[Secure-testing-commits] r2736 - in data: CVE DSA

Florian Weimer fw at costa.debian.org
Mon Nov 14 12:51:38 UTC 2005 

Author: fw
Date: 2005-11-14 12:51:33 +0000 (Mon, 14 Nov 2005)
New Revision: 2736

Modified:
   data/CVE/list
   data/DSA/list
Log:
DSA-137 cleanup.  Add DSA-135 because it's referenced.  A couple of
syntax fixes.  Restore CVE-2001-0683 and CVE-2002-0683.


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-11-14 12:28:31 UTC (rev 2735)
+++ data/CVE/list	2005-11-14 12:51:33 UTC (rev 2736)
@@ -1,11 +1,9 @@
 CVE-2005-XXXX [XSS in Horde]
 	- horde2 <unfixed> (bug #338983; unknown)
-CVE-2002-0683 (Directory traversal vulnerability in Carello 1.3 allows remote ...)
-	TODO: check
 CVE-2005-XXXX [Insecure temp file usage in migrationtools]
 	- migrationtools <unfixed> (bug #338920; medium)
 CVE-2005-XXXX [user logout in drupal has no effect]
-	[sarge] drupal <not-affected> (bug was introduced after 4.5.3)
+	[sarge] - drupal <not-affected> (bug was introduced after 4.5.3)
 	- drupal 4.5.5-3 (bug #336719; medium)
 CVE-2005-XXXX [incorrect use of the PAM framework by courier]
 	- courier 0.47-12 (bug #211920; medium)
@@ -18719,7 +18717,7 @@
 	NOT-FOR-US: no_package
 CVE-2002-0684 (Buffer overflow in DNS resolver functions that perform lookup of ...)
 	- glibc 2.2.5-8
-CVE-2001-0683 (Memory leak in Netscape Collabra Server 3.5.4 and earlier allows a ...)
+CVE-2002-0683 (Directory traversal vulnerability in Carello 1.3 allows remote ...)
 	NOT-FOR-US: no_package
 CVE-2002-0681 (Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows ...)
 	NOT-FOR-US: no_package
@@ -19996,8 +19994,7 @@
 	{DSA-160}
 CVE-2002-0658 (OSSP mm library (libmm) before 1.2.0 allows the local Apache user to ...)
 	{DSA-137}
-	- libmm11 1.1.3-6.1
-	- libmm13 1.3.1-1
+	- mm 1.3.1-1
 CVE-2002-0653 (Off-by-one buffer overflow in rewrite_command hook for mod_ssl Apache ...)
 	- libapache-mod-ssl 2.8.9-2
 STOP: this is approximatly the release of woody, so we can stop here
@@ -23407,7 +23404,7 @@
 CVE-2001-0688 (Broker FTP Server 5.9.5.0 allows a remote attacker to cause a denial ...)
 CVE-2001-0687 (Broker FTP server 5.9.5 for Windows NT and 9x allows a remote attacker ...)
 CVE-2001-0684 (Netscape Collabra Server 3.5.4 and earlier allows a remote attacker to ...)
-CVE-2001-0683
+CVE-2001-0683 (Memory leak in Netscape Collabra Server 3.5.4 and earlier allows a ...)
 CVE-2001-0681 (Buffer overflow in ftpd in QPC QVT/Net 5.0 and QVT/Term 5.0 allows a ...)
 CVE-2001-0679 (A buffer overflow in InterScan VirusWall 3.23 and 3.3 allows a remote ...)
 CVE-2001-0678 (A buffer overflow in reggo.dll file used by Trend Micro InterScan ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2005-11-14 12:28:31 UTC (rev 2735)
+++ data/DSA/list	2005-11-14 12:51:33 UTC (rev 2736)
@@ -2773,7 +2773,10 @@
 	- gallery 1.3-3
 [30 Jul 2002] DSA-137 mm - insecure temporary files
 	{CVE-2002-0658}
-	- mm 1.1.3-7
+	[woody] - mm 1.1.3-6.1
 [30 Jul 2002] DSA-136 openssl - multiple remote exploits 
 	{CVE-2002-0655 CVE-2002-0656 CVE-2002-0657 CVE-2002-0659}
 	- openssl 0.9.6e-1
+[02 Jul 2002] DSA-135 libapache-mod-ssl -- buffer overflow / DoS
+	{CVE-2002-0653}
+	[woody] - libapache-mod-ssl 2.8.9-2

More information about the Secure-testing-commits mailing list