|
Bug #107350: pptpd freeze/disconnect
|
 CVE-2007-0244 |
|
pptpd (Ubuntu Gutsy)
|
Fix released, assigned to Kees Cook
|
|
Bug #113725: Cross site scripting in HTML filter
|
CVE-2007-1262 |
|
squirrelmail (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
Bug #117988: Remote attack in OLE parser and PDF handler
|
CVE-2007-2029
CVE-2007-2650 |
|
clamav (Ubuntu Gutsy)
|
Fix released, assigned to Efrain Valles
|
|
Bug #118855: CVE-2007-2948: Stack overflow in mplayer cddb handling
|
CVE-2007-2948 |
|
mplayer (Ubuntu Gutsy)
|
Fix released, assigned to William Grant
|
|
Bug #120400: heap overflow in OpenOffice.org RTF parsing routine
|
CVE-2007-0245 |
|
openoffice.org (Ubuntu Gutsy)
|
Fix released, assigned to Matthias Klose
|
|
Bug #121780: DoS via local buffer overflow
|
CVE-2007-3374 |
|
redhat-cluster-suite (Ubuntu Gutsy)
|
Fix released, assigned to Fabio Massimo Di Nitto
|
|
Bug #122207: vlc before 0.8.6c allows arbitrary code execution via a multitude of vectors
|
CVE-2007-0256
CVE-2007-3316
CVE-2007-3467
CVE-2007-3468 |
|
vlc (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
Bug #132161: vulnerable to CVE-2007-2165
|
CVE-2007-2165 |
|
proftpd (Ubuntu Gutsy)
|
Invalid (unassigned)
|
|
proftpd-dfsg (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
Bug #133569: regex error causes hosts to not be denied
|
CVE-2007-4323
CVE-2007-5715 |
|
denyhosts (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
Bug #135332: TCP wrapper not working ?
|
CVE-2007-4601 |
|
tcp-wrappers (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
Bug #136302: Sylpheed POP3 Format String Vulnerability
|
CVE-2007-2958 |
|
claws-mail (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
sylpheed (Ubuntu Gutsy)
|
Invalid (unassigned)
|
|
sylpheed-claws (Ubuntu Gutsy)
|
Invalid (unassigned)
|
|
sylpheed-claws-gtk2 (Ubuntu Gutsy)
|
Invalid (unassigned)
|
|
Bug #136687: buffer overflow in w_read function (possible DoS and execution of arbitary code)
|
CVE-2007-3791 |
|
postfix-policyd (Ubuntu Gutsy)
|
Fix released, assigned to Daniel Hahler
|
|
Bug #138819: wordpress 2.2.3 is out: security release
|
CVE-2007-4893 |
|
wordpress (Ubuntu Gutsy)
|
Fix released, assigned to William Grant
|
|
Bug #140707: [Qt 3, Qt 4] Potential vulnerability in QUtf8Decoder
|
CVE-2007-4137 |
|
qt-x11-free (Ubuntu Gutsy)
|
Fix released, assigned to Jonathan Riddell
|
|
qt4-x11 (Ubuntu Gutsy)
|
Fix released, assigned to Jonathan Riddell
|
|
Bug #140891: [mplayer] Heap overflow causes potential arbitrary code execution
|
CVE-2007-4938 |
|
kmplayer (Ubuntu Gutsy)
|
Invalid (unassigned)
|
|
mplayer (Ubuntu Gutsy)
|
Fix released, assigned to William Grant
|
|
Bug #141378: [Security] KDM Password-less login vulnerability
|
CVE-2007-4569 |
|
kdebase (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
Bug #144425: [ImageMagick] security issues with releases prior to 6.3.5-9
|
CVE-2007-4985
CVE-2007-4986
CVE-2007-4987
CVE-2007-4988 |
|
imagemagick (Ubuntu Gutsy)
|
Fix released, assigned to Kees Cook
|
|
graphicsmagick (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #145123: Keyboard shortcut works even when the screen is locked
|
CVE-2007-3920 |
|
gnome-screensaver (Ubuntu Gutsy)
|
Fix released, assigned to Michael Vogt
|
|
compiz (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
Bug #146269: [openssl security] OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow
|
CVE-2007-3108
CVE-2007-5135 |
|
openssl (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
openssl097 (Ubuntu Gutsy)
|
Invalid (unassigned)
|
|
Bug #148940: [X font server] integer overflow and heap corruption vulnerability
|
CVE-2007-4568 |
|
xfs (Ubuntu Gutsy)
|
Fix released, assigned to Bryce Harrington
|
|
Bug #149121: hpssd vulnerable to command injection
|
CVE-2007-5208 |
|
hplip (Ubuntu Gutsy)
|
Fix released, assigned to Kees Cook
|
|
Bug #149616: Net::HTTPS Vulnerability
|
CVE-2007-5162
CVE-2007-5770 |
|
ruby1.8 (Ubuntu Gutsy)
|
Fix released, assigned to Stephan Rügamer
|
|
ruby1.9 (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #150848: [CVE-2007-5226] dircproxy segfault on blank /me
|
CVE-2007-5226 |
|
dircproxy (Ubuntu Gutsy)
|
Fix released, assigned to Stephan Rügamer
|
|
Bug #151946: CVE-2007-5300 remote denial of service
|
CVE-2007-0428
CVE-2007-5300 |
|
wzdftpd (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
Bug #152741: network performance and cpu usage in gutsy vs feisty
|
CVE-2007-6694
CVE-2008-0007
CVE-2008-1375
CVE-2008-1669 |
|
linux (Ubuntu Gutsy)
|
Invalid (unassigned)
|
|
linux-source-2.6.22 (Ubuntu Gutsy)
|
Fix released, assigned to Tim Gardner
|
|
Bug #153135: possible vulnerabilities in pennmush cause DoS
|
CVE-2007-1431 |
|
pennmush (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #153218: install ghostscript-doc error
|
CVE-2007-2721 |
|
ghostscript (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
Bug #154393: [Firefox] security update release 2.0.0.8 available from upstream
|
CVE-2006-2894
CVE-2007-1095
CVE-2007-2292
CVE-2007-3511
CVE-2007-4841
CVE-2007-5334
CVE-2007-5337
CVE-2007-5338
CVE-2007-5339
CVE-2007-5340 |
|
firefox (Ubuntu Gutsy)
|
Fix released, assigned to Kees Cook
|
|
Bug #157903: security vulnerabiity in django i18n system
|
CVE-2007-5712 |
|
python-django (Ubuntu Gutsy)
|
Fix released, assigned to William Grant
|
|
Bug #158400: [CVE-2007-4999] pidgin HTML Processing Denial of Service
|
CVE-2007-4996
CVE-2007-4999 |
|
pidgin (Ubuntu Gutsy)
|
Fix released, assigned to Kees Cook
|
|
Bug #158414: denial of service in wesnoth client and server prior 1.2.7 release
|
CVE-2007-3917 |
|
wesnoth (Ubuntu Gutsy)
|
Fix released, assigned to Kees Cook
|
|
Bug #160454: [pcre3] several security issues in Perl-Compatible Regular Expression library
|
CVE-2006-7227
CVE-2006-7228
CVE-2006-7230
CVE-2007-1659
CVE-2007-1660
CVE-2007-1661
CVE-2007-1662
CVE-2007-4766
CVE-2007-4767
CVE-2007-4768 |
|
pcre3 (Ubuntu Gutsy)
|
Fix released, assigned to Kees Cook
|
|
Bug #161173: [CVE-2007-4476] cpio is affected by this CVE as tar.
|
CVE-2007-4476 |
|
cpio (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
Bug #162171: [CVE-2007-4752] ssh in OpenSSH before 4.7 does not properly handle...
|
CVE-2007-4752 |
|
openssh (Ubuntu Gutsy)
|
Fix released, assigned to Stephan Rügamer
|
|
Bug #162295: CVE-2007-5839: Insecure temporary file creation
|
CVE-2007-5839 |
|
ircii-pana (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #162296: CVE-2007-4584 stack based buffer overflow via long MODE command
|
CVE-2007-4584 |
|
ircii-pana (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #162351: CVE-2007-5837: Code injection through badly formatted URL
|
CVE-2007-5837 |
|
yarssr (Ubuntu Gutsy)
|
Fix released, assigned to William Grant
|
|
Bug #162406: CVE-2007-4323: DoS via log injection
|
CVE-2007-4323
CVE-2007-5715 |
|
denyhosts (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
Bug #162511: [CVE-2007-5395] link-grammar is vulnerable
|
CVE-2007-5395 |
|
link-grammar (Ubuntu Gutsy)
|
Fix released, assigned to Kees Cook
|
|
Bug #162520: [CVE-2005-4790] tomboy has an untrusted search path
|
CVE-2005-4790 |
|
tomboy (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
Bug #162543: CVE-2007-5740: format string vulnerability
|
CVE-2007-5740 |
|
perdition (Ubuntu Gutsy)
|
Fix released, assigned to Stephan Rügamer
|
|
Bug #162599: few serious security issues for phpMyAdmin
|
CVE-2006-6942
CVE-2006-6944
CVE-2007-1325
CVE-2007-1395
CVE-2007-2245
CVE-2007-5386
CVE-2007-5589
CVE-2007-5976
CVE-2007-5977
CVE-2007-6100 |
|
phpmyadmin (Ubuntu Gutsy)
|
Fix released, assigned to William Grant
|
|
Bug #162602: [CVE-2007-5200] hugin allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
|
CVE-2007-5200 |
|
hugin (Ubuntu Gutsy)
|
Fix released, assigned to Stephan Rügamer
|
|
Bug #162826: [Mono] Buffer overflow in Mono 1.2.5.1 and earlier
|
CVE-2007-5197 |
|
mono (Ubuntu Gutsy)
|
Fix released, assigned to Kees Cook
|
|
Bug #163056: CVE-2007-5933: Remote denial of service
|
CVE-2007-5933
CVE-2007-6010 |
|
pioneers (Ubuntu Gutsy)
|
Fix released, assigned to William Grant
|
|
Bug #163492: CVE-2007-4650: Unauthorised editing of item properties
|
CVE-2007-4650 |
|
gallery2 (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #163740: [CVE-2007-5707] OpenLDAP before 2.3.39 allows remote attackers to cause a denial of service (slapd crash)
|
CVE-2007-5707 |
|
openldap2.2 (Ubuntu Gutsy)
|
Invalid (unassigned)
|
|
openldap2.3 (Ubuntu Gutsy)
|
Fix released, assigned to Jamie Strandboge
|
|
Bug #163832: [rails] Several vulnerabilities allowing for file disclosure and theft of user credentials
|
CVE-2007-3227
CVE-2007-5379
CVE-2007-5380
CVE-2007-6077 |
|
rails (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #163833: [tikiwiki] Multiple vulnerabilities possibly resulting in the remote execution of arbitrary code
|
CVE-2006-2635
CVE-2006-6457
CVE-2007-4554
CVE-2007-5423
CVE-2007-5682 |
|
tikiwiki (Ubuntu Gutsy)
|
Fix released, assigned to Stephan Rügamer
|
|
Bug #163845: [python] Multiple integer overflow vulnerabilities possibly resulting in the execution of arbitrary code or DoS
|
CVE-2007-4965 |
|
python2.2 (Ubuntu Gutsy)
|
Invalid (unassigned)
|
|
python2.3 (Ubuntu Gutsy)
|
Invalid (unassigned)
|
|
python2.4 (Ubuntu Gutsy)
|
Fix released, assigned to Stephan Rügamer
|
|
python2.5 (Ubuntu Gutsy)
|
Fix released, assigned to Stephan Rügamer
|
|
Bug #164007: [net-snmp] remote Denial of Service vulnerability
|
CVE-2007-5846 |
|
net-snmp (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
Bug #164072: [CVE-2007-6035] cacti has a sql injection vulnerability
|
CVE-2007-3112
CVE-2007-3113
CVE-2007-6035 |
|
cacti (Ubuntu Gutsy)
|
Fix released, assigned to Stephan Rügamer
|
|
Bug #164231: NFS regression causes subsequent mounts from same superblock to silently use previous mount options
|
CVE-2006-6058
CVE-2007-3107
CVE-2007-4567
CVE-2007-4849
CVE-2007-4997
CVE-2007-5093
CVE-2007-5500
CVE-2007-5501
CVE-2007-5966
CVE-2007-6063
CVE-2007-6151
CVE-2007-6206
CVE-2007-6417
CVE-2008-0001 |
|
linux-source-2.6.22 (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
linux (Ubuntu Gutsy)
|
Invalid (unassigned)
|
|
linux-source-2.6.20 (Ubuntu Gutsy)
|
Invalid (unassigned)
|
|
Bug #164501: more security issues with wireshark from 0.99.6 down to ...
|
CVE-2007-6111
CVE-2007-6112
CVE-2007-6113
CVE-2007-6114
CVE-2007-6115
CVE-2007-6116
CVE-2007-6117
CVE-2007-6118
CVE-2007-6119
CVE-2007-6120
CVE-2007-6121 |
|
wireshark (Ubuntu Gutsy)
|
Fix released, assigned to Stephan Rügamer
|
|
Bug #165247: PHP and Apache segfault on db4 - not linked to the same version of the db library
|
CVE-2007-2519 |
|
php5 (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
Bug #172260: [mysql] multiple vulnerabilities
|
CVE-2007-2583
CVE-2007-2691
CVE-2007-2692
CVE-2007-3780
CVE-2007-3781
CVE-2007-3782
CVE-2007-5925
CVE-2007-5969
CVE-2007-6303
CVE-2008-0226
CVE-2008-0227 |
|
mysql-dfsg (Ubuntu Gutsy)
|
Invalid (unassigned)
|
|
mysql-dfsg-4.1 (Ubuntu Gutsy)
|
Invalid (unassigned)
|
|
mysql-dfsg-5.0 (Ubuntu Gutsy)
|
Fix released, assigned to Jamie Strandboge
|
|
mysql-dfsg-5.1 (Ubuntu Gutsy)
|
Invalid (unassigned)
|
|
Bug #172265: [feynmf] Insecure temporary file creation
|
CVE-2007-5940 |
|
feynmf (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
Bug #172277: [CVE-2007-6110] Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6
|
CVE-2007-6110 |
|
htdig (Ubuntu Gutsy)
|
Fix released, assigned to William Grant
|
|
Bug #172283: [wireshark] multiple vulnerabilities
|
CVE-2007-6438
CVE-2007-6439
CVE-2007-6441
CVE-2007-6450
CVE-2007-6451
CVE-2008-1070
CVE-2008-1071
CVE-2008-1072 |
|
wireshark (Ubuntu Gutsy)
|
Fix released, assigned to Emanuele Gentili
|
|
Bug #172440: [CVE-2007-6013] Authentication cookies easily derivable from password hash
|
CVE-2007-6013 |
|
wordpress (Ubuntu Gutsy)
|
Won't fix, assigned to Emanuele Gentili
|
|
Bug #172518: [firefox] regression in recent update to 2.0.0.10
|
CVE-2007-5947
CVE-2007-5959
CVE-2007-5960 |
|
firefox (Ubuntu Gutsy)
|
Fix released, assigned to Alexander Sack
|
|
Bug #172783: wesnoth exploit allows others to view the content of files on a remote computer
|
CVE-2007-3917
CVE-2007-5742 |
|
wesnoth (Ubuntu Gutsy)
|
Fix released, assigned to Kees Cook
|
|
Bug #173153: [CVE-2007-6061] Denial of service and deletion of an arbitrary directory tree via symlink attack
|
CVE-2007-6061 |
|
audacity (Ubuntu Gutsy)
|
Fix released, assigned to Kees Cook
|
|
Bug #173164: [CVE-2007-6062] Denial of service via JOIN command without channel
|
CVE-2007-6062 |
|
ngircd (Ubuntu Gutsy)
|
Fix released, assigned to William Grant
|
|
Bug #173203: [CVE-2007-6077] Potential session fixation attack
|
CVE-2007-6077 |
|
rails (Ubuntu Gutsy)
|
Fix released, assigned to William Grant
|
|
Bug #173377: [CVE-2007-44{08,1[01]}] Various vulnerabilities in ircd-ircu before 2.10.12.06
|
CVE-2007-4408
CVE-2007-4410
CVE-2007-4411 |
|
ircd-ircu (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #173610: [asterisk] [CVE-2007-6170] missing input sanitising
|
CVE-2007-6170 |
|
asterisk (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #173881: the option "turn_cmd" can stall a computer or maybe start another application
|
CVE-2007-3917
CVE-2007-5742
CVE-2007-6201 |
|
wesnoth (Ubuntu Gutsy)
|
Fix released, assigned to Stephan Rügamer
|
|
Bug #173948: [CVE-2007-6211] sing in debian is vulnerable
|
CVE-2007-6211 |
|
sing (Ubuntu Gutsy)
|
Fix released, assigned to Stephan Rügamer
|
|
Bug #174112: [openoffice.org] [CVE-2007-4575] Potential arbitrary code execution vulnerability in 3rd party module (HSQLDB)
|
CVE-2007-4575 |
|
openoffice.org (Ubuntu Gutsy)
|
Fix released, assigned to Kees Cook
|
|
Bug #174177: [emacs] [CVE-2007-6109] buffer overflow
|
CVE-2007-6109
CVE-2008-1694 |
|
emacs21 (Ubuntu Gutsy)
|
Fix released, assigned to Jamie Strandboge
|
|
emacs22 (Ubuntu Gutsy)
|
Fix released, assigned to Jamie Strandboge
|
|
Bug #174352: [CVE-2007-6239] squid-2.X and squid-3.x are vulnerable
|
CVE-2007-6239 |
|
squid (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
squid3 (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
Bug #174356: [zabbix] [CVE-2007-6210] privilege escalation
|
CVE-2007-6210 |
|
zabbix (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #174615: [heimdal] [CVE-2007-5939] possible remote vulnerability of unknown impact via an invalid username
|
CVE-2007-5939 |
|
heimdal (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #175319: [sitebar] Several remote vulnerabilities
|
CVE-2007-5491
CVE-2007-5492
CVE-2007-5692
CVE-2007-5693
CVE-2007-5694
CVE-2007-5695 |
|
sitebar (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #175505: [tomcat5] multiple vulnerabilities
|
CVE-2007-0450
CVE-2007-2449
CVE-2007-2450
CVE-2007-3382
CVE-2007-3385
CVE-2007-3386
CVE-2007-5342
CVE-2007-5461
CVE-2008-0128 |
|
tomcat5 (Ubuntu Gutsy)
|
Invalid (unassigned)
|
|
tomcat5.5 (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #175827: [ruby-gnome2] [CVE-2007-6183] improper input sanitizing / format string vulnerability
|
CVE-2007-6183 |
|
ruby-gnome2 (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #176175: CVE-2007-6263: security vulnerability in linux-ftpd-ssl
|
CVE-2007-6263 |
|
linux-ftpd-ssl (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #176927: [ia32-libs-kde] Qt vulnerabilities inherited?
|
CVE-2006-4811
CVE-2007-3388
CVE-2007-4137 |
|
ia32-libs-kde (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #177075: [Gutsy SRU Request] CUPS 1.3.x lists network interfaces only at startup (regression)
|
CVE-2007-5849
CVE-2007-6358 |
|
cupsys (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
Bug #177537: Remote Code Execution
|
CVE-2007-6335
CVE-2007-6336
CVE-2007-6337 |
|
clamav (Ubuntu Gutsy)
|
Fix released, assigned to Leonel Nunez
|
|
Bug #180299: [tar] [CVE-2007-4476] Buffer overflow
|
CVE-2007-4476 |
|
tar (Ubuntu Gutsy)
|
Fix released, assigned to Jamie Strandboge
|
|
Bug #180300: [typo3-src] [CVE-2007-6381] SQL injection vulnerability
|
CVE-2007-6381 |
|
typo3-src (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #180303: [peercast] [CVE-2007-6454] buffer overflow, remote vulnerability allowing DoS or arbitrary code execution
|
CVE-2007-6454 |
|
peercast (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #180702: Multiple vulnerabilities allow XSS and reading of arbitrary files
|
CVE-2007-6526
CVE-2007-6528
CVE-2007-6529 |
|
tikiwiki (Ubuntu Gutsy)
|
Fix released, assigned to Emanuele Gentili
|
|
Bug #181416: SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318
|
CVE-2007-6318 |
|
wordpress (Ubuntu Gutsy)
|
Fix released, assigned to Kees Cook
|
|
Bug #181714: [libexiv2] [CVE-2007-6353] possibility of arbitrary code execution
|
CVE-2007-6353 |
|
exiv2 (Ubuntu Gutsy)
|
Fix released, assigned to Kees Cook
|
|
Bug #181720: [postgresql] multiple vulnerabilities
|
CVE-2007-3278
CVE-2007-4769
CVE-2007-4772
CVE-2007-6067
CVE-2007-6600
CVE-2007-6601 |
|
postgresql (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
Bug #181722: [fail2ban] [CVE-2007-4321] DoS vulnerability
|
CVE-2007-4321 |
|
fail2ban (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
Bug #181830: CVE-2007-6337 Unknown impact remote attack
|
CVE-2007-6337 |
|
clamav (Ubuntu Gutsy)
|
Fix released, assigned to Kees Cook
|
|
Bug #181984: Drupal5: SA-2007-031, SA-2008-005,SA-2008-006: SQL injection and XSS
|
CVE-2007-6299
CVE-2008-0272
CVE-2008-0273 |
|
drupal5 (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
drupal (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #183389: [SECURITY] CVE-2007-6437 prone to denial of service attack
|
CVE-2007-6437 |
|
syslog-ng (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
Bug #185021: [mantis] [CVE-2006-6574] [CVE-2007-6611] remote vulnerabilities
|
CVE-2006-6574
CVE-2007-6611 |
|
mantis (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #185034: [xine-lib] [CVE-2008-0225] insufficient input sanitising during the handling of RTSP streams
|
CVE-2008-0225
CVE-2008-0238 |
|
xine-lib (Ubuntu Gutsy)
|
Fix released, assigned to Jamie Strandboge
|
|
Bug #185035: [scponly] [CVE-2007-6350] [CVE-2007-6415] design flaw may lead to execution of arbitrary commands
|
CVE-2007-6350
CVE-2007-6415 |
|
scponly (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #185534: [SECURITY] Fix unchecked setuid() return values (feisty-security, gutsy)
|
CVE-2008-0008 |
|
pulseaudio (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
Bug #185782: Buffer overflow in GIF and IFF ILBM handling
|
CVE-2007-6697
CVE-2008-0544 |
|
sdl-image1.2 (Ubuntu Gutsy)
|
Fix released, assigned to Kees Cook
|
|
Bug #186578: [libicu] [CVE-2007-4770] [CVE-2007-4771] potential execution of arbitrary code via malformed regular expressions
|
CVE-2007-4770
CVE-2007-4771 |
|
icu (Ubuntu Gutsy)
|
Fix released, assigned to Jamie Strandboge
|
|
Bug #186978: [mysql] [CVE-2008-0226] [CVE-2008-0227] buffer overflows in YaSSL
|
CVE-2007-2692
CVE-2007-6303
CVE-2007-6304
CVE-2008-0226
CVE-2008-0227 |
|
mysql-dfsg-5.0 (Ubuntu Gutsy)
|
Fix released, assigned to Jamie Strandboge
|
|
Bug #187481: [CVE-2008-0252] Directory traversal vulnerability allows modification of arbitrary files
|
CVE-2008-0252 |
|
cherrypy3 (Ubuntu Gutsy)
|
Fix released, assigned to William Grant
|
|
python-cherrypy (Ubuntu Gutsy)
|
Fix released, assigned to William Grant
|
|
Bug #190020: Stack-based buffer overflow
|
CVE-2007-6531 |
|
xfce4-panel (Ubuntu Gutsy)
|
Fix released, assigned to Emanuele Gentili
|
|
Bug #190021: Double-free vulnerability
|
CVE-2007-6532 |
|
libxfcegui4 (Ubuntu Gutsy)
|
Fix released, assigned to Gauvain Pocentek
|
|
Bug #191150: possible integer overflow
|
CVE-2007-6595
CVE-2008-0318 |
|
clamav (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
Bug #191201: [phpbb2] several remote vulnerabilities
|
CVE-2006-4758
CVE-2006-6508
CVE-2006-6839
CVE-2006-6840
CVE-2006-6841
CVE-2008-0471 |
|
phpbb2 (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #191205: [wml] [CVE-2008-0665] [CVE-2008-0666] insecure temporary files
|
CVE-2008-0665
CVE-2008-0666 |
|
wml (Ubuntu Gutsy)
|
Fix released, assigned to Emanuele Gentili
|
|
Bug #191216: [libcdio] [CVE-2007-6613] stack-based buffer overflow
|
CVE-2007-6613 |
|
libcdio (Ubuntu Gutsy)
|
Fix released, assigned to Emanuele Gentili
|
|
Bug #191218: [qt4] [CVE-2007-5965] error in handling certificate verification in SSL connections
|
CVE-2007-5965 |
|
qt4-x11 (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
Bug #191488: [mplayer] [DSA-1496-1] several buffer overflows
|
CVE-2008-0225
CVE-2008-0238
CVE-2008-0485
CVE-2008-0486
CVE-2008-0629
CVE-2008-0630 |
|
mplayer (Ubuntu Gutsy)
|
Fix released, assigned to William Grant
|
|
Bug #192199: [SECURITY] CVE-2008-0783 and CVE-2008-0784
|
CVE-2008-0783
CVE-2008-0784 |
|
cacti (Ubuntu Gutsy)
|
Fix released, assigned to Stephan Rügamer
|
|
Bug #193744: [SECURITY] cacti - CVE-2008-0785 and CVE-2008-0786
|
CVE-2008-0785
CVE-2008-0786 |
|
cacti (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #194687: cacti web frontend fails with 'Invalid PHP_SELF Path' after upgrade
|
CVE-2008-0783
CVE-2008-0784 |
|
cacti (Ubuntu Gutsy)
|
Fix released, assigned to Emanuele Gentili
|
|
Bug #195688: [libimager-perl] [CVE-2007-2459] buffer overflow which could allow the execution of arbitrary code
|
CVE-2007-2459 |
|
libimager-perl (Ubuntu Gutsy)
|
Invalid (unassigned)
|
|
Bug #195689: [splitvt] [CVE-2008-0162] privilege escalation
|
CVE-2008-0162 |
|
splitvt (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #195691: [dspam] [CVE-2007-6418] programming error leading to information disclosure
|
CVE-2007-6418 |
|
dspam (Ubuntu Gutsy)
|
Fix released, assigned to Daniel Hahler
|
|
Bug #195695: [turba2] [CVE-2008-0807] programming error in permission testing
|
CVE-2008-0807 |
|
turba2 (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #195696: [diatheke] [CVE-2008-0932] insufficient input sanitising
|
CVE-2008-0932 |
|
sword (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #195700: [xine-lib] [CVE-2008-0486] possible buffer overflow in the FLAC audio demuxer
|
CVE-2008-0073
CVE-2008-0486
CVE-2008-1482 |
|
xine-lib (Ubuntu Gutsy)
|
Fix released, assigned to Jamie Strandboge
|
|
Bug #195949: VLC Arbitrary memory overwrite in the MP4 demuxer
|
CVE-2008-0984 |
|
vlc (Ubuntu Gutsy)
|
Fix released, assigned to Emanuele Gentili
|
|
Bug #196397: [ghostscript] [CVE-2008-0411] buffer overflow in the color space handling code
|
CVE-2008-0411 |
|
ghostscript (Ubuntu Gutsy)
|
Fix released, assigned to Jamie Strandboge
|
|
gs-esp (Ubuntu Gutsy)
|
Invalid (unassigned)
|
|
gs-gpl (Ubuntu Gutsy)
|
Invalid (unassigned)
|
|
Bug #196404: [cupsys] [MDVSA-2008:050] multiple vulnerabilities
|
CVE-2008-0047
CVE-2008-0596
CVE-2008-0597
CVE-2008-0882 |
|
cupsys (Ubuntu Gutsy)
|
Fix released, assigned to Jamie Strandboge
|
|
Bug #196452: Multiple vulnerabilites in vlc prior to 0.8.6e
|
CVE-2007-6682
CVE-2007-6684
CVE-2008-0295
CVE-2008-0296
CVE-2008-0984 |
|
vlc (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #197077: 6.06 LTS: CVE-2007-6698, CVE-2008-0658
|
CVE-2007-6698
CVE-2008-0658 |
|
openldap2.2 (Ubuntu Gutsy)
|
Fix released, assigned to Emanuele Gentili
|
|
Bug #198731: [CVE-2008-1111] Failure to Handle Exceptional Conditions
|
CVE-2008-1111 |
|
lighttpd (Ubuntu Gutsy)
|
Fix released, assigned to Emanuele Gentili
|
|
Bug #198745: [phpmyadmin] [PMASA-2008-1] SQL injection vulnerability (Delayed Cross Site Request Forgery)
|
CVE-2008-1149 |
|
phpmyadmin (Ubuntu Gutsy)
|
Fix released, assigned to Emanuele Gentili
|
|
Bug #199118: [asterisk] [CVE-2007-6430] possibility of bypassing host based authentication by using a valid user name
|
CVE-2007-6430 |
|
asterisk (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #199338: [CVE-2008-0564] Multiple cross-site scripting (XSS) vulnerabilities in Mailman
|
CVE-2008-0564 |
|
mailman (Ubuntu Gutsy)
|
Fix released, assigned to Emanuele Gentili
|
|
Bug #200897: [moin] [DSA-1514-1] multiple vulnerabilities
|
CVE-2008-0780
CVE-2008-0781
CVE-2008-0782
CVE-2008-1098
CVE-2008-1099
CVE-2009-0260
CVE-2009-0312 |
|
moin (Ubuntu Gutsy)
|
Fix released, assigned to Jamie Strandboge
|
|
Bug #200987: CVE-2008-1270 when mod_userdir is loaded but not configured, the server's whole disk becomes remotely readable
|
CVE-2008-0983
CVE-2008-1270 |
|
lighttpd (Ubuntu Gutsy)
|
Fix released, assigned to Emanuele Gentili
|
|
Bug #201009: [mysql-dfsg-5.0] fix for several open vulnerabilities in -proposed
|
CVE-2006-7232
CVE-2007-2692
CVE-2007-6303
CVE-2008-0226
CVE-2008-0227 |
|
mysql-dfsg-5.0 (Ubuntu Gutsy)
|
Fix released, assigned to Jamie Strandboge
|
|
Bug #202332: REGRESSION: mailman broken after security upgrade on gutsy
|
CVE-2008-0564 |
|
mailman (Ubuntu Gutsy)
|
Fix released, assigned to Martin Pitt
|
|
Bug #202422: CVE-2008-1066 smarty allows attackers to call arbitrary PHP functions via templates
|
CVE-2008-1066
CVE-2008-2720
CVE-2008-2721
CVE-2008-2722
CVE-2008-2723
CVE-2008-2724 |
|
smarty (Ubuntu Gutsy)
|
Fix released, assigned to Emanuele Gentili
|
|
gallery2 (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #202758: [CVE-2008-1168] XSS in log and useragent parser
|
CVE-2008-1167
CVE-2008-1168 |
|
sarg (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #203449: [dovecot] [CVE-2008-1199, CVE-2008-1218] privilege escalation
|
CVE-2008-1199
CVE-2008-1218 |
|
dovecot (Ubuntu Gutsy)
|
Fix released, assigned to Kees Cook
|
|
Bug #203450: [ldapscripts] [CVE-2007-5373] information disclosure
|
CVE-2007-5373 |
|
ldapscripts (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #203456: [horde3] [CVE-2008-1284] information disclosure
|
CVE-2008-1284 |
|
horde3 (Ubuntu Gutsy)
|
Fix released, assigned to Emanuele Gentili
|
|
Bug #203462: [ikiwiki] [CVE-2008-0808, CVE-2008-0809] cross-site scripting
|
CVE-2008-0808
CVE-2008-0809 |
|
ikiwiki (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #203476: [libbind9] [CVE-2008-0122] off-by-one error in the inet_network function
|
CVE-2008-0122 |
|
bind9 (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #205721: CVE-2007-6341 libnet-dns-perl possible denial of service (program "croak") via a crafted DNS response.
|
CVE-2007-6341 |
|
libnet-dns-perl (Ubuntu Gutsy)
|
Fix released, assigned to Emanuele Gentili
|
|
Bug #207284: [CVE-2008-1489] buffer overflow in MP4 demuxer in vlc 0.8.6e
|
CVE-2008-1489 |
|
vlc (Ubuntu Gutsy)
|
Fix released, assigned to Emanuele Gentili
|
|
Bug #209627: lighttpd (security) ssl fix
|
CVE-2008-1531 |
|
lighttpd (Ubuntu Gutsy)
|
Fix released, assigned to Emanuele Gentili
|
|
Bug #210124: [asterisk] several vulnerabilities
|
CVE-2008-1289
CVE-2008-1332
CVE-2008-1333 |
|
asterisk (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #210150: [policyd-weight] [CVE-2008-1569, CVE-2008-1570] insecure temporary files
|
CVE-2008-1569
CVE-2008-1570 |
|
policyd-weight (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #210155: various outstanding security updates in mozilla universe packages (as of 1.8.1.13)
|
CVE-2007-4879
CVE-2008-1233
CVE-2008-1235
CVE-2008-1236
CVE-2008-1237
CVE-2008-1238
CVE-2008-1240
CVE-2008-1241 |
|
iceape (Ubuntu Gutsy)
|
Invalid (unassigned)
|
|
seamonkey (Ubuntu Gutsy)
|
Invalid (unassigned)
|
|
xulrunner (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #210163: [xine-lib] [DSA-1536-1] several vulnerabilities
|
CVE-2007-1246
CVE-2007-1387
CVE-2008-0073
CVE-2008-0486
CVE-2008-1161 |
|
xine-lib (Ubuntu Gutsy)
|
Fix released, assigned to Jamie Strandboge
|
|
Bug #210175: [openssh] [CVE-2008-1483] allows local users to hijack forwarded X connections
|
CVE-2008-1483 |
|
openssh (Ubuntu Gutsy)
|
Fix released, assigned to Kees Cook
|
|
Bug #210718: CVE-2008-1373: CUPS GIF image filter overflow
|
CVE-2006-4484
CVE-2007-4045
CVE-2007-6697
CVE-2008-0053
CVE-2008-0553
CVE-2008-0554
CVE-2008-1373 |
|
cupsys (Ubuntu Gutsy)
|
Fix released, assigned to Jamie Strandboge
|
|
Bug #212065: More vulnerabilities in wireshark 0.99.2 through 0.99.8 (CVE-2008-156[1-3])
|
CVE-2008-1561
CVE-2008-1562
CVE-2008-1563 |
|
wireshark (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #212088: [CVE-2008-1467] remote command execution via crafted URL
|
CVE-2008-1467 |
|
centerim (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
centericq (Ubuntu Gutsy)
|
Invalid (unassigned)
|
|
Bug #212196: [CVE-2008-1468] XSS vulnerability via UTF-7 encoded input
|
CVE-2008-1468 |
|
namazu2 (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #212211: [CVE-2008-1502] XSS
|
CVE-2008-1502 |
|
egroupware (Ubuntu Gutsy)
|
Fix released, assigned to Emanuele Gentili
|
|
Bug #212601: [CVE-2008-1558] arbitrary code execution via uncontrolled array index
|
CVE-2008-1558
CVE-2008-3827 |
|
mplayer (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
Bug #213500: heap corruption before 0.92.1
|
CVE-2008-0728 |
|
clamav (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
Bug #213570: kvm vulnerable to several CVEs
|
CVE-2007-1320
CVE-2007-1321
CVE-2007-1322
CVE-2007-1323
CVE-2007-1366
CVE-2007-2893
CVE-2007-5729
CVE-2007-5730
CVE-2008-0928 |
|
kvm (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
qemu (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #214980: [pdns-recursor] [CVE-2008-1637] cache poisoning vulnerability
|
CVE-2008-1637 |
|
pdns-recursor (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #216117: [CVE-2008-1628] buffer overflow in lib/audit_logging.c
|
CVE-2008-1628 |
|
audit (Ubuntu Gutsy)
|
Fix released, assigned to Emanuele Gentili
|
|
Bug #216245: [CVE-2008-1614] privilege escalation via symlink attack
|
CVE-2008-1614 |
|
suphp (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #216301: [CVE-2008-0444, CVE-2008-0445] XSS and DoS
|
CVE-2008-0444
CVE-2008-0445 |
|
elog (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #216591: [CVE-2008-1648] denial of service via crafted Content-Type header
|
CVE-2008-1648 |
|
sympa (Ubuntu Gutsy)
|
Fix released, assigned to Emanuele Gentili
|
|
Bug #216601: [CVE-2008-1633] unspecified vulnerability relating to use of /tmp
|
CVE-2008-1633 |
|
mondo (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #216604: [CVE-2008-1692] opens on :0 if DISPLAY not set
|
CVE-2008-1692 |
|
eterm (Ubuntu Gutsy)
|
Fix released, assigned to Emanuele Gentili
|
|
Bug #217128: CVE-2008-1382: libpng zero-length chunks incorrect handling
|
CVE-2007-5268
CVE-2007-5269
CVE-2008-1382
CVE-2008-3964
CVE-2008-5907
CVE-2009-0040 |
|
libpng (Ubuntu Gutsy)
|
Fix released, assigned to Jamie Strandboge
|
|
Bug #217256: ClamAV Upack Processing Buffer Overflow Vulnerability
|
CVE-2007-6596
CVE-2008-0314
CVE-2008-1100
CVE-2008-1387
CVE-2008-1833
CVE-2008-1835
CVE-2008-1836
CVE-2008-1837 |
|
clamav (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
Bug #218534: [Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14
|
CVE-2008-0016
CVE-2008-0304
CVE-2008-1237
CVE-2008-1380
CVE-2008-2785
CVE-2008-2798
CVE-2008-2800
CVE-2008-2801
CVE-2008-2802
CVE-2008-2803
CVE-2008-2805
CVE-2008-2806
CVE-2008-2807
CVE-2008-2808
CVE-2008-2809
CVE-2008-2810
CVE-2008-2811
CVE-2008-3835
CVE-2008-3837
CVE-2008-4058
CVE-2008-4061
CVE-2008-4065
CVE-2008-4067
CVE-2008-4069
CVE-2008-4070 |
|
firefox (Ubuntu Gutsy)
|
Fix released, assigned to Alexander Sack
|
|
seamonkey (Ubuntu Gutsy)
|
Invalid (unassigned)
|
|
thunderbird (Ubuntu Gutsy)
|
Fix released, assigned to Alexander Sack
|
|
xulrunner (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #218640: Multiple vulnerabilities in OpenOffice.org (CVE-2007-574{5-7}, CVE-2008-0320)
|
CVE-2007-5745
CVE-2007-5746
CVE-2007-5747
CVE-2008-0320 |
|
openoffice.org (Ubuntu Gutsy)
|
Fix released, assigned to Chris Cheney
|
|
Bug #218652: CVE-2008-1686: Multiple speex implementations insufficient boundary checks
|
CVE-2008-1686
CVE-2008-1878 |
|
gst-plugins-good0.10 (Ubuntu Gutsy)
|
Fix released, assigned to Jamie Strandboge
|
|
libannodex (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
libfishsound (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
libsdl-sound1.2 (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
speex (Ubuntu Gutsy)
|
Fix released, assigned to Jamie Strandboge
|
|
sweep (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
vlc (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
vorbis-tools (Ubuntu Gutsy)
|
Fix released, assigned to Jamie Strandboge
|
|
xine-lib (Ubuntu Gutsy)
|
Fix released, assigned to Jamie Strandboge
|
|
xmms-speex (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #219491: [CVE-2008-1722] CUPS integer overflows in PNG image handling (in files filter/image-{png,zoom}.c)
|
CVE-2008-1722 |
|
cupsys (Ubuntu Gutsy)
|
Fix released, assigned to Jamie Strandboge
|
|
Bug #221541: [CVE-2008-1927] Perl 5.8.8 vulnerability via UTF-8 regular expression
|
CVE-2008-1927 |
|
perl (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
Bug #222592: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
|
CVE-2008-1102
CVE-2008-1103
CVE-2008-4863 |
|
blender (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
Bug #227239: [xpdf] [CVE-2008-1693] possibility of arbitrary code execution
|
CVE-2008-1693 |
|
xpdf (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #227246: several vulnerabilities
|
CVE-2008-1679
CVE-2008-1721
CVE-2008-1887 |
|
python2.4 (Ubuntu Gutsy)
|
Fix released, assigned to Kees Cook
|
|
python2.5 (Ubuntu Gutsy)
|
Fix released, assigned to Kees Cook
|
|
Bug #227276: [roundup] [CVE-2008-1474] cross-site scripting vulnerability
|
CVE-2008-1474 |
|
roundup (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #227283: [phpmyadmin] [CVE-2008-1567 CVE-2008-1924] insufficient input sanitising
|
CVE-2008-1567
CVE-2008-1924 |
|
phpmyadmin (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #227288: [phpgedview] [CVE-2007-5051] cross site scripting vulnerability due to insufficient input sanitising
|
CVE-2007-5051 |
|
phpgedview (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #227291: [kronolith2] [CVE-2008-1974] cross site scripting
|
CVE-2008-1974 |
|
kronolith2 (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #227295: [ldm] [CVE-2008-1293] information disclosure
|
CVE-2008-1293 |
|
ldm (Ubuntu Gutsy)
|
Fix released, assigned to Oliver Grawert
|
|
Bug #227322: [openssh] [CVE-2008-1657] possibility to bypass global "ForceCommand" directive
|
CVE-2008-1483
CVE-2008-1657 |
|
openssh (Ubuntu Gutsy)
|
Fix released, assigned to Kees Cook
|
|
Bug #227345: [CVE-2008-1103] Multiple temporary files vulnerabilities
|
CVE-2008-1103 |
|
blender (Ubuntu Gutsy)
|
Invalid (unassigned)
|
|
Bug #227464: Please roll out security fixes from PHP 5.2.6
|
CVE-2007-4782
CVE-2007-4850
CVE-2007-5898
CVE-2007-5899
CVE-2008-0599
CVE-2008-1384
CVE-2008-2050
CVE-2008-2051
CVE-2008-2107
CVE-2008-2108
CVE-2008-2371
CVE-2008-2829 |
|
php5 (Ubuntu Gutsy)
|
Fix released, assigned to Jamie Strandboge
|
|
Bug #228095: php5 5.2.4 and lower vulnerable to several CVEs
|
CVE-2007-5898 |
|
php5 (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
Bug #228193: rdesktop 1.5.0 multiple remote vulnerabilities [CVE-2008-1801, -1802, -1803]
|
CVE-2008-1801
CVE-2008-1802
CVE-2008-1803 |
|
rdesktop (Ubuntu Gutsy)
|
Fix released, assigned to Jamie Strandboge
|
|
Bug #231300: contained libssl needs updating for CVE-2008-0166
|
CVE-2008-0166 |
|
ia32-libs (Ubuntu Gutsy)
|
Fix released, assigned to Ubuntu Security Team
|
|
Bug #234631: security vulnerability in django admin
|
CVE-2008-2302 |
|
python-django (Ubuntu Gutsy)
|
Fix released, assigned to Andrea Gasparini
|
|
Bug #235901: [CVE-2008-1804] Snort IP fragment TTL evasion vulnerability
|
CVE-2008-1804 |
|
snort (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #235909: [CVE-2008-1767] Buffer overflow in libxslt
|
CVE-2008-1767 |
|
libxslt (Ubuntu Gutsy)
|
Fix released, assigned to Kees Cook
|
|
Bug #235912: [CVE-2008-1105] Samba: boundary failure when parsing SMB responses
|
CVE-2007-4572
CVE-2008-1105 |
|
samba (Ubuntu Gutsy)
|
Fix released, assigned to Jamie Strandboge
|
|
Bug #235915: [CVE-2008-2426] imlib2 PNM and XPM buffer overflows
|
CVE-2008-2426 |
|
imlib2 (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
Bug #237956: [CVE-2008-1108, CVE-2008-1109] Evolution iCalendar buffer overflows
|
CVE-2008-1108
CVE-2008-1109 |
|
evolution (Ubuntu Gutsy)
|
Fix released, assigned to Jamie Strandboge
|
|
Bug #238516: XSS issues in Nagios CGI (CVE-2007-5803)
|
CVE-2007-5803 |
|
nagios2 (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
nagios3 (Ubuntu Gutsy)
|
Invalid (unassigned)
|
|
Bug #238575: Possible invalid memory access in versions before 0.93.1
|
CVE-2008-2713 |
|
clamav (Ubuntu Gutsy)
|
Fix released, assigned to Leonel Nunez
|
|
Bug #238873: vlc in Hardy needs a security update
|
CVE-2007-6681
CVE-2007-6683
CVE-2008-0073
CVE-2008-1489
CVE-2008-1686
CVE-2008-1768
CVE-2008-1769
CVE-2008-1881
CVE-2008-2147
CVE-2008-2430 |
|
vlc (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #239129: [CVE-2008-0960] Multiple SNMP implementations HMAC authentication spoofing
|
CVE-2008-0960 |
|
ecos (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
net-snmp (Ubuntu Gutsy)
|
Fix released, assigned to Kees Cook
|
|
ucd-snmp (Ubuntu Gutsy)
|
Invalid (unassigned)
|
|
Bug #239894: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
|
CVE-2007-6420
CVE-2008-1678
CVE-2008-2168
CVE-2008-2364
CVE-2008-2939 |
|
apache2 (Ubuntu Gutsy)
|
Fix released, assigned to Marc Deslauriers
|
|
Bug #240549: fetchmail denial of service CVE-2008-2711
|
CVE-2008-2711 |
|
fetchmail (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #241421: [CVE-2008-2719] nasm vulnerability (DoS and possible arbitrary code execution)
|
CVE-2008-2719 |
|
nasm (Ubuntu Gutsy)
|
Invalid (unassigned)
|
|
Bug #241448: Playing from Samba SMB shared folder now is not possible (it could be done until last upgrade).
|
CVE-2008-1105 |
|
samba (Ubuntu Gutsy)
|
Fix released, assigned to Jamie Strandboge
|
|
totem (Ubuntu Gutsy)
|
Invalid (unassigned)
|
|
Bug #241457: CVE-2008-1832: Insecure tempfile handling
|
CVE-2008-1832 |
|
cecilia (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
Bug #241657: Multiple vulnerabilities in Ruby may lead to a denial of service (DoS) condition or allow execution of arbitrary code.
|
CVE-2008-2662
CVE-2008-2663
CVE-2008-2664
CVE-2008-2725
CVE-2008-2726
CVE-2008-2727
CVE-2008-2728 |
|
ruby1.8 (Ubuntu Gutsy)
|
Fix released, assigned to Jamie Strandboge
|
|
ruby1.9 (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #242690: <Ctrl+C> might allow to bypass authentication
|
CVE-2008-2516 |
|
pam-pgsql (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
Bug #244804: mercurial: insufficient input validation allowing file renames out of repository
|
CVE-2008-2942 |
|
mercurial (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #246818: [CVE-2008-2376] Integer overflow in the rb_ary_fill function in array.c in Ruby
|
CVE-2008-1447
CVE-2008-2376
CVE-2008-3443
CVE-2008-3655
CVE-2008-3656
CVE-2008-3657
CVE-2008-3790
CVE-2008-3905 |
|
ruby1.8 (Ubuntu Gutsy)
|
Fix released, assigned to Jamie Strandboge
|
|
Bug #247409: Python-dns does not randomize TID causing DNS poisoning risk
|
CVE-2008-1447 |
|
python-dns (Ubuntu Gutsy)
|
Fix released, assigned to Scott Kitterman
|
|
linux-source-2.6.15 (Ubuntu Gutsy)
|
Invalid (unassigned)
|
|
linux-source-2.6.20 (Ubuntu Gutsy)
|
Invalid (unassigned)
|
|
linux-source-2.6.22 (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #247598: dnsmasq might be vulnerable to recent DNS spoofing issue
|
CVE-2008-1447 |
|
dnsmasq (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #249316: libclamav petite.c denial of sevice issue
|
CVE-2008-2713 |
|
clamav (Ubuntu Gutsy)
|
Fix released, assigned to Michael Casadevall
|
|
Bug #249340: Gutsy->Hardy upgrade hangs in localedef
|
CVE-2008-0598
CVE-2008-1673
CVE-2008-2812
CVE-2008-2931
CVE-2008-3272
CVE-2008-3275 |
|
langpack-locales (Ubuntu Gutsy)
|
Invalid (unassigned)
|
|
linux (Ubuntu Gutsy)
|
Invalid (unassigned)
|
|
linux-source-2.6.15 (Ubuntu Gutsy)
|
Invalid (unassigned)
|
|
linux-source-2.6.22 (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
Bug #249593: CVE-2007-6415 - scponly allows remote command execution
|
CVE-2007-6350
CVE-2007-6415 |
|
scponly (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #254129: Sync with upstream 5.0.51-10 for CVE-2008-2079
|
CVE-2008-2079 |
|
mysql-dfsg-5.0 (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
Bug #254860: format string vulnerabilty
|
CVE-2008-3533 |
|
yelp (Ubuntu Gutsy)
|
Fix released, assigned to Kees Cook
|
|
Bug #257122: Multiple vulnerabilities in Ruby
|
CVE-2008-1447
CVE-2008-2376
CVE-2008-3443
CVE-2008-3655
CVE-2008-3656
CVE-2008-3657
CVE-2008-3790
CVE-2008-3905 |
|
ruby1.8 (Ubuntu Gutsy)
|
Fix released, assigned to Jamie Strandboge
|
|
ruby1.9 (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #257993: [CVE-2008-3699] Insecure creation of magnatune temp files
|
CVE-2008-3699 |
|
amarok (Ubuntu Gutsy)
|
Fix released, assigned to Jamie Strandboge
|
|
Bug #258180: [CVE-2008-3276] Linux kernel dccp_setsockopt_change() integer overflow
|
CVE-2008-3276 |
|
linux (Ubuntu Gutsy)
|
Invalid (unassigned)
|
|
linux-source-2.6.20 (Ubuntu Gutsy)
|
Invalid (unassigned)
|
|
linux-source-2.6.22 (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
Bug #261459: DOS Vulnerability in Ruby REXML
|
CVE-2008-1447
CVE-2008-2376
CVE-2008-3443
CVE-2008-3655
CVE-2008-3656
CVE-2008-3657
CVE-2008-3790
CVE-2008-3905 |
|
ruby1.8 (Ubuntu Gutsy)
|
Fix released, assigned to Jamie Strandboge
|
|
Bug #267067: [CVE-2008-2149] wordnet 2.0, 2.1, 3 affected by multiple buffer overflows
|
CVE-2008-2149 |
|
wordnet (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #271025: Multiple security vulnerabilities
|
CVE-2008-2469 |
|
libspf2 (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
Bug #271546: [hardy] Multiple unfixed CVEs
|
CVE-2008-1380
CVE-2008-3912
CVE-2008-3913
CVE-2008-3914
CVE-2008-5314 |
|
clamav (Ubuntu Gutsy)
|
Won't fix, assigned to Leonel Nunez
|
|
Bug #272221: Vulnerable version of Moodle (1.8.2)
|
CVE-2008-1502 |
|
moodle (Ubuntu Gutsy)
|
Fix released, assigned to Kees Cook
|
|
Bug #277110: [CVE-2008-4201] faad2 2.6.1 - Heap-based buffer overflow in the decodeMP4file function and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file
|
CVE-2008-4201 |
|
faad2 (Ubuntu Gutsy)
|
Fix released, assigned to Stefan Lesicnik
|
|
Bug #278075: DSBL is gone and needs to be removed from SpamAssassin
|
CVE-2007-0451 |
|
spamassassin (Ubuntu Gutsy)
|
Fix released, assigned to Scott Kitterman
|
|
Bug #278978: [CVE-2008-3962] allow remote attackers to obtain sensitive information
|
CVE-2008-3962 |
|
ssmtp (Ubuntu Gutsy)
|
Fix released, assigned to Nicolas Valcarcel
|
|
Bug #279030: [CVE-2008-3827] Multiple integer underflows in MPlayer 1.0_rc2 and earlier allow remote attackers to cause a denial of service
|
CVE-2008-1558
CVE-2008-3827 |
|
mplayer (Ubuntu Gutsy)
|
Fix released, assigned to Stefan Lesicnik
|
|
Bug #279490: new lighttpd security fixes
|
CVE-2008-1531
CVE-2008-4298
CVE-2008-4359
CVE-2008-4360 |
|
lighttpd (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #281915: [CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to read arbitrary files via an XML file
|
CVE-2008-4437 |
|
bugzilla (Ubuntu Gutsy)
|
Fix released, assigned to Stefan Lesicnik
|
|
Bug #283446: [CVE-2008-4406/4407] - Sabre - local users to cause a denial of service andlocal users to delete or overwrite arbitrary files via a symlink attack
|
CVE-2008-4406
CVE-2008-4407 |
|
sabre (Ubuntu Gutsy)
|
Fix released, assigned to Stefan Lesicnik
|
|
Bug #285100: [CVE-2008-4477] - mon 0.99.2 allows local users to overwrite arbitrary files via a symlink attack
|
CVE-2008-4477 |
|
mon (Ubuntu Gutsy)
|
Fix released, assigned to Stefan Lesicnik
|
|
Bug #289915: securitysage.com blacklist gone, causing artificial bumps in spam score
|
CVE-2007-0451 |
|
spamassassin (Ubuntu Gutsy)
|
Fix released, assigned to Scott Kitterman
|
|
Bug #290716: [CVE 2008-468[1-5] - Wireshark up to 1.0.3 affected by multiple security vulnerabilities
|
CVE-2008-4680
CVE-2008-4681
CVE-2008-4682
CVE-2008-4683
CVE-2008-4684
CVE-2008-4685 |
|
wireshark (Ubuntu Gutsy)
|
Fix released, assigned to Stefan Lesicnik
|
|
Bug #294243: Buffer overflow in CUE image support
|
CVE-2008-5032 |
|
vlc (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #296704: ClamAV 0.94.1 fixes security problem
|
CVE-2008-5050 |
|
clamav (Ubuntu Gutsy)
|
Fix released, assigned to Scott Kitterman
|
|
Bug #298241: Apple CUPS Daemon: unauthenticated SIGSEGV crash via RSS subscriptions
|
CVE-2008-5183
CVE-2008-5184 |
|
cups (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
Bug #304017: Recursive stack overflow in jpeg parsing code
|
CVE-2008-1389
CVE-2008-2713
CVE-2008-3912
CVE-2008-3913
CVE-2008-3914
CVE-2008-5314 |
|
clamav (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #305264: gnutls regression: failure in certificate chain validation
|
CVE-2008-4989
CVE-2009-2409 |
|
gnutls12 (Ubuntu Gutsy)
|
Invalid (unassigned)
|
|
gnutls13 (Ubuntu Gutsy)
|
Won't fix, assigned to Jamie Strandboge
|
|
gnutls26 (Ubuntu Gutsy)
|
Invalid (unassigned)
|
|
openldap (Ubuntu Gutsy)
|
Invalid (unassigned)
|
|
Bug #306536: CVE-2008-2379 insufficient input sanitising
|
CVE-2008-2379
CVE-2008-3663 |
|
squirrelmail (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
Bug #317181: [CVE-2009-0050] - Lasso 2.2.1 and earlier does not properly check the return value from the OpenSSL DSA_verify function
|
CVE-2009-0050 |
|
lasso (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
Bug #317923: Clamav modules still disabled even though security issues are fixed
|
CVE-2008-3912
CVE-2008-3913
CVE-2008-3914
CVE-2008-5314 |
|
clamav (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
Bug #318555: Amarok - integer overflows and unchecked allocation vulnerabilities
|
CVE-2009-0135
CVE-2009-0136 |
|
amarok (Ubuntu Gutsy)
|
Fix released, assigned to Marc Deslauriers
|
|
Bug #318670: CVE 2008-5718 in netatalk
|
CVE-2008-5718 |
|
netatalk (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #319367: security vulnerability in sun java packages
|
CVE-2008-5353 |
|
sun-java5 (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
sun-java6 (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #320082: [CVE-2008-2378] - Untrusted search path vulnerability in hfkernel in hf 0.7.3 and 0.8 allows local users to gain privileges via a Trojan horse
|
CVE-2008-2378 |
|
hf (Ubuntu Gutsy)
|
Fix released, assigned to Stefan Lesicnik
|
|
Bug #323842: Multiple security problems found: [CVE-2008-5249] [CVE-2008-5250] [CVE-2008-5252]
|
CVE-2008-5249
CVE-2008-5250
CVE-2008-5252 |
|
mediawiki (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #324258: [CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location
|
CVE-2007-5268
CVE-2007-5269
CVE-2008-1382
CVE-2008-3964
CVE-2008-5907
CVE-2009-0040 |
|
libpng (Ubuntu Gutsy)
|
Fix released, assigned to Jamie Strandboge
|
|
Bug #328938: CVE-2008-3663 Cookies for SSL connection could be sent over non-SSL
|
CVE-2006-3174
CVE-2006-3665
CVE-2008-2379
CVE-2008-3663 |
|
squirrelmail (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
Bug #328964: [CVE-2009-0034] For some non-standard /etc/sudoers root escalation is possible
|
CVE-2009-0034 |
|
sudo (Ubuntu Gutsy)
|
Invalid (unassigned)
|
|
Bug #330192: squid affected by CVE-2009-0478
|
CVE-2009-0478 |
|
squid (Ubuntu Gutsy)
|
Invalid by Jamie Strandboge
|
|
squid3 (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #331410: CVE-2008-6123: not fixed in latest security releases
|
CVE-2008-6123 |
|
net-snmp (Ubuntu Gutsy)
|
Invalid by Stephan Rügamer
|
|
Bug #334134: flashplugin-nonfree update needed due to upstream change(APSB09-01)
|
CVE-2009-0114
CVE-2009-0519
CVE-2009-0520
CVE-2009-0521
CVE-2009-0522 |
|
flashplugin-nonfree (Ubuntu Gutsy)
|
Fix released, assigned to Jamie Strandboge
|
|
Bug #336396: Wesnoth security fixes
|
CVE-2009-0366
CVE-2009-0367
CVE-2009-0878 |
|
wesnoth (Ubuntu Gutsy)
|
Fix released (unassigned)
|
|
Bug #338027: libpng code injection CVE-2009-0040
|
CVE-2007-5268
CVE-2007-5269
CVE-2008-1382
CVE-2008-3964
CVE-2008-5907
CVE-2009-0040 |
|
libpng (Ubuntu Gutsy)
|
Fix released, assigned to Jamie Strandboge
|
|
Bug #341278: CVE-2009-0781: XSS in tomcat6 and tomcat5.5
|
CVE-2008-5515
CVE-2009-0033
CVE-2009-0580
CVE-2009-0781
CVE-2009-0783 |
|
tomcat6 (Ubuntu Gutsy)
|
Invalid (unassigned)
|
|
tomcat5.5 (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #354190: Security fixes from clamav 0.95 need backport
|
CVE-2008-1389
CVE-2008-2713
CVE-2008-3912
CVE-2008-3913
CVE-2008-3914
CVE-2008-6680
CVE-2009-1270 |
|
clamav (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #354793: date returns "invalid date" for some timezone's DST
|
CVE-2009-1300 |
|
apt (Ubuntu Gutsy)
|
Won't fix, assigned to Jamie Strandboge
|
|
coreutils (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
|
Bug #356012: APT does not properly handle expired or revoked key signatures
|
CVE-2009-1358 |
|
apt (Ubuntu Gutsy)
|
Won't fix, assigned to Jamie Strandboge
|
|
Bug #357024: security hole in /etc/cron.daily/apport
|
CVE-2009-1295 |
|
apport (Ubuntu Gutsy)
|
Won't fix, assigned to Jamie Strandboge
|
|
Bug #360502: Fix relevant security bugs from 0.95.1 in earlier releases
|
CVE-2008-1389
CVE-2008-2713
CVE-2008-3912
CVE-2008-3913
CVE-2008-3914 |
|
clamav (Ubuntu Gutsy)
|
Won't fix (unassigned)
|
