[Secure-testing-commits] r2697 - in data: CVE DSA

Florian Weimer fw at costa.debian.org
Tue Nov 8 21:18:10 UTC 2005


Author: fw
Date: 2005-11-08 21:18:04 +0000 (Tue, 08 Nov 2005)
New Revision: 2697

Modified:
   data/CVE/list
   data/DSA/list
Log:
Another discripancy spotted by Willi Mann: The DSA-820 update
also fixes CVE-2005-2769, according to its changelog.

Switch to source package courier to avoid conflict.


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-11-08 21:14:22 UTC (rev 2696)
+++ data/CVE/list	2005-11-08 21:18:04 UTC (rev 2697)
@@ -1882,7 +1882,7 @@
 CVE-2005-2770 (WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as ...)
 	NOT-FOR-US: Reflection for Secure IT
 CVE-2005-2769 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and ...)
-	- sqwebmail 0.47-9 (bug #327727; medium)
+	- courier 0.47-9 (bug #327727; medium)
 CVE-2005-2768 (Heap-based buffer overflow in the Sophos Antivirus Library, as used by ...)
 	NOT-FOR-US: Sophos AntiVirus
 CVE-2005-2767 (Buffer overflow in LeapFTP allows remote attackers to execute ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2005-11-08 21:14:22 UTC (rev 2696)
+++ data/DSA/list	2005-11-08 21:18:04 UTC (rev 2697)
@@ -313,10 +313,12 @@
 	NOTE: not fixed in testing at time of DSA (waiting on gmp)
 	NOTE: python2.3 is not in woody
 [24 Sep 2005] DSA-820-1 courier - missing input sanitising
-	{CVE-2005-2820}
+	{CVE-2005-2820 CVE-2005-2769}
 	[woody] - courier 0.37.3-2.7 (medium)
 	[sarge] - courier 0.47-4sarge3 (medium)
 	NOTE: fixed in testing at time of DSA
+	NOTE: CVE-2005-2769 listed as fixed in the changelog, missing from
+	NOTE: DSA.
 [23 Sep 2005] DSA-819-1 python2.1 - integer overflow
 	{CVE-2005-2491}
 	[woody] - python2.1 2.1.3-3.4 (medium)




More information about the Secure-testing-commits mailing list