[Secure-testing-commits] r2705 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Wed Nov 9 22:41:46 UTC 2005 

Author: jmm-guest
Date: 2005-11-09 22:41:36 +0000 (Wed, 09 Nov 2005)
New Revision: 2705

Modified:
   data/CVE/list
   data/DSA/list
Log:
convert july's DSAs to the new format


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-11-09 22:26:34 UTC (rev 2704)
+++ data/CVE/list	2005-11-09 22:41:36 UTC (rev 2705)
@@ -14157,6 +14157,7 @@
 	NOT-FOR-US: Solaris
 CVE-2004-0700 (Format string vulnerability in the mod_proxy hook functions function ...)
 	{DSA-532}
+	TODO: Check, when this was fixed in sid
 CVE-2004-0699 (Heap-based buffer overflow in ASN.1 decoding library in Check Point ...)
 	NOT-FOR-US: Check Point VPN
 CVE-2004-0698 (4D WebSTAR 5.3.2 and earlier allows local users to read and modify ...)
@@ -14282,6 +14283,7 @@
 	NOT-FOR-US: Cisco
 CVE-2004-0649 (Buffer overflow in write_packet in control.c for l2tpd may allow ...)
 	{DSA-530}
+	- l2tpd 0.70-pre20031121-2
 CVE-2004-0648 (Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird ...)
 	- mozilla 2:1.7.1
 	- mozilla-firefox 0.9.2
@@ -14308,6 +14310,7 @@
 	NOT-FOR-US: Thomson hardware ADSL router
 CVE-2004-0640 (Format string vulnerability in the SSL_set_verify function in ...)
 	{DSA-529}
+	- netkit-telnet-ssl 0.17.24+0.1-2
 CVE-2004-0639 (Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail ...)
 	{DSA-535}
 	- squirrelmail 2:1.4.3a-0.1
@@ -14319,10 +14322,13 @@
 	NOT-FOR-US: AOL Instant Messenger
 CVE-2004-0635 (The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote ...)
 	{DSA-528}
+	- ethereal 0.10.5-1
 CVE-2004-0634 (The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows ...)
 	- ethereal 0.10.5
+	[woody] - ethereal <not-affected> (Not vulnerable according to DSA-528)
 CVE-2004-0633 (The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote ...)
 	- ethereal 0.10.5
+	[woody] - ethereal <not-affected> (Not vulnerable according to DSA-528)
 CVE-2004-0632 (Adobe Reader 6.0 does not properly handle null characters when ...)
 	NOT-FOR-US: adobe reader
 CVE-2004-0631 (Buffer overflow in the uudecoding feature for Adobe Acrobat Reader ...)
@@ -14412,8 +14418,10 @@
 CVE-2004-0595 (The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to ...)
 	{DSA-669-1 DSA-531}
 	- php3 3:3.0.18-27
+	- php4 4:4.3.8-1
 CVE-2004-0594 (The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to ...)
 	{DSA-669-1 DSA-531}
+	- php4 4:4.3.8-1
 	NOTE: DSA claims PHP3 is vulnerable, but this is not mentioned
 	NOTE: in the changelog.
 CVE-2004-0593 (Sygate Enforcer 3.5MR1 and earlier passes broadcast traffic before ...)
@@ -14422,6 +14430,7 @@
 	RESERVED
 CVE-2004-0591 (Cross-site scripting (XSS) vulnerability in the print_header_uc ...)
 	{DSA-533}
+	- courier 0.45.4-4
 CVE-2004-0590 (FreeS/WAN 1.x and 2.x, and other related products including ...)
 	- freeswan 2.04-10
 	- openswan 2.2.0
@@ -14652,6 +14661,7 @@
 CVE-2004-0488 (Stack-based buffer overflow in the ssl_util_uuencode_binary function ...)
 	{DSA-532}
 	- apache2 2.0.50-1
+	- libapache-mod-ssl 2.8.19-1
 CVE-2004-0487 (A certain ActiveX control in Symantec Norton AntiVirus 2004 allows ...)
 	NOT-FOR-US: Norton
 CVE-2004-0486 (HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did ...)
@@ -14721,6 +14731,7 @@
 	- mysql <removed>
 CVE-2004-0456 (Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly ...)
 	{DSA-527}
+	- pavuk 0.9pl28-3 (bug #264684)
 CVE-2004-0455 (Buffer overflow in cgi.c in www-sql before 0.5.7 allows local users to ...)
 	{DSA-523}
 CVE-2004-0454 (Buffer overflow in the msg function for rlpr daemon (rlprd) 2.04 ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2005-11-09 22:26:34 UTC (rev 2704)
+++ data/DSA/list	2005-11-09 22:41:36 UTC (rev 2705)
@@ -1479,32 +1479,32 @@
 	[woody] - squirrelmail 1:1.2.6-1.4
 [22 Jul 2004] DSA-534 mailreader - directory traversal
 	{CVE-2002-1581}
-	- mailreader 2.3.29-9
+	[woody] - mailreader 2.3.29-5woody1
 [22 Jul 2004] DSA-533 courier - cross-site scripting
 	{CVE-2004-0591}
-	- courier 0.45.4-4
+	[woody] - courier 0.37.3-2.5
 [22 Jul 2004] DSA-532 libapache-mod-ssl - several vulnerabilities
 	{CVE-2004-0488 CVE-2004-0700}
-	- libapache-mod-ssl 2.8.19-1
+	[woody] - libapache-mod-ssl 2.8.9-2.4
 [20 Jul 2004] DSA-531 php4 - several vulnerabilities
 	{CVE-2004-0594 CVE-2004-0595}
-	- php4 4:4.3.8-1
+	[woody] - php4 4.1.2-7
 [17 Jul 2004] DSA-530 l2tpd - buffer overflow
 	{CVE-2004-0649}
-	- l2tpd 0.70-pre20031121-2
+	[woody] - l2tpd 0.67-1.2
 [17 Jul 2004] DSA-529 netkit-telnet-ssl - format string
 	{CVE-2004-0640}
-	- netkit-telnet-ssl 0.17.24+0.1-2
+	[woody] - netkit-telnet-ssl 0.17.17+0.1-2woody1
 [17 Jul 2004] DSA-528 ethereal - denial of service
 	{CVE-2004-0635}
-	- ethereal 0.10.5-1
+	[woody] - ethereal 0.9.4-1woody8
 [03 Jul 2004] DSA-527 pavuk - buffer overflow
 	{CVE-2004-0456}
 	NOTE: DSA is incorrect; pavuk is in sarge and unstable.
-	- pavuk 0.9pl28-3 (bug #264684)
+	[woody] - pavuk 0.9pl28-1woody1
 [03 Jul 2004] DSA-526 webmin - several vulnerabilities
 	{CVE-2004-0582 CVE-2004-0583}
-	- webmin 1.150-1
+	[woody] - webmin 0.94-7woody2
 [24 Jun 2004] DSA-525 apache - buffer overflow
 	{CVE-2004-0492}
 	- apache 1.3.31-2

More information about the Secure-testing-commits mailing list