FOR-US: CommuniGate Pro
CVE-2005-1006
	NOT-FOR-US: SonicWALL
CVE-2005-1005
	NOT-FOR-US: PayProCart
CVE-2005-1004
	NOT-FOR-US: PayProCart
CVE-2005-1003
	NOT-FOR-US: PayProCart
CVE-2005-1002
	NOT-FOR-US: LOG-FT File Transfer
CVE-2005-1001
	NOT-FOR-US: PHP-Nuke
CVE-2005-1000
	NOT-FOR-US: PHP-Nuke
CVE-2005-0999
	NOT-FOR-US: PHP-Nuke
CVE-2005-0998
	NOT-FOR-US: PHP-Nuke
CVE-2005-0997
	NOT-FOR-US: PHP-Nuke
CVE-2005-0996
	NOT-FOR-US: PHP-Nuke
CVE-2005-0995
	NOT-FOR-US: ProductCart
CVE-2005-0994
	NOT-FOR-US: ProductCart
CVE-2005-0993
	NOT-FOR-US: SCO
CVE-2005-0992
	- phpmyadmin 3:2.6.2-rc1-1
CVE-2005-0991
	NOT-FOR-US: AIX
CVE-2005-0990
	- sharutils 1:4.2.1-13
CVE-2005-0989
	{DSA-781-1}
	- mozilla 2:1.7.7-1 (bug #306001)
	- mozilla-firefox 1.0.2-3
	- mozilla-thunderbird 1.0.6-1 (bug #318728; medium)
CVE-2005-0988
	{DSA-752-1}
	- gzip 1.3.5-10
CVE-2005-0987
	NOT-FOR-US: IRC Services NickServ
CVE-2005-0986
	NOT-FOR-US: Lotus Domino
CVE-2005-0985
	NOT-FOR-US: Apple
CVE-2005-0984
	NOT-FOR-US: Star Wars game
CVE-2005-0983
	NOT-FOR-US: Quake 3 based games
CVE-2005-0982
	NOT-FOR-US: Yet Another Forum.net
CVE-2005-0981
	NOT-FOR-US: Alstrasoft EPay
CVE-2005-0980
	NOT-FOR-US: Alstrasoft EPay
CVE-2005-0979
	NOT-FOR-US: Rumba
CVE-2005-0978
	NOT-FOR-US: IVT BlueSoleil
CVE-2005-0977
	[sarge] - kernel-source-2.6.8 2.6.8-16 (bug #303177)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
CVE-2005-0976
	NOT-FOR-US: Apple
CVE-2005-0975
	NOT-FOR-US: Apple
CVE-2005-0974
	NOT-FOR-US: Apple
CVE-2005-0973
	NOT-FOR-US: Apple
CVE-2005-0972
	NOT-FOR-US: Apple
CVE-2005-0971
	NOT-FOR-US: Apple
CVE-2005-0970
	NOT-FOR-US: Apple
CVE-2005-0969
	NOT-FOR-US: Apple
CVE-2005-0968
	NOT-FOR-US: CA eTrust IDS
CVE-2005-0967
	- gaim 1:1.2.1-1
CVE-2005-XXXX [Insecure tempfile handling in openwebmail CGI scripts]
	- openwebmail <removed>
CVE-2005-0966
	- gaim 1:1.2.1-1 (bug #303581)
CVE-2005-0965
	- gaim 1:1.2.1-1 (bug #303581)
CVE-2005-0964
	NOT-FOR-US: Kerio firewall
CVE-2005-0963
	NOT-FOR-US: ACPI BIOS hardware issue
CVE-2005-0962
	NOT-FOR-US: SquirrelCart
CVE-2005-0961
	- horde3 3.0.4-1
	- horde2 2.2.8-1
CVE-2005-0960
	NOT-FOR-US: OpenBSD
CVE-2005-0959
	NOT-FOR-US: YepYep mtftpd
CVE-2005-0958
	NOT-FOR-US: YepYep mtftpd
CVE-2005-0957
	NOT-FOR-US: BayTech RPC
CVE-2005-0956
	NOT-FOR-US: InterAKT MX Kart
CVE-2005-0955
	NOT-FOR-US: InterAKT MX Shop
CVE-2005-0954
	NOT-FOR-US: Windows
CVE-2005-0953
	{DSA-730-1}
	- bzip2 1.0.2-6
	NOTE: This "vulnerability" is only exploitable under rarest circumstances: A (local)
	NOTE: attacker would have to exploit the minimal time span between uncompressing
	NOTE: the file and chmodding it to delete the file and place a hardlink to another
	NOTE: file of the "attacked" user. Additionally the attacker needs write permissions
	NOTE: to the directory where the file is being uncompressed, ruling out /~ etc.
CVE-2005-0952
	NOT-FOR-US: PafileDB
CVE-2005-0951
	REJECTED
CVE-2005-0950
	NOT-FOR-US: FastStone 4in1 Browser
CVE-2005-0949
	NOT-FOR-US: PortalApp
CVE-2005-0948
	NOT-FOR-US: PortalApp
CVE-2005-0947
	NOT-FOR-US: phpCoin
CVE-2005-0946
	NOT-FOR-US: phpCoin
CVE-2005-0945
	NOT-FOR-US: ACS Blog
CVE-2005-0944
	NOT-FOR-US: Microsoft
CVE-2005-0943
	NOT-FOR-US: Cisco
CVE-2005-0942
	NOT-FOR-US: Sybase ASE
CVE-2005-0941
	- openoffice.org 1.1.3-9
CVE-2005-0939
	RESERVED
CVE-2005-0938
	NOT-FOR-US: UBlog
CVE-2005-0937
	- kernel-source-2.6.8 2.6.8-16
CVE-2005-XXXX [Several DoS possibilities of clients against the server in Freeciv]
	- freeciv 2.0.1-1
CVE-2005-XXXX [mailscanner: lock/pid file location symlink attack]
	- mailscanner 4.40.11-1
CVE-2005-XXXX [KDE Kopete ICQ remote DoS]
	- kdenetwork 4:3.3.2-2
CVE-2005-0936
	NOT-FOR-US: ESMI PayPal Storefront
CVE-2005-0935
	NOT-FOR-US: ESMI PayPal Storefront
CVE-2005-0934
	NOT-FOR-US: WackoWiki
CVE-2005-0933
	NOT-FOR-US: phpCOIN
CVE-2005-0932
	NOT-FOR-US: phpCOIN
CVE-2005-0931
	NOT-FOR-US: The Includer
CVE-2005-0930
	NOT-FOR-US: Chatness
CVE-2005-0929
	NOT-FOR-US: PhotoPost PHP Pro
CVE-2005-0928
	NOT-FOR-US: PhotoPost PHP Pro
CVE-2005-0927
	NOT-FOR-US: WebAPP
CVE-2005-0926
	- sylpheed 1.0.4-1
	- sylpheed-claws 1.0.4-1
CVE-2005-0925
	NOT-FOR-US: Uapplication Ublog
CVE-2005-0924
	NOT-FOR-US: Adventia E-Data
CVE-2005-0923
	NOT-FOR-US: Norton AntiVirus
CVE-2005-0922
	NOT-FOR-US: Norton AntiVirus
CVE-2005-0921
	NOT-FOR-US: Lotus
CVE-2005-0920
	NOT-FOR-US: Bugtracker.NET
CVE-2005-0919
	NOT-FOR-US: Adventia E-Data
CVE-2005-0918
	NOT-FOR-US: Adobe SVG Viewer
CVE-2005-0917
	NOT-FOR-US: EncapsBB
CVE-2005-0916
	- kernel-source-2.6.8 2.6.8-16
	- kernel-source-2.4.27 <not-affected>
	- linux-2.6 <not-affected> (Fixed before upload into archive)
CVE-2005-0915
	NOT-FOR-US: Webmasters-Debutants WD Guestbook
CVE-2005-0914
	NOT-FOR-US: CPG Dragonfly
CVE-2005-0913
	- smarty 2.6.8-1
CVE-2005-0912
	NOT-FOR-US: deplate
CVE-2005-0911
	NOT-FOR-US: exoops
CVE-2005-0910
	NOT-FOR-US: exoops
CVE-2005-0909
	NOT-FOR-US: THai's Shoutbox
CVE-2005-0908
	NOT-FOR-US: Valdersoft Shopping Cart
CVE-2005-0907
	NOT-FOR-US: Valdersoft Shopping Cart
CVE-2005-0906
	NOT-FOR-US: Tincat network library
CVE-2005-0905
	NOT-FOR-US: Maxthon
CVE-2005-0904
	NOT-FOR-US: Microsoft
CVE-2005-0903
	NOT-FOR-US: QuickTime PictureViewer
CVE-2005-0902
	NOT-FOR-US: NukeBookmarks for php-nuke
CVE-2005-0901
	NOT-FOR-US: NukeBookmarks for php-nuke
CVE-2005-0900
	NOT-FOR-US: NukeBookmarks for php-nuke
CVE-2005-0899
	NOT-FOR-US: AS/400 running OS400
CVE-2005-0898
	NOT-FOR-US: E-Store Kit-2 PayPal Edition
CVE-2005-0897
	NOT-FOR-US: E-Store Kit-2 PayPal Edition
CVE-2005-0896
	NOT-FOR-US: phpMyDirectory
CVE-2005-0895
	NOT-FOR-US: Netcomm 1300NB DSL Modem
CVE-2005-0894
	- openmosixview 1.5-7
CVE-2005-0893
	- smail <removed> (bug #335042; unimportant)
	NOTE: cording to upstream impossible to exploit
CVE-2005-0892
	{DSA-722-1}
	- smail 3.2.0.115-7 (bug #301428; high)
CVE-2005-0891
	NOTE: The description is wrong; 2.6 is affected as well
	- gtk+2.0 2.6.4-1
	- gdk-pixbuf 0.22.0-7.1
CVE-2005-0890
	NOT-FOR-US: Dream4 Koobi CMS
CVE-2005-0889
	NOT-FOR-US: Dream4 Koobi CMS
CVE-2005-0888
	- dcl <not-affected> (Vulnerable code not present, affected dcl "Double Choco Latte")
	NOTE: Until 2008 src:dcl was for the source for "Double Choco Latte". On
	NOTE: 2017-08-30 an unrelated source took over the source package name dcl.
	NOTE: Original issue fixed in dcl/1:0.9.4.4-1
CVE-2005-0887
	- dcl <not-affected> (Vulnerable code not present, affected dcl "Double Choco Latte")
	NOTE: Until 2008 src:dcl was for the source for "Double Choco Latte". On
	NOTE: 2017-08-30 an unrelated source took over the source package name dcl.
	NOTE: Original issue fixed in dcl/1:0.9.4.4-1
CVE-2005-0886
	NOT-FOR-US: Invision Power Board
CVE-2005-0885
	NOT-FOR-US: XMB Forum
CVE-2005-0884
	NOT-FOR-US: DigitalHive
CVE-2005-0883
	NOT-FOR-US: DigitalHive
CVE-2005-0882
	NOT-FOR-US: BirdBlog
CVE-2005-0881
	NOT-FOR-US: Interspire ArticleLive
CVE-2005-0880
	NOT-FOR-US: Vortex Portal
CVE-2005-0879
	NOT-FOR-US: Vortex Portal
CVE-2005-0878
	NOT-FOR-US: MercuryBoard
CVE-2005-0877
	- dnsmasq 2.21
CVE-2005-0876
	- dnsmasq 2.21
CVE-2005-0875
	NOT-FOR-US: Cerulean Trillian
CVE-2005-0874
	NOT-FOR-US: Cerulean Trillian
CVE-2005-0873
	NOT-FOR-US: Oracle
CVE-2005-0872
	NOT-FOR-US: Topic Calendar phpbb2 plugin
CVE-2005-0871
	NOT-FOR-US: Topic Calendar phpbb2 plugin
CVE-2005-0870
	{DSA-899-1 DSA-898-1 DSA-897-1 DSA-724-1}
	NOTE: Fix in phpsysinfo 2.3-3 was apparently incomplete.
	- phpsysinfo 2.3-7
	- egroupware 1.0.0.009.dfsg-3-3
	- phpgroupware 0.9.16.008-2
CVE-2005-0869
	- phpsysinfo 2.3-3 (bug #301118; unimportant)
CVE-2005-0868
	- tn5250 <not-affected> (cannot find STRPCO or STRPCCMD in tn5250)
CVE-2005-0867
	- kernel-source-2.4.27 <not-affected> (kernel 2.4 doesn't have sysfs)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	[sarge] - kernel-source-2.6.8 <not-affected> (Not vulnerable, see #306137)
CVE-2005-0866
	- cdrtools 4:2.01+01a01-4 (bug #291376; low)
	[sarge] - cdrtools <no-dsa> (Only exploitable in rare debugging mode)
	[woody] - cdrtools <no-dsa> (Only exploitable in rare debugging mode)
CVE-2005-0865
	NOT-FOR-US: Samsung ADSL modems
CVE-2005-0864
	NOT-FOR-US: Samsung ASDL modems, Debian's boa has been fixed years ago
CVE-2005-0863
	NOT-FOR-US: PHPOpenChat
CVE-2005-0862
	NOT-FOR-US: PHPOpenChat
CVE-2005-0861
	NOT-FOR-US: Delegate
CVE-2005-0860
	NOT-FOR-US: TRG News Script
CVE-2005-0859
	NOT-FOR-US: CzarNews
CVE-2005-0858
	NOT-FOR-US: CoolForum
CVE-2005-0857
	NOT-FOR-US: CoolForum
CVE-2005-0856
	NOT-FOR-US: CoolForum
CVE-2005-0855
	NOT-FOR-US: CoolForum
CVE-2005-0854
	NOT-FOR-US: betaparticle blog
CVE-2005-0853
	NOT-FOR-US: betaparticle blog
CVE-2005-0852
	NOT-FOR-US: Microsoft Windows
CVE-2005-0851
	NOT-FOR-US: FileZilla FTP server
CVE-2005-0850
	NOT-FOR-US: FileZilla FTP server
CVE-2005-0849
	NOT-FOR-US: Multiple commercial games by FUN Labs
CVE-2005-0848
	NOT-FOR-US: Multiple commercial games by FUN Labs
CVE-2005-0847
	NOT-FOR-US: Code Ocean FTP Server
CVE-2005-0846
	NOT-FOR-US: SurgeMail
CVE-2005-0845
	NOT-FOR-US: SurgeMail
CVE-2005-0844
	NOT-FOR-US: Nortel Contivity
CVE-2005-0843
	NOT-FOR-US: Phorum
CVE-2005-0842
	NOT-FOR-US: Kayako eSupport
CVE-2005-0841
	NOT-FOR-US: phpmyfamily
CVE-2005-0840
	REJECTED
CVE-2005-0839
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
	[sarge] - kernel-source-2.6.8 2.6.8-16
CVE-2005-0838
	- icecast2 <unfixed> (bug #301368; unimportant)
	NOTE: According to upstream a non-issue
CVE-2005-0837
	- icecast2 <unfixed> (bug #301368; unimportant)
	NOTE: According to upstream a non-issue
CVE-2005-0836
	NOT-FOR-US: Java Web Start for proprietary Sun Java
CVE-2005-0835
	NOT-FOR-US: Belkin 54G router
CVE-2005-0834
	NOT-FOR-US: Belkin 54G router
CVE-2005-0833
	NOT-FOR-US: Belkin 54G router
CVE-2005-0832
	NOT-FOR-US: PHP-Post
CVE-2005-0831
	NOT-FOR-US: PHP-Post
CVE-2005-0830
	NOT-FOR-US: Xzabite DynDNS Updater
CVE-2005-0829
	NOT-FOR-US: PHP-Fusion Addon
CVE-2005-0828
	NOT-FOR-US: e-Xoops based products
CVE-2005-0827
	NOT-FOR-US: e-Xoops based products
CVE-2005-0826
	NOT-FOR-US: OllyDbg MS Windows debugger
CVE-2005-0825
	- ltris 1.0.6-1.1 (bug #291620)
CVE-2005-0824
	- mathopd 1.5p5-1
CVE-2005-XXXX [Various /tmp related security issues in cernlib]
	- cernlib 2004.11.04-3
CVE-2005-0823
	NOT-FOR-US: iSnooker
CVE-2005-0822
	NOT-FOR-US: Citrix
CVE-2005-0821
	NOT-FOR-US: Citrix
CVE-2005-0820
	NOT-FOR-US: MS Office
CVE-2005-0819
	NOT-FOR-US: Novell Netware
CVE-2005-0818
	NOT-FOR-US: Pun BB
CVE-2005-0817
	NOT-FOR-US: Symantec Gateway
CVE-2005-0816
	NOT-FOR-US: Solaris
CVE-2005-0815
	- kernel-source-2.4.27 2.4.27-10 (bug #300783; medium)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc1)
	[sarge] - kernel-source-2.6.8 2.6.8-16
CVE-2005-0814
	{DSA-717-1}
	- lsh-utils 2.0.1-1
CVE-2005-0813
	NOT-FOR-US: ir
CVE-2005-0812
	NOT-FOR-US: NotifyLink
CVE-2005-0811
	NOT-FOR-US: NotifyLink
CVE-2005-0810
	NOT-FOR-US: NotifyLink
CVE-2005-0809
	NOT-FOR-US: NotifyLink
CVE-2005-0808
	NOT-FOR-US: Does not affect Tomcat 4.x according to http://www.securityfocus.com/bid/12795/info/
CVE-2005-0807
	NOT-FOR-US: Cain &amp; Abel
CVE-2005-0806
	- evolution 2.0.4-2
CVE-2005-0805
	NOT-FOR-US: Subdreamer
CVE-2005-0804
	NOT-FOR-US: MailEnable
CVE-2005-0803
	NOT-FOR-US: Windows
CVE-2005-0802
	NOT-FOR-US: ACS Blog
CVE-2005-0801
	NOT-FOR-US: The Includer
CVE-2005-0800
	NOT-FOR-US: mcNews
CVE-2005-0799
	NOT-FOR-US: MySQL on Windows
CVE-2005-0798
	NOT-FOR-US: Novell iChain
CVE-2005-0797
	NOT-FOR-US: Novell iChain
CVE-2005-0796
	NOT-FOR-US: Hola CMS
CVE-2005-0795
	NOT-FOR-US: Hola CMS
CVE-2005-0794
	NOT-FOR-US: ZPanel
CVE-2005-0793
	NOT-FOR-US: ZPanel
CVE-2005-0792
	NOT-FOR-US: ZPanel
CVE-2005-0791
	NOT-FOR-US: phpAdsNew
CVE-2005-0790
	NOT-FOR-US: phpAdsNew
CVE-2005-0786
	NOT-FOR-US: SimpGB
CVE-2005-0785
	NOT-FOR-US: YaBB
CVE-2005-0784
	NOT-FOR-US: Phorum
CVE-2005-0783
	NOT-FOR-US: Phorum
CVE-2005-0782
	NOT-FOR-US: paFileDB
CVE-2005-0781
	NOT-FOR-US: paFileDB
CVE-2005-0780
	NOT-FOR-US: paFileDB
CVE-2005-0779
	NOT-FOR-US: PlatinumFTP
CVE-2005-0778
	NOT-FOR-US: PhotoPost
CVE-2005-0777
	NOT-FOR-US: PhotoPost
CVE-2005-0776
	NOT-FOR-US: PhotoPost
CVE-2005-0775
	NOT-FOR-US: PhotoPost
CVE-2005-0774
	NOT-FOR-US: PhotoPost
CVE-2005-0773
	NOT-FOR-US: VERITAS Backup Exec
CVE-2005-0772
	NOT-FOR-US: VERITAS Backup Exec
CVE-2005-0771
	NOT-FOR-US: VERITAS Backup Exec
CVE-2005-0770
	NOT-FOR-US: IDA Pro
CVE-2005-0768
	NOT-FOR-US: GoodTech Telnet Server
CVE-2005-0767
	- kernel-source-2.6.8 2.6.8-15
CVE-2005-0766
	- ethereal 0.10.10-1
CVE-2005-0765
	- ethereal 0.10.10-1
CVE-2005-0764
	- rxvt-unicode 5.3-1
CVE-2005-0763
	{DSA-698-1}
	- mc 1:4.6.0-4.6.1-pre3-1
	NOTE: Sarge-specific regression correcting a previous DSA.
CVE-2005-0762
	{DSA-702-1}
	- imagemagick 5:6.0.0-1
	NOTE: Does only affect imagemagick releases prior to 6
CVE-2005-0761
	- imagemagick 5:6.0.2.5 (bug #301110)
CVE-2005-0760
	{DSA-702-1}
	- imagemagick 5:6.0.0-1
	NOTE: Does only affect imagemagick releases prior to 6
CVE-2005-0759
	{DSA-702-1}
	- imagemagick 5:6.0.0-1
	NOTE: Does only affect imagemagick releases prior to 6
CVE-2005-0758
	NOTE: see http://bugs.gentoo.org/show_bug.cgi?id=90626
	- gzip 1.3.5-10 (low)
	- bzip2 1.0.2-8.1 (bug #321286; low)
	[sarge] - bzip2 <no-dsa> (Minor issue)
CVE-2005-0757
	{DSA-922-1 DSA-921-1}
	- kernel-source-2.4.27 2.4.27-11 (bug #311164)
	- linux-2.6 <not-affected> (Fixed before upload in archive)
CVE-2005-0756
	{DSA-922-1 DSA-921-1}
	- kernel-source-2.4.27 2.4.27-11 (medium)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc5)
CVE-2005-0755
	- helix-player 1.0.4-1
CVE-2005-0754
	- kdewebdev 1:3.3.2-6
CVE-2005-0753
	{DSA-742-1}
	- cvs 1:1.12.9-13
CVE-2005-0752
	- mozilla-firefox 1.0.3-1
CVE-2005-0751
	REJECTED
CVE-2005-0750
	- kernel-source-2.4.27 2.4.27-10
	[sarge] - kernel-source-2.6.8 2.6.8-16
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.5)
CVE-2005-0749
	[sarge] - kernel-source-2.6.8 2.6.8-16
	- kernel-source-2.4.27 2.4.27-10
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.6)
CVE-2005-XXXX [Connection related DoS possibility in OmniORB 4]
	- omniorb4 4.0.5-2
CVE-2005-0789
	NOT-FOR-US: not part of Woody, has been removed from sarge/sid
CVE-2005-0788
	NOT-FOR-US: Limewire has been removed from Sarge and sid, was never part of stable
CVE-2005-0787
	- wine 0.0.20050310-1.1
CVE-2005-0769
	- openslp 1.0.11a-2
CVE-2005-0748
	NOT-FOR-US: WEBInsta
CVE-2005-0747
	NOT-FOR-US: ApplyYourself
CVE-2005-0746
	NOT-FOR-US: Novell iChain
CVE-2005-0745
	NOT-FOR-US: UTStarcom iAN-02EX VoIP Analog Terminal Adaptor
CVE-2005-0744
	NOT-FOR-US: Novell iChain
CVE-2005-0743
	NOT-FOR-US: Xoops
CVE-2005-0742
	NOT-FOR-US: Sun Java System Application Server
CVE-2005-0741
	NOT-FOR-US: YaBB
CVE-2005-0740
	NOT-FOR-US: OpenBSD
CVE-2005-0739
	{DSA-718-1}
	- ethereal 0.10.10-1
CVE-2005-0738
	NOT-FOR-US: Microsoft
CVE-2005-0737
	NOT-FOR-US: Yahoo Messenger
CVE-2005-0736
	- kernel-source-2.4.27 <not-affected> (There is no epoll in kernel 2.4)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.1)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0735
	NOT-FOR-US: newsscript
CVE-2005-0734
	NOT-FOR-US: PY Software Active Webcam WebServer
CVE-2005-0733
	NOT-FOR-US: PY Software Active Webcam WebServer
CVE-2005-0732
	NOT-FOR-US: PY Software Active Webcam WebServer
CVE-2005-0731
	NOT-FOR-US: PY Software Active Webcam WebServer
CVE-2005-0730
	NOT-FOR-US: PY Software Active Webcam WebServer
CVE-2005-0729
	NOT-FOR-US: Xpand Rally
CVE-2005-0728
	REJECTED
CVE-2005-0727
	REJECTED
CVE-2005-0726
	NOT-FOR-US: UBB.threads
CVE-2005-0725
	NOT-FOR-US: wfsections
CVE-2005-0724
	NOT-FOR-US: paFileDB
CVE-2005-0723
	NOT-FOR-US: paFileDB
CVE-2005-0722
	NOT-FOR-US: eXPerience2
CVE-2005-0721
	NOT-FOR-US: eXPerience2
CVE-2005-0720
	NOT-FOR-US: mcNews
CVE-2005-0719
	NOT-FOR-US: Tru64
CVE-2005-0718
	- squid 2.5.8 (bug #305605)
CVE-2005-0717
	RESERVED
CVE-2005-0716
	NOT-FOR-US: Mac OS
CVE-2005-0715
	NOT-FOR-US: Mac OS
CVE-2005-0714
	REJECTED
CVE-2005-0713
	NOT-FOR-US: Mac OS
CVE-2005-0712
	NOT-FOR-US: Mac OS
CVE-2005-0711
	{DSA-707-1}
	- mysql-dfsg 4.0.24
	- mysql-dfsg-4.1 4.1.10a
CVE-2005-0710
	{DSA-707-1}
	- mysql-dfsg 4.0.24
	- mysql-dfsg-4.1 4.1.10a
CVE-2005-0709
	{DSA-707-1}
	- mysql-dfsg 4.0.24
	- mysql-dfsg-4.1 4.1.10a
CVE-2005-0708
	- kfreebsd-8 <not-affected> (Fixed before initial release; bug #613311)
	- kfreebsd-7 <not-affected> (Fixed before initial release; bug #613311)
CVE-2005-0707
	NOT-FOR-US: Ipswitch Collaboration Suite
CVE-2005-0706
	[sarge] - gnome-vfs2 <not-affected> (does not install the module with the vulnerable code)
	- grip 3.2.0-4 (low)
	- libcdaudio 0.99.9-2.1 (bug #304799; low)
	- gnome-vfs 1.0.5-5.1 (bug #305163; low)
	- gnome-vfs2 2.10.1-3
CVE-2005-0705
	- ethereal 0.10.10-1
CVE-2005-0704
	- ethereal 0.10.10-1
CVE-2005-0703
	NOT-FOR-US: Xerox MicroServer Web Server
CVE-2005-0702
	NOT-FOR-US: phpMyFAQ
CVE-2005-0701
	NOT-FOR-US: Oracle
CVE-2005-0700
	NOT-FOR-US: Aztek
CVE-2005-0699
	- ethereal 0.10.9-2
CVE-2005-0698
	NOT-FOR-US: PHPWebLog
CVE-2005-0697
	NOT-FOR-US: CopperExport
CVE-2005-0696
	NOT-FOR-US: ArGoSoft
CVE-2005-0695
	NOT-FOR-US: Hosting Controller
CVE-2005-0694
	NOT-FOR-US: Hosting Controller
CVE-2005-0693
	NOT-FOR-US: JoWood Chaser (for Windows)
CVE-2005-0692
	NOT-FOR-US: PHP-Fusion
CVE-2005-0691
	NOT-FOR-US: SocialMPN
CVE-2005-0690
	NOT-FOR-US: Gene6 FTP Server for Win
CVE-2005-0689
	NOT-FOR-US: The Includer
CVE-2005-0688
	NOT-FOR-US: Windows
CVE-2005-0687
	- hashcash 1.17-1
CVE-2005-0686
	- mlterm 2.9.2 (bug #298621)
CVE-2005-0685
	NOT-FOR-US: OutStart Participate Enterprise
CVE-2005-0684
	- maxdb-7.5.00 7.5.00.24-3
CVE-2005-0683
	REJECTED
CVE-2005-0682
	- drupal 4.5.2
CVE-2005-0681
	NOT-FOR-US: Nokia
CVE-2005-0680
	NOT-FOR-US: Download Center Lite
CVE-2005-0679
	NOT-FOR-US: Tell A Friend Script
CVE-2005-0678
	NOT-FOR-US: Form Mail Script
CVE-2005-0677
	NOT-FOR-US: Zorum
CVE-2005-0676
	NOT-FOR-US: Zorum
CVE-2005-0675
	NOT-FOR-US: Zorum
CVE-2005-0674
	NOT-FOR-US: Pabox for PHPNuke
CVE-2005-0673
	- phpbb2 2.0.13-2
CVE-2005-0672
	NOT-FOR-US: Ca3DE
CVE-2005-0671
	NOT-FOR-US: Ca3DE
CVE-2005-0670
	NOT-FOR-US: phpCOIN
CVE-2005-0669
	NOT-FOR-US: phpCOIN
CVE-2005-0668
	NOT-FOR-US: HAVP
CVE-2005-0667
	- sylpheed 1.0.3-1
	- sylpheed-claws 1.0.3-1
CVE-2005-0666
	- kernel-patch-adamantix 1.7
CVE-2005-0665
	NOT-FOR-US: XV
CVE-2005-0664
	{DSA-709-1}
	- libexif 0.6.9-5
CVE-2005-0663
	NOT-FOR-US: Mercury Board
CVE-2005-0662
	NOT-FOR-US: Mercury Board
CVE-2005-0661
	NOT-FOR-US: Woltlab Burning Board
CVE-2005-0660
	NOT-FOR-US: D-Forum
CVE-2005-0659
	- phpbb2 <unfixed> (unimportant)
CVE-2005-0658
	NOT-FOR-US: Typo3 extension
CVE-2005-0657
	NOT-FOR-US: Computalynx CProxy
CVE-2005-0656
	NOT-FOR-US: auraCMS
CVE-2005-0655
	NOT-FOR-US: auraCMS
CVE-2005-0654
	NOTE: this is not a security issue according to maintainer
CVE-2005-0653
	- phpmyadmin 3:2.6.1-pl3-1
CVE-2005-0652
	NOT-FOR-US: OpenVMS
CVE-2005-0651
	NOT-FOR-US: ProjectBB
CVE-2005-0650
	NOT-FOR-US: ProjectBB
CVE-2005-0649
	NOT-FOR-US: Pixel-Apes SafeHTML
CVE-2005-0648
	NOT-FOR-US: Pixel-Apes SafeHTML
CVE-2005-0647
	NOT-FOR-US: paNews
CVE-2005-0646
	NOT-FOR-US: paNews
CVE-2005-0645
	NOT-FOR-US: CuteNews
CVE-2005-0644
	NOT-FOR-US: McAfee Virus Scanners
CVE-2005-0643
	NOT-FOR-US: McAfee Virus Scanners
CVE-2005-0642
	NOT-FOR-US: Computer Associates UAM
CVE-2005-0641
	NOT-FOR-US: Computer Associates UAM
CVE-2005-0640
	NOT-FOR-US: Computer Associates UAM
CVE-2005-0639
	{DSA-695-1 DSA-694-1}
	- xloadimage 4.1-14.2
	- xli 1.17.0-17
CVE-2005-0638
	{DSA-695-1 DSA-694-1}
	- xli 1.17.0-18
	- xloadimage 4.1-14.1 (bug #298926)
CVE-2005-0637
	NOT-FOR-US: OpenBSD
CVE-2005-0636
	NOT-FOR-US: Foxmail
CVE-2005-0635
	NOT-FOR-US: Foxmail
CVE-2005-0634
	NOT-FOR-US: Golden FTP Server
CVE-2005-0633
	NOT-FOR-US: Cerulean Trillian
CVE-2005-0632
	NOT-FOR-US: PHPNews
CVE-2005-0631
	NOT-FOR-US: PBLang
CVE-2005-0630
	NOT-FOR-US: PBLang
CVE-2005-0629
	NOT-FOR-US: 427BB
CVE-2005-0628
	NOT-FOR-US: Forumwa
CVE-2005-0627
	- qt-x11-free <not-affected> (RPATH disabled in Debian's build)
CVE-2005-0626
	- squid 2.5.9-2
CVE-2005-0940
	REJECTED
CVE-2005-0625
	- reportbug 3.8 (bug #295407)
CVE-2005-0624
	- reportbug 3.8 (bug #295407)
CVE-2005-0623
	NOT-FOR-US: RaidenHTTPD
CVE-2005-0622
	NOT-FOR-US: RaidenHTTPD
CVE-2005-0621
	NOT-FOR-US: Scrapland
CVE-2005-0620
	NOT-FOR-US: Einstein
CVE-2005-0619
	NOT-FOR-US: Einstein
CVE-2005-0618
	NOT-FOR-US: Symantec Firewall/VPN Appliance 200/200R firmware
CVE-2005-0617
	NOT-FOR-US: PostNuke
CVE-2005-0616
	NOT-FOR-US: PostNuke
CVE-2005-0615
	NOT-FOR-US: PostNuke
CVE-2005-0614
	- phpbb2 2.0.13-1
CVE-2005-0613
	- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
CVE-2005-0612
	NOT-FOR-US: Cisco
CVE-2005-0611
	NOT-FOR-US: Real
CVE-2005-0610
	NOT-FOR-US: FreeBSD portupgrade
CVE-2005-0609
	REJECTED
CVE-2005-0608
	NOT-FOR-US: Half Life WebMod
CVE-2005-0607
	NOT-FOR-US: CubeCert
CVE-2005-0606
	NOT-FOR-US: CubeCert
CVE-2005-0605
	{DSA-723-1}
	- lesstif2 1:0.93.94-11.1 (bug #298183; bug #299236)
	NOTE: libxmp4 is the real culprit
	- xfree86 4.3.0.dfsg.1-13
	- xorg-x11 <not-affected> (Fixed before upload into archive)
	- openmotif 2.2.3-1.1 (bug #308819; medium)
	[sarge] - openmotif <no-dsa> (Non-free)
CVE-2005-0604
	NOT-FOR-US: GFI Languard Network Security Scanner
CVE-2005-0603
	- phpbb2 2.0.13-1
CVE-2005-0602
	- unzip 5.52-1
	NOTE: um, tar does this too, not really considered a security hole
CVE-2005-0601
	NOT-FOR-US: Cisco
CVE-2005-0600
	NOT-FOR-US: Cisco
CVE-2005-0599
	NOT-FOR-US: Cisco
CVE-2005-0598
	NOT-FOR-US: Real
CVE-2005-0597
	NOT-FOR-US: Cisco
CVE-2005-0596
	NOTE: Fixed in CVS after 4.3.4 release; see http://bugs.php.net/bug.php?id=27037
	- php4 4:4.3.8-1
CVE-2005-0595
	NOT-FOR-US: BadBlue
CVE-2005-0594
	NOT-FOR-US: Apple
CVE-2005-0593
	- mozilla-firefox 1.0.1
	- mozilla 2:1.7.6-1
CVE-2005-0592
	- mozilla-firefox 1.0.1
	- mozilla 2:1.7.6-1
	- mozilla-thunderbird 1.0.2-1
CVE-2005-0591
	- mozilla-firefox 1.0.1
CVE-2005-0590
	- mozilla-firefox 1.0.1
	- mozilla-thunderbird 1.0.2-1
CVE-2005-0589
	- mozilla-firefox 1.0.1
CVE-2005-0588
	- mozilla-firefox 1.0.1
	- mozilla 2:1.7.6-1
CVE-2005-0587
	NOTE: windows only
CVE-2005-0586
	- mozilla-firefox 1.0.1
	- mozilla 2:1.7.6-1
CVE-2005-0585
	- mozilla-firefox 1.0.1
	- mozilla 2:1.7.6-1
CVE-2005-0584
	- mozilla-firefox 1.0.1
	- mozilla 2:1.7.6-1
CVE-2005-0583
	NOT-FOR-US: Computer Associates (CA) License Client
CVE-2005-0582
	NOT-FOR-US: Computer Associates (CA) License Client
CVE-2005-0581
	NOT-FOR-US: Computer Associates (CA) License Client
CVE-2005-0580
	NOT-FOR-US: cmd5checkpw
CVE-2005-0579
	NOT-FOR-US: FreeNX
CVE-2005-0578
	- mozilla-firefox 1.0.1-1
CVE-2005-0577
	NOT-FOR-US: MKBold-MKItalic
CVE-2005-0576
	NOT-FOR-US: STSF in Solaris
CVE-2005-0575
	NOT-FOR-US: Stormy Studios Knet
CVE-2005-0574
	NOT-FOR-US: CIS Webserver
CVE-2005-0573
	NOTE: Historic Gaim on Windows
CVE-2005-0572
	NOT-FOR-US: phpWebSite
CVE-2005-0571
	NOT-FOR-US: PunBB
CVE-2005-0570
	NOT-FOR-US: PunBB
CVE-2005-0569
	NOT-FOR-US: PunBB
CVE-2005-0568
	NOT-FOR-US: Soldier of Fortune II
CVE-2005-0567
	- phpmyadmin 3:2.6.1-pl2-1
CVE-2005-0566
	NOT-FOR-US: Golden FTP Server
CVE-2005-0565
	NOT-FOR-US: phpWebSite
CVE-2005-0564
	NOT-FOR-US: Microsoft Word
CVE-2005-0563
	NOT-FOR-US: Microsoft
CVE-2005-0562
	NOT-FOR-US: MSN Messenger
CVE-2005-0561
	RESERVED
CVE-2005-0560
	NOT-FOR-US: Exchange server
CVE-2005-0559
	RESERVED
CVE-2005-0558
	NOT-FOR-US: Microsoft Word
CVE-2005-0557
	RESERVED
CVE-2005-0556
	RESERVED
CVE-2005-0555
	NOT-FOR-US: MSIE
CVE-2005-0554
	NOT-FOR-US: MSIE
CVE-2005-0553
	NOT-FOR-US: MSIE
CVE-2005-0552
	RESERVED
CVE-2005-0551
	NOT-FOR-US: Microsoft
CVE-2005-0550
	NOT-FOR-US: Microsoft
CVE-2005-0549
	NOT-FOR-US: Solaris
CVE-2005-0548
	NOT-FOR-US: Solaris
CVE-2005-0547
	NOT-FOR-US: ftpd on HP-UX
CVE-2005-0546
	- cyrus21-imapd 2.1.18-1
CVE-2005-0545
	NOT-FOR-US: MS Office
CVE-2005-0544
	- phpmyadmin 3:2.6.1-pl2-1
CVE-2005-0543
	- phpmyadmin 3:2.6.1-pl2-1
CVE-2005-0542
	NOT-FOR-US: Cyclades AlterPath Manager
CVE-2005-0541
	NOT-FOR-US: Cyclades AlterPath Manager
CVE-2005-0540
	NOT-FOR-US: Cyclades AlterPath Manager
CVE-2005-0539
	NOT-FOR-US: IBM
CVE-2005-0538
	NOT-FOR-US: ginp
CVE-2005-0537
	NOT-FOR-US: iGeneric (iG) Shop
CVE-2005-0536
	- mediawiki 1.4.9 (bug #276057)
CVE-2005-0535
	- mediawiki 1.4.9 (bug #276057)
CVE-2005-0534
	- mediawiki 1.4.9 (bug #276057)
CVE-2005-0533
	NOT-FOR-US: Trend Micro AntiVirus
CVE-2005-0532
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11-rc4)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0531
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11-rc4)
	[sarge] - kernel-source-2.6.8 2.6.8-14
	- kernel-source-2.4.27 2.4.27-9
CVE-2005-0530
	- kernel-source-2.6.8 2.6.8-14
	NOTE: affects only 2.6 (see #296906)
CVE-2005-0529
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0528
	REJECTED
CVE-2005-0527
	- mozilla-firefox 1.0.1
	NOTE: didn't other with YA mozilla-browser bug, it has enough for 1.7.6 already..
	- mozilla 2:1.7.6
CVE-2005-0526
	NOT-FOR-US: PBLang
CVE-2005-0525
	{DSA-729-1 DSA-708-1}
	- php4 4:4.3.10-10
	- php3 3:3.0.18-31
CVE-2005-0524
	- php3 <not-affected>
	- php4 4:4.3.10-10
CVE-2005-0523
	{DSA-719-1}
	- prozilla 1:1.3.7.4-1
CVE-2005-0522
	NOT-FOR-US: Chat Anywhere
CVE-2005-0521
	NOT-FOR-US: SendLink
CVE-2005-0520
	NOT-FOR-US: ArGoSoft
CVE-2005-0519
	NOT-FOR-US: ArGoSoft
CVE-2005-0518
	NOT-FOR-US: eXeem
CVE-2005-0517
	NOT-FOR-US: PeerFTP
CVE-2005-0516
	NOT-FOR-US: ImageGalleryPlugin for Twiki
CVE-2005-0515
	NOT-FOR-US: My Firewall Plus
CVE-2005-0514
	NOT-FOR-US: Verity Ultraseek
CVE-2005-0513
	NOT-FOR-US: pMachine
CVE-2005-0512
	NOT-FOR-US: Mambo
CVE-2005-0511
	NOT-FOR-US: vBulletin
CVE-2005-0510
	NOT-FOR-US: fallback-reboot
CVE-2005-0509
	NOTE: default config of Mono not vulnerable
	- mono 1.1.6-4 (medium)
CVE-2005-0508
	- batik 1.5.1-1
CVE-2005-0507
	NOT-FOR-US: SD Server
CVE-2005-0506
	NOT-FOR-US: Avaya IP Office Phone Manager
CVE-2005-0505
	- irm 1.5.3.1-1
CVE-2005-0504
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- kernel-source-2.6.8 2.6.8-12
	- kernel-source-2.6.9 2.6.9-5
	- kernel-source-2.6.10 2.6.10-2
	- kernel-source-2.4.27 2.4.27-8
CVE-2005-0503
	- uim 1:0.4.6beta2-1
CVE-2005-0502
	NOT-FOR-US: Xinkaa
CVE-2005-0501
	NOT-FOR-US: Bontago
CVE-2005-0500
	NOT-FOR-US: MSIE6
CVE-2005-0499
	NOT-FOR-US: Gigafast router
CVE-2005-0498
	NOT-FOR-US: Gigafast router
CVE-2005-0497
	NOT-FOR-US: ADP Elite System
CVE-2005-0496
	NOT-FOR-US: Arkeia Network Backup
CVE-2005-0495
	NOT-FOR-US: ZeroBoard
CVE-2005-0494
	NOT-FOR-US: Thomson TCW690 cable modem
CVE-2005-0493
	NOT-FOR-US: Biz Mail From
CVE-2005-0492
	NOT-FOR-US: Acrobat Reader
CVE-2005-0491
	NOT-FOR-US: Arkeia Server Backup
CVE-2005-0490
	- curl 7.13.0-2
CVE-2005-0489
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before initial release)
CVE-2005-0488
	- krb4 <unfixed> (unimportant)
	[woody] - krb4 <no-dsa> (Documented behaviour in MIT Kerberos)
	[sarge] - krb4 <no-dsa> (Documented behaviour in MIT Kerberos)
	- krb5 1.8.3+dfsg-4 (unimportant)
	[woody] - krb5 <no-dsa> (Documented behaviour in MIT Kerberos)
	[sarge] - krb5 <no-dsa> (Documented behaviour in MIT Kerberos)
	- netkit-telnet <not-affected> (netkit-telnet is not affected)
	NOTE: telnet code was removed earlier than 1.8.3, but that's the version that was available to check
CVE-2005-0487
	NOT-FOR-US: Kyako ESupport
CVE-2005-0486
	NOT-FOR-US: Tarantella Secure Global Desktop
CVE-2005-0485
	NOT-FOR-US: paNews
CVE-2005-0484
	NOT-FOR-US: GProFTPD
CVE-2005-0483
	NOT-FOR-US: Glftpd
CVE-2005-0482
	NOT-FOR-US: TrackerCam
CVE-2005-0481
	NOT-FOR-US: TrackerCam
CVE-2005-0480
	NOT-FOR-US: TrackerCam
CVE-2005-0479
	NOT-FOR-US: TrackerCam
CVE-2005-0478
	NOT-FOR-US: TrackerCam
CVE-2005-0477
	NOT-FOR-US: Invision Power Board
CVE-2005-0476
	NOT-FOR-US: hpm_guestbook.cgi
CVE-2005-0475
	NOT-FOR-US: paFAQ
CVE-2005-0474
	- webcalendar 0.9.45-3
CVE-2005-0473
	- gaim 1:1.1.3-1
CVE-2005-0472
	{DSA-716-1}
	- gaim 1:1.1.3-1
CVE-2005-0471
	NOT-FOR-US: SUN JRE
CVE-2005-0470
	- wpasupplicant 0.3.8-1
CVE-2005-0469
	{DSA-765-1 DSA-731-1 DSA-703-1 DSA-699-1 DSA-697-1}
	- krb4 1.2.2-11.2 (bug #306141)
	- krb5 1.3.6-2
	- netkit-telnet-ssl 0.17.24+0.1-7.1 (bug #302036)
	- netkit-telnet 0.17-28
	- heimdal 0.6.3-10
CVE-2005-0468
	{DSA-731-1 DSA-703-1}
	- krb5 1.3.6-2
	- krb4 1.2.2-11.2 (bug #306141)
CVE-2005-0467
	- putty 0.57-1
CVE-2005-0466
	RESERVED
CVE-2005-0465
	NOT-FOR-US: SGI IRIX
CVE-2005-0464
	NOT-FOR-US: SGI IRIX
CVE-2005-0463
	NOT-FOR-US: ulog-php
CVE-2005-0462
	NOT-FOR-US: MercuryBoard
CVE-2005-0461
	NOT-FOR-US: NewsBruiser
CVE-2005-0460
	NOT-FOR-US: MercuryBoard
CVE-2005-0459
	- phpmyadmin 4:2.6.2 (unimportant)
	NOTE: From maintainer Piotr Roszatycki <Piotr_Roszatycki@netia.net.pl> :
	NOTE: I think it is not a problem on Debian as far as everybody knows the full
	NOTE: path of phpMyAdmin is /usr/share/phpmyadmin.
CVE-2005-0458
	- oscommerce <itp> (bug #532489)
CVE-2005-0457
	NOT-FOR-US: Opera
CVE-2005-0456
	NOT-FOR-US: Opera
CVE-2005-0455
	NOT-FOR-US: Real
CVE-2005-0454
	NOT-FOR-US: DCP-Portal
CVE-2005-0453
	NOT-FOR-US: Lighttpd
CVE-2005-0452
	NOT-FOR-US: Microsoft
CVE-2005-0451
	NOT-FOR-US: Sami HTTP Server
CVE-2005-0450
	NOT-FOR-US: Sami HTTP Server
CVE-2005-0449
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 <not-affected> (Vulnerable code was removed betwen 2.6.11 and 2.6.12)
CVE-2005-0448
	{DSA-1678-1 DSA-696-1}
	- perl 5.8.4-7
CVE-2005-0430
	NOT-FOR-US: Quake 3
CVE-2005-0447
	NOT-FOR-US: Solaris
CVE-2005-0446
	{DSA-688-1}
	- squid 2.5.8-3
CVE-2005-0445
	- openwebmail <removed>
CVE-2005-0444
	NOT-FOR-US: VMware
CVE-2005-0443
	NOT-FOR-US: CubeCart
CVE-2005-0442
	NOT-FOR-US: CubeCart
CVE-2005-0441
	NOT-FOR-US: Sybase
CVE-2005-0440
	- elog 2.5.7+r1558-1
CVE-2005-0439
	- elog 2.5.7+r1558-1
CVE-2005-0438
	- awstats 6.3-1
CVE-2005-0437
	- awstats 6.3-1
CVE-2005-0436
	- awstats 6.3-1
CVE-2005-0435
	- awstats 6.3-1
CVE-2005-0434
	NOT-FOR-US: PHP-Nuke
CVE-2005-0433
	NOT-FOR-US: PHP-Nuke
CVE-2005-0432
	NOT-FOR-US: BEA WebLogic Server
CVE-2005-0431
	NOT-FOR-US: Barracuda Spam Firewall
CVE-2005-0429
	NOT-FOR-US: vBulletin
CVE-2005-0428
	- pdns 2.9.16-6
CVE-2005-0427
	- webmin <not-affected> (Gentoo specific)
CVE-2005-0426
	NOT-FOR-US: Solaris
CVE-2005-0425
	NOT-FOR-US: Websphere
CVE-2005-0424
	NOT-FOR-US: ASPjar Guestbook
CVE-2005-0423
	NOT-FOR-US: ASPjar Guestbook
CVE-2005-0422
	NOT-FOR-US: DelphiTurk
CVE-2005-0421
	NOT-FOR-US: DelphiTurk
CVE-2005-0420
	NOT-FOR-US: Microsoft
CVE-2005-0419
	NOT-FOR-US: 3com
CVE-2005-0418
	NOT-FOR-US: Sun Java
CVE-2005-0417
	NOT-FOR-US: IBM DB2
CVE-2005-0416
	NOT-FOR-US: Windows
CVE-2005-0415
	NOT-FOR-US: Emdros
CVE-2005-0414
	NOT-FOR-US: MercuryBoard
CVE-2005-0413
	NOT-FOR-US: MyPHP Forum
CVE-2005-0412
	NOT-FOR-US: Spidean PostWrap
CVE-2005-0411
	NOT-FOR-US: CitrusDB
CVE-2005-0410
	NOT-FOR-US: CitrusDB
CVE-2005-0409
	NOT-FOR-US: CitrusDB
CVE-2005-0408
	NOT-FOR-US: CitrusDB
CVE-2005-0407
	NOT-FOR-US: Openconf
CVE-2005-0406
	- imagemagick <unfixed> (bug #298051; unimportant)
	NOTE: <Maulkin> The EXIF spec says "if your app can't handle $foo, don't touch $foo"
	NOTE: <Piet> 'convert -strip' will remove exif data according to http://web.archive.org/web/20130922031724/http://www.imagemagick.org:80/pipermail/magick-users/2006-May/017538.html
CVE-2005-0405
	RESERVED
CVE-2005-0404
	NOTE: see http://bugs.kde.org/show_bug.cgi?id=96020
	- kdepim 3.4-1 (bug #305601; low)
	[sarge] - kdepim <no-dsa> (Hardly exploitable)
	NOTE: According to the KDE bug the URL bar in 3.4 cannot be manipulated. Kmail also
	NOTE: warns that HTML mails introduce the risk of phishing. This could as well
	NOTE: be unimportant
CVE-2005-0403
	- glibc <not-affected> (Specific to the NPTL backport for RHEL 3)
CVE-2005-0402
	- mozilla-firefox 1.0.2-1
CVE-2005-0401
	- mozilla-firefox 1.0.2-1
	- mozilla-thunderbird 1.0.2-1
CVE-2005-0400
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.6)
	- kernel-source-2.4.27 2.4.27-10 (bug #303294)
CVE-2005-0399
	- mozilla-firefox 1.0.2-1
	- mozilla-thunderbird 1.0.2-1
CVE-2005-0398
	- ipsec-tools 1:0.5-5
CVE-2005-0397
	{DSA-702-1}
	- imagemagick 6:6.0.6.2-2.2 (bug #297990)
	- graphicsmagick 1.1.7-1
CVE-2005-0396
	NOTE: fix in -4 was broken
	- kdelibs 4:3.3.2-6
CVE-2005-0395
	REJECTED
CVE-2005-0394
	RESERVED
CVE-2005-0393
	{DSA-733-1}
	- crip 3.5-1sarge2 (low)
CVE-2005-0392
	{DSA-725-2 DSA-725-1}
	- ppxp 0.2001080415-11
CVE-2005-0391
	{DSA-712-1}
	- geneweb 4.10-7 (bug #304405)
CVE-2005-0390
	{DSA-706-1}
	- axel 1.0b-1
CVE-2005-0389
	REJECTED
CVE-2005-0388
	{DSA-704-1}
	- remstats 1.0.13a-5
CVE-2005-0387
	{DSA-704-1}
	- remstats 1.0.13a-5
CVE-2005-0386
	{DSA-700-1}
	- mailreader 2.3.29-11
CVE-2005-0385
	{DSA-693-1}
	- luxman 0.41-20 (bug #299857)
CVE-2005-0384
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-9
CVE-2005-0383
	NOT-FOR-US: Trend Micro Control Manager
CVE-2005-0382
	NOT-FOR-US: Breed game
CVE-2005-0381
	NOT-FOR-US: forumKIT
CVE-2005-0380
	NOT-FOR-US: ZeroBoard
CVE-2005-0379
	NOT-FOR-US: ZeroBoard
CVE-2005-0378
	- horde2 <not-affected>
	- horde3 3.0.1-1
CVE-2005-0377
	NOT-FOR-US: sgallery
CVE-2005-0376
	NOT-FOR-US: sgallery
CVE-2005-0375
	NOT-FOR-US: sgallery
CVE-2005-0374
	NOT-FOR-US: bitboard
CVE-2005-0373
	NOTE: had to extract gentoo ebuild from rsync.gentoo.org to get details
	NOTE: see cyrus-sasl-2.1.18-cvs-1.172.patch in there
	NOTE: cyrus-sasl2 already has patch applied
	NOTE: oldstable version not affected, thus marking it as done with the oldstable version
	- cyrus-sasl <not-affected> (cyrus-sasl code seems too old for any of the problems to apply)
	- cyrus-sasl2 2.1.19.dfsg1-0sarge2
CVE-2005-0372
	{DSA-686-1}
	- gftp 2.0.18-1
	NOTE: CVE entry claims that 2.0.18 is vulnerable, but this is wrong.
CVE-2005-0371
	- armagetron 0.2.8.2.1-1 (bug #296840; low)
	[sarge] - armagetron <no-dsa> (Remaining vulnerabilities are minor)
	[etch] - armagetron <no-dsa> (Remaining vulnerabilities are minor)
CVE-2005-0370
	- armagetron 0.2.7.0-1
	NOTE: Sarge has this version number, but oldstable is affected
CVE-2005-0369
	- armagetron 0.2.7.0-1
	NOTE: Sarge has this version number, but olstable is affected
CVE-2005-0368
	NOT-FOR-US: CMScore
CVE-2005-0367
	NOT-FOR-US: ArGoSoft Mail Server
CVE-2005-0366
	- gnupg 1.4.1-1
CVE-2005-0364
	- bind9 <not-affected> (Bind on hp-ux)
CVE-2005-0361
	RESERVED
CVE-2005-0360
	NOT-FOR-US: Microsoft
CVE-2005-0359
	NOT-FOR-US: EMC Legato
CVE-2005-0358
	NOT-FOR-US: EMC Legato
CVE-2005-0357
	NOT-FOR-US: EMC Legato
CVE-2005-0356
	- linux-2.6 <not-affected> (Linux is not vulnerable, see #310804)
	- kernel-source-2.4.27 <not-affected> (Linux is not vulnerable, see #310804)
	- kfreebsd5-source 5.3-15 (medium)
CVE-2005-0355
	RESERVED
CVE-2005-0354
	RESERVED
CVE-2005-0353
	NOT-FOR-US: Sentinel License Manager
CVE-2005-0352
	NOT-FOR-US: Servers Alive
CVE-2005-0351
	NOT-FOR-US: SCO OpenServer
CVE-2005-0350
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2005-0349
	NOT-FOR-US: BrightStor ARCserve Backup
CVE-2005-0365
	- kdelibs 4:3.3.2-2
CVE-2005-0363
	{DSA-682-1}
	- awstats 6.2-1.2
CVE-2005-0362
	- awstats 6.2-1.2
	NOTE: http://patches.ubuntu.com/patches/awstats.more-CVE-2005-0016.diff
	NOTE: http://packetstormsecurity.nl/0501-exploits/AWStatsVulnAnalysis.pdf
CVE-2005-0284
	NOT-FOR-US: Woltlab Burning Book
CVE-2005-0348
	NOT-FOR-US: RealArcade
CVE-2005-0347
	NOT-FOR-US: RealArcade
CVE-2005-0346
	NOT-FOR-US: SafeNet
CVE-2005-0345
	NOT-FOR-US: php-fusion
CVE-2005-0344
	NOT-FOR-US: 602LAN SUITE
CVE-2005-0343
	NOT-FOR-US: PerlDesk
CVE-2005-0342
	NOT-FOR-US: Apple
CVE-2005-0341
	NOT-FOR-US: Apple
CVE-2005-0340
	NOT-FOR-US: Apple
CVE-2005-0339
	NOT-FOR-US: Foxmail
CVE-2005-0338
	NOT-FOR-US: Savant Web Server
CVE-2005-0337
	- postfix 2.1.4-5
CVE-2005-0336
	NOT-FOR-US: eMotion MediaPartner
CVE-2005-0335
	NOT-FOR-US: eMotion MediaPartner
CVE-2005-0334
	NOT-FOR-US: Linksys
CVE-2005-0333
	NOT-FOR-US: LanChat
CVE-2005-0332
	NOT-FOR-US: DeskNow Mail server
CVE-2005-0331
	NOT-FOR-US: Winrar
CVE-2005-0330
	NOT-FOR-US: Painkiller
CVE-2005-0329
	NOT-FOR-US: ZipGenius
CVE-2005-0328
	NOT-FOR-US: Netgear
CVE-2005-0327
	NOT-FOR-US: PafileDB
CVE-2005-0326
	NOT-FOR-US: PafileDB
CVE-2005-0325
	NOT-FOR-US: Xpand Rally
CVE-2005-0324
	NOT-FOR-US: Infinite Mobile Delivery Webmail
CVE-2005-0323
	NOT-FOR-US: Infinite Mobile Delivery Webmail
CVE-2005-0322
	NOT-FOR-US: Merak Mail server
CVE-2005-0321
	NOT-FOR-US: Merak Mail server
CVE-2005-0320
	NOT-FOR-US: Merak Mail server
CVE-2005-0319
	NOT-FOR-US: Webadmin
CVE-2005-0318
	NOT-FOR-US: Webadmin
CVE-2005-0317
	NOT-FOR-US: Webadmin
CVE-2005-0316
	NOT-FOR-US: WebWasher
CVE-2005-0315
	NOT-FOR-US: Magic Winmail
CVE-2005-0314
	NOT-FOR-US: Magic Winmail
CVE-2005-0313
	NOT-FOR-US: Magic Winmail
CVE-2005-0312
	NOT-FOR-US: WarFTPD under NT
CVE-2005-0311
	NOT-FOR-US: Ingate
CVE-2005-0310
	NOT-FOR-US: Exponent
CVE-2005-0309
	NOT-FOR-US: Exponent
CVE-2005-0308
	NOT-FOR-US: W32Dasm
CVE-2005-0307
	NOT-FOR-US: MercuryBoard
CVE-2005-0306
	NOT-FOR-US: MercuryBoard
CVE-2005-0305
	NOT-FOR-US: Siteman
CVE-2005-0304
	NOT-FOR-US: DivX Player
CVE-2005-0303
	NOT-FOR-US: BackOffice Lite
CVE-2005-0302
	NOT-FOR-US: BackOffice Lite
CVE-2005-0301
	NOT-FOR-US: BackOffice Lite
CVE-2005-0300
	- jsboard 2.0.10-1
CVE-2005-0299
	- gforge 3.1-26
CVE-2005-0298
	NOT-FOR-US: Oracle
CVE-2005-0297
	NOT-FOR-US: Oracle
CVE-2005-0296
	NOT-FOR-US: Novell
CVE-2005-0295
	NOT-FOR-US: nProtect
CVE-2005-0294
	NOT-FOR-US: Minis
CVE-2005-0293
	NOT-FOR-US: Minis
CVE-2005-0292
	NOT-FOR-US: phpGiftReg
CVE-2005-0291
	NOT-FOR-US: NetGear
CVE-2005-0290
	NOT-FOR-US: NetGear
CVE-2005-0289
	NOT-FOR-US: Apple
CVE-2005-0288
	NOT-FOR-US: BottomLine WebSeries
CVE-2005-0287
	NOT-FOR-US: BottomLine WebSeries
CVE-2005-0286
	NOT-FOR-US: eMotion MediaPartner
CVE-2005-0285
	NOT-FOR-US: BottomLine WebSeries
CVE-2005-0283
	NOT-FOR-US: QwikiWiki
CVE-2005-0282
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-0281
	NOT-FOR-US: Soldner Secret
CVE-2005-0280
	NOT-FOR-US: Soldner Secret
CVE-2005-0279
	NOT-FOR-US: Soldner Secret
CVE-2005-0278
	NOT-FOR-US: 3COM 3CDaemon
CVE-2005-0277
	NOT-FOR-US: 3COM 3CDaemon
CVE-2005-0276
	NOT-FOR-US: 3COM 3CDaemon
CVE-2005-0275
	NOT-FOR-US: 3COM 3CDaemon
CVE-2005-0274
	NOT-FOR-US: PhotoPost
CVE-2005-0273
	NOT-FOR-US: PhotoPost
CVE-2005-0272
	NOT-FOR-US: ReviewPost
CVE-2005-0271
	NOT-FOR-US: ReviewPost
CVE-2005-0270
	NOT-FOR-US: ReviewPost
CVE-2005-0269
	NOT-FOR-US: GNUBoard
CVE-2005-0268
	NOT-FOR-US: FlatNuke
CVE-2005-0267
	NOT-FOR-US: FlatNuke
CVE-2005-0266
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2005-0265
	NOT-FOR-US: OWL intranet
CVE-2005-0264
	NOT-FOR-US: OWL intranet
CVE-2005-0263
	NOT-FOR-US: AIX
CVE-2005-0262
	NOT-FOR-US: AIX
CVE-2005-0261
	NOT-FOR-US: AIX
CVE-2005-0260
	NOT-FOR-US: ARCserve Backup
CVE-2005-0259
	- phpbb2 2.0.12-1
CVE-2005-0258
	- phpbb2 2.0.12-1
CVE-2005-0257
	RESERVED
CVE-2005-0256
	{DSA-705-1}
	- wu-ftpd 2.6.2-19
CVE-2005-0255
	- mozilla-firefox 1.0.1
	NOTE: didn't other with YA mozilla-browser bug, it has enough for 1.7.6 already..
	- mozilla 2:1.7.6
CVE-2005-0254
	NOT-FOR-US: BibORB
CVE-2005-0253
	NOT-FOR-US: BibORB
CVE-2005-0252
	NOT-FOR-US: BibORB
CVE-2005-0251
	NOT-FOR-US: BibORB
CVE-2005-0250
	NOT-FOR-US: AIX
CVE-2005-0249
	NOT-FOR-US: Symantec AntiVirus Library
CVE-2005-0248
	NOT-FOR-US: Solaris
CVE-2005-0247
	{DSA-683-1}
	- postgresql 7.4.7-2
CVE-2005-0246
	- postgresql 7.4.7-1
CVE-2005-0245
	{DSA-683-1}
	- postgresql 7.4.7-1
CVE-2005-0244
	- postgresql 7.4.7-1
CVE-2005-0243
	NOT-FOR-US: Yahoo! Messenger
CVE-2005-0242
	NOT-FOR-US: Yahoo! Messenger
CVE-2005-0241
	- squid 2.5.7-7
CVE-2005-0240
	NOT-FOR-US: AIX
CVE-2005-0239
	NOT-FOR-US: S/MIME plugin
CVE-2005-0238
	NOTE: upstream bug https://bugzilla.mozilla.org/show_bug.cgi?id=281381
	- epiphany-browser 1.4.8-2
CVE-2005-0237
	- kdelibs 4:3.3.2-3
CVE-2005-0236
	NOT-FOR-US: Omniweb
CVE-2005-0235
	NOT-FOR-US: Opera
CVE-2005-0234
	NOT-FOR-US: Safari
CVE-2005-0233
	NOTE: IDN is now disabled by default in firefox, but there may be a more elegant
	NOTE: solution in the future
	- mozilla-firefox 1.0.1-1
	- mozilla 2:1.7.6-1
CVE-2005-0232
	- mozilla-firefox 1.0+dfsg.1-6
CVE-2005-0231
	- mozilla-firefox 1.0+dfsg.1-6
CVE-2005-0230
	NOTE: I don't know if this could work under Linux, anything I drag on the Desktop from firefox is convert to a Link
	NOTE: "when it has an image/gif content type but has a dangerous extension such as .bat or .exe, allows remote attackers
	NOTE: to ... execute arbitrary commands via malformed GIF files ... parsed by the Windows batch file parser
	NOTE: any interpretor would require the file to be +x to execute it and then would spit if handed a GIF
	NOTE: < vorlon> hacim: it's specific to Windows, home to the dumbest interpreter on the planet.
	- mozilla-firefox <not-affected> (Affects only Firefox on Windows)
CVE-2005-0229
	NOT-FOR-US: CitrusDB
CVE-2005-0228
	REJECTED
CVE-2005-0227
	{DSA-668-1}
	- postgresql 7.4.7-1
CVE-2005-0226
	NOT-FOR-US: ngIRCd
CVE-2005-0225
	- firehol 1.214-4
CVE-2005-0224
	NOT-FOR-US: HP-UX
CVE-2005-0223
	NOT-FOR-US: Java SDK and RTE for Tru64 UNIX
CVE-2005-0222
	- gallery 1.4.4-pl5-1
CVE-2005-0221
	- gallery 1.4.4-pl5-1
CVE-2005-0220
	- gallery 1.4.4-pl5-1
CVE-2005-0219
	- gallery 1.4.4-pl5-1
CVE-2005-0217
	NOT-FOR-US: Invision Community Blog
CVE-2005-0216
	NOT-FOR-US: Woltlab Burning Board Lite
CVE-2005-0215
	- mozilla <not-affected> (Mozilla 1.6 for Windows)
CVE-2005-0214
	NOT-FOR-US: SPHPBlog
CVE-2005-0213
	NOT-FOR-US: WinHKI
CVE-2005-0212
	NOT-FOR-US: The Amp II engine as used by Gore: Ultimate Soldier
CVE-2005-0211
	{DSA-667-1}
	- squid 2.5.7-6
CVE-2005-0210
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	[sarge] - kernel-source-2.6.8 2.6.8-15
	- kernel-source-2.4.27 2.4.27-9 (bug #300838)
CVE-2005-0209
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-9
CVE-2005-0208
	- gaim 1:1.1.4
CVE-2005-0207
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0206
	- xpdf <not-affected> (Initial Debian fix was already correct)
	- gpdf <not-affected> (Initial Debian fix was already correct)
	- kdegraphics <not-affected> (Initial Debian fix was already correct)
	- tetex-bin <not-affected> (Initial Debian fix was already correct)
	- pdftohtml <not-affected> (Initial Debian fix was already correct)
	- cups 1.1.22-7
	- cupsys 1.1.22-7
	NOTE: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=135393
	NOTE: cupsys uses an external xpdf now.
CVE-2005-0205
	{DSA-692-1}
	- kdenetwork 4:3.1.6
CVE-2005-0204
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-9 (bug #296700; high)
CVE-2005-0203
	REJECTED
CVE-2005-0202
	{DSA-674-1}
	- mailman 2.1.5-6
CVE-2005-0201
	- dbus 0.22
CVE-2005-0200
	NOT-FOR-US: TikiWiki
CVE-2005-0199
	NOT-FOR-US: ngIRCd
CVE-2005-0197
	NOT-FOR-US: Cisco
CVE-2005-0196
	NOT-FOR-US: Cisco
CVE-2005-0195
	NOT-FOR-US: Cisco
CVE-2005-0194
	{DSA-667-1}
	- squid 2.5.7-7
CVE-2005-0193
	NOT-FOR-US: mRouter in iSync in OS X
CVE-2005-0192
	NOT-FOR-US: RealPlayer
CVE-2005-0191
	NOT-FOR-US: RealPlayer
CVE-2005-0190
	NOT-FOR-US: RealPlayer
CVE-2005-0189
	NOT-FOR-US: RealPlayer
CVE-2005-0188
	NOT-FOR-US: AtHoc toolbar
CVE-2005-0187
	NOT-FOR-US: AtHoc toolbar
CVE-2005-0186
	NOT-FOR-US: Cisco
CVE-2005-0185
	NOT-FOR-US: NodeManager Professional
CVE-2005-0184
	NOT-FOR-US: vacation plugin
CVE-2005-0183
	NOT-FOR-US: vacation plugin
CVE-2005-0182
	NOT-FOR-US: mod_dosevasive module for apache
CVE-2005-0181
	RESERVED
CVE-2005-0180
	[sarge] - kernel-source-2.6.8 2.6.8-12
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 <not-affected> (intlen and outlen are unsigned in 2.4)
CVE-2005-0179
	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code was only introduced in 2.6.9)
	- linux-2.6 <not-affected> (Fixed before initial release)
CVE-2005-0178
	- kernel-source-2.4.27 <not-affected> (v2.4 is safe because back there current->signal was not shared.)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.8.1)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0177
	- kernel-source-2.4.27 <not-affected> (According to joshk, doesn't apply to 2.4.27)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.8.1)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0176
	- linux-2.6 <not-affected> (Fixed before upload into archive)
CVE-2005-0218
	- clamav 0.81
CVE-2005-0198
	- uw-imap 7:2002edebian1-6
CVE-2005-0175
	{DSA-667-1}
	- squid 2.5.7-6
CVE-2005-0174
	- squid 2.5.7-6
CVE-2005-0173
	{DSA-667-1}
	- squid 2.5.7-4
CVE-2005-0172
	REJECTED
CVE-2005-0171
	REJECTED
CVE-2005-0170
	REJECTED
CVE-2005-0169
	REJECTED
CVE-2005-0168
	REJECTED
CVE-2005-0167
	REJECTED
CVE-2005-0166
	REJECTED
CVE-2005-0165
	REJECTED
CVE-2005-0164
	RESERVED
CVE-2005-0163
	RESERVED
CVE-2005-0162
	- openswan 2.3.0-2
	- freeswan <not-affected>
CVE-2005-0161
	- unace 1.2b-3
CVE-2005-0160
	- unace 1.2b-3
CVE-2005-0159
	{DSA-679-1}
	- toolchain-source 3.4-5
CVE-2005-0158
	{DSA-687-1}
	- bidwatcher 1.3.17-1
CVE-2005-0157
	{DSA-720-1}
	- smartlist 3.15-18
CVE-2005-0156
	- perl 5.8.4-6
CVE-2005-0155
	- perl 5.8.4-6
	- mooix 1.0rc5.pre4
CVE-2005-0154
	RESERVED
CVE-2005-0153
	RESERVED
CVE-2005-0152
	{DSA-662-1}
	- squirrelmail 1:1.2.7-1
	NOTE: This bug exists only in version 1.2.6.
CVE-2005-0151
	NOT-FOR-US: Adobe License Management Software
CVE-2005-0150
	- mozilla-firefox 1.0
CVE-2005-0149
	- mozilla-thunderbird 0.7
	- mozilla 2:1.7.4
CVE-2005-0148
	- mozilla-thunderbird <not-affected> (Affects only Thunderbird on Windows)
CVE-2005-0147
	- mozilla-firefox 1.0
	- mozilla 2:1.7.5
CVE-2005-0146
	- mozilla-firefox 1.0
	- mozilla 2:1.7.5
CVE-2005-0145
	- mozilla-firefox 1.0
CVE-2005-0144
	- mozilla-firefox 1.0
	- mozilla 2:1.7.5
CVE-2005-0143
	- mozilla-firefox 1.0
	- mozilla 2:1.7.5
CVE-2005-0142
	- mozilla-firefox 1.0
	- mozilla-thunderbird 0.7
	- mozilla 2:1.7.5
CVE-2005-0141
	- mozilla-firefox 1.0
	- mozilla 2:1.7.5
CVE-2005-0140
	NOT-FOR-US: PeID
CVE-2005-0139
	NOT-FOR-US: Irix
CVE-2005-0138
	NOT-FOR-US: Irix
CVE-2005-0137
	- linux-2.6 <not-affected>
	- kernel-source-2.4.27 2.4.27-10 (bug #308584)
CVE-2005-0136
	[sarge] - kernel-source-2.6.8 2.6.8-14
	- linux-2.6 2.6.11
CVE-2005-0135
	{DSA-1082-1 DSA-1070-1 DSA-1067-1}
	- linux-2.6 <not-affected>
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0134
	NOT-FOR-US: SCO UnixWare
CVE-2005-0133
	- clamav 0.80-0.81rc1-1
CVE-2005-0132
	RESERVED
CVE-2005-0131
	- konversation 0.15-3
CVE-2005-0130
	- konversation 0.15-3
CVE-2005-0129
	- konversation 0.15-3
CVE-2005-0128
	REJECTED
CVE-2005-0127
	NOT-FOR-US: MacOS
CVE-2005-0126
	NOT-FOR-US: MacOS
CVE-2005-0125
	NOT-FOR-US: MacOS
CVE-2005-0124
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1 DSA-1017-1}
	- linux-2.6 2.6.12-1
CVE-2005-0123
	REJECTED
CVE-2005-0122
	REJECTED
CVE-2005-0121
	NOT-FOR-US: golddig
CVE-2005-0120
	NOT-FOR-US: helvis
CVE-2005-0119
	NOT-FOR-US: helvis
CVE-2005-0118
	NOT-FOR-US: helvis
CVE-2005-0117
	- xshisen 1.51-1-1.1 (bug #289784)
CVE-2005-0116
	- awstats 6.2-1.1
CVE-2005-0115
	NOT-FOR-US: DataRescue Interactive Disassembler
CVE-2005-0114
	NOT-FOR-US: ZoneAlarm
CVE-2005-0113
	NOT-FOR-US: IRIX
CVE-2005-0112
	NOT-FOR-US: 3Com OfficeConnect Wireless 11g Access Point
CVE-2005-0111
	- maxdb-7.5.00 7.5.00.18
CVE-2005-0110
	NOT-FOR-US: MSIE
CVE-2005-0109
	NOTE: According to Linus Torvalds and others on linux-kernel this is a theoretical
	NOTE: attack, paranoid people should disable hyper threading
	- kfreebsd5-source 5.3-11
CVE-2005-0108
	{DSA-659-1}
	- libapache-mod-auth-radius 1.5.7-6
	- libpam-radius-auth 1.3.16-3
CVE-2005-0107
	{DSA-690-1}
	- bsmtpd 2.3pl8b-16
CVE-2005-0106
	- libnet-ssleay-perl 1.25-1.1
CVE-2005-0105
	{DSA-684-1}
	- typespeed 0.4.4-8
CVE-2005-0104
	{DSA-662-1}
	- squirrelmail 2:1.4.4
CVE-2005-0103
	- squirrelmail 2:1.4.4-1
CVE-2005-0102
	{DSA-673-1}
	- evolution 2.0.3-1.2 (bug #295548)
CVE-2005-0101
	- newspost 2.1.1-2
CVE-2005-0100
	{DSA-685-1 DSA-671-1 DSA-670-1}
	- emacs21 21.3+1-9
	- xemacs21 21.4.16-2
CVE-2005-0099
	{DSA-691-1}
	- abuse <removed>
CVE-2005-0098
	{DSA-691-1}
	- abuse <removed>
CVE-2005-0097
	- squid 2.5.7-4
CVE-2005-0096
	- squid 2.5.7-4
CVE-2005-0095
	{DSA-651-1}
	- squid 2.5.7-4
CVE-2005-0094
	{DSA-651-1}
	- squid 2.5.7-4
CVE-2005-0093
	REJECTED
CVE-2005-0092
	- linux-2.6 <not-affected> (Apparently specific to Red hat hugemem kernel)
CVE-2005-0091
	- linux-2.6 <not-affected> (Apparently specific to Red hat hugemem kernel)
CVE-2005-0090
	- linux-2.6 <not-affected> (Apparently specific to Red hat hugemem kernel)
CVE-2005-0089
	{DSA-666-1}
	- python2.2 2.2.3-14
	- python2.3 2.3.4+2.3.5c1-2
	- python2.4 2.4-5
CVE-2005-0088
	{DSA-689-1}
	- libapache2-mod-python 3.1.3-3
	- libapache-mod-python 2:2.7.10-4
CVE-2005-0087
	NOTE: debian does not have stack protection, but it's fixed anyway since 1.0.9
	- alsa-lib 1.0.9-1 (unimportant)
CVE-2005-0086
	- less <not-affected> (Red Hat specific less bug)
CVE-2005-0085
	{DSA-680-1}
	- htdig 1:3.1.6-11 (bug #305996)
CVE-2005-0084
	{DSA-653-1}
	- ethereal 0.10.9-1
CVE-2005-0083
	- maxdb-7.5.00 7.5.00.24-1
CVE-2005-0082
	- maxdb-7.5.00 7.5.00.21-1
CVE-2005-0081
	- maxdb-7.5.00 7.5.00.21-1
CVE-2005-0080
	- mailman 2.1.5-5
CVE-2005-0079
	{DSA-649-1}
	- xtrlock 2.0-9
CVE-2005-0078
	{DSA-660-1}
	- kdebase 4:3.0.5
CVE-2005-0077
	{DSA-658-1}
	- libdbi-perl 1.46-6
CVE-2005-0076
	{DSA-672-1}
	- xview 3.2p1.4-19
CVE-2005-0075
	- squirrelmail 2:1.4.4-1
CVE-2005-0074
	{DSA-676-1}
	- xpcd 2.08-11.1 (bug #294793)
CVE-2005-0073
	{DSA-677-1}
	- sympa 4.1.2-2.1
CVE-2005-0072
	{DSA-655-1}
	- zhcon 1:0.2.3-8.1 (bug #292210)
CVE-2005-0071
	{DSA-656-1}
	- vdr 1.2.6-6
CVE-2005-0070
	{DSA-681-1}
	- synaesthesia 2.1-3
	NOTE: does not apply for sarge, program is not setuid anymore
CVE-2005-0069
	- vim 1:6.3-058+1
CVE-2005-0068
	NOTE: general icmp design error
CVE-2005-0067
	NOTE: general tcp design error, no indication it affects linux
CVE-2005-0066
	NOTE: general tcp design error
CVE-2005-0065
	NOTE: general tcp design error
CVE-2005-0064
	{DSA-648-1 DSA-645-1}
	- xpdf 3.00-13
	- gpdf 2.8.2-1.2
	- pdftohtml 0.36-11
	- kdegraphics 4:3.3.2-2
	- tetex-bin 2.0.2-26
	- cupsys 1.1.22-6 (bug #324459)
	- cups 1.1.22-6 (bug #324459)
	NOTE: cupsys switched to an xpdf-utils wrapper in version 1.1.22-6.
	NOTE: In version 1.1.23-13, the dormant code in the source
	NOTE: package was fixed.
CVE-2005-0063
	NOT-FOR-US: Microsoft
CVE-2005-0062
	RESERVED
CVE-2005-0061
	NOT-FOR-US: Microsoft
CVE-2005-0060
	NOT-FOR-US: Microsoft
CVE-2005-0059
	NOT-FOR-US: Microsoft
CVE-2005-0058
	NOT-FOR-US: TAPI for Windows
CVE-2005-0057
	NOT-FOR-US: Microsoft
CVE-2005-0056
	NOT-FOR-US: Microsoft
CVE-2005-0055
	NOT-FOR-US: Microsoft
CVE-2005-0054
	NOT-FOR-US: Microsoft
CVE-2005-0053
	NOT-FOR-US: Microsoft
CVE-2005-0052
	RESERVED
CVE-2005-0051
	NOT-FOR-US: Microsoft
CVE-2005-0050
	NOT-FOR-US: Microsoft
CVE-2005-0049
	NOT-FOR-US: Microsoft
CVE-2005-0048
	NOT-FOR-US: Microsoft
CVE-2005-0047
	NOT-FOR-US: Microsoft
CVE-2005-0046
	RESERVED
CVE-2005-0045
	NOT-FOR-US: Microsoft
CVE-2005-0044
	NOT-FOR-US: Microsoft
CVE-2005-0043
	NOT-FOR-US: iTunes
CVE-2005-0042
	RESERVED
CVE-2005-0041
	RESERVED
CVE-2005-0040
	NOT-FOR-US: DotNetNuke
CVE-2005-0039
	NOTE: These are known issues of IPSEC and basically every VPN system using
	NOTE: encryption without authentication.
	NOTE: openswan even prevents such configurations
CVE-2005-0038
	- pdns 2.9.17-1
CVE-2005-0037
	NOT-FOR-US: dnrd
CVE-2005-0036
	NOT-FOR-US: DeleGate
CVE-2005-0035
	NOT-FOR-US: Adobe
CVE-2005-0034
	- bind9 1:9.3.1
	[woody] - bind9 <not-affected>
	[sarge] - bind9 <not-affected>
	NOTE: only affects bind9 9.3.0, sarge and woody have an earlier versions
CVE-2005-0033
	- bind 1:8.4.6-1
CVE-2005-0032
	RESERVED
CVE-2005-0031
	RESERVED
CVE-2005-0030
	RESERVED
CVE-2005-0029
	RESERVED
CVE-2005-0028
	RESERVED
CVE-2005-0027
	RESERVED
CVE-2005-0026
	RESERVED
CVE-2005-0025
	RESERVED
CVE-2005-0024
	RESERVED
CVE-2005-0023
	- gnome-libs <unfixed> (bug #329156; unimportant)
	- vte <unfixed> (bug #330907; unimportant)
	NOTE: Not considered a security problem, see #329156
CVE-2005-0022
	- exim4 4.34-10
CVE-2005-0021
	{DSA-637-1 DSA-635-1}
	- exim4 4.34-10
	- exim 3.36-13 (bug #290036)
	- exim-tls <removed>
CVE-2005-0020
	{DSA-641-1}
	- playmidi 2.4debian-3
CVE-2005-0019
	{DSA-675-1}
	- hztty 2.0-6.1
CVE-2005-0018
	{DSA-661-2}
	- f2c 20020621-3.4 (bug #292792)
CVE-2005-0017
	{DSA-661-2}
	- f2c 20020621-3.4 (bug #292792)
CVE-2005-0016
	{DSA-640-1}
	- gatos 0.0.5-15
CVE-2005-0015
	{DSA-650-1}
	- sword 1.5.7-7 (bug #291433)
CVE-2005-0014
	- ncpfs 2.2.6-1
CVE-2005-0013
	{DSA-665-1}
	- ncpfs 2.2.6-1
CVE-2005-0012
	- dillo 0.8.3-1
CVE-2005-0011
	- kdeedu 4:3.3.2-2
CVE-2005-0010
	- ethereal 0.10.9-1
CVE-2005-0009
	- ethereal 0.10.9-1
CVE-2005-0008
	- ethereal 0.10.9-1
CVE-2005-0007
	- ethereal 0.10.9-1
CVE-2005-0006
	- ethereal 0.10.9-1
CVE-2005-0005
	{DSA-646-1}
	- imagemagick 6:6.0.6.2-2.1 (bug #291118; bug #291033)
CVE-2005-0004
	{DSA-647-1}
	- mysql-dfsg-4.1 4.1.8a-6
	- mysql-dfsg 4.0.23-3
CVE-2005-0003
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	- kernel-source-2.4.27 2.4.27-9
	[sarge] - kernel-source-2.6.8 2.6.8-9
CVE-2005-0002
	NOT-FOR-US: poppassd_pam
CVE-2005-0001
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	NOTE: i386 and smp specific
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-8
	[sarge] - kernel-source-2.6.8 2.6.8-13