[Secure-testing-commits] r2682 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Mon Nov 7 10:22:43 UTC 2005 

Author: jmm-guest
Date: 2005-11-07 10:22:37 +0000 (Mon, 07 Nov 2005)
New Revision: 2682

Modified:
   data/CVE/list
   data/DSA/list
Log:
convert august to the new DSA format


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-11-07 08:49:52 UTC (rev 2681)
+++ data/CVE/list	2005-11-07 10:22:37 UTC (rev 2682)
@@ -13919,7 +13919,7 @@
 CVE-2004-0793 (The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop ...)
 	- bsdmainutils 6.0.15
 CVE-2004-0792 (Directory traversal vulnerability in the sanitize_path function in ...)
-	- rsync 2.6.3
+	- rsync 2.6.2-3
 CVE-2004-0791 (Multiple TCP/IP and ICMP implementations allow remote attackers to ...)
 	NOTE: All 2.4 and 2.6 kernels verify the TCP sequence numbering when errors occur
 	NOTE: Kernel will never abort due to an ICMP packet
@@ -13950,6 +13950,7 @@
 	- gdk-pixbuf 0.22.0-7
 CVE-2004-0781 (Cross-site scripting (XSS) vulnerability in list.cgi in the Icecast ...)
 	{DSA-541}
+	- icecast-server 1:1.3.12-8
 CVE-2004-0780
 	RESERVED
 CVE-2004-0779 (The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers ...)
@@ -13979,6 +13980,8 @@
 	- lha 1.14i-9 (bug #279870)
 CVE-2004-0768 (libpng 1.2.5 and earlier does not properly calculate certain buffer ...)
 	{DSA-536}
+	- libpng 1.0.15-6
+	- libpng3 1.2.5.0-7
 CVE-2004-0767 (NGSEC StackDefender 1.10 allows attackers to cause a denial of service ...)
 	NOT-FOR-US: NGSEC StackDefender
 CVE-2004-0766 (NGSEC StackDefender 2.0 allows attackers to cause a denial of service ...)
@@ -14012,7 +14015,9 @@
 	RESERVED
 CVE-2004-0755 (The FileStore capability in CGI::Session for Ruby before 1.8.1, and ...)
 	{DSA-537}
-	- gaim 1:0.82.1-1
+	- ruby1.8 1.8.1+1.8.2pre1-4
+	- ruby <removed>
+	TODO: is ruby1.6 vulnerable?
 CVE-2004-0754 (Integer overflow in Gaim before 0.82 allows remote attackers to cause ...)
 	- gaim 1:0.82.1-1
 CVE-2004-0753 (The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 ...)
@@ -14149,15 +14154,22 @@
 	- lha 1.14i-10 (bug #279870)
 CVE-2004-0693 (The GIF parser in the QT library (qt3) before 3.3.3 allows remote ...)
 	{DSA-542-1}
+	- qt-x11-free 3:3.3.3-4
+	- qt-copy <removed>
 CVE-2004-0692 (The XPM parser in the QT library (qt3) before 3.3.3 allows remote ...)
 	{DSA-542-1}
+	- qt-x11-free 3:3.3.3-4
+	- qt-copy <removed>
 CVE-2004-0691 (Heap-based buffer overflow in the BMP image format parser for the QT ...)
 	{DSA-542-1}
+	- qt-x11-free 3:3.3.3-4
+	- qt-copy <removed>
 CVE-2004-0690 (The DCOPServer in KDE 3.2.3 and earlier allows local users to gain ...)
 	- kdelibs 4:3.2.3-3.sarge.1
 	NOTE: in t-p-u, 4.3.3 in unstable is also fixed
 CVE-2004-0689 (KDE before 3.3.0 does not properly handle when certain symbolic links ...)
 	{DSA-539}
+	- kdelibs 4:3.3.0-1
 CVE-2004-0688 (Multiple integer overflows in (1) the xpmParseColors function in ...)
 	{DSA-561-1 DSA-560-1}
 	NOTE: Matej Vela has checked that these are backported to lesstif1 as well
@@ -14280,6 +14292,7 @@
 	{DSA-529}
 CVE-2004-0639 (Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail ...)
 	{DSA-535}
+	- squirrelmail 2:1.4.3a-0.1
 CVE-2004-0638 (Buffer overflow in the KSDWRTB function in the dbms_system package ...)
 	NOT-FOR-US: Oracle
 CVE-2004-0637 (Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to ...)
@@ -14366,12 +14379,16 @@
 	- samba 3.0.5 (bug #260838)
 CVE-2004-0599 (Multiple integer overflows in the (1) png_read_png in pngread.c or (2) ...)
 	{DSA-571-1 DSA-570-1 DSA-536}
-	- libpng3 1.2.5.0-9
-	- libpng 1.0.15-8
+	- libpng 1.0.15-6
+	- libpng3 1.2.5.0-7
 CVE-2004-0598 (The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote ...)
 	{DSA-536}
+	- libpng 1.0.15-6
+	- libpng3 1.2.5.0-7
 CVE-2004-0597 (Multiple buffer overflows in libpng 1.2.5 and earlier, as used in ...)
 	{DSA-536}
+	- libpng 1.0.15-6
+	- libpng3 1.2.5.0-7
 CVE-2004-0596 (The Equalizer Load-balancer for serial network interfaces (eql.c) in ...)
 	NOTE: Fixed in upstream ( <= 2.6.7)
 CVE-2004-0595 (The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to ...)
@@ -14544,10 +14561,13 @@
 	{DSA-512}
 CVE-2004-0521 (SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows ...)
 	{DSA-535}
+	- squirrelmail 2:1.4.3a-0.1
 CVE-2004-0520 (Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail ...)
 	{DSA-535}
+	- squirrelmail 2:1.4.3a-0.1
 CVE-2004-0519 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...)
 	{DSA-535}
+	- squirrelmail 2:1.4.3a-0.1
 CVE-2004-0518 (Unknown vulnerability in AppleFileServer for Mac OS X 10.3.4, related ...)
 	NOT-FOR-US: MacOS
 CVE-2004-0517 (Unknown vulnerability in Mac OS X 10.3.4, related to &quot;handling of ...)
@@ -14679,6 +14699,8 @@
 	- mah-jong 1.6.2-1
 CVE-2004-0457 (The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the ...)
 	{DSA-540}
+	- mysql-dfsg 4.0.20-11
+	- mysql <removed>
 CVE-2004-0456 (Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly ...)
 	{DSA-527}
 CVE-2004-0455 (Buffer overflow in cgi.c in www-sql before 0.5.7 allows local users to ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2005-11-07 08:49:52 UTC (rev 2681)
+++ data/DSA/list	2005-11-07 10:22:37 UTC (rev 2682)
@@ -1418,29 +1418,29 @@
 	NOTE: Previous DSA had regressions
 [30 Aug 2004] DSA-542-1 qt - unsanitised input
 	{CVE-2004-0691 CVE-2004-0692 CVE-2004-0693}
-	- qt-x11-free 3:3.3.3-4
+	[woody] - qt-copy 3.0.3-20020329-1woody2
 [25 Aug 2004] DSA-541 icecast-server - cross site scripting
 	{CVE-2004-0781}
-	- icecast-server 1:1.3.12-8
+	[woody] - icecast-server 1:1.3.11-4.2
 [18 Aug 2004] DSA-540 mysql-dfsg - insecure file creation
 	{CVE-2004-0457}
-	- mysql-dfsg 4.0.20-11
+	[woody] - mysql 3.23.49-8.7
 [18 Aug 2004] DSA-539 kdelibs - denial of service
 	{CVE-2004-0689}
-	- kdelibs 4:3.2.3-3.sarge.1
+	[woody] - kdelibs 2.2.2-13.woody.12
 [17 Aug 2004] DSA-538 rsync - unauthorised directory traversal and file access
-	- rsync 2.6.2-3
+	{CVE-2004-0792}
+	[woody] - rsync 2.5.5-0.6
 [16 Aug 2004] DSA-537 ruby - insecure file permissions
 	{CVE-2004-0755}
-	- ruby1.8 1.8.1+1.8.2pre1-4
-	TODO: is ruby1.6 vulnerable?
+	[woody] - ruby 1.6.7-3woody3
 [04 Aug 2004] DSA-536 libpng - several vulnerabilities
 	{CVE-2004-0597 CVE-2004-0598 CVE-2004-0599 CVE-2004-0768}
-	- libpng 1.0.15-6
-	- libpng3 1.2.5.0-7
+	[woody] - libpng 1.0.12-3.woody.7
+	[woody] - libpng3 1.2.1-1.1.woody.7
 [02 Aug 2004] DSA-535 squirrelmail - several vulnerabilities
 	{CVE-2004-0519 CVE-2004-0520 CVE-2004-0521 CVE-2004-0639}
-	- squirrelmail 2:1.4.3a-0.1
+	[woody] - squirrelmail 1:1.2.6-1.4
 [22 Jul 2004] DSA-534 mailreader - directory traversal
 	{CVE-2002-1581}
 	- mailreader 2.3.29-9

More information about the Secure-testing-commits mailing list