[Secure-testing-commits] r2727 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Sun Nov 13 23:00:11 UTC 2005 

Author: jmm-guest
Date: 2005-11-13 23:00:06 +0000 (Sun, 13 Nov 2005)
New Revision: 2727

Modified:
   data/CVE/list
   data/DSA/list
Log:
convert another month of DSA entries


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-11-13 21:58:59 UTC (rev 2726)
+++ data/CVE/list	2005-11-13 23:00:06 UTC (rev 2727)
@@ -1,8 +1,3 @@
-CVE-2005-XXXX [kernel: NFS leases mem leak]
-	- linux-2.6 <unfixed>
-	NOTE: Pinged Horms
-CVE-2002-0683 (Directory traversal vulnerability in Carello 1.3 allows remote ...)
-	TODO: check
 CVE-2005-XXXX [user logout in drupal has no effect]
 	[sarge] drupal <not-affected> (bug was introduced after 4.5.3)
 	- drupal 4.5.5-3 (bug #336719; medium)
@@ -14806,6 +14801,7 @@
 	NOT-FOR-US: FreeBSD
 CVE-2004-0434 (k5admind (kadmind) for Heimdal allows remote attackers to execute ...)
 	{DSA-504}
+	- heimdal 0.6.2-1
 CVE-2004-0433 (Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) ...)
 	NOTE: mplayer not in Debian
 	- xine-lib 1-rc4
@@ -14825,6 +14821,7 @@
 	NOTE: Fixed in 2.6.6/2.4.26 kernel
 CVE-2004-0426 (rsync before 2.6.1 does not properly sanitize paths when running a ...)
 	{DSA-499}
+	- rsync 2.6.1-1
 CVE-2004-0425 (Heap-based buffer overflow in SiteMinder Affiliate Agent 4.x allows ...)
 	NOT-FOR-US: windows
 CVE-2004-0424 (Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 ...)
@@ -14835,6 +14832,7 @@
 	NOTE: The package doesn't enable that flag so it is safe.
 CVE-2004-0422 (flim before 1.14.3 creates temporary files insecurely, which allows ...)
 	{DSA-500}
+	- flim 1:1.14.6+0.20040415-1
 CVE-2004-0421 (The Portable Network Graphics library (libpng) 1.0.15 and earlier ...)
 	{DSA-498}
 CVE-2004-0420 (The Windows Shell application in Windows 98, Windows ME, Windows NT ...)
@@ -14883,17 +14881,23 @@
 	- racoon 0.3.1-3
 CVE-2004-0402 (Buffer overflow in xpcd-svga in xpcd before 2.08, and possibly other ...)
 	{DSA-508}
+	- xpcd 2.08-10
 CVE-2004-0401 (Unknown vulnerability in libtasn1 0.1.x before 0.1.2, and 0.2.x before ...)
 	- libtasn1 0.1.2-2
 CVE-2004-0400 (Stack-based buffer overflow in Exim 4 before 4.33, when the ...)
 	{DSA-502 DSA-501}
 	- exim 3.36-11
+	- exim4 4.33-1
+	- exis-tls <removed>
 CVE-2004-0399 (Stack-based buffer overflow in Exim 3.35, and other versions before 4, ...)
 	{DSA-502 DSA-501}
 	- exim 3.36-11
+	- exim4 4.33-1
+	- exis-tls <removed>
 CVE-2004-0398 (Heap-based buffer overflow in the ne_rfc1036_parse date parsing ...)
 	{DSA-507 DSA-506}
-	
+	- cadaver 0.22.1-3
+	- neon 0.24.6.dfsg-1
 CVE-2004-0397 (Stack-based buffer overflow during the apr_time_t data conversion in ...)
 	- subversion 1.0.3-1
 	NOTE: fix history: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=249791
@@ -14902,6 +14906,7 @@
 	- cvs 1:1.12.5-6
 CVE-2004-0395 (The xatitv program in the gatos package does not properly drop root ...)
 	{DSA-509}
+	- gatos 0.0.5-12
 CVE-2004-0394 (A &quot;potential&quot; buffer overflow exists in the panic() function in Linux ...)
 	NOTE: apparently not very exploitable, does not affect 2.6
 	NOTE: patch: http://www.ultramonkey.org/bugs/cve-patch/CVE-2004-0394.patch
@@ -18694,7 +18699,7 @@
 	NOT-FOR-US: no_package
 CVE-2002-0684 (Buffer overflow in DNS resolver functions that perform lookup of ...)
 	- glibc 2.2.5-8
-CVE-2001-0683 (Memory leak in Netscape Collabra Server 3.5.4 and earlier allows a ...)
+CVE-2001-0683 (Directory traversal vulnerability in Carello 1.3 allows remote ...)
 	NOT-FOR-US: no_package
 CVE-2002-0681 (Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows ...)
 	NOT-FOR-US: no_package
@@ -19974,6 +19979,7 @@
 	- libmm11 1.1.3-6.1
 	- libmm13 1.3.1-1
 CVE-2002-0653 (Off-by-one buffer overflow in rewrite_command hook for mod_ssl Apache ...)
+	{DSA-135}
 	- libapache-mod-ssl 2.8.9-2
 STOP: this is approximatly the release of woody, so we can stop here
 CVE-2002-0651 (Buffer overflow in the DNS resolver code used in libc, glibc, and ...)
@@ -23382,7 +23388,7 @@
 CVE-2001-0688 (Broker FTP Server 5.9.5.0 allows a remote attacker to cause a denial ...)
 CVE-2001-0687 (Broker FTP server 5.9.5 for Windows NT and 9x allows a remote attacker ...)
 CVE-2001-0684 (Netscape Collabra Server 3.5.4 and earlier allows a remote attacker to ...)
-CVE-2001-0683
+CVE-2001-0683 (Memory leak in Netscape Collabra Server 3.5.4 and earlier allows a ...)
 CVE-2001-0681 (Buffer overflow in ftpd in QPC QVT/Net 5.0 and QVT/Term 5.0 allows a ...)
 CVE-2001-0679 (A buffer overflow in InterScan VirusWall 3.23 and 3.3 allows a remote ...)
 CVE-2001-0678 (A buffer overflow in reggo.dll file used by Trend Micro InterScan ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2005-11-13 21:58:59 UTC (rev 2726)
+++ data/DSA/list	2005-11-13 23:00:06 UTC (rev 2727)
@@ -1563,35 +1563,34 @@
 	[woody] - gatos 0.0.5-6woody1
 [22 May 2004] DSA-508 xpcd - buffer overflow
 	{CVE-2004-0402}
-	- xpcd 2.08-10
+	[woody] - xpcd 2.08-8woody2
 [19 May 2004] DSA-507 cadaver - buffer overflow
 	{CVE-2004-0398}
-	- cadaver 0.22.1-3
+	[woody] - cadaver 0.18.0-1woody3
 [19 May 2004] DSA-506 neon - buffer overflow
 	{CVE-2004-0398}
-	- neon 0.24.6.dfsg-1
+	[woody] - neon 0.19.3-2woody5
 [19 May 2004] DSA-505 cvs - heap overflow
 	{CVE-2004-0396}
-	- cvs 1:1.12.5-6
+	[woody] - cvs 1.11.1p1debian-9woody4
 [18 May 2004] DSA-504 heimdal - missing input sanitising
 	{CVE-2004-0434}
-	- heimdal 0.6.2-1
+	[woody] - heimdal 0.4e-7.woody.9
 [13 May 2004] DSA-503 mah-jong - missing argument check
 	{CVE-2004-0458}
-	- mah-jong 1.6.2-1
+	[woody] - mah-jong 1.4-3
 [11 May 2004] DSA-502 exim-tls - buffer overflow
 	{CVE-2004-0399 CVE-2004-0400}
-	NOTE: exim-tls not in sarge
+	[woody] - exim-tls 3.35-3woody2
 [07 May 2004] DSA-501 exim - buffer overflow
 	{CVE-2004-0399 CVE-2004-0400}
-	- exim 3.36-11
-	- exim4 4.33-1
+	[woody] - exim 3.35-1woody3
 [01 May 2004] DSA-500 flim - insecure temporary file
 	{CVE-2004-0422}
-	- flim 1:1.14.6+0.20040415-1
+	[woody] - flim 1.14.3-9woody1
 [01 May 2004] DSA-499 rsync - directory traversal
 	{CVE-2004-0426}
-	- rsync 2.6.1-1
+	[woody] - rsync 2.5.5-0.5
 [30 Apr 2004] DSA-498 libpng - out of bound access
 	{CVE-2004-0421}
 	- libpng 1.0.15-5

More information about the Secure-testing-commits mailing list