[Secure-testing-commits] r2730 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Mon Nov 14 09:41:43 UTC 2005 

Author: jmm-guest
Date: 2005-11-14 09:41:39 +0000 (Mon, 14 Nov 2005)
New Revision: 2730

Modified:
   data/CVE/list
Log:
libungif fixed + bugnums


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-11-14 09:14:18 UTC (rev 2729)
+++ data/CVE/list	2005-11-14 09:41:39 UTC (rev 2730)
@@ -8,7 +8,7 @@
 CVE-2005-XXXX [incorrect use of the PAM framework by courier]
 	- courier 0.47-12 (bug #211920; medium)
 CVE-2005-XXXX [double free() in libungif]
-	- libungif4 (bug #338542; medium)
+	- libungif4 4.1.4-1 (bug #338542; medium)
 CVE-2005-XXXX [moodle SQL injection]
 	- moodle <unfixed> (bug #338592; medium)
 CVE-2005-XXXX [Buffer overflows in Sylpheed's address book import]
@@ -317,7 +317,7 @@
 CVE-2005-3350 [libungif buffer overflows]
 	RESERVED
 	{DSA-890-1}
-	- libungif4 <unfixed> (bug #337972; high)
+	- libungif4 4.1.3-4 (bug #337972; high)
 CVE-2005-3349
 	RESERVED
 CVE-2005-3348
@@ -1437,7 +1437,7 @@
 CVE-2005-2974 [libungif null pointer deref dos]
 	RESERVED
 	{DSA-890-1}
-	- libungif4 <unfixed> (bug #337972; medium)
+	- libungif4 4.1.3-4 (bug #337972; medium)
 CVE-2005-2973 (The udp_v6_get_port function in udp.c in Linux 2.6 before 2.6.14-rc5, ...)
 	- linux-2.6 2.6.13+2.6.14-rc4-0experimental.1 (low)
 	- kernel-source-2.4.27 <unfixed>
@@ -3811,7 +3811,7 @@
 CVE-2005-2270 (Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone ...)
 	{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
 	- mozilla-firefox 1.0.5-1 (high)
-	- mozilla 2:1.7.9-1 (high; bug #318062)
+	- mozilla 2:1.7.9-1 (bug #318062; bug #325851; high)
 	- mozilla-thunderbird 1.0.6-1 (high)
 CVE-2005-2269 (Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does ...)
 	{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
@@ -12825,7 +12825,7 @@
 	NOT-FOR-US: Netscape Directory Server on HP-UX
 CVE-2004-1235 (Race condition in the (1) load_elf_library and (2) binfmt_aout ...)
 	- linux-2.6 2.6.12-1 (bug #289202; high)
-	- kernel-source-2.4.27 2.4.27-8 (bug #289202; bug #289708; high)
+	- kernel-source-2.4.27 2.4.27-8 (bug #289202; bug #289708; bug #291053; high)
 CVE-2004-1234 (load_elf_binary in Linux before 2.4.26 allows local users to cause a ...)
 	NOTE: fixed after 2.4.25
 CVE-2004-1233 (Integer overflow in Gadu-Gadu allows remote attackers to cause a ...)
@@ -13734,7 +13734,7 @@
 CVE-2004-0884 (The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and ...)
 	{DSA-568-1 DSA-563-3}
 	- cyrus-sasl <removed>
-	- cyrus-sasl2 2.1.19-1.3 (bug #275431; bug #276865; bug #275432)
+	- cyrus-sasl2 2.1.19-1.3 (bug #275431; bug #276865; bug #275432; bug #275553)
 CVE-2004-0883 (Multiple vulnerabilities in the samba filesystem (smbfs) in Linux ...)
 	- kernel-source-2.4.27 2.4.27-6
 	- kernel-source-2.6.8 2.6.8-13
@@ -17365,7 +17365,7 @@
 CVE-2003-0192 (Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache ...)
 	- apache2 2.0.47
 CVE-2003-0190 (OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support ...)
-	- ssh 1:3.8.1p1-8.sarge.4
+	- ssh 1:3.8.1p1-8.sarge.4 (bug #196413)
 CVE-2003-0189 (The authentication module for Apache 2.0.40 through 2.0.45 on Unix ...)
 	- apache2 2.0.46
 CVE-2003-0188 (lv reads a .lv file from the current working directory, which allows ...)
@@ -19928,8 +19928,7 @@
 	TODO: check
 	- kernel-image-2.4.18-i386 (bug #152152; unimportant)
 CVE-2002-0703 (An interaction between the Perl MD5 module (perl-Digest-MD5) and Perl ...)
-	- perl 5.8.0-7
-	NOTE: woody seems to be vulnerable, bug #282527
+	- perl 5.8.0-7 (bug #282527)
 CVE-2002-0701 (ktrace in BSD-based operating systems allows the owner of a process ...)
 	NOT-FOR-US: BSD
 CVE-2002-0700 (Buffer overflow in a system function that performs user authentication ...)

More information about the Secure-testing-commits mailing list