[Secure-testing-commits] r2644 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Wed Nov 2 10:48:46 UTC 2005


Author: jmm-guest
Date: 2005-11-02 10:48:41 +0000 (Wed, 02 Nov 2005)
New Revision: 2644

Modified:
   data/CVE/list
   data/DSA/list
Log:
convert the remaining DSA entries from oct to the new format


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-11-02 10:25:37 UTC (rev 2643)
+++ data/CVE/list	2005-11-02 10:48:41 UTC (rev 2644)
@@ -13416,6 +13416,7 @@
 CVE-2004-0911 (telnetd for netkit 0.17 and earlier, and possibly other versions, on ...)
 	{DSA-569-1 DSA-556-1}
 	- netkit-telnet-ssl 0.17.24+0.1-4
+	- netkit-telnet 0.17-26
 CVE-2004-0910
 	REJECTED
 CVE-2004-0909 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...)
@@ -13496,9 +13497,9 @@
 CVE-2004-0885 (The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the ...)
 	- apache2 2.0.52-2
 CVE-2004-0884 (The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and ...)
-	{DSA-568-1 DSA-563-1}
-	- cyrus-sasl-mit <removed>
-	NOTE: maintainer reports hole not in cyrus-sasl2-mit
+	{DSA-568-1 DSA-563-3}
+	- cyrus-sasl <removed>
+	- cyrus-sasl2 2.1.19-1.3 (bug #275431)
 CVE-2004-0883 (Multiple vulnerabilities in the samba filesystem (smbfs) in Linux ...)
 	- kernel-source-2.4.27 2.4.27-6
 	- kernel-source-2.6.8 2.6.8-13
@@ -13578,6 +13579,7 @@
 	- htget <removed> 
 CVE-2004-0851 (The (1) write_list and (2) dump_curr_list functions in Net-Acct before ...)
 	{DSA-559-1}
+	- net-acct 0.71-7
 CVE-2004-0850 (Star before 1.5_alpha46 does not drop the effective user ID (euid) ...)
 	- star 1.5a46
 CVE-2004-0849 (Integer overflow in the asn_decode_string() function defined in asn1.c ...)
@@ -13605,10 +13607,13 @@
 	NOT-FOR-US: microsoft
 CVE-2004-0837 (MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to ...)
 	{DSA-562-2}
+	- mysql <removed>
 CVE-2004-0836 (Buffer overflow in the mysql_real_connect function in MySQL 4.x before ...)
 	{DSA-562-2}
+	- mysql <removed>
 CVE-2004-0835 (MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and ...)
 	{DSA-562-2}
+	- mysql <removed>
 CVE-2004-0834 (Format string vulnerability in Speedtouch USB driver before 1.3.1 ...)
 	- speedtouch 1.3.1
 CVE-2004-0833 (Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and ...)
@@ -13670,6 +13675,7 @@
 CVE-2004-0809 (The mod_dav module in Apache 2.0.50 and earlier allows remote ...)
 	{DSA-558-1}
 	- apache2 2.0.51-1
+	- libapache-mod-dav 1.0.3-10
 CVE-2004-0808 (The process_logon_packet function in the nmbd server for Samba 3.0.6 ...)
 	- samba 3.0.7
 CVE-2004-0807 (Samba 3.0.6 and earlier allows remote attackers to cause a denial of ...)
@@ -13943,15 +13949,19 @@
 CVE-2004-0688 (Multiple integer overflows in (1) the xpmParseColors function in ...)
 	{DSA-561-1 DSA-560-1}
 	NOTE: Matej Vela has checked that these are backported to lesstif1 as well
-	- lesstif1-1 1:0.93.94-9
+	- lesstif1-1 1:0.93.94-10
 	NOTE: openmotif is non-free
 	- openmotif 2.2.3-1.1 (bug #308819; low)
+	- xfree86 4.3.0.dfsg.1-8
+	- xorg-x11 <not-affected> (Fixed before introduction into archive)
 CVE-2004-0687 (Multiple stack-based buffer overflows in (1) xpmParseColors in ...)
 	{DSA-561-1 DSA-560-1}
 	NOTE: Matej Vela has checked that these are backported to lesstif1 as well
-	- lesstif1-1 1:0.93.94-9
+	- lesstif1-1 1:0.93.94-10
 	NOTE: openmotif is non-free
 	- openmotif 2.2.3-1.1 (bug #308819; low)
+	- xfree86 4.3.0.dfsg.1-8
+	- xorg-x11 <not-affected> (Fixed before introduction into archive)
 CVE-2004-0686 (Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the ...)
 	- samba 3.0.5 (bug #260839; bug #260838)
 CVE-2004-0685 (Certain USB drivers in the Linux 2.4 kernel use the copy_to_user ...)
@@ -14220,6 +14230,7 @@
 	NOTE: appears fixed in 2.4.27/2.6.8
 CVE-2004-0564 (Roaring Penguin pppoe (rp-ppoe), if installed or configured to run ...)
 	{DSA-557-1}
+	- pppoe 3.5-4
 CVE-2004-0563 (The tspc.conf configuration file in freenet6 before 0.9.6 and before ...)
 	{DSA-555-1}
 CVE-2004-0562

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2005-11-02 10:25:37 UTC (rev 2643)
+++ data/DSA/list	2005-11-02 10:48:41 UTC (rev 2644)
@@ -1324,36 +1324,35 @@
 	[woody] - sox 12.17.3-4woody2 (bug #262083)
 [13 Oct 2004] DSA-564-1 mpg123 - missing user input sanitising
 	{CVE-2004-0805}
-	- mpg123 0.59r-16
-[12 Oct 2004] DSA-563-1 cyrus-sasl - unsanitised input
+	[woody]	- mpg123 0.59r-13woody3
+[12 Oct 2004] DSA-563-3 cyrus-sasl - unsanitised input
 	{CVE-2004-0884}
-	- cyrus-sasl 1.5.28-6.2 (bug #275432)
-	- cyrus-sasl2 2.1.19-1.3 (bug #275431)
+	[woody] - cyrus-sasl 1.5.27-3.1woody5 (bug #275432)
+	NOTE: 563-1 and 563-2 had problems on sparc/arm and with sendmail
 [11 Oct 2004] DSA-562-2 mysql - several vulnerabilities
 	{CVE-2004-0835 CVE-2004-0836 CVE-2004-0837}
-	- mysql 4.0.21-1
+	[woody]	- mysql 3.23.49-8.8
 [11 Oct 2004] DSA-561-1 xfree86 - integer and stack overflows
 	{CVE-2004-0687 CVE-2004-0688}
-	- xfree86 4.3.0.dfsg.1-8
+	[woody] - xfree86 4.1.0-16woody4
 [07 Oct 2004] DSA-600-1 samba - arbitrary file access
 	{CVE-2004-0815}
 	[woody] - samba 2.2.3a-14.1
 [07 Oct 2004] DSA-560-1 lesstif1-1 - integer and stack overflows
 	{CVE-2004-0687 CVE-2004-0688}
-	- lesstif1-1 1:0.93.94-10
+	[woody] - lesstif1-1 0.93.18-5
 [06 Oct 2004] DSA-559-1 net-acct - insecure temporary file
 	{CVE-2004-0851}
-	- net-acct 0.71-7
+	[woody] - net-acct 0.71-5woody1
 [06 Oct 2004] DSA-558-1 libapache-mod-dav - null pointer dereference
 	{CVE-2004-0809}
-	- libapache-mod-dav 1.0.3-10
-	- apache2 2.0.51-1
+	[woody] - libapache-mod-dav 1.0.3-3.1
 [04 Oct 2004] DSA-557-1 pppoe - missing privilegue dropping
 	{CVE-2004-0564}
-	- pppoe 3.5-4
+	[woody] - pppoe 3.3-1.2
 [03 Oct 2004] DSA-556-1 netkit-telnet - invalid free(3)
 	{CVE-2004-0911}
-	- netkit-telnet 0.17-26
+	[woody] - netkit-telnet 0.17-18woody2
 [30 Sep 2004] DSA-555-1 freenet6 - file permissions
 	{CVE-2004-0563}
 	- freenet6 1.0-2.2




More information about the Secure-testing-commits mailing list