[Secure-testing-commits] r3046 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Wed Dec 14 22:02:16 UTC 2005 

Author: jmm-guest
Date: 2005-12-14 22:02:11 +0000 (Wed, 14 Dec 2005)
New Revision: 3046

Modified:
   data/CVE/list
   data/DSA/list
Log:
two more months of DSAs converted


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-12-14 21:14:19 UTC (rev 3045)
+++ data/CVE/list	2005-12-14 22:02:11 UTC (rev 3046)
@@ -20054,7 +20054,7 @@
 CVE-2002-1566 (netris 0.5, and possibly other versions before 0.52, when running with ...)
 	- netris 0.52-1
 CVE-2002-1565 (Buffer overflow in url_filename function for wget 1.8.1 allows ...)
-	- wget 1.8.1-6.1
+	- wget 1.8.2-8
 CVE-2002-1564 (Internet Explorer 5.5 and 6.0 allows remote attackers to steal ...)
 	NOT-FOR-US: microsoft
 CVE-2002-1563 (stunnel 4.0.3 and earlier allows attackers to cause a denial of ...)
@@ -20332,7 +20332,7 @@
 	TODO: check wget, ftp, ncftp, etc.
 CVE-2002-1344 (Directory traversal vulnerability in wget before 1.8.2-4 allows a ...)
 	{DSA-209}
-	- wget 1.8.1-6.1
+	- wget 1.8.2-8
 CVE-2002-1343
 	RESERVED
 CVE-2002-1342 (Unknown vulnerability in smb2www 980804-16 and earlier allows remote ...)
@@ -20433,8 +20433,10 @@
 	NOT-FOR-US: Novell iManager (eMFrame)
 CVE-2002-1282 (Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of ...)
 	{DSA-204}
+	- kdelibs 4:3.1.0-1
 CVE-2002-1281 (Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of ...)
 	{DSA-204}
+	- kdelibs 4:3.1.0-1
 CVE-2002-1280 (Memory leak in RealSecure Event Collector 6.5 allows attackers to ...)
 	NOT-FOR-US: RealSecure Event Collector
 CVE-2002-1279 (Multiple buffer overflows in conf.c for Masqmail 0.1.x before 0.1.17, ...)
@@ -21129,6 +21131,7 @@
 	NOT-FOR-US: no_package
 CVE-2002-0666 (IPSEC implementations including (1) FreeS/WAN and (2) KAME do not ...)
 	{DSA-201}
+	- freeswan 1.99-1
 CVE-2002-0664 (The default Access Control Lists (ACLs) of the administration database ...)
 	NOT-FOR-US: ZMerge 
 CVE-2002-0661 (Directory traversal vulnerability in Apache 2.0 through 2.0.39 on ...)
@@ -21676,6 +21679,9 @@
 	{DSA-210}
 	- lynx 2.8.4.1b-4
 	- lynx-ssl 1:2.8.4.1b-3.1
+CVE-2002-XXXX [Cross-Site-Scripting in Bugzilla]
+	{DSA-218}
+	- bugzilla 2.16.2-1
 CVE-2002-1403 (dhcpcd DHCP client daemon 1.3.22 and earlier allows local users to ...)
 	{DSA-219}
 	- dhcpcd 1:1.3.22pl2-2
@@ -21686,8 +21692,7 @@
 	NOTE: woody is not vulnerable
 CVE-2002-1394 (Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet ...)
 	{DSA-225}
-	- tomcat4 4.1.9-1
-	NOTE: no problem in sarge packages
+	- tomcat4 4.1.16-1
 CVE-2002-1392 (faxspool in mgetty before 1.1.29 uses a world-writable spool directory ...)
 	- mgetty 1.1.30-1
 	NOTE: woody version seems to be vulnerable see bug #199351
@@ -21729,16 +21734,13 @@
 	NOTE: Martin Schulze don't consider this as an issue for updating woody.
 CVE-2002-1375 (The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to ...)
 	{DSA-212}
-	- mysql-dfsg 4.0.7.gamma-1
-	NOTE: bug in mysql 3, sarge uses mysql 4
+	- mysql <removed>
 CVE-2002-1374 (The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x ...)
 	{DSA-212}
-	- mysql-dfsg 4.0.7.gamma-1
-	NOTE: bug in mysql 3, sarge uses mysql 4
+	- mysql <removed>
 CVE-2002-1373 (Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL ...)
 	{DSA-212}
-	- mysql-dfsg 4.0.7.gamma-1
-	NOTE: bug in mysql 3, sarge uses mysql 4
+	- mysql <removed>
 CVE-2002-1372 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not ...)
 	{DSA-232}
 	- cupsys 1.1.18-1
@@ -21767,14 +21769,15 @@
 CVE-2002-1362 (mICQ 0.4.9 and earlier allows remote attackers to cause a denial of ...)
 	{DSA-211}
 	- micq 0.4.9.4-1
-	NOTE: micq not in sarge
 CVE-2002-1361 (overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP (Security ...)
 	NOT-FOR-US: sun
 CVE-2002-1350 (The BGP decoding routines in tcpdump 3.6.x before 3.7 do not properly ...)
 	{DSA-206}
-	- tcpdump 3.7.1-1
-	NOTE: 3.7.1-1.2 fixes a different issue.
+	- tcpdump 3.7.2-1
 	NOTE: The fix from 3.6.2-2.2 was not upload to unstable.
+CVE-2002-XXXX [Multiple buffer overflows in gtetrinet]
+	{DSA-205}
+	- gtetrinet 0.4.4-1
 CVE-2002-1349 (Buffer overflow in pop3trap.exe for PC-cillin 2000, 2002, and 2003 ...)
 	NOT-FOR-US: PC-cillin
 CVE-2002-1348 (w3m before 0.3.2.2 does not properly escape HTML tags in the ALT ...)
@@ -21955,8 +21958,10 @@
 	NOT-FOR-US: pam_xauth
 CVE-2002-1159 (Canna 3.6 and earlier does not properly validate requests, which ...)
 	{DSA-224}
+	- canna 3.6p1-1
 CVE-2002-1158 (Buffer overflow in the irw_through function for Canna 3.5b2 and ...)
 	{DSA-224}
+	- canna 3.6p1-1
 CVE-2002-1157 (Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 ...)
 	{DSA-181}
 CVE-2002-1156 (Apache 2.0.42 allows remote attackers to view the source code of a CGI ...)
@@ -22227,6 +22232,7 @@
 	- apache 1.3.27-0.1
 CVE-2002-0836 (dvips converter for Postscript files in the tetex package calls the ...)
 	{DSA-207}
+	- tetex-bin 1.0.7+20021025-4
 CVE-2002-0835 (Preboot eXecution Environment (PXE) server allows remote attackers to ...)
 	NOT-FOR-US: RedHat/Intel PXE daemon
 	NOTE: this is not the one in Debian

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2005-12-14 21:14:19 UTC (rev 3045)
+++ data/DSA/list	2005-12-14 22:02:11 UTC (rev 3046)
@@ -2604,93 +2604,85 @@
 	[woody] - libmcrypt 2.5.0-1woody1
 [13 Jan 2003] DSA-227 openldap2 - buffer overflows and other bugs
 	{CVE-2002-1378 CVE-2002-1379 CVE-2002-1508}
-	- openldap2 2.0.27-3
+	[woody] - openldap2 2.0.23-6.3
 [10 Jan 2003] DSA-226 xpdf-i - integer overflow
 	{CVE-2002-1384}
-	- xpdf 2.01-2
+	[woody] - xpdf <not-affected> (xpdf-i is only a dummy package)
 [09 Jan 2003] DSA-225 tomcat4 - source disclosure
 	{CVE-2002-1394}
-	- tomcat4 4.1.16-1
-	NOTE: another RC (unreproducible?) bug and missing deps (#263201)
-	NOTE: are keeping the fix out of testing
-	NOTE: this is the second unfixed security hole in tomcat4 in testing..
+	[woody] - tomcat4 4.0.3-3woody2
 [08 Jan 2003] DSA-224 canna - buffer overflow and more
 	{CVE-2002-1158 CVE-2002-1159}
-	- canna 3.6p1-1
+	[woody] - canna 3.5b2-46.2
 [07 Jan 2003] DSA-223 geneweb - information exposure
 	{CVE-2002-1390}
-	- geneweb 4.09-1
+	[woody] - geneweb 4.06-2
 [06 Jan 2003] DSA-222 xpdf - integer overflow
 	{CVE-2002-1384}
-	- xpdf 2.01-2
+	[woody] - xpdf 1.00-3.1
 [03 Jan 2003] DSA-221 mhonarc - cross site scripting
 	{CVE-2002-1388}
-	- mhonarc 2.5.14-1
+	[woody] - mhonarc 2.5.2-1.3
 [02 Jan 2003] DSA-220 squirrelmail - cross site scripting
 	{CVE-2002-1341}
-	- squirrelmail 1:1.3.2-2
-
-------- These processed by Djoumé SALVETTI <salvetti at crans.org> -----
-
+	[woody] - squirrelmail 1.2.6-1.3
 [31 Dec 2002] DSA-219 dhcpcd - remote command execution
 	{CVE-2002-1403}
-	- dhcpcd 1:1.3.22pl2-2
+	NOTE: Woody doesn't have dhcpd
 [30 Dec 2002] DSA-218 bugzilla - cross site scripting
-	NOTE: not in testing, fixed in unstable (bugzilla 2.16.2-1).
+	[woody] - bugzilla 2.14.2-0woody3
 [27 Dec 2002] DSA-217 typespeed - buffer overflow
 	{CVE-2002-1389}
-	- typespeed 0.4.2-2
+	[woody] - typespeed 0.4.1-2.1
 [24 Dec 2002] DSA-216 fetchmail - buffer overflow
 	{CVE-2002-1365}
-	- fetchmail 6.2.0-1
+	[woody] - fetchmail 5.9.11-6.2
 [23 Dec 2002] DSA-215 cyrus-imapd - buffer overflow
 	{CVE-2002-1580}
-	- cyrus-imapd 1.5.19-9.10
-[20 Dec 2002] DSA-214 kdnetwork - buffer overflows
+	[woody] - cyrus-imapd 1.5.19-9.1
+[20 Dec 2002] DSA-214 kdenetwork - buffer overflows
 	{CVE-2002-1306}
-	- kdenetwork 4:2.2.2-14.20
-	NOTE: there is a typo in the DSA, the name of the package is kdenetwork.
+	[woody] - kdenetwork 2.2.2-14.5
 [19 Dec 2002] DSA-213 libpng - buffer overflow
 	{CVE-2002-1363}
-	- libpng 1.0.12-7
-	- libpng3 1.2.5-8
+	[woody] - libpng 1.0.12-3.woody.3
+	[woody] - libpng3 1.2.1-1.1.woody.3
 [17 Dec 2002] DSA-212 mysql - multiple problems
 	{CVE-2002-1373 CVE-2002-1374 CVE-2002-1375 CVE-2002-1376}
-	- mysql-dfsg 4.0.7.gamma-1
+	[woody] - mysql 3.23.49-8.2
 [13 Dec 2002] DSA-211 micq - denial of service
 	{CVE-2002-1362}
-	NOTE: not in testing nor unstable (was fixed in 0.4.9.4-1)
+	[woody] - micq 0.4.9-0woody3
 [13 Dec 2002] DSA-210 lynx - CRLF injection
 	{CVE-2002-1405}
-	- lynx 2.8.4.1b-4
-	NOTE: lynx-ssl not in testing nor unstable.
+	[woody] - lynx 2.8.3-1.1
+	[woody] - lynx-ssl 2.8.3.1-1.1
 [12 Dec 2002] DSA-209 wget - directory traversal
 	{CVE-2002-1344}
-	- wget 1.8.2-8
+	[woody] - wget 1.8.1-6.1
 [12 Dec 2002] DSA-208 perl - broken safe compartment
 	{CVE-2002-1323}
-	- perl 5.8.0-14
+	[woody] - perl 5.6.1-8.2
 [11 Dec 2002] DSA-207 tetex-bin - arbitrary command execution
 	{CVE-2002-0836}
-	- tetex-bin 1.0.7+20021025-4
+	[woody] - tetex-bin 1.0.7+20011202-7.1
 [10 Dec 2002] DSA-206 tcpdump - denial of service
 	{CVE-2002-1350}
-	- tcpdump 3.7.2-1
+	[woody] - tcpdump 3.6.2-2.2
 [10 Dec 2002] DSA-205 gtetrinet - buffer overflow
-	- gtetrinet 0.4.4-1
-	NOTE: no CVE for this one
+	[woody] - gtetrinet 0.4.1-9woody1.1
 [05 Dec 2002] DSA-204 kdelibs - arbitrary program execution
 	{CVE-2002-1281 CVE-2002-1282}
-	- kdelibs 4:3.1.0-1
+	[woody] - kdelibs 2.2.2-13.woody.5
 [04 Dec 2002] DSA-203 smb2www - arbitrary command execution
 	{CVE-2002-1342}
-	- smb2www 980804-17
+	[woody] - smb2www 980804-16.1
 [03 Dec 2002] DSA-202 im - insecure temporary files
 	{CVE-2002-1395}
-	- im 1:141-20
+	[woody] - im 141-18.1
 [02 Dec 2002] DSA-201 freeswan - denial of service
-	{CVE-2002-0666 VU#459371}
-	- freeswan 1.99-1
+	{CVE-2002-0666}
+	[woody] - freeswan 1.96-1.4
 [22 Nov 2002] DSA-200 samba - remote exploit
 	{CVE-2002-1318}
 	- samba 2.99.cvs.20020713-1

More information about the Secure-testing-commits mailing list