[Secure-testing-commits] r3034 - data/CVE

Florian Weimer fw at costa.debian.org
Wed Dec 14 09:33:23 UTC 2005 

Author: fw
Date: 2005-12-14 09:33:18 +0000 (Wed, 14 Dec 2005)
New Revision: 3034

Modified:
   data/CVE/list
Log:
CVE-2005-0148: fix syntax
CVE-2004-1347: xdm has multiple source packages, list them
CVE-2004-1311, CVE-2004-1310, CVE-2004-1309: add mplayer ITP bug number
CVE-2004-1027, CVE-2004-0947: use the arj source package instead of unarj
CVE-2004-1001: the fix was losted from sid as well, correct versions


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-12-14 09:25:48 UTC (rev 3033)
+++ data/CVE/list	2005-12-14 09:33:18 UTC (rev 3034)
@@ -14261,7 +14261,7 @@
 	- mozilla-thunderbird 0.7
 	- mozilla 2:1.7.4
 CVE-2005-0148 (Thunderbird before 0.9, when running on Windows systems, uses the ...)
-	- mozilla-thunderbird (Affects only Thunderbird on Windows)
+	- mozilla-thunderbird <not-affected> (Affects only Thunderbird on Windows)
 CVE-2005-0147 (Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a ...)
 	- mozilla-firefox 1.0
 	- mozilla 2:1.7.5
@@ -14630,7 +14630,8 @@
 CVE-2004-1348 (Unknown vulnerability in in.named on Solaris 8 allows remote attackers ...)
 	NOT-FOR-US: Solaris
 CVE-2004-1347 (X Display Manager (XDM) on Solaris 8 allows remote attackers to cause ...)
-	-xdm <not-affected> (xdm on Solaris)
+	- xfree86 <not-affected> (xdm on Solaris)
+	- xorg-x11 <not-affected> (xdm on Solaris)
 CVE-2004-1346 (The Sun Solaris Volume Manager (SVM) on Solaris 9 allows local users ...)
 	NOT-FOR-US: Solaris
 CVE-2004-1345 (Unknown vulnerability in Sun StorEdge Enterprise Storage Manager (ESM) ...)
@@ -14799,11 +14800,11 @@
 CVE-2004-1312 (A bug in the HTML parser in a certain Microsoft HTML library, as used ...)
 	NOT-FOR-US: Microsoft
 CVE-2004-1311 (Integer overflow in the real_setup_and_get_header function in real.c ...)
-	- mplayer <itp>
+	- mplayer <itp> (bug #113238)
 CVE-2004-1310 (Stack-based buffer overflow in the asf_mmst_streaming.c functionality ...)
-	- mplayer <itp>
+	- mplayer <itp> (bug #113238)
 CVE-2004-1309 (Heap-based buffer overflow in the demux_open_bmp function in ...)
-	- mplayer <itp>
+	- mplayer <itp> (bug #113238)
 CVE-2004-1308 (Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff ...)
 	{DSA-617-1}
 	- tiff 3.6.1-4
@@ -15396,7 +15397,7 @@
 	[sarge] - kernel-source-2.6.8 2.6.8-14
 CVE-2004-1057 (Multiple drivers in Linux kernel 2.4.19 and earlier do not properly ...)
 	TODO: check back with dilinger about 2.6
-	TOOD: previous fix in -9 has regressions
+	TODO: previous fix in -9 has regressions
 	- kernel-source-2.4.27 2.4.27-10
 CVE-2004-1056 (Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not ...)
 	- linux-2.6 <not-affected> (Fixed before upload into archive)
@@ -15464,7 +15465,7 @@
 	NOT-FOR-US: AIX
 CVE-2004-1027 (Directory traversal vulnerability in the -x (extract) command line ...)
 	{DSA-652-1}
-	- unarj <not-affected> (sarge's unarj is from a different code base, probably not vulnerable)
+	- arj <not-affected> (sarge's unarj is from a different code base, probably not vulnerable)
 CVE-2004-1026 (Multiple integer overflows in the image handler for imlib 1.9.14 and ...)
 	{DSA-628-1 DSA-618-1}
 	- imlib 1.9.14-17.1 (bug #284925)
@@ -15541,9 +15542,12 @@
 	- ppp 2.4.2+20040428-3
 CVE-2004-1001 (Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, ...)
 	{DSA-585-1}
-	- shadow 1:4.0.3-30.3
-	NOTE: apparently the fix was lost from sarge somehow, see #309587
-	[sarge] - shadow 1:4.0.3-31sarge5
+	NOTE: Fixed in 	shadow 1:4.0.3-30.3 for the first time.
+	NOTE: Apparently, the fix was lost somehow, see #309587.
+	NOTE: It was reapplied to sarge before the release, and to sid in
+	NOTE: version 1:4.0.3-35.
+	- shadow 1:4.0.3-35
+	[sarge] - shadow 1:4.0.3-31sarge5 (bug #309587)
 CVE-2004-1000 (lintian 1.23 and earlier removes the working directory even if it was ...)
 	{DSA-630-1}
 	- lintian 1.23.6 (bug #286379; low)
@@ -15693,7 +15697,7 @@
 CVE-2004-0947 (Buffer overflow in unarj before 2.63a-r2 allows remote attackers to ...)
 	{DSA-652-1}
 	NOTE: see http://lwn.net/Alerts/110733/
-	- unarj <not-affected> (sarge's unarj is from a different code base, probably not vulnerable)
+	- arj <not-affected> (sarge's unarj is from a different code base, probably not vulnerable)
 CVE-2004-0946 (rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit ...)
 	- nfs-utils <not-affected> (does not apply per maintainer)
 CVE-2004-0945 (The web management interface for Mitel 3300 Integrated Communications ...)

More information about the Secure-testing-commits mailing list