[Secure-testing-commits] r2952 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Tue Dec 6 14:26:56 UTC 2005 

Author: jmm-guest
Date: 2005-12-06 14:26:51 +0000 (Tue, 06 Dec 2005)
New Revision: 2952

Modified:
   data/CVE/list
   data/DSA/list
Log:
DSA conversions


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-12-06 13:34:57 UTC (rev 2951)
+++ data/CVE/list	2005-12-06 14:26:51 UTC (rev 2952)
@@ -19454,6 +19454,7 @@
 	- krb5 1.2.4
 CVE-2003-0057 (Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote ...)
 	{DSA-248}
+	- hypermail 2.1.6-1
 CVE-2003-0056 (Buffer overflow in secure locate (slocate) before 2.7 allows local ...)
 	{DSA-252}
 	- slocate 2.7-1
@@ -19467,8 +19468,10 @@
 	NOT-FOR-US: commercial ssh clients
 CVE-2003-0044 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) ...)
 	{DSA-246}
+	- tomcat <removed>
 CVE-2003-0042 (Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, ...)
 	{DSA-246}
+	- tomcat <removed>
 CVE-2003-0041 (Kerberos FTP client allows remote FTP sites to execute arbitrary code ...)
 	NOTE: verified sarge version of krb5-clients not vulnerable
 	NOTE: nothing in changelogs
@@ -19477,6 +19480,7 @@
 	- mailman 2.1.1-1
 CVE-2003-0037 (Buffer overflows in noffle news server 1.0.1 and earlier allow remote ...)
 	{DSA-244}
+	- noffle 1.1.2-1
 CVE-2003-0036 (ml85p, as included in the printer-drivers package for Mandrake Linux, ...)
 	NOT-FOR-US: ml85p, as included in the printer-drivers package for Mandrake Linux
 CVE-2003-0035 (Buffer overflow in escputil, as included in the printer-drivers ...)
@@ -19487,6 +19491,7 @@
 	NOTE: it's not installed setuid or setgid, so this is not exploitable
 CVE-2003-0031 (Multiple buffer overflows in libmcrypt before 2.5.5 allow attackers to ...)
 	{DSA-228}
+	- libmcrypt 2.5.5-1
 CVE-2003-0030 (Buffer overflows in protegrity.dll of Protegrity Secure.Data Extension ...)
 	NOT-FOR-US: Protegrity Secure.Data Extension Feature
 CVE-2003-0029
@@ -19499,8 +19504,11 @@
 	NOTE: krb5: changelog does not mention this one, verified patch from Tom Yu was applied to this version.
 CVE-2003-0026 (Multiple stack-based buffer overflows in the error handling routines ...)
 	{DSA-231}
+	- dhcp3 3.0+3.0.1rc11-1
 CVE-2003-0025 (Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow ...)
 	{DSA-229}
+	- imp 2.2.6-7
+	- imp3 <not-affected>
 CVE-2003-0014 (gsinterf.c in bmv 1.2 and earlier allows local users to overwrite ...)
 	{DSA-633-1}
 	- bmv 1.2-17
@@ -19775,7 +19783,16 @@
 	- im 1:141-20
 CVE-2002-1393 (Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not ...)
 	{DSA-243 DSA-242 DSA-241 DSA-240 DSA-239 DSA-238 DSA-237 DSA-236 DSA-235 DSA-234}
-	NOTE: KDE2 not in sarge
+	- kdemultimedia 4:3.0.5a
+	- kdebase 4:3.0.5a
+	- kdeutils 4:3.0.5a
+	- kdegames 4:3.0.5a
+	- kdesdk 4:3.0.5a
+	- kdepim 4:3.0.5a
+	- kdelibs 4:3.0.5a
+	- kdenetwork 4:3.0.5a
+	- kdegraphics 4:3.0.5a
+	- kdeadmin 4:3.0.5a
 CVE-2002-1387 (The spray mode in traceroute-nanog (aka traceroute-ng) may allow local ...)
 	{DSA-254}
 	- traceroute-nanog 6.3.0-1

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2005-12-06 13:34:57 UTC (rev 2951)
+++ data/DSA/list	2005-12-06 14:26:51 UTC (rev 2952)
@@ -2513,71 +2513,67 @@
 	[woody] - w3mmee 0.3-2.4
 [31 Jan 2003] DSA-248 hypermail - buffer overflows
 	{CVE-2003-0057}
-	- hypermail 2.1.6-1
+	[woody] - hypermail 2.1.3-2.0
 [30 Jan 2003] DSA-247 courier-ssl - missing input sanitizing
 	{CVE-2003-0040}
-	- courier 0.40.2-3
+	[woody] - courier 0.37.3-3.3
 [29 Jan 2003] DSA-246 tomcat - information exposure, cross site scripting
 	{CVE-2003-0042 CVE-2003-0043 CVE-2003-0044}
-	NOTE: tomcat not in sid/sarge
-	NOTE: tomcat4 not affected
+	[woody] - tomcat 3.3a-4woody.1
 [28 Jan 2003] DSA-245 dhcp3 - ignored counter boundary
 	{CVE-2003-0039}
-	- dhcp3 1.1.2-1
+	[woody] - dhcp3 3.0+3.0.1rc9-2.2
 [27 Jan 2003] DSA-244 noffle - buffer overflows
 	{CVE-2003-0037}
-	- noffle 1.1.2-1
+	[woody] - noffle 1.0.1-1.1
 [24 Jan 2003] DSA-243 kdemultimedia - several vulnerabilities
 	{CVE-2002-1393}
-	- kdemultimedia 4:3.1
+	[woody] - kdemultimedia 2.2.2-8.2
 [24 Jan 2003] DSA-242 kdebase - several vulnerabilities
 	{CVE-2002-1393}
-	- kdebase 4:3.1
+	[woody] - kdebase 2.2.2-14.2
 [24 Jan 2003] DSA-241 kdeutils - several vulnerabilities
 	{CVE-2002-1393}
-	- kdeutils 4:3.1
+	[woody] - kdeutils 2.2.2-9.2
 [23 Jan 2003] DSA-240 kdegames - several vulnerabilities
 	{CVE-2002-1393}
-	- kdegames 4:3.1
+	[woody] - kdegames 2.2.2-2.2
 [23 Jan 2003] DSA-239 kdesdk - several vulnerabilities
 	{CVE-2002-1393}
-	- kdesdk 4:3.1
+	[woody] - kdesdk 2.2.2-3.2
 [23 Jan 2003] DSA-238 kdepim - several vulnerabilities
 	{CVE-2002-1393}
-	- kdepim 4:3.1
+	[woody] - kdepim 2.2.2-5.2
 [22 Jan 2003] DSA-237 kdenetwork - several vulnerabilities
 	{CVE-2002-1393}
-	- kdenetwork 4:3.1
+	[woody] - kdenetwork 2.2.2-14.6
 [22 Jan 2003] DSA-236 kdelibs - several vulnerabilities
 	{CVE-2002-1393}
-	- kdelibs 4:3.1
+	[woody] - kdelibs 2.2.2-13.woody.6
 [22 Jan 2003] DSA-235 kdegraphics - several vulnerabilities
 	{CVE-2002-1393}
-	- kdegraphics 4:3.1
+	[woody] - kdegraphics 2.2.2-6.10
 [22 Jan 2003] DSA-234 kdeadmin - several vulnerabilities
 	{CVE-2002-1393}
-	- kdeadmin 4:3.1
+	[woody] - kdeadmin 2.2.2-7.2
 [21 Jan 2003] DSA-233 cvs - doubly freed memory
 	{CVE-2003-0015}
-	- cvs 1.11.2-5.1
+	[woody] - cvs 1.11.1p1debian-8.1
 [20 Jan 2003] DSA-232 cupsys - several vulnerabilities
 	{CVE-2002-1366 CVE-2002-1367 CVE-2002-1368 CVE-2002-1369 CVE-2002-1371 CVE-2002-1372 CVE-2002-1383 CVE-2002-1384}
-	- cupsys 1.1.18-1
+	[woody] - cupsys 1.1.14-4.3
 [17 Jan 2003] DSA-231 dhcp3 - stack overflows
 	{CVE-2003-0026}
-	- dhcp3 3.0+3.0.1rc11-1
+	[woody] - dhcp3 3.0+3.0.1rc9-2.1
 [16 Jan 2003] DSA-230 bugzilla - insecure permissions, spurious backup files
-	NOTE: not in testing due to 3 newer security holes
-	{CVE-2003-0012}
-	- bugzilla 2.16.2
-	{CVE-2003-0013}
-	- bugzilla 2.16.2
+	{CVE-2003-0012 CVE-2003-0013}
+	[woody] - bugzilla 2.14.2-0woody4
 [15 Jan 2003] DSA-229 imp - SQL injection
 	{CVE-2003-0025}
-	NOTE: I think imp3 is ok.
+	[woody] - imp 2.2.6-5.1
 [14 Jan 2003] DSA-228 libmcrypt - buffer overflows and memory leak
 	{CVE-2003-0031 CVE-2003-0032}
-	- libmcrypt 2.5.5-1
+	[woody] - libmcrypt 2.5.0-1woody1
 [13 Jan 2003] DSA-227 openldap2 - buffer overflows and other bugs
 	{CVE-2002-1378 CVE-2002-1379 CVE-2002-1508}
 	- openldap2 2.0.27-3

More information about the Secure-testing-commits mailing list