[Secure-testing-commits] r2720 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Fri Nov 11 14:14:14 UTC 2005 

Author: jmm-guest
Date: 2005-11-11 14:14:10 +0000 (Fri, 11 Nov 2005)
New Revision: 2720

Modified:
   data/CVE/list
   data/DSA/list
Log:
convert june 2004 to the new format


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-11-11 10:58:46 UTC (rev 2719)
+++ data/CVE/list	2005-11-11 14:14:10 UTC (rev 2720)
@@ -14474,6 +14474,7 @@
 	NOT-FOR-US: Linksys routers
 CVE-2004-0579 (Format string vulnerability in super before 3.23 allows local users to ...)
 	{DSA-522}
+	- super 3.23.0-1
 CVE-2004-0578 (WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions ...)
 	NOT-FOR-US: Wingate
 CVE-2004-0577 (WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions ...)
@@ -14551,6 +14552,7 @@
 	- aspell 0.50.5-3
 CVE-2004-0547 (Buffer overflow in the ODBC driver for PostgreSQL before 7.2.1 allows ...)
 	{DSA-516}
+	- postgresql 07.03.0200-3
 CVE-2004-0546
 	RESERVED
 CVE-2004-0545 (LVM for AIX 5.1 and 5.2 allows local users to overwrite arbitrary ...)
@@ -14600,8 +14602,10 @@
 	NOT-FOR-US: Change_passwd SquirrelMail plugin not present in debian
 CVE-2004-0523 (Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos ...)
 	{DSA-520}
+	- krb5 1.3.3-2
 CVE-2004-0522 (Gallery 1.4.3 and earlier allows remote attackers to bypass ...)
 	{DSA-512}
+	- gallery 1.4.3-pl2-1
 CVE-2004-0521 (SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows ...)
 	{DSA-535}
 	- squirrelmail 2:1.4.3a-0.1
@@ -14750,9 +14754,10 @@
 	- pavuk 0.9pl28-3 (bug #264684)
 CVE-2004-0455 (Buffer overflow in cgi.c in www-sql before 0.5.7 allows local users to ...)
 	{DSA-523}
+	- www-sql 0.5.7-18
 CVE-2004-0454 (Buffer overflow in the msg function for rlpr daemon (rlprd) 2.04 ...)
 	{DSA-524}
-	- rlpr 2.05-1 (bug #255402)
+	- rlpr 2.02-7.1 (bug #255402)
 CVE-2004-0453 (Format string vulnerability in the monitor "memory dump" command in ...)
 	- vice 1.14-2
 CVE-2004-0452 (Race condition in the rmtree function in the File::Path module in Perl ...)
@@ -14760,8 +14765,10 @@
 	- perl 5.8.4-5
 CVE-2004-0451 (Multiple format string vulnerabilities in the (1) logquit, (2) logerr, ...)
 	{DSA-521}
+	- sup 1.8-11
 CVE-2004-0450 (Format string vulnerability in the printlog function in log2mail ...)
 	{DSA-513}
+	- log2mail 0.2.8-3
 CVE-2004-0449
 	RESERVED
 CVE-2004-0448 (Format string vulnerability in the log function for jftpgw 0.13.4 and ...)
@@ -14849,6 +14856,7 @@
 	- mailman 2.1.4-5
 CVE-2004-0411 (The URI handlers in Konqueror for KDE 3.2.2 and earlier do not ...)
 	{DSA-518}
+	- kdelibs 4:3.2.3
 CVE-2004-0410
 	RESERVED
 	NOTE: An empty CVE, never published.
@@ -14895,6 +14903,7 @@
 	NOTE: not fixed in 2.4.27 by inspection, didn't bother with a bug
 CVE-2004-0393 (Format string vulnerability in the msg function for rlpr daemon ...)
 	{DSA-524}
+	- rlpr 2.02-7.1 (bug #255402)
 CVE-2004-0392 (racoon before 20040407b allows remote attackers to cause a denial of ...)
 	- apache 1.3.31-2
 CVE-2004-0391 (Cisco Wireless LAN Solution Engine (WLSE) 2.0 through 2.5 and Hosting ...)
@@ -15187,8 +15196,10 @@
 	NOT-FOR-US: thePHOTOtool
 CVE-2004-0235 (Multiple directory traversal vulnerabilities in LHA 1.14 allow remote ...)
 	{DSA-515}
+	- lha 1.14i-8
 CVE-2004-0234 (Multiple stack-based buffer overflows in the get_header function in ...)
 	{DSA-515}
+	- lha 1.14i-8
 CVE-2004-0233 (Utempter allows device names that contain .. (dot dot) directory ...)
 	NOT-FOR-US: utempter
 CVE-2004-0232 (Multiple format string vulnerabilities in Midnight Commander (mc) ...)
@@ -18832,6 +18843,7 @@
 	TODO: test
 CVE-2004-0077 (The do_mremap function for the mremap system call in Linux 2.2 to ...)
 	{DSA-514 DSA-475 DSA-470 DSA-466 DSA-456 DSA-454 DSA-453 DSA-450 DSA-444 DSA-442 DSA-441 DSA-440 DSA-439 DSA-438}
+	- kernel-source-2.2.20 <removed>
 CVE-2004-0075 (The Vicam USB driver in Linux before 2.4.25 does not use the ...)
 	- kernel-source-2.4.24 2.4.24-3
 	NOTE: fixed in 2.4.26-pre3

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2005-11-11 10:58:46 UTC (rev 2719)
+++ data/DSA/list	2005-11-11 14:14:10 UTC (rev 2720)
@@ -1512,49 +1512,46 @@
 	[woody] - webmin 0.94-7woody2
 [24 Jun 2004] DSA-525 apache - buffer overflow
 	{CVE-2004-0492}
-	- apache 1.3.31-2
+	[woody] - apache 1.3.26-0woody5
 [19 Jun 2004] DSA-524 rlpr - several vulnerabilities
 	{CVE-2004-0393 CVE-2004-0454}
-	- rlpr 2.02-7.1 (bug #255402)
+	[woody] - rlpr 2.02-7woody1
 [19 Jun 2004] DSA-523 www-sql - buffer overflow
 	{CVE-2004-0455}
-	- www-sql 0.5.7-18
+	[woody] - www-sql 0.5.7-17woody1
 [19 Jun 2004] DSA-522 super - format string vulnerability
 	{CVE-2004-0579}
-	- super 3.23.0-1
+	[woody] - super 3.16.1-1.2
 [18 Jun 2004] DSA-521 sup - format string vulnerability
 	{CVE-2004-0451}
-	- sup 1.8-11
+	[woody] - sup 1.8-8woody2
 [16 Jun 2004] DSA-520 krb5 - buffer overflows
 	{CVE-2004-0523}
-	- krb5 1.3.3-2
+	[woody] - krb5 1.2.4-5woody5
 [15 Jun 2004] DSA-519 cvs - several vulnerabilities
 	{CVE-2004-0416 CVE-2004-0417 CVE-2004-0418}
-	- cvs 1:1.12.9-1
+	[woody] - cvs 1.11.1p1debian-9woody7
 [14 Jun 2004] DSA-518 kdelibs - unsanitised input
 	{CVE-2004-0411}
-	- kdelibs 4:3.2.3
+	[woody] - kdelibs 2.2.2-13.woody.10
 [10 Jun 2004] DSA-517 cvs - buffer overflow
 	{CVE-2004-0414}
-	- cvs 1:1.12.9-1
+	[woody] - cvs 1.11.1p1debian-9woody6
 [07 Jun 2004] DSA-516 postgresql - buffer overflow
 	{CVE-2004-0547}
-	- postgresql 07.03.0200-3.
+	[woody] - postgresql 7.2.1-2woody5
 [05 Jun 2004] DSA-515 lha - several vulnerabilities
 	{CVE-2004-0234 CVE-2004-0235}
-	- lha 1.14i-8
-	NOTE: If 1.14i-8 cannot get into testing, the fix for 1.14i-2.0.1
-	NOTE: from the DSA could to updated via t-p-u.
+	[woody] - lha 1.14i-2woody1
 [04 Jun 2004] DSA-514 kernel-image-sparc-2.2 - failing function and TLB flush
 	{CVE-2004-0077}
-	- kernel-image-sparc-2.2 9.1
-	NOTE: did not check other versions of the kernel
+	[woody] - kernel-source-2.2.20 2.2.20-5woody3
 [03 Jun 2004] DSA-513 log2mail - format string
 	{CVE-2004-0450}
-	- log2mail 0.2.8-3
+	[woody] - log2mail 0.2.5.2
 [02 Jun 2004] DSA-512 gallery - unauthenticated access
 	{CVE-2004-0522}
-	- gallery 1.4.3-pl2-1
+	[woody] - gallery 1.2.5-8woody2
 [30 May 2004] DSA-511 ethereal - buffer overflows
 	{CVE-2004-0176}
 	- ethereal 0.10.3-1

More information about the Secure-testing-commits mailing list