author: Oliver Eikemeier <eik@FreeBSD.org> 2004-09-07 10:44:11 +0000
committer: Oliver Eikemeier <eik@FreeBSD.org> 2004-09-07 10:44:11 +0000
commit: 1ea7e0e9009f571ca310b37bd0fa94d3da72ff8b (patch)
tree: d3c045ba6f195eba7466bc821357f1468b17d910 /ports-mgmt/portaudit-db
parent: f8df20da12606a90d2bf75caa74c1c6a26508ade (diff)
download: ports-1ea7e0e9009f571ca310b37bd0fa94d3da72ff8b.tar.gz
ports-1ea7e0e9009f571ca310b37bd0fa94d3da72ff8b.zip
2 files changed, 42 insertions, 8 deletions
diff --git a/ports-mgmt/portaudit-db/database/portaudit.txt b/ports-mgmt/portaudit-db/database/portaudit.txt
index d34dbf954214..79095d81d9fa 100644
--- a/ports-mgmt/portaudit-db/database/portaudit.txt
+++ b/ports-mgmt/portaudit-db/database/portaudit.txt
@@ -63,16 +63,14 @@ sympa<4.1.2|http://secunia.com/advisories/12286 http://www.sympa.org/release.htm
 phpgedview<2.65.5|http://sourceforge.net/forum/forum.php?forum_id=344342 http://secunia.com/advisories/10602 http://www.osvdb.org/3473 http://www.osvdb.org/3474 http://www.osvdb.org/3475 http://www.osvdb.org/3476 http://www.osvdb.org/3477 http://www.osvdb.org/3478 http://www.osvdb.org/3479 http://www.osvdb.org/3480 http://www.osvdb.org/3481 http://www.osvdb.org/3482 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0067 http://www.securityfocus.com/archive/1/349698|phpGedView: muliple vulnerabilities|c35d4cae-eed0-11d8-81b0-000347a4fa7d
 {ja-,}phpgroupware<0.9.14.007|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0016 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0017 http://www.securityfocus.com/bid/9386 http://www.securityfocus.com/bid/9387 http://xforce.iss.net/xforce/xfdb/13489 http://xforce.iss.net/xforce/xfdb/14846 http://www.osvdb.org/2691 http://www.osvdb.org/6857 http://secunia.com/advisories/10046|phpGroupWare calendar and infolog SQL injection, calendar server side script execution|96fc0f03-ef13-11d8-81b0-000347a4fa7d
 {ja-,}phpgroupware<0.9.16.002|http://freshmeat.net/releases/168144 http://www.osvdb.org/8354 http://xforce.iss.net/xforce/xfdb/16970|phpGroupWare stores passwords in plain text|82f16a40-ef12-11d8-81b0-000347a4fa7d
-gallery<1.4.4.1|http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0757.html http://xforce.iss.net/xforce/xfdb/17021 http://www.osvdb.org/9019 http://secunia.com/advisories/12316|Gallery arbitrary PHP file upload|031663de-f0a6-11d8-81b0-000347a4fa7d
+gallery<1.4.4.1|http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0757.html http://xforce.iss.net/xforce/xfdb/17021 http://www.osvdb.org/9019 http://secunia.com/advisories/12316 http://www.securityfocus.com/bid/10968|Gallery arbitrary PHP file upload|031663de-f0a6-11d8-81b0-000347a4fa7d
 apache>=2.*<2.0.50_2|http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0751 http://issues.apache.org/bugzilla/show_bug.cgi?id=30134 http://issues.apache.org/bugzilla/show_bug.cgi?id=27945 http://issues.apache.org/bugzilla/show_bug.cgi?id=29690|potential security flaws in mod_ssl|0e08f539-f151-11d8-81b0-000347a4fa7d
 a2ps-{a4,letter,letterdj}<4.13b_2|http://www.freebsd.org/cgi/query-pr.cgi?pr=70618 http://secunia.com/advisories/12375 http://www.osvdb.org/9176 http://www.securityfocus.com/bid/11025|a2ps: Possible execution of shell commands as local user|8091fcea-f35e-11d8-81b0-000347a4fa7d
-{ja-,}xv<=3.10a_3|http://secunia.com/advisories/12352 http://www.securityfocus.com/archive/1/372345 http://www.osvdb.org/9115 http://www.osvdb.org/9118 http://www.osvdb.org/9119 http://www.osvdb.org/9120|multiple buffer overflows in xv|34c453ba-f686-11d8-81b0-000347a4fa7d
+{ja-,}xv<=3.10a_3|http://secunia.com/advisories/12352 http://www.securityfocus.com/archive/1/372345 http://www.osvdb.org/9115 http://www.osvdb.org/9118 http://www.osvdb.org/9119 http://www.osvdb.org/9120 http://www.securityfocus.com/bid/10985|multiple buffer overflows in xv|34c453ba-f686-11d8-81b0-000347a4fa7d
 nss<3.9|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0564 http://secunia.com/advisories/11096 http://www.osvdb.org/4197|Mozilla / NSS S/MIME DoS vulnerability|65532ad9-f69b-11d8-81b0-000347a4fa7d
-cdrtools<2.0.3_4|ftp://ftp.berlios.de/pub/cdrecord/alpha/AN-2.01a38|security bug in rscsi client code|fdbbed57-f933-11d8-a776-00e081220a76
-cdrtools-cjk<2.0.3.20030714_4|ftp://ftp.berlios.de/pub/cdrecord/alpha/AN-2.01a38|security bug in rscsi client code|fdbbed57-f933-11d8-a776-00e081220a76
-cdrtools-devel<2.01a38|ftp://ftp.berlios.de/pub/cdrecord/alpha/AN-2.01a38|security bug in rscsi client code|fdbbed57-f933-11d8-a776-00e081220a76
 {ja-,ru-,}gaim<0.82|http://www.osvdb.org/9261 http://www.osvdb.org/9262 http://www.osvdb.org/9263 http://www.osvdb.org/9264 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0754 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0785 http://www.securityfocus.com/bid/11056 http://gaim.sourceforge.net/security/index.php|multiple vulnerabilities in gaim|8b29b312-fa6e-11d8-81b0-000347a4fa7d
 {ja-,}samba<2.2.11.*|http://www.samba.org/samba/history/samba-2.2.11.html http://secunia.com/advisories/12397 http://www.osvdb.org/9362|samba printer change notification request DoS|d8ce23a5-fadc-11d8-81b0-000347a4fa7d
-squid>=2.5.*<2.5.6_7|http://secunia.com/advisories/12444 http://www.squid-cache.org/bugs/show_bug.cgi?id=1045|squid ntlm authentication helper DoS|7c351421-fdbd-11d8-81b0-000347a4fa7d
-FreeBSD>=502120<503000|http://secunia.com/advisories/11129 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0797 http://www.osvdb.org/9360 http://www.osvdb.org/9361|zlib DoS vulnerability|1b98165f-fdd9-11d8-81b0-000347a4fa7d
-FreeBSD>=600000<600001|http://secunia.com/advisories/11129 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0797 http://www.osvdb.org/9360 http://www.osvdb.org/9361|zlib DoS vulnerability|1b98165f-fdd9-11d8-81b0-000347a4fa7d
+squid>=2.5.*<2.5.6_7|http://secunia.com/advisories/12444 http://www.squid-cache.org/bugs/show_bug.cgi?id=1045 http://www.securityfocus.com/bid/11098|Squid NTLM authentication helper DoS|7c351421-fdbd-11d8-81b0-000347a4fa7d
+FreeBSD>=502120<503000|http://secunia.com/advisories/11129 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0797 http://www.osvdb.org/9360 http://www.osvdb.org/9361 http://www.securityfocus.com/bid/11051|zlib DoS vulnerability|1b98165f-fdd9-11d8-81b0-000347a4fa7d
+FreeBSD>=600000<600001|http://secunia.com/advisories/11129 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0797 http://www.osvdb.org/9360 http://www.osvdb.org/9361 http://www.securityfocus.com/bid/11051|zlib DoS vulnerability|1b98165f-fdd9-11d8-81b0-000347a4fa7d
+{ja-,}phpgroupware<0.9.16.003|http://secunia.com/advisories/12466 http://phpgroupware.org/ http://www.osvdb.org/9729 http://freshmeat.net/releases/171909|XSS vulnerability in phpGroupWare wiki module|64726098-00aa-11d9-81b0-000347a4fa7d
diff --git a/ports-mgmt/portaudit-db/database/portaudit.xml b/ports-mgmt/portaudit-db/database/portaudit.xml
index 5d49a25af892..2bb28014dd18 100644
--- a/ports-mgmt/portaudit-db/database/portaudit.xml
+++ b/ports-mgmt/portaudit-db/database/portaudit.xml
@@ -1060,10 +1060,46 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
       <url>http://www.osvdb.org/9521</url>
       <url>http://www.osvdb.org/9522</url>
       <bid>10354</bid>
+      <bid>11093</bid>
+      <url>http://rhn.redhat.com/errata/RHSA-2004-323.html</url>
     </references>
     <dates>
       <discovery>2004-05-19</discovery>
       <entry>2004-09-03</entry>
     </dates>
   </vuln>
+
+  <vuln vid="fdbbed57-f933-11d8-a776-00e081220a76">
+    <topic>cdrtools local privilege escalation</topic>
+    <affects>
+      <package>
+        <name>cdrtools</name>
+        <range><lt>2.0.3_4</lt></range>
+      </package>
+      <package>
+        <name>cdrtools-cjk</name>
+        <range><lt>2.0.3.20030714_4</lt></range>
+      </package>
+      <package>
+        <name>cdrtools-devel</name>
+        <range><lt>2.01a38</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+        <p>Max Vozeler found a flaw in in cdrecord allowing a local root exploit</p>
+      </body>
+    </description>
+    <references>
+      <url>ftp://ftp.berlios.de/pub/cdrecord/alpha/AN-2.01a38</url>
+      <url>http://www.osvdb.org/9395</url>
+      <cvename>CAN-2004-0806</cvename>
+      <mlist msgid="E1C0yA3-0002cc-00@newraff.debian.org">http://lists.debian.org/debian-devel-changes/2004/08/msg03421.html</mlist>
+      <bid>11075</bid>
+    </references>
+    <dates>
+      <discovery>2004-08-28</discovery>
+      <entry>2004-08-30</entry>
+    </dates>
+  </vuln>
 </vuxml>
author	Oliver Eikemeier <eik@FreeBSD.org>	2004-09-07 10:44:11 +0000
committer	Oliver Eikemeier <eik@FreeBSD.org>	2004-09-07 10:44:11 +0000
commit	1ea7e0e9009f571ca310b37bd0fa94d3da72ff8b (patch)
tree	d3c045ba6f195eba7466bc821357f1468b17d910 /ports-mgmt/portaudit-db
parent	f8df20da12606a90d2bf75caa74c1c6a26508ade (diff)
download	ports-1ea7e0e9009f571ca310b37bd0fa94d3da72ff8b.tar.gz ports-1ea7e0e9009f571ca310b37bd0fa94d3da72ff8b.zip