potential security flaws in mod_ssl

1 files changed, 6 insertions, 4 deletions

diff --git a/security/portaudit-db/database/portaudit.txt b/security/portaudit-db/database/portaudit.txt
index f57c0afe4550..1cd4301be96d 100644
--- a/security/portaudit-db/database/portaudit.txt
+++ b/security/portaudit-db/database/portaudit.txt
@@ -14,7 +14,7 @@ chora<1.2.2|http://article.gmane.org/gmane.comp.horde.chora/610/|chora: hole in
 squirrelmail<1.4.3a|http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0519 http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt|SquirrelMail XSS vulnerability|89a0de27-bf66-11d8-a252-02e0185c0b53
 ja-squirrelmail<1.4.3a,1|http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0519 http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt|SquirrelMail XSS vulnerability|89a0de27-bf66-11d8-a252-02e0185c0b53
 webmin<1.150|http://www.webmin.com/changes-1.150.html http://www.osvdb.org/6729 http://www.osvdb.org/6730|Multiple vulnerabilities in Webmin|ab61715f-c027-11d8-b00e-000347a4fa7d
-racoon<20040617a|http://lists.netsys.com/pipermail/full-disclosure/2004-June/022617.html http://www.securityfocus.com/archive/1/366023 http://securitytracker.com/alerts/2004/Jun/1010495.html http://orange.kame.net/dev/cvsweb.cgi/kame/kame/kame/racoon/crypto_openssl.c#rev1.86|Racoon may validate invalid certificates|a96c1d37-c033-11d8-b00e-000347a4fa7d
+racoon<20040617a|http://lists.netsys.com/pipermail/full-disclosure/2004-June/022617.html http://www.securityfocus.com/archive/1/366023 http://securitytracker.com/alerts/2004/Jun/1010495.html http://orange.kame.net/dev/cvsweb.cgi/kame/kame/kame/racoon/crypto_openssl.c#rev1.86 http://www.securityfocus.com/bid/10546 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0607|Racoon may validate invalid certificates|a96c1d37-c033-11d8-b00e-000347a4fa7d
 ircd-hybrid<=7.0_1|http://lists.netsys.com/pipermail/full-disclosure/2004-June/022820.html http://www.securityfocus.com/archive/1/366486 http://www.osvdb.org/7242|ircd-hybrid-7 low-bandwidth DoS|23aafa20-c28a-11d8-864c-02e0185c0b53
 ircd-hybrid-ru<=7.1_2|http://lists.netsys.com/pipermail/full-disclosure/2004-June/022820.html http://www.securityfocus.com/archive/1/366486 http://www.osvdb.org/7242|ircd-hybrid-7 low-bandwidth DoS|23aafa20-c28a-11d8-864c-02e0185c0b53
 {,??-}aspell<=0.50.5_2|http://nettwerked.mg2.org/advisories/wlc http://marc.theaimsgroup.com/?l=bugtraq&m=108761564006503&w=2|Buffer overflow in word-list-compress|b7b03bab-c296-11d8-bfb2-000bdb1444a4
@@ -49,7 +49,7 @@ l2tpd<=0.69_2|http://www.securityfocus.com/archive/1/365211 http://cve.mitre.org
 dropbear<0.43|http://matt.ucc.asn.au/dropbear/dropbear.html http://secunia.com/advisories/12153|Dropbear DSS verification vulnerability|0316f983-dfb6-11d8-9b0a-000347a4fa7d
 nessus<2.0.12|http://www.osvdb.org/8167 http://secunia.com/advisories/12127 http://www.securityfocus.com/bid/10784|Nessus "adduser" race condition vulnerability|054e4aad-dfb6-11d8-9b0a-000347a4fa7d
 nessus-devel>=2.*<2.1.1|http://www.osvdb.org/8167 http://secunia.com/advisories/12127 http://www.securityfocus.com/bid/10784|Nessus "adduser" race condition vulnerability|054e4aad-dfb6-11d8-9b0a-000347a4fa7d
-pavuk<=0.9.28_5|http://www.securityfocus.com/archive/1/370248 http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1119.html http://secunia.com/advisories/12152 http://www.gentoo.org/cgi-bin/viewcvs.cgi/net-misc/pavuk/files/pavuk-0.9.28-digest_auth.c.patch|pavuk digest auth buffer overflow|f67ea071-dfb8-11d8-9b0a-000347a4fa7d
+pavuk<=0.9.28_5|http://www.securityfocus.com/archive/1/370248 http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1119.html http://secunia.com/advisories/12152 http://www.osvdb.org/8242 http://www.securityfocus.com/bid/10797 http://www.gentoo.org/cgi-bin/viewcvs.cgi/net-misc/pavuk/files/pavuk-0.9.28-digest_auth.c.patch|pavuk digest auth buffer overflow|f67ea071-dfb8-11d8-9b0a-000347a4fa7d
 lcdproc<0.4.5|http://sourceforge.net/project/shownotes.php?release_id=230910 http://secunia.com/advisories/11333 http://www.securityfocus.com/archive/1/360209 http://www.securityfocus.com/bid/10085 http://www.osvdb.org/5157 http://www.osvdb.org/5158 http://www.osvdb.org/5159 http://www.osvdb.org/5160|LCDProc buffer overflow/format string vulnerabilities|62d23317-e072-11d8-9a79-000347dd607f
 sox>=12.17.1<=12.17.4_1|http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0014.html http://secunia.com/advisories/12175 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0557 http://www.osvdb.org/8267|SoX buffer overflows when handling .WAV files|3e4ffe76-e0d4-11d8-9b0a-000347a4fa7d
 dansguardian<2.8.0.1|http://secunia.com/advisories/12191 http://www.securityfocus.com/archive/1/370346 http://www.osvdb.org/8270|DansGuardian banned extension filter bypass vulnerability|f6fd9200-e20e-11d8-9b0a-000347a4fa7d
@@ -63,8 +63,10 @@ putty<0.55|http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html http:/
 p5-Mail-SpamAssassin<2.64|http://secunia.com/advisories/12255 http://marc.theaimsgroup.com/?l=spamassassin-announce&m=109168121628767&w=2|SpamAssassin DoS vulnerability|bacbc357-ea65-11d8-9440-000347a4fa7d
 cfengine2<2.1.8|http://www.coresecurity.com/common/showdoc.php?idx=387&idxseccion=10 http://secunia.com/advisories/12251|cfengine authentication heap corruption|f2a1dc8b-ea66-11d8-9440-000347a4fa7d
 libxine<=1.0.r5_1|http://www.open-security.org/advisories/6 http://secunia.com/advisories/12194 http://sourceforge.net/mailarchive/forum.php?thread_id=5143955&forum_id=11923|libxine vcd MRL input identifier management overflow|bef4515b-eaa9-11d8-9440-000347a4fa7d
-rsync<2.6.2_2|http://lists.samba.org/archive/rsync-announce/2004/000017.html|security hole in non-chroot rsync daemon|2689f4cb-ec4c-11d8-9440-000347a4fa7d
-sympa<4.1.2|http://secunia.com/advisories/12286 http://www.sympa.org/release.html http://xforce.iss.net/xforce/xfdb/16984|Sympa unauthorized list creation security issue|4a160c54-ed46-11d8-81b0-000347a4fa7d
+rsync<2.6.2_2|http://lists.samba.org/archive/rsync-announce/2004/000017.html http://secunia.com/advisories/12294 |security hole in non-chroot rsync daemon|2689f4cb-ec4c-11d8-9440-000347a4fa7d
+sympa<4.1.2|http://secunia.com/advisories/12286 http://www.sympa.org/release.html http://xforce.iss.net/xforce/xfdb/16984 http://www.securityfocus.com/bid/10941|Sympa unauthorized list creation|4a160c54-ed46-11d8-81b0-000347a4fa7d
 phpgedview<2.65.5|http://sourceforge.net/forum/forum.php?forum_id=344342 http://secunia.com/advisories/10602 http://www.osvdb.org/3473 http://www.osvdb.org/3474 http://www.osvdb.org/3475 http://www.osvdb.org/3476 http://www.osvdb.org/3477 http://www.osvdb.org/3478 http://www.osvdb.org/3479 http://www.osvdb.org/3480 http://www.osvdb.org/3481 http://www.osvdb.org/3482 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0067 http://www.securityfocus.com/archive/1/349698|phpGedView: muliple vulnerabilities|c35d4cae-eed0-11d8-81b0-000347a4fa7d
 {ja-,}phpgroupware<0.9.14.007|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0016 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0017 http://www.securityfocus.com/bid/9386 http://www.securityfocus.com/bid/9387 http://xforce.iss.net/xforce/xfdb/13489 http://xforce.iss.net/xforce/xfdb/14846 http://www.osvdb.org/2691 http://www.osvdb.org/6857 http://secunia.com/advisories/10046|phpGroupWare calendar and infolog SQL injection, calendar server side script execution|96fc0f03-ef13-11d8-81b0-000347a4fa7d
 {ja-,}phpgroupware<0.9.16.002|http://freshmeat.net/releases/168144 http://www.osvdb.org/8354 http://xforce.iss.net/xforce/xfdb/16970|phpGroupWare stores passwords in plain text|82f16a40-ef12-11d8-81b0-000347a4fa7d
+gallery<=1.4.4|http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0757.html http://xforce.iss.net/xforce/xfdb/17021|Gallery arbitrary PHP file upload|031663de-f0a6-11d8-81b0-000347a4fa7d
+apache>=2.*<2.0.50_2|http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0751 http://issues.apache.org/bugzilla/show_bug.cgi?id=30134 http://issues.apache.org/bugzilla/show_bug.cgi?id=27945 http://issues.apache.org/bugzilla/show_bug.cgi?id=29690|potential security flaws in mod_ssl|0e08f539-f151-11d8-81b0-000347a4fa7d