[Secure-testing-commits] r2944 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Mon Dec 5 11:56:10 UTC 2005 

Author: jmm-guest
Date: 2005-12-05 11:56:05 +0000 (Mon, 05 Dec 2005)
New Revision: 2944

Modified:
   data/CVE/list
   data/DSA/list
Log:
converted feb 2003 to the new DSA format


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-12-05 11:55:21 UTC (rev 2943)
+++ data/CVE/list	2005-12-05 11:56:05 UTC (rev 2944)
@@ -10576,10 +10576,9 @@
 CVE-2005-1042 (Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP ...)
 	- php4 4:4.3.10-10 (bug #306003)
 CVE-2005-1041 (The fib_seq_start function in fib_hash.c in Linux kernel allows local ...)
-	- linux-2.6 <not-affected> (Fixed before upload into archive)
+	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.5)
 	[sarge] - kernel-source-2.6.8 2.6.8-16
 	- kernel-source-2.4.27 <not-affected>
-	TODO: Check, when this was fixed
 CVE-2005-1040 (Multiple unknown vulnerabilities in netapplet in Novell Linux Desktop ...)
 	- netapplet <not-affected> (Not vulerable, see bug #310833)
 CVE-2005-1039 (Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, ...)
@@ -19448,6 +19447,7 @@
 	{DSA-248}
 CVE-2003-0056 (Buffer overflow in secure locate (slocate) before 2.7 allows local ...)
 	{DSA-252}
+	- slocate 2.7-1
 CVE-2003-0049 (Apple File Protocol (AFP) in Mac OS X before 10.2.4 allows ...)
 	NOT-FOR-US: MacOS
 CVE-2003-0048 (PuTTY 0.53b and earlier does not clear logon credentials from memory, ...)
@@ -19836,7 +19836,9 @@
 	NOT-FOR-US: Office Web Components
 CVE-2002-1335 (Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape ...)
 	{DSA-251 DSA-250 DSA-249}
+	- w3m 0.3.2.2-1
 	- w3mmee 0.3.p24.17-3
+	- w3m-ssl <removed>
 CVE-2002-1334 (Cross-site scripting (XSS) vulnerability in BizDesign ImageFolio 3.01 ...)
 	NOT-FOR-US: BizDesign
 CVE-2002-1333
@@ -21262,6 +21264,7 @@
 	NOT-FOR-US: PC-cillin
 CVE-2002-1348 (w3m before 0.3.2.2 does not properly escape HTML tags in the ALT ...)
 	{DSA-251 DSA-250 DSA-249}
+	- w3m 0.3.2.2-1
 	- w3mmee 0.3.p24.17-3
 CVE-2002-1337 (Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to ...)
 	{DSA-257}
@@ -21991,6 +21994,7 @@
 CVE-2002-0381 (The TCP implementation in various BSD operating systems (tcp_input.c) ...)
 CVE-2002-0380 (Buffer overflow in tcpdump 3.6.2 and earlier allows remote attackers ...)
 	{DSA-255}
+	- tcpdump 3.7.1-1.2
 CVE-2002-0379 (Buffer overflow in University of Washington imap server (uw-imapd) ...)
 CVE-2002-0377 (Gaim 0.57 stores sensitive information in world-readable and ...)
 CVE-2002-0376 (Buffer overflow in Apple QuickTime 5.0 ActiveX component allows remote ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2005-12-05 11:55:21 UTC (rev 2943)
+++ data/DSA/list	2005-12-05 11:56:05 UTC (rev 2944)
@@ -2489,28 +2489,28 @@
 	[woody] - sendmail-wide 8.12.3+3.5Wbeta-5.2
 [28 Feb 2003] DSA-256 mhc - insecure temporary file
 	{CVE-2003-0120}
-	- mhc 0.25+20030224-1
+	[woody] - mhc 0.25+20010625-7.1
 [27 Feb 2003] DSA-255 tcpdump - infinite loop
 	{CVE-2003-0108 CVE-2002-0380}
-	- tcpdump 3.7.1-1.2
+	[woody] - tcpdump 3.6.2-2.3
 [27 Feb 2003] DSA-254 traceroute-nanog - buffer overflow
 	{CVE-2002-1051 CVE-2002-1364 CVE-2002-1386 CVE-2002-1387}
-	- traceroute-nanog 6.3.0-1
+	[woody] - traceroute-nanog 6.1.1-1.2
 [24 Feb 2003] DSA-253 openssl - information leak
 	{CVE-2003-0078}
-	- openssl 0.9.7a-1
+	[woody] - openssl 0.9.6c-2.woody.2
 [21 Feb 2003] DSA-252 slocate - buffer overflow
 	{CVE-2003-0056}
-	- slocate 2.7-1
+	[woody] - slocate 2.6-1.3.1
 [14 Feb 2003] DSA-251 w3m - missing HTML quoting
 	{CVE-2002-1335 CVE-2002-1348}
-	- w3m 0.3.2.2-1
+	[woody] - w3m 0.3-2.4
 [12 Feb 2003] DSA-250 w3mmee-ssl - missing HTML quoting
 	{CVE-2002-1335 CVE-2002-1348}
 	NOTE: not in sid/sarge
 [11 Feb 2003] DSA-249 w3mmee - missing HTML quoting
 	{CVE-2002-1335 CVE-2002-1348}
-	- w3mmee 0.3.p24.17-3
+	[woody] - w3mmee 0.3-2.4
 [31 Jan 2003] DSA-248 hypermail - buffer overflows
 	{CVE-2003-0057}
 	- hypermail 2.1.6-1

More information about the Secure-testing-commits mailing list