1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
|
CVE-2006-XXXX [kphone creates world-readable config file with passwords]
- kphone <unfixed> (bug #337830; low)
NOTE: Requested by Micah March 26, 2006
NOTE: CVE-2006-2442 obtained, but might be a duplicate of CVE-2006-2192
CVE-2006-XXXX [php5 response splitting]
- php5 5.1.2-1 (bug #347894)
- php4 <not-affected> (vulnerable code was introduced in PHP5)
CVE-2006-XXXX [php5 mysqli format string issue]
- php5 5.1.2-1 (bug #347894)
- php4 <not-affected> (vulnerable code was introduced in PHP5)
CVE-2005-XXXX [World-readable config file with sensitive data in b2evolution]
- b2evolution 0.9.1b-4 (bug #344000)
CVE-2005-XXXX [xshisen follows symlinks for shared gid games files]
- xshisen 1.51-1-1.2 (bug #291613)
CVE-2005-XXXX [snort: DoS in verbose mode]
- snort 2.3.3-2 (bug #328134; low)
[woody] - snort <no-dsa> (Only exploitable in obscure setups not used in production environments, see #328134)
[sarge] - snort <no-dsa> (Only exploitable in obscure setups not used in production environments, see #328134)
CVE-2005-XXXX [Insecure tempfile in libjpeg6b's exifautotran]
- libjpeg6b 6b-11 (bug #340079; low)
[woody] - libjpeg6b <not-affected> (Does not include exifautotran)
CVE-2005-XXXX [rageirc IRC daemon always allows login with empty password]
- rageircd <unfixed> (bug #343543; medium)
CVE-2003-XXXX [Insecure tempfile in x-face-el]
- x-face-el 1.3.6.23-1
NOTE: DSA-340
CVE-2005-XXXX [Unspecified new Real/Helix createProcess() issue, no details yet]
- helix-player <unfixed> (unknown)
NOTE: http://service.real.com/help/faq/security/security111605.html
CVE-2005-XXXX [unsafe file permissions in vpnc]
- vpnc <unfixed> (bug #340105; medium)
CVE-2005-XXXX [user logout in drupal has no effect]
[sarge] - drupal <not-affected> (bug was introduced after 4.5.3)
- drupal 4.5.5-3 (bug #336719; medium)
CVE-2005-XXXX [double free() in libungif]
- libungif4 4.1.4-1 (bug #338542; medium)
CVE-2005-XXXX [Insecure temp files in note]
- note 1.3.1-3 (bug #337492; low)
CVE-2005-XXXX [ntop format string vulnerability]
- ntop <unfixed> (bug #335996; unimportant)
NOTE: Not exploitable
CVE-2005-XXXX [kernel: Signedness problems in net/core/filter]
- linux-2.6 2.6.12-2
[sarge] - kernel-source-2.4.27 <not-affected>
[sarge] - kernel-source-2.6.8 <not-affected>
NOTE: http://www.kernel.org/git/?p=linux/kernel/git/chrisw/linux-2.6.12.y.git;a=commit;h=4717ecd49ce5c556d38e8c7b6fdc9fac5d35c00e
CVE-2005-XXXX [Insecure temp file usage in thttpd's syslogtocern]
- thttpd 2.23beta1-4 (low)
CVE-2005-XXXX [adduser's deluser creates backup files with world readable permissions]
- adduser 3.77 (bug #331720; low)
NOTE: Woody and Sarge affected
CVE-2005-XXXX [Pavuk Digest Authentication Buffer Overflow]
- pavuk 0.9.33-1 (bug #264684; high)
NOTE: second hole mentioned in bug report
CVE-2005-XXXX [libmad: Assertion failed; buffer overflow]
- libmad <unfixed> (bug #287519; low)
- mad <removed>
CVE-2005-XXXX [unsafe temporary file creation in flexbackup default config]
- flexbackup <unfixed> (bug #334350; low)
CVE-2005-XXXX [xscreensaver does not maintain screen locks during upgrade]
- xscreensaver 4.23-2 (bug #334193; low)
CVE-2005-XXXX [Minor local DoS as libldap]
- openldap <unfixed> (bug #253838; low)
TODO: Check, whether openldap2.2 is affected as well
CVE-2005-XXXX [Insecure bounds checking in mpack's content parser]
- mpack 1.6-1 (bug #216566)
CVE-2005-XXXX [coreutils ignores umask when using -m in mkdir, mkfifo and mknod]
- coreutils 5.93-1 (bug #306076; low)
[sarge] - coreutils <no-dsa> (Minor issue, hardly exploitable)
[woody] - coreutils <no-dsa> (Minor issue, hardly exploitable)
CVE-2005-XXXX [tar's rmt command may have undesired side effects]
- tar <unfixed> (bug #290435; low)
CVE-2005-XXXX [smbmount doesn't honor gid/uid with kernel 2.4]
- kernel-source-2.4.27 <unfixed> (bug #310982; low)
NOTE: probably already fixed in testing, wrote for confirmation
CVE-2003-XXXX [Incomplete reporting of failed logins in login]
- login 1:4.0.3-36 (bug #192849)
CVE-2004-XXXX [slapd debconfage writes password to world readable file under certain circumstances]
- openldap2.2 2.2.26-5 (bug #260204; low)
CVE-2004-XXXX [Unspecified buffer overflow in libmng]
- libmng 1.0.8-1 (bug #250106)
CVE-2004-XXXX [Multiple buffer overflows in isoqlog]
- isoqlog 2.2-0.1 (bug #254101; bug #202634)
CVE-2002-XXXX [libnss-ldap: DoS through truncated DNS queries]
- libnss-ldap 199-1 (bug #169793)
CVE-2004-XXXX [Firefox doesn't clear all cookies]
- mozilla-firefox <unfixed> (bug #203034; bug #235932; low)
CVE-2004-XXXX [Insecure temp files in amanda's chg-manual]
- amanda 1:2.4.5p1-1 (bug #226139; low)
NOTE: Woody and Sarge affected
CVE-2004-XXXX [Buffer overflow in wdm's login]
- wdm <unfixed> (bug #276218; low)
CVE-2005-3752 (Unspecified vulnerability in ldapdiff before 1.1.1 has unknown impact ...)
- ldapdiff <not-affected> (The version in Debian doesn't contain the vulnerable code, see #306878)
CVE-2005-XXXX [apt-cache doesn't differentiate sources which share several properties]
- apt <unfixed> (bug #329814; low)
- apt <no-dsa> (Unsupported use case)
NOTE: I tend to remove this completely, if you're using apt sources which include vulnerable
NOTE: versions of Debian packages with higher version numbers you're screwed anyway, no matter
NOTE: what apt display in this case
CVE-2004-XXXX [asciijump: /var/games/asciijump world writable]
- asciijump 0.0.6-1.2 (bug #269186)
CVE-2004-XXXX [Barrendero spool world-readable]
- barrendero 1.1-1 (bug #279163)
CVE-2005-XXXX [hdup inproperly preserves permissions on directories]
- hdup <unfixed> (bug #302790; low)
CVE-2001-XXXX [crypt++ passes passwords through the command line]
- crypt++el <unfixed> (bug #105562; low)
NOTE: Sarge and Woody are affected
CVE-2004-XXXX [Two vulnerabilities in sredird]
- sredird 2.2.1-1.1 (bug #267098)
CVE-2003-XXXX [fuzz: Insecure temp file usage]
- fuzz 0.6-7.1 (bug #183047)
CVE-2005-XXXX [DoS triggering endless loops in findutils -follow option]
- findutils 4.2.22-1 (bug #313081)
CVE-2005-XXXX [Serendipity account hijacking through CSRF]
- serendipity <itp> (bug #312413)
NOTE: Fixed in 0.8.5
CVE-2005-XXXX [Insecure temp files in linux-wlan-ng]
- linux-wlan-ng 0.2.0+0.2.1pre21-1.1 (bug #290047; low)
CVE-2004-XXXX [kmail may send out sensitive information when used on NFS homes]
- kdepim <unfixed> (bug #280287; low)
NOTE: kmail was once part of kdenetwork.
CVE-2002-XXXX [sanitizer bypassal through quoted file names]
- sanitizer 1.76-1 (bug #149799; medium)
CVE-2005-XXXX [Heap overflow in libosip URI parsing]
- libosip2 2.0.9-1 (bug #308737)
CVE-2005-XXXX [rkhunter: Insecure temporary file]
- rkhunter 1.2.7-14 (bug #330627; medium)
CVE-2005-XXXX [fprobe-ng: Insecure default hash]
- fprobe-ng <unfixed> (bug #322699; low)
CVE-2005-XXXX [microcode.ctl downloads microcode w/o user confirmation]
- microcode.ctl <unfixed> (bug #282583; unimportant)
NOTE: The validity of the microcode is ensure inside the CPU
CVE-2001-XXXX [gnupg: inproper flagging of signatures as being local]
- gnupg 1.0.7-1 (bug #107374)
CVE-2003-XXXX [Insecure temp files in lilo]
- lilo 1:22.4-1 (bug #173238; bug #292073; low)
CVE-2005-XXXX [Multiple security issues when using distcc without ssh auth]
- distcc 2.18.3-3 (bug #298929; low)
[sarge] - distcc <no-dsa> (Only affects distcc in a very non-standard way not recommended for unstrusted environments)
CVE-2004-XXXX [phpwiki shares a cookie for all wikis on a host]
- phpwiki <unfixed> (bug #282565; medium)
CVE-2005-XXXX [Possibly incorrect virtualisation in php4]
- php4 <unfixed> (bug #317577; bug #330419; low)
NOTE: Maintainer can't reproduce
CVE-1999-XXXX [Insecure access control on GNU Mach's IO ports]
- gnumach <unfixed> (bug #46709)
NOTE: Nearly six years old :-)
CVE-2005-XXXX [egroupware unsafe use of /tmp for storing a log file]
- egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low)
NOTE: Sarge is affected (package doesn't exist in Woody)
CVE-2005-XXXX [SQL injection vulnerability in egroupware in account deletion]
- egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low)
NOTE: Sarge is affected (package doesn't exist in Woody)
CVE-2005-XXXX [Insecure pidfile handling in mailleds]
- mailleds 0.93-11.1 (bug #329365; low)
CVE-2005-XXXX [kdebase uses urandom as an entropy source]
- kdebase <unfixed> (bug #325369; unimportant)
NOTE: Only affects the unofficial BSD/Hurd ports or 2.2 kernels
NOTE: on Linux urandom should provide sufficient entropy
CVE-2005-XXXX [imview: Possible buffer overflow with FITS images]
- imview <unfixed> (bug #326971; unknown)
TODO: Needs further evaluation
CVE-2005-XXXX [freeradius buffer overflows and SQL injection]
- freeradius 1.0.5-1 (medium)
CVE-2005-XXXX [user password file created by gajim is world-redable]
- gajim 0.8.2-1 (bug #325080; low)
CVE-2005-XXXX [mkzopeinstance.py creates world-readable inituser file]
- zope2.7 2.7.8-1 (bug #313644; bug #313621; low)
NOTE: first patch was incorrect
CVE-2005-XXXX [wine-safe does not prompt the user/is registered in mailcap]
- wine 0.0.20050830-1 (bug #327261; bug #327262; high)
CVE-2005-XXXX [Four potentially DoS exploitable deadlocks and leaks in kernel 2.6]
- linux-2.6 2.6.12-6 (low)
CVE-2005-XXXX [osh buffer overflow in handlers.c]
NOTE: This is not the same as -13
- osh 1.7-14 (bug #323424; bug #323482; bug #311369; medium)
CVE-2005-XXXX [Insecure tempfile usage in tleds]
- tleds 1.05beta10-9 (bug #276789; low)
CVE-2005-XXXX [Insecure temp files in firehol]
- firehol 1.231-4 (low)
CVE-2005-XXXX [cplay - still unsafe temporary file handling vulnerable to symlink attacks]
- cplay 1.49-8 (bug #324913; low)
[woody] - cplay <not-affected> (CPLAY_TMP doesn't exist in this version)
NOTE: Sarge is affected
CVE-2005-XXXX [$servers[$i]['disable_anon_bind'] = true doesn't prevent anonymous to access ldap directory]
- phpldapadmin 0.9.6c-5 (bug #322423; low)
CVE-2005-XXXX [DoS against clamav through infinite loop in cli_rmdirs]
- clamav 0.86.2-1 (low)
NOTE: suspect this also affects Sarge, not enough info to know what this is
CVE-2005-XXXX [Buffer overflow in Description parsing]
- bidwatcher <removed> (bug #319489; low)
NOTE: Sarge and Woody affected
NOTE: Package is totally broken due to Ebay changes, so risk is low
CVE-2005-XXXX [Does not do escaping in mysql version - both a worrying flaw and stops adduser working]
- dbmail <unfixed> (bug #303991; medium)
CVE-2005-XXXX [downloads.ini writable by group users, world-readable]
- mldonkey 2.5.28.1-1 (bug #300560; low)
CVE-2005-XXXX [Should include "UNRESTRICTED access to your computer" warning somewhere]
- gcjwebplugin <unfixed> (bug #267040; bug #301134; high)
CVE-2005-XXXX [Inconsistent escaping of user supplied data in dbauthpgsql.c]
- dbmail-pgsql <unfixed> (bug #290833; medium)
CVE-2005-XXXX [time delay of password check proves account existence to attackers]
NOTE: unknown if really a bug; if it is it's different than the previous ssh delay bugs
- ssh <unfixed> (bug #314645; low)
CVE-2005-XXXX [Unspecified buffer overflow in metar]
- metar 20050807.1-1 (unknown)
CVE-2005-XXXX [wine: Unsafe use of temporary files in winelauncher]
- wine 0.0.20050830-1 (bug #321470; low)
CVE-2005-XXXX [DoS to users to prevent usage of showpartial through _hard_ links]
- metamail 2.7-48 (bug #321473; low)
CVE-2005-XXXX [Insecure usage of temporary files in x11perfcomp and other security issues]
- xfree86 <unfixed> (bug #321447; low)
[woody] - xfree86 <no-dsa> (Hardly exploitable)
[sarge] - xfree86 <no-dsa> (Hardly exploitable)
- xorg-x11 <unfixed> (bug #321447; low)
CVE-2005-XXXX [gs-esp: Insecure usage of /tmp in source code]
- gs-esp <unfixed> (bug #291452; unimportant)
NOTE: Not included in the binary package
CVE-2005-XXXX [Format string bug in sysklogd's syslog_tst sources]
NOTE: binary not shipped
- sysklogd <unfixed> (bug #281448; unimportant)
CVE-2005-XXXX [fftw3-dev: Insecure tempfile usage in fftw-wisdom-to-conf script]
- fftw3 3.0.1-12 (low; bug #321566)
CVE-2005-XXXX [clamav-getfile: Insecure use of temporary files]
- clamav-getfiles 0.5-1 (bug #321446; medium)
NOTE: Sarge is affected
CVE-2005-XXXX [libnet-ssleay-perl: /tmp/entropy insecure]
- libnet-ssleay-perl 1.25-1.1 (bug #296112; low)
CVE-2005-XXXX [nvi: init.d recover file security bugs]
- nvi 1.79-22 (bug #298114; medium)
CVE-2005-XXXX [bugzilla: Maintainer's postinst script use temporary files in an unsafe way]
[woody] - bugzilla <not-affected> (Vulnerable script is not present)
[sarge] - bugzilla <not-affected> (Vulnerable script is not present)
- bugzilla 2.18.3-2 (bug #321567; low)
CVE-2005-XXXX [Crypto weakness in Tor's handshaking process]
- tor 0.1.0.14-1 (medium)
CVE-2005-XXXX [DoS against rsync in embedded zlib copy]
NOTE: This is distinct from CVE-2005-2096, please see rsync's 2.6.6 announcement
NOTE: It refers to one the the two vaguely described fixes from zlib 1.2.3
NOTE: I haven't verified this with source so far, but it looks like a DoS
NOTE: This is fixed in zlib 1.2.3, we could check if other apps embedding
NOTE: zlib 1.2 are affected as well
- rsync 2.6.6-1 (low)
CVE-2005-XXXX [SQL injecton vulnerabilities in vpopmail prior to 5.4.6]
NOTE: see http://archives.neohapsis.com/archives/bugtraq/2004-08/0286.html
NOTE: maintainer says does not apply to debian, see #320608
CVE-2005-XXXX [strobe reads file from unsafe directory]
- netdiag 0.7-7.1 (bug #206905; low)
CVE-2005-XXXX [Integer overflow in ffmpeg's MPEG encoding]
- ffmpeg 0.cvs20050811-1 (bug #320150; medium)
CVE-2005-XXXX [xgalaga score file segfault]
- xgalaga 2.0.34-31 (bug #319686; low)
CVE-2005-XXXX [xemeraldia games file overwrite]
- xemeraldia 0.4-1 (bug #319661; low)
CVE-2005-XXXX [fiaif: Package provided cron job updates conf files with access definitions]
NOTE: This doesn't look like a real security issue as cron.daily should only be
NOTE: writable by root, but lets include it as the maintainer considers it an issue
- fiaif 1.19.2-14 (low)
CVE-2005-XXXX [oftpd port DOS]
- oftpd <removed> (bug #307957; low)
NOTE: CVE id requested from mitre
CVE-2005-XXXX [Unspecified issue in moodle's admin/delete.php]
- moodle 1.4.4.dfsg.1-3
CVE-2005-XXXX [gforge arbitrary code execution through viewFile.php]
NOTE: viewFile.php has been removed along with other files in -26, so Debian is
NOTE: no longer affected.
- gforge 3.1-26
CVE-2005-XXXX [osh buffer overflow]
- osh 1.7-13 (bug #311369)
CVE-2005-XXXX [xile buffer overrun in terminal code]
- zile 2.0.4-2
CVE-2005-XXXX [Two DoS condition in ekg]
- ekg 1:1.5+20050411-3
CVE-2005-XXXX [lcrash affected by libbfd integer overflows]
- lcrash 7.0.0.pre.cvs.20050322-3
CVE-2005-XXXX [Multiple security problems in lbreakout2]
- lbreakout2 2.5.2-2
CVE-2005-XXXX [clamav: DoS through multiple empty Content-Disposition header lines]
- clamav 0.85.1-1 (low)
NOTE: Suspect Sarge is affected, not enough information to certify
CVE-2005-XXXX [libxpm4: new s_popen() function is insecure garbage]
- xfree86 4.3.0.dfsg.1-14 (bug #308783)
- xorg-x11 <not-affected> (Xfree-specific, inspected the Subversion tree)
CVE-2005-XXXX [Buffer overflow in libotr]
- libotr 2.0.2-1
CVE-2005-XXXX [vpnc: config file path security hole]
- vpnc 0.3.2+SVN20050326-2
CVE-2005-XXXX [Several buffer overflows in termpkg]
- termpkg 3.3-2
CVE-2005-XXXX [Integer overflow in binutils' ELF parsing]
NOTE: 2.16.1cvs20050902-1 mentions this in the changelog as well, but it's
NOTE: already fixed since 2.15-6
- binutils 2.15-6
CVE-2005-XXXX [kmd affected by binutils's ELF parser vulnerability]
- kmd 0.9.19-1.1
CVE-2005-XXXX [unrar: opens /tmp/debug_unrar.txt]
NOTE: Source package has been renamed from unrar to unrar-free
- unrar-free 1:0.0.1-2
CVE-2005-XXXX [race condition with a buffered temp file]
- pysvn 1.1.2-3
CVE-2005-XXXX [mailutils: sql injection vulnerability in sql authentication module]
- mailutils 1:0.6.1-2
CVE-2005-XXXX [maradns: More frequent rekeying to mitigate possible AES attacks]
- maradns 1.0.27-1
CVE-2005-XXXX [Possible SQL injection in freeradius]
- freeradius 1.0.2-4
CVE-2005-XXXX [Directory traversal in unzoo]
- unzoo 4.4-4
CVE-2005-XXXX [Logging bypassing through SIGHUP in syslog-ng]
- syslog-ng 1.6.5-2.1
CVE-2005-XXXX [trackballs: Follows symlinks as gid games]
- trackballs 1.1.1-1 (bug #302454; medium)
NOTE: CVE request sent to mitre (who sent this? any response?)
NOTE: Trackballs doesn't run as gid games anymore, high-score files are
NOTE: stored in user's home directories instead.
TODO: check possibility of exploitation via scripting language,
TODO: as mentioned in the bug report as a separate issue
CVE-2005-XXXX [Less secure default setting in pwgen or the lack documentation about it]
- pwgen 2.04-1
CVE-2005-XXXX [Missing input validation in xtradius]
- xtradius 1.2.1-beta2-2 (bug #307796; unimportant)
CVE-2005-XXXX [fai tempfile vulnerability]
- fai 2.8.2
CVE-2005-XXXX [Buffer overflow in elog's header buffer]
- elog 2.5.7+r1558-3 (bug #349528; high)
CVE-2005-XXXX [Unspeficied security issue in ipsec-tool's single DES support]
- ipsec-tools 1:0.5.2-1
CVE-2005-XXXX [Insecure mailbox generation in passwd's useradd]
- shadow 4.0.8
[sarge] - shadow <not-affected> (was introduced after version 4.0.3)
[woody] - shadow <not-affected> (was introduced after version 4.0.3)
CVE-2005-XXXX [Insecure tempfile generation in shadow's vipw]
- shadow 1:4.0.3-33
CVE-2005-XXXX [Unspecified buffer overflow in Convert::UUlib perl module]
- libconvert-uulib-perl 1.0.5.1-1
CVE-2005-XXXX [libpam-ssh: Inproper caching of pwd data with potential security implications]
- libpam-ssh 1.91.0-9
CVE-2005-XXXX [Remote DoS vulnerabilities in postgrey]
- postgrey 1.21-1
CVE-2005-XXXX [Some security issues in mod_security]
NOTE: I don't understand mod_security fully, so I'm not entirely sure which of
NOTE: the changelog entries matches the security criteria, but the changelog
NOTE: claims so.
- libapache-mod-security 1.8.7-1
CVE-2005-XXXX [imms: Arbitrary command execution through inproper filename escaping]
NOTE: Already fixed in 2.0.1-3.1, but 2.0.3 claims to have a better fix
- imms 2.0.3-1
CVE-2005-XXXX [Variable function calls in Smarty allow bypassing security settings]
- smarty 2.6.9-1
CVE-2005-XXXX [Possible problem with insecure usage of sscanf in obexftp client]
- obexftp 0.10.7-3
CVE-2005-XXXX [Insecure tempfile handling in openwebmail CGI scripts]
- openwebmail <removed>
CVE-2005-XXXX [Several DoS possibilities of clients against the server in Freeciv]
- freeciv 2.0.1-1
CVE-2005-XXXX [mailscanner: lock/pid file location symlink attack]
- mailscanner 4.40.11-1
CVE-2005-XXXX [KDE Kopete ICQ remote DoS]
- kdenetwork 4:3.3.2-2
CVE-2005-XXXX [Various /tmp related security issues in cernlib]
- cernlib 2004.11.04-3
CVE-2005-XXXX [Connection related DoS possibility in OmniORB 4]
- omniorb4 4.0.5-2
CVE-2002-XXXX [Cross-Site-Scripting in Bugzilla]
- bugzilla 2.16.2-1
CVE-2002-XXXX [Multiple buffer overflows in gtetrinet]
- gtetrinet 0.4.4-1
|
