[Secure-testing-commits] r3084 - in data: CVE DSA
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Sun Dec 18 12:02:36 UTC 2005
Author: jmm-guest
Date: 2005-12-18 12:02:31 +0000 (Sun, 18 Dec 2005)
New Revision: 3084
Modified:
data/CVE/list
data/DSA/list
Log:
convert the remaining DSA entries
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-12-18 11:18:04 UTC (rev 3083)
+++ data/CVE/list 2005-12-18 12:02:31 UTC (rev 3084)
@@ -15943,10 +15943,9 @@
- gpdf 2.8.0-1
- kfax 4:3.3.1-1 (bug #280373)
CVE-2004-0887 (SUSE Linux Enterprise Server 9 on the S/390 platform does not properly ...)
- NOTE: waldi provided this info
- - linux-kernel-image-2.6.8-s390 2.6.8-3
+ - linux-2.6 <not-affected> (Fixed before upload into archive)
+ TODO: Check, when this was fixed
- kernel-source-2.6.8 2.6.8-10
- - kernel-source-2.6.9 2.6.9-3
CVE-2004-0886 (Multiple integer overflows in libtiff 3.6.1 and earlier allow remote ...)
{DSA-567-1}
- kdegraphics 3.3.2-1
@@ -20534,10 +20533,13 @@
NOT-FOR-US: RealSecure Event Collector
CVE-2002-1279 (Multiple buffer overflows in conf.c for Masqmail 0.1.x before 0.1.17, ...)
{DSA-194}
+ - masqmail 0.2.15-1
CVE-2002-1276 (An incomplete fix for a cross-site scripting (XSS) vulnerability in ...)
{DSA-191}
+ - squirrelmail 1:1.2.8-1.1
CVE-2002-1275 (Unknown vulnerability in html2ps HTML/PostScript converter 1.0, when ...)
{DSA-192}
+ - html2ps 1.0b3-2
CVE-2002-1274
RESERVED
CVE-2002-1273
@@ -20560,6 +20562,7 @@
RESERVED
CVE-2002-1247 (Buffer overflow in LISa allows local users to gain access to a raw ...)
{DSA-193}
+ - kdenetwork 4:2.2.2-14.3
CVE-2002-1246
RESERVED
CVE-2002-1243
@@ -20574,18 +20577,25 @@
RESERVED
CVE-2002-1235 (The kadm_ser_in function in (1) the Kerberos v4compatibility ...)
{DSA-185 DSA-184 DSA-183}
+ - heimdal 0.4e-22
+ - krb4 1.1-11-8
+ - krb5 1.2.6-2
CVE-2002-1234
REJECTED
CVE-2002-1233 (A regression error in the Debian distributions of the apache-ssl ...)
{DSA-195 DSA-188 DSA-187}
+ - apache-perl 1.3.26-1.1-1.27-3-1
+ - apache 1.3.27-1
CVE-2002-1229 (Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and earlier ...)
NOT-FOR-US: Avaya Cajun switches
CVE-2002-1228 (Unknown vulnerability in NFS on Solaris 2.5.1 through Solaris 9 allows ...)
NOT-FOR-US: Solaris
CVE-2002-1226 (Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, ...)
{DSA-178}
+ - heimdal 0.4e-21
CVE-2002-1225 (Multiple buffer overflows in Heimdal before 0.5, possibly in both the ...)
{DSA-178}
+ - heimdal 0.4e-21
CVE-2002-1218
RESERVED
CVE-2002-1217 (Cross-Frame scripting vulnerability in the WebBrowser control as used ...)
@@ -20594,6 +20604,7 @@
- tar 1.13.25
CVE-2002-1215 (Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier ...)
{DSA-174}
+ - heartbeat 0.4.9.2-1
CVE-2002-1213 (Directory traversal vulnerability in RadioBird Software WebServer 4 ...)
NOT-FOR-US: RadioBird Software WebServer 4 Everyone
CVE-2002-1212 (Buffer overflow in RadioBird Software WebServer 4 Everyone 1.23 and ...)
@@ -20634,8 +20645,10 @@
NOT-FOR-US: Winamp
CVE-2002-1175 (The getmxrecord function in Fetchmail 6.0.0 and earlier does not ...)
{DSA-171}
+ - fetchmail 4.0beta9-8.1
CVE-2002-1174 (Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers ...)
{DSA-171}
+ - fetchmail 4.0beta9-8.1
CVE-2002-1173
RESERVED
CVE-2002-1172
@@ -20674,6 +20687,7 @@
NOT-FOR-US: Dino's Webserver
CVE-2002-1131 (Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and ...)
{DSA-191}
+ - squirrelmail 1:1.2.8-1.1
CVE-2002-1130
RESERVED
CVE-2002-1129 (Buffer overflow in dxterm allows local users to execute arbitrary code ...)
@@ -20686,6 +20700,7 @@
NOT-FOR-US: FreeBSD
CVE-2002-1124 (Multiple buffer overflows in purity 1-16 allow local users to gain ...)
{DSA-166}
+ - purity 1-16
CVE-2002-1121 (SMTP content filter engines, including (1) GFI MailSecurity for ...)
NOTE: Some SMTP mailscanners can be bypassed by fragmenting
NOTE: messages.
@@ -20694,10 +20709,13 @@
NOT-FOR-US: Savant Web Server
CVE-2002-1115 (Mantis 0.17.4a and earlier allows remote attackers to view private ...)
{DSA-161}
+ - mantis 0.17.5-2
CVE-2002-1114 (config_inc2.php in Mantis before 0.17.4 allows remote attackers to ...)
{DSA-153}
+ - mantis 0.17.4a-2
CVE-2002-1110 (Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, ...)
{DSA-153}
+ - mantis 0.17.4a-2
CVE-2002-1103 (Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, ...)
NOT-FOR-US: Cisco
CVE-2002-1101 (Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, ...)
@@ -20850,6 +20868,7 @@
NOT-FOR-US: HP
CVE-2002-0983 (IRC client irssi in irssi-text before 0.8.4 allows remote attackers to ...)
{DSA-157}
+ - irssi-text 0.8.5-2
CVE-2002-0982 (Microsoft SQL Server 2000 SP2, when configured as a distributor, ...)
NOT-FOR-US: Microsoft
CVE-2002-0980 (The Web Folder component for Internet Explorer 5.5 and 6.0 writes an ...)
@@ -20868,6 +20887,7 @@
NOT-FOR-US: FreeBSD
CVE-2002-0972 (Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial ...)
{DSA-165}
+ - postgresql 7.2.2-1
CVE-2002-0971 (Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to ...)
NOT-FOR-US: Microsoft Windows specific
CVE-2002-0966 (Buffer overflow in 4D web server 6.7.3 allow remote attackers to cause ...)
@@ -21002,6 +21022,7 @@
NOT-FOR-US: Shambala
CVE-2002-0874 (Vulnerability in Interchange 4.8.6, 4.8.3, and other versions, when ...)
{DSA-150}
+ - interchange 4.8.6-1
CVE-2002-0870 (The original patch for the Cisco Content Service Switch 11000 Series ...)
NOT-FOR-US: Cisco
CVE-2002-0869 (Unknown vulnerability in the hosting process (dllhost.exe) for ...)
@@ -21020,7 +21041,7 @@
NOT-FOR-US: Oracle
CVE-2002-0855 (Cross-site scripting vulnerability in Mailman before 2.0.12 allows ...)
{DSA-147}
- TODO: check
+ - mailman 2.0.12-1
CVE-2002-0854 (Buffer overflows in ISDN Point to Point Protocol (PPP) daemon (ipppd) ...)
NOT-FOR-US: SuSE specific
CVE-2002-0852 (Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 ...)
@@ -21030,17 +21051,23 @@
CVE-2002-0843 (Buffer overflows in the ApacheBench benchmark support program (ab.c) ...)
{DSA-195 DSA-188 DSA-187}
- apache 1.3.27-0.1
+ - apache-perl 1.3.26-1.1-1.27-3-1
CVE-2002-0841
REJECTED
CVE-2002-0839 (The shared memory scoreboard in the HTTP daemon for Apache 1.3.x ...)
{DSA-195 DSA-188 DSA-187}
- apache 1.3.27-0.1
+ - apache-perl 1.3.26-1.1-1.27-3-1
CVE-2002-0838 (Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and ...)
{DSA-182 DSA-179 DSA-176}
+ - kdegraphics 4:2.2.2-6.9
+ - gnome-gv 1.99.7-9
+ - gv 1:3.5.8-27
CVE-2002-0837 (wordtrans 1.1pre8 and earlier in the wordtrans-web package allows ...)
- wordtrans 1.1pre9
CVE-2002-0834 (Buffer overflow in the ISIS dissector for Ethereal 0.9.5 and earlier ...)
{DSA-162}
+ - ethereal 0.9.6-1
CVE-2002-0833 (Buffer overflow in Eudora 5.1.1 and 5.0-J for Windows, and possibly ...)
NOT-FOR-US: Eudora
CVE-2002-0832 (Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass ...)
@@ -21163,7 +21190,8 @@
NOT-FOR-US: guestbook
CVE-2002-0728 (Buffer overflow in the progressive reader for libpng 1.2.x before ...)
{DSA-140}
- TODO: check
+ - libpng 1.0.12-4
+ - libpng3 1.2.1-2
CVE-2002-0725 (NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local ...)
NOT-FOR-US: windows
CVE-2002-0724 (Buffer overflow in SMB (Server Message Block) protocol in Microsoft ...)
@@ -21231,22 +21259,22 @@
- apache2 2.0.40
CVE-2002-0660 (Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 ...)
{DSA-140}
- TODO: check
+ - libpng 1.0.12-4
+ - libpng3 1.2.1-2
CVE-2002-0659 (The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and ...)
{DSA-136}
- TODO: check
+ - openssl 0.9.6e-1
CVE-2002-0657 (Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos ...)
{DSA-136}
- TODO: check
+ - openssl 0.9.6e-1
CVE-2002-0656 (Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and ...)
{DSA-136}
- TODO: check
+ - openssl 0.9.6e-1
CVE-2002-0655 (OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not ...)
{DSA-136}
- TODO: check
+ - openssl 0.9.6e-1
CVE-2002-1412 (Gallery photo album package before 1.3.1 allows local and possibly ...)
{DSA-138}
- TODO: check
- gallery 1.3-3
CVE-2004-0356 (Stack-based buffer overflow in Supervisor Report Center in SL Mail Pro ...)
NOT-FOR-US: windows mta
@@ -21895,8 +21923,7 @@
NOTE: fixed after 2.4.20 kernel (2.6 not vulnerable)
CVE-2002-1318 (Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers ...)
{DSA-200}
- - samba 2.99.cvs.20020713-1
- NOTE: Problem in Samba 2, sarge uses Samba 3.
+ - samba 2.2.7
CVE-2002-1317 (Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on ...)
NOT-FOR-US: solaris
CVE-2002-1313 (nullmailer 1.00RC5 and earlier allows local users to cause a denial of ...)
@@ -21919,7 +21946,7 @@
NOTE: Linuxconf not in testing/unstable
CVE-2002-1277 (Buffer overflow in Window Maker (wmaker) 0.80.0 and earlier may allow ...)
{DSA-190}
- - wmaker 0.80.1-1
+ - wmaker 0.80.1-4
CVE-2002-1272 (Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a ...)
NOT-FOR-US: Alcatel
CVE-2002-1271 (The Mail::Mailer Perl module in the perl-MailTools package 1.47 and ...)
@@ -21988,12 +22015,15 @@
CVE-2002-1221 (BIND 8.x through 8.3.3 allows remote attackers to cause a denial of ...)
{DSA-196}
- bind 1:8.3.3-3
+ - bind9 <not-affected>
CVE-2002-1220 (BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of ...)
{DSA-196}
- bind 1:8.3.3-3
+ - bind9 <not-affected>
CVE-2002-1219 (Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 ...)
{DSA-196}
- bind 1:8.3.3-3
+ - bind9 <not-affected>
CVE-2002-1214 (Buffer overflow in Microsoft PPTP Service on Windows XP and Windows ...)
NOT-FOR-US: Microsoft
CVE-2002-1211 (Prometheus 6.0 and earlier allows remote attackers to execute ...)
@@ -22014,11 +22044,10 @@
- bugzilla 2.16.0-2.1
CVE-2002-1195 (Cross-site scripting vulnerability (XSS) in the PHP interface for ...)
{DSA-169}
- - php3 3:3.0.18-23.2
- - php4 4:4.2.3-3
+ - htcheck 1:1.1-1.2
CVE-2002-1193 (tkmail before 4.0beta9-8.1 allows local users to create or overwrite ...)
{DSA-172}
- NOTE: tkmail not in testing/unstable
+ - tkmail <removed>
CVE-2002-1189 (The default configuration of Cisco Unity 2.x and 3.x does not block ...)
NOT-FOR-US: CISCO
CVE-2002-1188 (Internet Explorer 5.01 through 6.0 allows remote attackers to identify ...)
@@ -22055,6 +22084,7 @@
- canna 3.6p1-1
CVE-2002-1157 (Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 ...)
{DSA-181}
+ - libapache-mod-ssl 2.8.9-2.3
CVE-2002-1156 (Apache 2.0.42 allows remote attackers to view the source code of a CGI ...)
- apache2 2.0.43
CVE-2002-1154 (anlgform.pl in Analog before 5.23 does not restrict access to the ...)
@@ -22065,8 +22095,10 @@
- konqueror 3.03
CVE-2002-1151 (The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 ...)
{DSA-167}
+ - kdelibs 4:2.2.2-14
CVE-2002-1148 (The default servlet (org.apache.catalina.servlets.DefaultServlet) in ...)
{DSA-170}
+ - tomcat4 4.1.12-1
CVE-2002-1147 (The HTTP administration interface for HP Procurve 4000M Switch ...)
NOT-FOR-US: HP Procurve 4000M Switch firmware
CVE-2002-1146 (The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries ...)
@@ -22090,6 +22122,7 @@
NOT-FOR-US: phpWebSite
CVE-2002-1132 (SquirrelMail 1.2.7 and earlier allows remote attackers to determine ...)
{DSA-191}
+ - squirrelmail 1:1.2.8-1.1
CVE-2002-1126 (Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape ...)
- mozilla 2:1.2
CVE-2002-1123 (Buffer overflow in the authentication function for Microsoft SQL ...)
@@ -22098,18 +22131,26 @@
NOT-FOR-US: Microsoft
CVE-2002-1119 (os._execvpe from os.py in Python 2.2.1 and earlier creates temporary ...)
{DSA-159}
+ - python1.5 1.5.2-24
+ - python2.1 2.1.3-6a
+ - python2.2 2.2.1-8
+ - python2.3 <not-affected>
CVE-2002-1118 (TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and ...)
NOT-FOR-US: Oracle
CVE-2002-1117 (Veritas Backup Exec 8.5 and earlier requires that the ...)
NOT-FOR-US: Veritas Backup Exec
CVE-2002-1116 (The "View Bugs" page (view_all_bug_page.php) in Mantis 0.17.4a and ...)
{DSA-161}
+ - mantis 0.17.5-2
CVE-2002-1113 (summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote ...)
{DSA-153}
+ - mantis 0.17.4a-2
CVE-2002-1112 (Mantis before 0.17.4 allows remote attackers to list project bugs ...)
{DSA-153}
+ - mantis 0.17.4a-2
CVE-2002-1111 (print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify ...)
{DSA-153}
+ - mantis 0.17.4a-2
CVE-2002-1109 (securetar, as used in AMaViS shell script 0.2.1 and earlier, allows ...)
NOTE: old amavis shell script
CVE-2002-1108 (Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x ...)
@@ -22165,11 +22206,9 @@
CVE-2002-1050 (Buffer overflow in HylaFAX faxgetty before 4.1.3 allows remote ...)
{DSA-148}
- hylafax 4.1.2-2.1
- [woody] - hylafax 4.1.1-1.1
CVE-2002-1049 (Format string vulnerability in HylaFAX faxgetty before 4.1.3 allows ...)
{DSA-148}
- hylafax 4.1.2-2.1
- [woody] - hylafax 4.1.1-1.1
CVE-2002-1046 (Dynamic VPN Configuration Protocol service (DVCP) in Watchguard ...)
NOT-FOR-US: Watchguard Firebox firmware
CVE-2002-1039 (Directory traversal vulnerability in Double Choco Latte (DCL) before ...)
@@ -22204,22 +22243,29 @@
NOT-FOR-US: Symantec
CVE-2002-0989 (The URL handler in the manual browser option for Gaim before 0.59.1 ...)
{DSA-158}
+ - gaim 1:0.59.1-2
CVE-2002-0988 (Buffer overflow in X server (Xsco) in OpenUNIX 8.0.0 and UnixWare ...)
NOT-FOR-US: Xsco
CVE-2002-0987 (X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1 does not drop ...)
NOT-FOR-US: Xsco
CVE-2002-0986 (The mail function in PHP 4.x to 4.2.2 does not filter ASCII control ...)
{DSA-168}
+ - php3 3:3.0.18-23.2
+ - php4 4:4.2.3-3
CVE-2002-0985 (Argument injection vulnerability in the mail function for PHP 4.x to ...)
{DSA-168}
+ - php3 3:3.0.18-23.2
+ - php4 4:4.2.3-3
CVE-2002-0984 (The IRC script included in Light 2.7.x before 2.7.30p5, and 2.8.x ...)
{DSA-156}
+ - epic4-script-light 1:2.7.30p5-2
CVE-2002-0981 (Buffer overflow in ndcfg command for UnixWare 7.1.1 and Open UNIX ...)
NOT-FOR-US: ndcfg
CVE-2002-0974 (Help and Support Center for Windows XP allows remote attackers to ...)
NOT-FOR-US: Help and Support Center for Windows XP
CVE-2002-0970 (The SSL capability for Konqueror in KDE 3.0.2 and earlier does not ...)
{DSA-155}
+ - kdelibs 4:2.2.2-14
CVE-2002-0969 (Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta ...)
NOTE: mysql problem only affects Windows
CVE-2002-0968 (Buffer overflow in AnalogX SimpleServer:WWW 1.16 and earlier allows ...)
@@ -22276,12 +22322,16 @@
NOT-FOR-US: scoadmin
CVE-2002-0875 (Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows ...)
{DSA-154}
+ - fam 2.6.8-1
CVE-2002-0873 (Vulnerability in l2tpd 0.67 allows remote attackers to overwrite the ...)
{DSA-152}
+ - l2tpd 0.68-1
CVE-2002-0872 (l2tpd 0.67 does not initialize the random number generator, which ...)
{DSA-152}
+ - l2tpd 0.68-1
CVE-2002-0871 (xinetd 2.3.4 leaks file descriptors for the signal pipe to services ...)
{DSA-151}
+ - xinetd 1:2.3.7-1
CVE-2002-0867 (Microsoft Virtual Machine (VM) up to and including build 5.0.3805 ...)
NOT-FOR-US: Microsoft
CVE-2002-0866 (Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine ...)
@@ -22307,7 +22357,6 @@
CVE-2002-0847 (tinyproxy HTTP proxy 1.5.0, 1.4.3, and earlier allows remote attackers ...)
{DSA-145}
- tinyproxy 1.4.3-3
- [woody] - tinyproxy 1.4.3-2woody2
CVE-2002-0846 (The decoder for Macromedia Shockwave Flash allows remote attackers to ...)
- flashplugin-nonfree 6.0.47
CVE-2002-0845 (Buffer overflow in Sun ONE / iPlanet Web Server 4.1 and 6.0 allows ...)
@@ -22321,6 +22370,7 @@
{DSA-195 DSA-188 DSA-187}
- apache2 2.0.43-1
- apache 1.3.27-0.1
+ - apache-perl 1.3.26-1.1-1.27-3-1
CVE-2002-0836 (dvips converter for Postscript files in the tetex package calls the ...)
{DSA-207}
- tetex-bin 1.0.7+20021025-4
@@ -22342,11 +22392,9 @@
CVE-2002-0818 (wwwoffled in World Wide Web Offline Explorer (WWWOFFLE) allows remote ...)
{DSA-144}
- wwwoffle 2.7d-1
- [woody] - wwwoffle 2.7a-1.2
CVE-2002-0817 (Format string vulnerability in super for Linux allows local users to ...)
{DSA-139}
- super 3.18.0-3
- [woody] - super 3.16.1-1.2
CVE-2002-0816 (Buffer overflow in su in Tru64 Unix 5.x allows local users to gain ...)
NOT-FOR-US: HP Tru64
CVE-2002-0814 (Buffer overflow in VMware Authorization Service for VMware GSX Server ...)
@@ -22413,6 +22461,7 @@
NOT-FOR-US: psyBNC
CVE-2002-0738 (MHonArc 2.5.2 and earlier does not properly filter Javascript from ...)
{DSA-163}
+ - mhonarc 2.5.11-1
CVE-2002-0737 (Sambar web server before 5.2 beta 1 allows remote attackers to obtain ...)
NOT-FOR-US: Sambar web server
CVE-2002-0736 (Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by ...)
@@ -22497,13 +22546,13 @@
NOT-FOR-US: Norton
CVE-2002-0662 (scrollkeeper-get-cl in ScrollKeeper 0.3 to 0.3.11 allows local users ...)
{DSA-160}
+ - scrollkeeper 0.3.11-2
CVE-2002-0658 (OSSP mm library (libmm) before 1.2.0 allows the local Apache user to ...)
{DSA-137}
- - mm 1.3.1-1
+ - mm 1.1.3-7
CVE-2002-0653 (Off-by-one buffer overflow in rewrite_command hook for mod_ssl Apache ...)
{DSA-135}
- libapache-mod-ssl 2.8.9-2
-STOP: this is approximatly the release of woody, so we can stop here
CVE-2002-0651 (Buffer overflow in the DNS resolver code used in libc, glibc, and ...)
CVE-2002-0650 (The keep-alive mechanism for Microsoft SQL Server 2000 allows remote ...)
CVE-2002-0648 (The legacy <script> data-island capability for XML in Microsoft ...)
@@ -22599,6 +22648,10 @@
CVE-2002-0391 (Integer overflow in xdr_array function in RPC servers for operating ...)
{DSA-333 DSA-149 DSA-146 DSA-143 DSA-142}
- acm 5.0-10
+ - glibc 2.2.5-13
+ - dietlibc 0.20-0cvs20020808
+ - krb5 1.2.5-2
+ - openafs 1.2.6-1
CVE-2002-0389 (Pipermail in Mailman stores private mail messages with predictable ...)
CVE-2002-0387 (Buffer overflow in gxnsapi6.dll NSAPI plugin of the Connector Module ...)
CVE-2002-0384 (Buffer overflow in Jabber plug-in for Gaim client before 0.58 allows ...)
@@ -25210,6 +25263,7 @@
RESERVED
CVE-2002-0388 (Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow ...)
{DSA-147}
+ - mailman 2.0.12-1
CVE-2002-0386 (The administration module for Oracle Web Cache in Oracle9iAS (9i ...)
CVE-2002-0385 (Vignette Story Server 4.1 and 6.0 allows remote attackers to obtain ...)
CVE-2002-0383
@@ -25432,6 +25486,8 @@
CVE-2002-0030 (The digital signature mechanism for the Adobe Acrobat PDF viewer only ...)
CVE-2002-0029 (Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 ...)
{DSA-196}
+ - bind9 <not-affected>
+ - bind 1:8.3.3-3
CVE-2002-0019
RESERVED
CVE-2002-0016
@@ -25702,6 +25758,7 @@
CVE-2001-1039 (The JetAdmin web interface for HP JetDirect does not set a password ...)
CVE-2001-1034 (Format string vulnerability in Hylafax on FreeBSD allows local users ...)
{DSA-148}
+ - hylafax 4.1.2-2.1
CVE-2001-1033 (Compaq TruCluster 1.5 allows remote attackers to cause a denial of ...)
CVE-2001-1031 (Directory traversal vulnerability in Meteor FTP 1.0 allows remote ...)
CVE-2001-1026 (Trend Micro InterScan AppletTrap 2.0 does not properly filter URLs ...)
@@ -26209,6 +26266,8 @@
CVE-2001-0132 (Interscan VirusWall 3.6.x and earlier follows symbolic links when ...)
CVE-2001-0131 (htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local ...)
{DSA-195 DSA-188 DSA-187}
+ - apache-perl 1.3.26-1.1-1.27-3-1
+ - apache 1.3.27-1
CVE-2001-0127 (Buffer overflow in Olivier Debon Flash plugin (not the Macromedia ...)
CVE-2001-0114 (statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to overwrite ...)
CVE-2001-0113 (statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to execute ...)
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2005-12-18 11:18:04 UTC (rev 3083)
+++ data/DSA/list 2005-12-18 12:02:31 UTC (rev 3084)
@@ -2689,218 +2689,207 @@
[woody] - freeswan 1.96-1.4
[22 Nov 2002] DSA-200 samba - remote exploit
{CVE-2002-1318}
- - samba 2.99.cvs.20020713-1
+ [woody] - samba 2.2.3a-12
[19 Nov 2002] DSA-199 mhonarc - cross site scripting
{CVE-2002-1307}
- - mhonarc 2.5.13-1
+ [woody] - mhonarc 2.5.2-1.2
[18 Nov 2002] DSA-198 nullmailer - denial of service
{CVE-2002-1313}
- - nullmailer 1.00RC5-17
+ [woody] - nullmailer 1.00RC5-16.1woody2
[15 Nov 2002] DSA-197 courier - buffer overflow
{CVE-2002-1311}
- - courier 0.40.0-1
+ [woody] - courier 0.37.3-2.3
[14 Nov 2002] DSA-196 bind - several vulnerabilities
{CVE-2002-0029 CVE-2002-1219 CVE-2002-1220 CVE-2002-1221}
- - bind 1:8.3.3-3
+ [woody] - bind 8.3.3-2.0woody1
[13 Nov 2002] DSA-195 apache-perl - several vulnerabilities
{CVE-2002-0839 CVE-2002-0840 CVE-2002-0843 CVE-2001-0131 CVE-2002-1233}
- - apache-perl 1.3.26-1.1-1.27-3-1
+ [woody] - apache-perl 1.3.26-1-1.26-0woody2
[12 Nov 2002] DSA-194 masqmail - buffer overflows
{CVE-2002-1279}
- - masqmail 0.2.15-1
+ [woody] - masqmail 0.1.16-2.1
[11 Nov 2002] DSA-193 kdenetwork - buffer overflow
{CVE-2002-1247}
- - kdenetwork 4:2.2.2-14.3
+ [woody] - kdenetwork 4:2.2.2-14.2
[08 Nov 2002] DSA-192 html2ps - arbitrary code execution
{CVE-2002-1275}
- - html2ps 1.0b3-2
+ [woody] - html2ps 1.0b3-1.1
[07 Nov 2002] DSA-191 squirrelmail - cross site scripting
{CVE-2002-1131 CVE-2002-1132 CVE-2002-1276}
- - squirrelmail 1:1.2.8-1.1
+ [woody] - squirrelmail 1.2.6-1.1
[07 Nov 2002] DSA-190 wmaker - buffer overflow
{CVE-2002-1277}
- - wmaker 0.80.1-4
+ [woody] - wmaker 0.80.0-4.1
[06 Nov 2002] DSA-189 luxman - local root exploit
{CVE-2002-1245}
- - luxman 0.41-19
+ [woody] - luxman 0.41-17.1
[05 Nov 2002] DSA-188 apache-ssl - several vulnerabilities
- TODO: The DSA is for apache-ssl, but the bug entries are for apache.
- {CVE-2002-0839 CVE-2002-0840 CVE-2002-0843}
- - apache 1.3.27-0.1
- {CVE-2001-0131 CVE-2002-1233}
- - apache 1.3.27-1
- TODO: CVE-2002-0843 appears to be listed twice in this DSA
- TODO: (once with NO-CVE)
+ {CVE-2002-0839 CVE-2002-0840 CVE-2002-0843 CVE-2001-0131 CVE-2002-1233}
+ [woody] - apache-ssl 1.3.26.1+1.48-0woody3
[04 Nov 2002] DSA-187 apache - several vulnerabilities
- {CVE-2002-0839 CVE-2002-0840 CVE-2002-0843}
- - apache 1.3.27-0.1
- {CVE-2001-0131 CVE-2002-1233}
- - apache 1.3.27-1
- TODO: CVE-2002-0843 appears to be listed twice in this DSA
- TODO: (once with NO-CVE)
+ {CVE-2002-0839 CVE-2002-0840 CVE-2002-0843 CVE-2001-0131 CVE-2002-1233}
+ [woody] - apache 1.3.26-0woody
[01 Nov 2002] DSA-186 log2mail - buffer overflow
{CVE-2002-1251}
- - log2mail 0.2.6-1
+ [woody] - log2mail 0.2.5.1
[31 Oct 2002] DSA-185 heimdal - buffer overflow
{CVE-2002-1235}
- - heimdal 0.4e-22
+ [woody] - heimdal 0.4e-7.woody.5
[30 Oct 2002] DSA-184 krb4 - buffer overflow
{CVE-2002-1235}
- - krb4 1.1-11-8
+ [woody] - krb4 1.1-8-2.2
[29 Oct 2002] DSA-183 krb5 - buffer overflow
{CVE-2002-1235}
- - krb5 1.2.6-2
+ [woody] - krb5 1.2.4-5woody3
[28 Oct 2002] DSA-182 kdegraphics - buffer overflow
{CVE-2002-0838}
- - kdegraphics 4:2.2.2-6.9
+ [woody] - kdegraphics 2.2.2-6.8
[22 Oct 2002] DSA-181 libapache-mod-ssl - cross site scripting
{CVE-2002-1157}
- - libapache-mod-ssl 2.8.9-2.3
+ [woody] - libapache-mod-ssl 2.8.9-2.1
[21 Oct 2002] DSA-180 nis - information leak
{CVE-2002-1232}
- - nis 3.9-6.2
+ [woody] - nis 3.9-6.1
[18 Oct 2002] DSA-179 gnome-gv - buffer overflow
{CVE-2002-0838}
- - gnome-gv 1.99.7-9
+ [woody] - gnome-gv 1.1.96-3.1
[17 Oct 2002] DSA-178 heimdal - remote command execution
{CVE-2002-1225 CVE-2002-1226}
- - heimdal 0.4e-21
+ [woody] - heimdal 0.4e-7.woody.4
[17 Oct 2002] DSA-177 pam - serious security violation
{CVE-2002-1227}
- - pam 0.76-6
+ [woody] - pam <not-affected>
+ [sarge] - pam <not-affected>
[16 Oct 2002] DSA-176 gv - buffer overflow
{CVE-2002-0838}
- - gv 1:3.5.8-27
+ [woody] - gv 3.5.8-26.1
[15 Oct 2002] DSA-175 syslog-ng - buffer overflow
{CVE-2002-1200}
- - syslog-ng 1.5.21-1
+ [woody] - syslog-ng 1.5.15-1.1
[14 Oct 2002] DSA-174 heartbeat - buffer overflow
{CVE-2002-1215}
- - heartbeat 0.4.9.2-1
+ [woody] - heartbeat 0.4.9.0l-7.2
[09 Oct 2002] DSA-173 bugzilla - privilege escalation
{CVE-2002-1196}
- NOTE: not in testing, fixed in unstable (bugzilla 2.16.0-2.1)
+ [woody] - bugzilla 2.14.2-0woody2
[08 Oct 2002] DSA-172 tkmail - insecure temporary files
{CVE-2002-1193}
- NOTE: not in testing nor unstable (was fixed in 4.0beta9-9)
+ [woody] - tkmail 4.0beta9-8.1
[07 Oct 2002] DSA-171 fetchmail - buffer overflows
{CVE-2002-1175 CVE-2002-1174}
- - fetchmail 6.1.0-1
- NOTE: fetchmail-ssl not in testing, fixed in unstable (fetchmail-ssl 6.1.0-1)
+ [woody] - fetchmail-ssl 5.9.11-6.1
+ [woody] - fetchmail 5.9.11-6.1
[04 Oct 2002] DSA-170 tomcat4 - source code disclosure
{CVE-2002-1148}
- - tomcat4 4.1.12-1
- NOTE: only 4.0.4-4 in testing (which seems to be vulnerable)
+ [woody] - tomcat4 4.0.3-3woody1
[25 Sep 2002] DSA-169 htcheck - cross site scripting
{CVE-2002-1195}
- - htcheck 1:1.1-1.2
+ [woody] - htcheck 1.1-1.1
[18 Sep 2002] DSA-168 php - bypassing safe_mode, CRLF injection
{CVE-2002-0985 CVE-2002-0986}
- - php3 3:3.0.18-23.2
- - php4 4:4.2.3-3
- NOTE: php3 is not in testing, it seems to be wait for tiff and gcc transition
- NOTE: and is out of date on alpha and arm
+ [woody] - php3 3.0.18-23.1woody1
+ [woody] - php4 4.1.2-5
[16 Sep 2002] DSA-167 kdelibs - cross site scripting
{CVE-2002-1151}
- - kdelibs 4:2.2.2-14
- NOTE: there is a typo in the DSA that mentionned Konquerer instead of kdelibs
+ [woody] - kdelibs 4:2.2.2-13.woody.3
[13 Sep 2002] DSA-166 purity - buffer overflows
{CVE-2002-1124}
- - purity 1-16
+ [woody] - purity 1-14.2
[12 Sep 2002] DSA-165 postgresql - buffer overflows
{CVE-2002-0972 CVE-2002-1398 CVE-2002-1400 CVE-2002-1401 CVE-2002-1402}
- - postgresql 7.2.2-2
+ [woody] - postgresql 7.2.1-2woody2
[10 Sep 2002] DSA-164 cacti - arbitrary code execution
{CVE-2002-1477 CVE-2002-1478}
- - cacti 0.6.8a-2
+ [woody] - cacti 0.6.7-2.1
[09 Sep 2002] DSA-163 mhonarc - cross site scripting
{CVE-2002-0738}
- - mhonarc 2.5.11-1
+ [woody] - mhonarc 2.5.2-1.1
[06 Sep 2002] DSA-162 ethereal - buffer overflow
{CVE-2002-0834}
- - ethereal 0.9.6-1
+ [woody] - ethereal 0.9.4-1woody2
[04 Sep 2002] DSA-161 mantis - privilege escalation
{CVE-2002-1115 CVE-2002-1116}
- - mantis 0.17.5-2
+ [woody] - mantis 0.17.1-2.5
[03 Sep 2002] DSA-160 scrollkeeper - insecure temporary file creation
{CVE-2002-0662}
- - scrollkeeper 0.3.11-2
+ [woody] - scrollkeeper 0.3.6-3.1
[28 Aug 2002] DSA-159 python - insecure temporary files
{CVE-2002-1119}
- - python2.1 2.1.3-6a
- - python2.2 2.2.1-8
- NOTE: python1.5 not in testing nor unstable (was fixed in 1.5.2-24)
- NOTE: python2.3 is not vulnerable
+ [woody] - python1.5 1.5.2-23.1
+ [woody] - python2.1 2.1.3-3.1
+ [woody] - python2.2 2.2.1-4.1
[27 Aug 2002] DSA-158 gaim - arbitrary program execution
{CVE-2002-0989}
- - gaim 1:0.59.1-2
+ [woody] - gaim 0.58-2.2
[23 Aug 2002] DSA-157 irssi-text - denial of service
{CVE-2002-0983}
- - irssi-text 0.8.5-2
+ [woody] - irssi-text 0.8.4-3.1
[22 Aug 2002] DSA-156 epic4-script-light - arbitrary script execution
{CVE-2002-0984}
- - epic4-script-light 1:2.7.30p5-2
+ [woody] - epic4-script-light 2.7.30p5-1.1
[17 Aug 2002] DSA-155 kdelibs - privacy escalation with Konqueror
{CVE-2002-0970}
- - kdelibs 4:2.2.2-14
+ [woody] - kdelibs 2.2.2-13.woody.2
[15 Aug 2002] DSA-154 fam - privilege escalation
{CVE-2002-0875}
- - fam 2.6.8-1
+ [woody] - fam 2.6.6.1-5.2
[14 Aug 2002] DSA-153 mantis - cross site code execution and privilege escalation
{CVE-2002-1114 CVE-2002-1113 CVE-2002-1112 CVE-2002-1111 CVE-2002-1110}
- - mantis 0.17.4a-2
+ [woody] - mantis 0.17.1-2.2
[13 Aug 2002] DSA-152 l2tpd - missing random seed
{CVE-2002-0872 CVE-2002-0873}
- NOTE: not in testing (was fixed in unstable 0.68-1)
+ [woody] - l2tpd 0.67-1.1
[13 Aug 2002] DSA-151 xinetd - pipe exposure
{CVE-2002-0871}
- - xinetd 1:2.3.7-1
+ [woody] - xinetd 2.3.4-1.2
[13 Aug 2002] DSA-150 interchange - illegal file exposition
{CVE-2002-0874}
- - interchange 4.8.6-1
+ [woody] - interchange 4.8.3.20020306-1.woody.1
[13 Aug 2002] DSA-149 glibc - integer overflow
{CVE-2002-0391}
- - glibc 2.2.5-13
+ [woody] - glibc 2.2.5-11.1
[12 Aug 2002] DSA-148 hylafax - buffer overflows and format string vulnerabilities
{CVE-2002-1049 CVE-2002-1050 CVE-2001-1034}
- - hylafax 4.1.2-2.1
+ [woody] - hylafax 4.1.1-1.1
[08 Aug 2002] DSA-147 mailman - cross-site scripting
{CVE-2002-0388 CVE-2002-0855}
- - mailman 2.0.12-1
+ [woody] - mailman 2.0.11-1woody4
[08 Aug 2002] DSA-146 dietlibc - integer overflow
{CVE-2002-0391}
- - dietlibc 0.20-0cvs20020808
+ [woody] - dietlibc 0.12-2.4
[07 Aug 2002] DSA-145 tinyproxy - doubly freed memory
{CVE-2002-0847}
- - tinyproxy 1.4.3-3
+ [woody] - tinyproxy 1.4.3-2woody2
[06 Aug 2002] DSA-144 wwwoffle - improper input handling
{CVE-2002-0818}
- - wwwoffle 2.7d-1
+ [woody] - wwwoffle 2.7a-1.2
[05 Aug 2002] DSA-143 krb5 - integer overflow
{CVE-2002-0391}
- - krb5 1.2.5-2
+ [woody] - krb5 1.2.4-5woody1
[05 Aug 2002] DSA-142 openafs - integer overflow
{CVE-2002-0391}
- - openafs 1.2.6-1
+ [woody] - openafs 1.2.3final2-6
[01 Aug 2002] DSA-141 mpack - buffer overflow
{CVE-2002-1425}
- - mpack 1.5-9
+ [woody] - mpack 1.5-7woody2
[05 Aug 2002] DSA-140 libpng - buffer overflow
{CVE-2002-0660 CVE-2002-0728}
- - libpng 1.0.12-4
- - libpng3 1.2.1-2
+ [woody] - libpng 1.0.12-3.woody.2
+ [woody] - libpng3 1.2.1-1.1.woody.2
[01 Aug 2002] DSA-139 super - format string vulnerability
{CVE-2002-0817}
- - super 3.18.0-3
+ [woody] - super 3.16.1-1.2
[01 Aug 2002] DSA-138 gallery - remote exploit
{CVE-2002-1412}
- - gallery 1.3-3
+ [woody] - gallery 1.2.5-7
[30 Jul 2002] DSA-137 mm - insecure temporary files
{CVE-2002-0658}
[woody] - mm 1.1.3-6.1
[30 Jul 2002] DSA-136 openssl - multiple remote exploits
{CVE-2002-0655 CVE-2002-0656 CVE-2002-0657 CVE-2002-0659}
- - openssl 0.9.6e-1
+ [woody] - openssl094 0.9.4-6.woody.2
+ [woody] - openssl095 0.9.5a-6.woody.1
+ [woody] - openssl 0.9.6c-2.woody.1
[02 Jul 2002] DSA-135 libapache-mod-ssl -- buffer overflow / DoS
{CVE-2002-0653}
- [woody] - libapache-mod-ssl 2.8.9-2
+ [woody] - libapache-mod-ssl 2.8.9-2
\ No newline at end of file
More information about the Secure-testing-commits
mailing list