[Secure-testing-commits] r2651 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Thu Nov 3 11:31:32 UTC 2005 

Author: jmm-guest
Date: 2005-11-03 11:31:26 +0000 (Thu, 03 Nov 2005)
New Revision: 2651

Modified:
   data/CVE/list
   data/DSA/list
Log:
convert september DSAs to new format


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-11-03 10:21:21 UTC (rev 2650)
+++ data/CVE/list	2005-11-03 11:31:26 UTC (rev 2651)
@@ -13515,8 +13515,10 @@
 	- samba 3.0.7
 CVE-2004-0881 (getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as ...)
 	{DSA-553-1}
+	- getmail 3.2.5-1
 CVE-2004-0880 (getmail 4.x before 4.2.0, when run as root, allows local users to ...)
 	{DSA-553-1}
+	- getmail 3.2.5-1
 CVE-2004-0879
 	RESERVED
 CVE-2004-0878
@@ -13623,6 +13625,7 @@
 	- speedtouch 1.3.1
 CVE-2004-0833 (Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and ...)
 	{DSA-554-1}
+	- sendmail 8.13.1-13
 CVE-2004-0832 (The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid ...)
 	- squid 2.5.6-8
 CVE-2004-0831 (McAfee VirusScan 4.5.1 does not drop SYSTEM privileges before allowing ...)
@@ -13700,6 +13703,7 @@
 	- tiff 3.6.1-2
 CVE-2004-0802 (Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote ...)
 	{DSA-552-1}
+	- imlib2 1.1.0-12.4
 CVE-2004-0801 (Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows ...)
 	- foomatic-filters 3.0.2
 CVE-2004-0800 (Format string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9 ...)
@@ -13716,6 +13720,7 @@
 	NOT-FOR-US: IBM DB2 DB2RCMD.EXE
 CVE-2004-0794 (Multiple signal handler race conditions in lukemftpd (aka tnftpd ...)
 	{DSA-551-1}
+	- lukemftpd 1.1-2.2 (bug #266370)
 CVE-2004-0793 (The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop ...)
 	- bsdmainutils 6.0.15
 CVE-2004-0792 (Directory traversal vulnerability in the sanitize_path function in ...)
@@ -13730,6 +13735,8 @@
 	TODO: check
 CVE-2004-0788 (Integer overflow in the ICO image decoder for (1) gdk-pixbuf before ...)
 	{DSA-549-1 DSA-546-1}
+	- gtk+2.0 2.4.9-2
+	- gdk-pixbuf 0.22.0-7
 CVE-2004-0787 (Cross-site scripting (XSS) vulnerability in the web frontend in OpenCA ...)
 	NOT-FOR-US: seems OpenCA is 
 CVE-2004-0786 (The IPv6 URI parsing routines in the apr-util library for Apache ...)
@@ -13741,8 +13748,11 @@
 	- gaim 1:0.82
 CVE-2004-0783 (Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM ...)
 	{DSA-549-1}
+	- gtk+2.0 2.4.9-2
 CVE-2004-0782 (Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image ...)
 	{DSA-549-1 DSA-546-1}
+	- gtk+2.0 2.4.9-2
+	- gdk-pixbuf 0.22.0-7
 CVE-2004-0781 (Cross-site scripting (XSS) vulnerability in list.cgi in the Icecast ...)
 	{DSA-541}
 CVE-2004-0780
@@ -13765,6 +13775,7 @@
 	RESERVED
 CVE-2004-0772 (Double-free vulnerabilities in error handling code in krb524d for MIT ...)
 	{DSA-543-1}
+	- krb5 1.3.4-3
 CVE-2004-0771 (Buffer overflow in the extract_one function from lhext.c in LHA may ...)
 	- lha 1.14i-9 (bug #279870)
 CVE-2004-0770 (romload.c in DGen Emulator 1.23 and earlier allows local users to ...)
@@ -13811,6 +13822,7 @@
 	- gaim 1:0.82.1-1
 CVE-2004-0753 (The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 ...)
 	{DSA-546-1}
+	- gdk-pixbuf 0.22.0-7
 CVE-2004-0752 (OpenOffice (OOo) 1.1.2 creates predictable directory names with ...)
 	- openoffice.org 1.1.2-4
 CVE-2004-0751 (The char_buffer_read function in the mod_ssl module for Apache 2.x, ...)
@@ -14056,13 +14068,17 @@
 CVE-2004-0645 (Buffer overflow in the wvHandleDateTimePicture function in wv library ...)
 	{DSA-579-1 DSA-550-1}
 	- abiword 2.0.8
+	- wv 1.0.2-0.1
 	NOTE: fixed version of abiword based on http://xforce.iss.net/xforce/xfdb/16660
 CVE-2004-0644 (The asn1buf_skiptail function in the ASN.1 decoder library for MIT ...)
 	{DSA-543-1}
+	- krb5 1.3.4-3
 CVE-2004-0643 (Double-free vulnerability in the krb5_rd_cred function for MIT ...)
 	{DSA-543-1}
+	- krb5 1.3.4-3
 CVE-2004-0642 (Double-free vulnerabilities in the error handling code for ASN.1 ...)
 	{DSA-543-1}
+	- krb5 1.3.4-3
 CVE-2004-0641 (Thomson SpeedTouch 510 ADSL Router with firmware GV8BAA3.270, and ...)
 	NOT-FOR-US: Thomson hardware ADSL router
 CVE-2004-0640 (Format string vulnerability in the SSL_set_verify function in ...)
@@ -14238,6 +14254,7 @@
 	- rp-pppoe 3.5-4
 CVE-2004-0563 (The tspc.conf configuration file in freenet6 before 0.9.6 and before ...)
 	{DSA-555-1}
+	- freenet6 1.0-2.2
 CVE-2004-0562
 	RESERVED
 CVE-2004-0561 (Format string vulnerability in the log routine for gopher daemon ...)
@@ -14250,8 +14267,11 @@
 	NOTE: deprecated in favor of pygopherd
 CVE-2004-0559 (The maketemp.pl script in Usermin 1.070 and 1.080 allows local users ...)
 	{DSA-544-1}
+	- webmin 1.160-1
+	- usermin 1.090-1
 CVE-2004-0558 (The Internet Printing Protocol (IPP) implementation in CUPS before ...)
 	{DSA-545-1}
+	- cupsys 1.1.20final+rc1-6
 CVE-2004-0557 (Multiple buffer overflows in the st_wavstartread function in wav.c for ...)
 	{DSA-565-1}
 	- sox 12.17.4-9 (bug #262083)
@@ -18501,7 +18521,8 @@
 CVE-2004-0159 (Format string vulnerability in hsftp 1.11 allows remote authenticated ...)
 	{DSA-447}
 CVE-2004-0150 (Buffer overflow in the getaddrinfo function in Python 2.2 before ...)
-	{DSA-458-2 DSA-458}
+	{DSA-458-3}
+	- python2.2 <not-affected> (Not affected according to DSA-458)
 CVE-2004-0148 (wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, ...)
 	{DSA-457}
 	- wu-ftpd 2.6.2-17.2

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2005-11-03 10:21:21 UTC (rev 2650)
+++ data/DSA/list	2005-11-03 11:31:26 UTC (rev 2651)
@@ -1360,25 +1360,25 @@
 	[woody] - netkit-telnet 0.17-18woody2
 [30 Sep 2004] DSA-555-1 freenet6 - file permissions
 	{CVE-2004-0563}
-	- freenet6 1.0-2.2
+	[woody] - freenet6 0.9.6-1woody2
 [27 Sep 2004] DSA-554-1 sendmail - pre-set password
 	{CVE-2004-0833}
-	- sendmail 8.13.1-13
+	[woody] - sendmail 8.12.3-7.1
 [27 Sep 2004] DSA-553-1 getmail - symlink vulnerability
 	{CVE-2004-0880 CVE-2004-0881}
-	- getmail 3.2.5-1
+	[woody] - getmail 2.3.7-2
 [22 Sep 2004] DSA-552-1 imlib2 - unsanitised input
 	{CVE-2004-0802}
-	- imlib2 1.1.0-12.4
+	[woody] - imlib2 1.0.5-2woody1
 [21 Sep 2004] DSA-551-1 lukemftpd - incorrect internal variable handling
 	{CVE-2004-0794}
-	- lukemftpd 1.1-2.2 (bug #266370)
+	[woody] - lukemftpd 1.1-1woody2
 [20 Sep 2004] DSA-550-1 wv - buffer overflow
 	{CVE-2004-0645}
-	- wv 1.0.2-0.1 (bug #264972)
+	[woody] - wv 0.7.1+rvt-2woody3 (bug #264972)
 [17 Sep 2004] DSA-549-1 gtk+2.0 - multiple holes
 	{CVE-2004-0782 CVE-2004-0783 CVE-2004-0788}
-	- gtk+2.0 2.4.9-2
+	[woody] - gtk+2.0 2.0.2-5woody2
 [26 Oct 2005] DSA-548-2 imlib - unsanitised input
 	{CVE-2004-0817}
 	[woody] - imlib 1.9.14-2woody3
@@ -1386,23 +1386,23 @@
 	NOTE: Initial -1 fix was incomplete
 [16 Sep 2004] DSA-547-1 imagemagick - buffer overflows
 	{CVE-2004-0827}
-	- imagemagick 6:6.0.6.2-1
-[16 Sep 2004] DSA-546-1 gdk-pixbuf - multiple holes
+	[woody] - imagemagick 5.4.4.5-1woody3
+[16 Sep 2004] DSA-546-1 gdk-pixbuf - several vulnerabilities
 	{CVE-2004-0753 CVE-2004-0782 CVE-2004-0788}
-	- gdk-pixbuf 0.22.0-7
+	[woody] - gdk-pixbuf 0.17.0-2woody2
 [15 Sep 2004] DSA-545-1 cupsys - denial of service
 	{CVE-2004-0558}
-	- cupsys 1.1.20final+rc1-6
+	[woody] - cupsys 1.1.14-5woody6
 [14 Sep 2004] DSA-544-1 webmin - insecure temporary directory
 	{CVE-2004-0559}
-	- webmin 1.160-1
-	- usermin 1.090-1
+	[woody] - webmin 0.94-7woody3
 [31 Aug 2004] DSA-543-1 krb5 -- several vulnerabilities
 	{CVE-2004-0642 CVE-2004-0643 CVE-2004-0644 CVE-2004-0772}
-	- krb5 1.3.4-3
-[31 Aug 2004] DSA-458-2 python2.2 - buffer overflow
+	[woody] - krb5 1.2.4-5woody6
+[31 Aug 2004] DSA-458-3 python2.2 - buffer overflow
 	{CVE-2004-0150}
-	NOTE: not affected according to DSA
+	[woody] - python2.2 2.2.1-4.6
+	NOTE: Previous DSA had regressions
 [30 Aug 2004] DSA-542-1 qt - unsanitised input
 	{CVE-2004-0691 CVE-2004-0692 CVE-2004-0693}
 	- qt-x11-free 3:3.3.3-4
@@ -1668,9 +1668,6 @@
 [10 Mar 2004] DSA-459 kdelibs - cookie path traversal
 	{CVE-2003-0592}
 	- kdelibs 4:3.1.3-1
-[09 Mar 2004] DSA-458 python2.2 - buffer overflow
-	{CVE-2004-0150}
-	NOTE: not affected according to DSA
 [08 Mar 2004] DSA-457 wu-ftpd - several vulnerabilities
 	{CVE-2004-0148 CVE-2004-0185}
 	- wu-ftpd 2.6.2-17.1

More information about the Secure-testing-commits mailing list