[Secure-testing-commits] r2934 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Sun Dec 4 14:55:57 UTC 2005 

Author: jmm-guest
Date: 2005-12-04 14:55:52 +0000 (Sun, 04 Dec 2005)
New Revision: 2934

Modified:
   data/CVE/list
   data/DSA/list
Log:
convert march 2003 to the new DSA format


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-12-03 09:14:19 UTC (rev 2933)
+++ data/CVE/list	2005-12-04 14:55:52 UTC (rev 2934)
@@ -9772,15 +9772,14 @@
 	{DSA-736-2 DSA-736-1}
 	- spamassassin 3.0.4-1 (bug #314447; medium)
 CVE-2005-1265 (The mmap function in the Linux Kernel 2.6.10 can be used to create ...)
-	- kernel-source-2.6.8 2.6.8-17
-	- linux-2.6 2.6.12-1
+	TODO: This needs to be double-checked, added to the kernel tracker
 CVE-2005-1264 (Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong ...)
-	- kernel-source-2.6.8 2.6.8-16
-	- kernel-source-2.6.11 2.6.11-5
+	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.10)
+	[sarge] - kernel-source-2.6.8 2.6.8-16
 CVE-2005-1263 (The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to ...)
-	- kernel-source-2.6.11 2.6.11-4
-	- kernel-source-2.6.8 2.6.8-16
-	- kernel-source-2.4.27 2.4.27-10
+	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc4)
+	[sarge] - kernel-source-2.6.8 2.6.8-16
+	[sarge] - kernel-source-2.4.27 2.4.27-10
 	NOTE: believed not to be exploitable in 2.6 after all, re Greg K-H
 CVE-2005-1262 (Gaim 1.2.1 and earlier allows remote attackers to cause a denial of ...)
 	- gaim 1:1.2.1-1.1 
@@ -19105,6 +19104,7 @@
 CVE-2003-0167 (Multiple off-by-one buffer overflows in the IMAP capability for Mutt ...)
 	{DSA-300 DSA-274}
 	- balsa 2.0.10
+	- mutt 1.4.0
 CVE-2003-0166 (Integer signedness error in emalloc() function for PHP before 4.3.2 ...)
 	NOTE: not belived to be vulnerable (http://marc.theaimsgroup.com/?l=bugtraq&m=104931415307111&w=2)
 CVE-2003-0165 (Format string vulnerability in Eye Of Gnome (EOG) allows attackers to ...)
@@ -19115,6 +19115,7 @@
 	NOTE: Gaim-Encryption Plugin not in debian
 CVE-2003-0162 (Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows remote ...)
 	{DSA-271}
+	- ecartis 1.0.0+cvs.20030321-1
 CVE-2003-0161 (The prescan() function in the address parser (parseaddr.c) in Sendmail ...)
 	{DSA-290 DSA-278}
 	- sendmail-wide 8.12.9+3.5Wbeta-1
@@ -19129,14 +19130,19 @@
 	REJECTED
 CVE-2003-0156 (Directory traversal vulnerability in Cross-Referencing Linux (LXR) ...)
 	{DSA-264}
+	- lxr 0.3-4
 CVE-2003-0155 (bonsai Mozilla CVS query tool allows remote attackers to gain access ...)
 	{DSA-265}
+	- bonsai 1.3+cvs20030317-1
 CVE-2003-0154 (Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query ...)
 	{DSA-265}
+	- bonsai 1.3+cvs20030317-1
 CVE-2003-0153 (bonsai Mozilla CVS query tool leaks the absolute pathname of the tool ...)
 	{DSA-265}
+	- bonsai 1.3+cvs20030317-1
 CVE-2003-0152 (Unknown vulnerability in bonsai Mozilla CVS query tool allows remote ...)
 	{DSA-265}
+	- bonsai 1.3+cvs20030317-1
 CVE-2003-0151 (BEA WebLogic Server and Express 6.0 through 7.0 does not properly ...)
 	NOT-FOR-US: BEA WebLogic Server
 CVE-2003-0150 (MySQL 3.23.55 and earlier creates world-writeable files and allows ...)
@@ -19151,6 +19157,8 @@
 	- openssl096 0.9.6j-1
 CVE-2003-0146 (Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly ...)
 	{DSA-263}
+	- lpr 1:2000.05.07-4.20
+	- netpbm-free 2:9.20-9
 CVE-2003-0144 (Buffer overflow in the lprm command in the lprold lpr package on SuSE ...)
 	{DSA-275 DSA-267}
 	- lpr-ppd 1:0.72-3
@@ -19160,10 +19168,16 @@
 	NOT-FOR-US: Real
 CVE-2003-0140 (Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up ...)
 	{DSA-268}
+	- mutt 1.5.4-1
 CVE-2003-0139 (Certain weaknesses in the implementation of version 4 of the Kerberos ...)
 	{DSA-273 DSA-266}
+	- krb4 1.2.2-1
+	- krb5 1.2.7-3
 CVE-2003-0138 (Version 4 of the Kerberos protocol (krb4), as used in Heimdal and ...)
 	{DSA-273 DSA-269 DSA-266}
+	- krb4 1.2.2-1
+	- heimdal 0.5.2-1
+	- krb5 1.2.7-3
 CVE-2003-0137 (SNMP daemon in the DX200 based network element for Nokia Serving GPRS ...)
 	NOT-FOR-US: Nokia Serving GPRS support node
 CVE-2003-0136 (psbanner in the LPRng package allows local users to overwrite ...)
@@ -19241,8 +19255,10 @@
 	NOT-FOR-US: HP-UX
 CVE-2003-0086 (The code for writing reg files in Samba before 2.2.8 allows local ...)
 	{DSA-262}
+	- samba 2.2.8
 CVE-2003-0085 (Buffer overflow in the SMB/CIFS packet fragment re-assembly code for ...)
 	{DSA-262}
+	- samba 2.2.8
 CVE-2003-0084 (mod_auth_any package in Red Hat Enterprise Linux 2.1 and other ...)
 	NOTE: mod_auth_any not in Debian
 CVE-2003-0083 (Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not ...)
@@ -19250,6 +19266,7 @@
 	- apache 1.3.25
 CVE-2003-0082 (The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and ...)
 	{DSA-266}
+	- krb5 1.3.3-2
 CVE-2003-0080 (The iptables ruleset in Gnome-lokkit in Red Hat Linux 8.0 does not ...)
 	- gnome-lokkit 0.50.22-4
 CVE-2003-0076 (Unknown vulnerability in the directory parser for Direct Connect 4 ...)
@@ -19258,6 +19275,8 @@
 	- plptools 0.12-0
 CVE-2003-0072 (The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and ...)
 	{DSA-266}
+	- krb5 1.2.7-3
+	NOTE: changelog does not mention this one, verified patch from upstream was applied to this version.
 CVE-2003-0061 (Buffer overflow in passwd for HP UX B.10.20 allows local users to ...)
 	NOT-FOR-US: HP UX
 CVE-2003-0060 (Format string vulnerabilities in the logging routines for MIT Kerberos ...)
@@ -19303,6 +19322,9 @@
 CVE-2003-0028 (Integer overflow in the xdrmem_getbytes() function, and possibly other ...)
 	{DSA-282 DSA-272 DSA-266}
 	- glibc 2.3.1-16
+	- dietlibc 0.22-2
+	- krb5 1.3.3-2
+	NOTE: krb5: changelog does not mention this one, verified patch from Tom Yu was applied to this version.
 CVE-2003-0026 (Multiple stack-based buffer overflows in the error handling routines ...)
 	{DSA-231}
 CVE-2003-0025 (Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow ...)
@@ -21081,7 +21103,7 @@
 CVE-2002-1337 (Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to ...)
 	{DSA-257}
 	- sendmail 8.13.0.PreAlpha4-0
-	NOTE: sendmail-wide not in testing/unstable
+	- sendmail-wine <removed>
 	NOTE: problem in sendmail 8.12, sarge uses 8.13
 CVE-2002-1336 (TightVNC before 1.2.6 generates the same challenge string for multiple ...)
 	- tightvnc 1.2.6-1

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2005-12-03 09:14:19 UTC (rev 2933)
+++ data/DSA/list	2005-12-04 14:55:52 UTC (rev 2934)
@@ -2433,70 +2433,60 @@
 	[woody] - lpr-ppd 0.72-2.1
 [28 Mar 2003] DSA-274 mutt - buffer overflow
 	{CVE-2003-0167}
-	- mutt 1.4.0
+	[woody] - mutt 1.3.28-2.2
 [28 Mar 2003] DSA-273 krb4 - Cryptographic weakness
 	{CVE-2003-0138 CVE-2003-0139}
-	- krb4 1.2.2-1
+	[woody] - krb4 1.1-8-2.3
 [28 Mar 2003] DSA-272 dietlibc - integer overflow
 	{CVE-2003-0028}
-	- dietlibc 0.22-2
+	[woody] - dietlibc 0.12-2.5
 [27 Mar 2003] DSA-271 ecartis - unauthorized password change
 	{CVE-2003-0162}
-	- ecartis 1.0.0+cvs.20030321-1
+	[woody] - ecartis 0.129a+1.0.0-snap20020514-1.1
 [27 Mar 2003] DSA-270 linux-kernel-mips - local privilege escalation
 	{CVE-2003-0127}
-	NOTE: not in unstable/testing, did not check other versions
+	[woody] - kernel-patch-2.4.17-mips 2.4.17-0.020226.2.woody1
+	[woody] - kernel-patch-2.4.19-mips 2.4.19-0.020911.1.woody1
 [26 Mar 2003] DSA-269 heimdal - Cryptographic weakness
 	{CVE-2003-0138}
-	- heimdal 0.5.2-1
+	[woody] - heimdal 0.4e-7.woody.8
 [25 Mar 2003] DSA-268 mutt - buffer overflow
 	{CVE-2003-0140}
-	- mutt 1.5.4-1
+	[woody] - mutt 1.3.28-2.1
 [24 Mar 2003] DSA-267 lpr - buffer overflow
 	{CVE-2003-0144}
-	- lpr 1:2000.05.07-4.20
+	[woody] - lpr 2000.05.07-4.3
 [24 Mar 2003] DSA-266 krb5 - several vulnerabilities
-	{CVE-2003-0028}
-	- krb5 1.3.3-2
-	NOTE: changelog does not mention this one, verified patch from 
-	NOTE: Tom Yu was applied to this version.
-	{CVE-2003-0072}
-	- krb5 1.2.7-3
-	NOTE: changelog does not mention this one, verified patch from 
-	NOTE: upstream was applied to this version.
-	{CVE-2003-0082}
-	- krb5 1.3.3-2
-	{CVE-2003-0138 VU#623217}
-	- krb5 1.2.7-3
-	{CVE-2003-0139 VU#442569}
-	- krb5 1.2.7-3
+	{CVE-2003-0028 CVE-2003-0072 CVE-2003-0082 CVE-2003-0138 CVE-2003-0139}
+	[woody] - krb5 1.2.4-5woody4
 [21 Mar 2003] DSA-265 bonsai - several vulnerabilities
 	{CVE-2003-0152 CVE-2003-0153 CVE-2003-0154 CVE-2003-0155}
-	- bonsai 1.3+cvs20030317-1
+	[woody] - bonsai 1.3+cvs20020224-1woody1
 [19 Mar 2003] DSA-264 lxr - missing filename sanitizing
 	{CVE-2003-0156}
-	- lxr 0.3-4
+	[woody] - lxr 0.3-3
 [17 Mar 2003] DSA-263 netpbm-free - math overflow errors
 	{CVE-2003-0146}
-	- netpbm-free 2:9.20-9
+	[woody] - netpbm-free 2:9.20-8.2
 [15 Mar 2003] DSA-262 samba - remote exploit
 	{CVE-2003-0085 CVE-2003-0086}
-	- samba 2.2.8
+	[woody] - samba 2.2.3a-12.1
 [14 Mar 2003] DSA-261 tcpdump - infinite loop
 	{CVE-2003-0093 CVE-2003-0145}
-	NOTE: DSA reports sid was not affected, sarge has sid version
+	[woody] - tcpdump 3.6.2-2.4
 [13 Mar 2003] DSA-260 file - buffer overflow
 	{CVE-2003-0102}
-	- file 3.40-1.1
+	[woody] - file 3.37-3.1.woody.1
 [12 Mar 2003] DSA-259 qpopper - mail user privilege escalation
 	{CVE-2003-0143}
-	- qpopper 4.0.4-9
+	[woody] - qpopper 4.0.4-2.woody.3
 [10 Mar 2003] DSA-258 ethereal - format string vulnerability
 	{CVE-2003-0081}
-	- ethereal 0.9.9-2
+	[woody] - ethereal 0.9.4-1woody3
 [04 Mar 2003] DSA-257 sendmail - remote exploit
 	{CVE-2002-1337}
-	- sendmail 8.12.8
+	[woody] - sendmail 8.12.3-5
+	[woody] - sendmail-wide 8.12.3+3.5Wbeta-5.2
 [28 Feb 2003] DSA-256 mhc - insecure temporary file
 	{CVE-2003-0120}
 	- mhc 0.25+20030224-1

More information about the Secure-testing-commits mailing list