[Secure-testing-commits] r2734 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Mon Nov 14 11:29:43 UTC 2005 

Author: jmm-guest
Date: 2005-11-14 11:29:37 +0000 (Mon, 14 Nov 2005)
New Revision: 2734

Modified:
   data/CVE/list
   data/DSA/list
Log:
more DSA conversion work


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-11-14 11:02:45 UTC (rev 2733)
+++ data/CVE/list	2005-11-14 11:29:37 UTC (rev 2734)
@@ -14841,6 +14841,8 @@
 	- flim 1:1.14.6+0.20040415-1
 CVE-2004-0421 (The Portable Network Graphics library (libpng) 1.0.15 and earlier ...)
 	{DSA-498}
+	- libpng 1.0.15-5
+	- libpng3 1.2.5.0-6
 CVE-2004-0420 (The Windows Shell application in Windows 98, Windows ME, Windows NT ...)
 	NOT-FOR-US: windows
 CVE-2004-0419 (XDM in XFree86 opens a chooserFd TCP socket even when ...)
@@ -14874,6 +14876,7 @@
 	- xchat 2.0.8-1
 CVE-2004-0408 (Buffer overflow in the child_service function in the ident2 ident ...)
 	{DSA-494}
+	- ident2 1.04-2
 CVE-2004-0407 (The HTML form upload capability in ColdFusion MX 6.1 does not reclaim ...)
 	NOT-FOR-US: ColdFusion
 CVE-2004-0406
@@ -14883,6 +14886,7 @@
 	- cvs 1:1.12.5-4
 CVE-2004-0404 (logcheck before 1.1.1 allows local users to overwrite arbitrary files ...)
 	{DSA-488}
+	- logcheck 1.1.1-13.2
 CVE-2004-0403 (Racoon before 20040408a allows remote attackers to cause a denial of ...)
 	- racoon 0.3.1-3
 CVE-2004-0402 (Buffer overflow in xpcd-svga in xpcd before 2.08, and possibly other ...)
@@ -15222,8 +15226,10 @@
 	NOT-FOR-US: utempter
 CVE-2004-0232 (Multiple format string vulnerabilities in Midnight Commander (mc) ...)
 	{DSA-497}
+	- mc 1:4.6.0-4.6.1-pre1-2
 CVE-2004-0231 (Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with ...)
 	{DSA-497}
+	- mc 1:4.6.0-4.6.1-pre1-2
 CVE-2004-0230 (TCP, when using a large Window Size, makes it easier for remote ...)
 	NOT-FOR-US: famous TCP RST bug
 CVE-2004-0229 (The framebuffer driver in Linux kernel 2.6.x does not properly use the ...)
@@ -15234,6 +15240,7 @@
 	NOT-FOR-US: ZoneMinder
 CVE-2004-0226 (Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may ...)
 	{DSA-497}
+	- mc 1:4.6.0-4.6.1-pre1-2
 CVE-2004-0225
 	RESERVED
 CVE-2004-0224 (Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for ...)
@@ -15316,9 +15323,11 @@
 	{DSA-487}
 CVE-2004-0178 (The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before ...)
 	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
+	- kernel-source-2.4.27 2.4.27-1
 	NOTE: fixed in 2.4.26-pre3
 CVE-2004-0177 (The ext3 code in Linux 2.4.x before 2.4.26 does not properly ...)
 	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
+	- kernel-source-2.4.27 2.4.27-1
 	NOTE: fixed in 2.4.26-pre4
 CVE-2004-0176 (Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote ...)
 	{DSA-511}
@@ -15426,6 +15435,7 @@
 	{DSA-455}
 CVE-2004-0109 (Buffer overflow in the ISO9660 file system component for Linux kernel ...)
 	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
+	- kernel-source-2.4.27 2.4.27-1
 	NOTE: fixed in 2.4.26-rc4
 CVE-2004-0107 (The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier ...)
 	- sysstat 5.0.2-1
@@ -15570,6 +15580,7 @@
 	RESERVED
 CVE-2004-0010 (Stack-based buffer overflow in the ncp_lookup function for ncpfs in ...)
 	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
+	- kernel-source-2.4.27 2.4.27-1
 	NOTE: fixed in 2.4.25-pre7
 CVE-2004-0008 (Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before ...)
 	{DSA-434}
@@ -15584,6 +15595,7 @@
 	{DSA-434}
 CVE-2004-0003 (Unknown vulnerability in Linux kernel before 2.4.22 allows local users ...)
 	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
+	- kernel-source-2.4.27 2.4.27-1
 	NOTE: fixed in 2.4.26-rc4
 CVE-2004-0002 (The TCP MSS (maximum segment size) functionality in netinet allows ...)
 	NOT-FOR-US: FreeBSD netinet
@@ -17490,6 +17502,7 @@
 	- evolution 1.2.3
 CVE-2003-0127 (The kernel module loader in Linux kernel 2.2.x before 2.2.25, and ...)
 	{DSA-495 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311 DSA-276 DSA-270}
+	TODO: Map this on current kernels
 CVE-2003-0126 (The web interface for SOHO Routefinder 550 firmware 4.63 and earlier, ...)
 	NOT-FOR-US: SOHO Routefinder 550 firmware
 CVE-2003-0121 (Clearswift MAILsweeper 4.x allows remote attackers to bypass ...)
@@ -19951,6 +19964,7 @@
 	NOT-FOR-US: Microsoft
 CVE-2002-0688 (ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 ...)
 	{DSA-490}
+	- zope 2.6.0-0.1
 CVE-2002-0687 (The "through the web code" capability for Zope 2.0 through 2.5.1 b1 ...)
 	- zope 2.5.1b2
 CVE-2002-0685 (Heap-based buffer overflow in the message decoding functionality for ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2005-11-14 11:02:45 UTC (rev 2733)
+++ data/DSA/list	2005-11-14 11:29:37 UTC (rev 2734)
@@ -1597,38 +1597,45 @@
 	[woody] - rsync 2.5.5-0.5
 [30 Apr 2004] DSA-498 libpng - out of bound access
 	{CVE-2004-0421}
-	- libpng 1.0.15-5
-	- libpng3 1.2.5.0-6
+	[woody] - libpng 1.0.12-3.woody.5 
+	[woody] - libpng3 1.2.1-1.1.woody.5
 [29 Apr 2004] DSA-497 mc - several vulnerabilities
 	{CVE-2004-0226 CVE-2004-0231 CVE-2004-0232}
-	- mc 1:4.6.0-4.6.1-pre1-2
+	[woody] - mc 4.5.55-1.2woody3
 [29 Apr 2004] DSA-496 eterm - missing input sanitising
 	{CVE-2003-0068}
-	- eterm 0.9.2-6
+	[woody] - eterm 0.9.2-0pre2002042903.3
 [26 Apr 2004] DSA-495 linux-kernel-2.4.16-arm - several vulnerabilities
 	{CVE-2003-0127 CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178}
-	NOTE: 2.4.16 not present. Did not check newer kernels.
+	[woody] - kernel-source-2.4.16 2.4.16-1woody2
+	[woody] - kernel-patch-2.4.16-arm 20040419
+	[woody] - kernel-image-2.4.16-lart 20040419
+	[woody] - kernel-image-2.4.16-netwinder 20040419
+	[woody] - kernel-image-2.4.16-riscpc 20040419
 [21 Apr 2004] DSA-494 ident2 - buffer overflow
 	{CVE-2004-0408}
-	- ident2 1.04-2
+	[woody]	- ident2 1.03-3woody1
 [21 Apr 2004] DSA-493 xchat - buffer overflow
 	{CVE-2004-0409}
-	- xchat 2.0.8-1
+	[woody] - xchat 1.8.9-0woody3
 [18 Apr 2004] DSA-492 iproute - denial of service
 	{CVE-2003-0856}
-	- iproute 20010824-13.1
+	[woody] - iproute 20010824-8woody1
 [17 Apr 2004] DSA-491 linux-kernel-2.4.19-mips - several vulnerabilities
 	{CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178}
-	NOTE: 2.4.19 not present. Did not check newer kernels.
+ 	[woody] - kernel-source-2.4.19 2.4.19-4.woody2
+	[woody] - kernel-patch-2.4.19-mips 2.4.19-0.020911.1.woody4
 [17 Apr 2004] DSA-490 zope - arbitrary code execution
 	{CVE-2002-0688}
-	- zope 2.6.0-0.1
+	[woody]	- zope 2.5.1-1woody1
 [17 Apr 2004] DSA-489 linux-kernel-2.4.17-mips+mipsel - several vulnerabilities
 	{CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178}
-	NOTE: 2.4.17 not present. Did not check newer kernels.
+ 	[woody] - kernel-source-2.4.17 2.4.17-1woody3
+	[woody] - kernel-patch-2.4.17-mips 2.4.17-0.020226.2.woody6
+	[woody] - kernel-patch-2.4.17-mipsel 2.4.17-0.020226.2.woody6
 [16 Apr 2004] DSA-488 logcheck - insecure temporary directory
 	{CVE-2004-0404}
-	- logcheck 1.1.1-13.2
+	[woody]	- logcheck 1.1.1-13.1woody1
 [16 Apr 2004] DSA-487 neon - format string
 	{CVE-2004-0179}
 	- neon 0.24.5-1

More information about the Secure-testing-commits mailing list