[Secure-testing-commits] r2739 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Mon Nov 14 16:35:42 UTC 2005


Author: jmm-guest
Date: 2005-11-14 16:35:36 +0000 (Mon, 14 Nov 2005)
New Revision: 2739

Modified:
   data/CVE/list
   data/DSA/list
Log:
convert apr 2004 to the new DSA format


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-11-14 15:15:01 UTC (rev 2738)
+++ data/CVE/list	2005-11-14 16:35:36 UTC (rev 2739)
@@ -14936,6 +14936,7 @@
 	NOT-FOR-US: RealNetworks Helix Universal Server
 CVE-2004-0388 (The mysqld_multi script in MySQL allows local users to overwrite ...)
 	{DSA-483}
+	- mysql-dfsg 4.0.18-6
 CVE-2004-0387 (Stack-based buffer overflow in the RT3 plugin, as used in RealPlayer ...)
 	NOT-FOR-US: RealPlayer plugin
 CVE-2004-0386 (Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, ...)
@@ -14950,6 +14951,7 @@
 	NOT-FOR-US: CUPS printing system in Mac OS X
 CVE-2004-0381 (mysqlbug in MySQL allows local users to overwrite arbitrary files via ...)
 	{DSA-483}
+	- mysql-dfsg 4.0.18-4
 CVE-2004-0380 (The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 ...)
 	NOT-FOR-US: Microsoft Outlook Express
 CVE-2004-0379 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ...)
@@ -14960,16 +14962,20 @@
 	NOT-FOR-US: perl; Win32 is affected, UNIX systems not
 CVE-2004-0376 (oftpd 0.3.6 and earlier allows remote attackers to cause a denial of ...)
 	{DSA-473}
+	- oftpd 20040304-1
 CVE-2004-0375 (SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton ...)
 	NOT-FOR-US: Symantec Norton Internet Security
 CVE-2004-0374 (Interchange before 5.0.1 allows remote attackers to "expose the ...)
 	{DSA-471}
+	- interchange 5.0.1-1
 CVE-2004-0373
 	RESERVED
 CVE-2004-0372 (xine allows local users to overwrite arbitrary files via a symlink ...)
 	{DSA-477}
+	- xine-ui 0.99.1-1
 CVE-2004-0371 (Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly ...)
 	{DSA-476}
+	- heimdal 0.6.1-1
 CVE-2004-0370 (The setsockopt call in the KAME Project IPv6 implementation, as used ...)
 	NOT-FOR-US: KAME
 CVE-2004-0369 (Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec ...)
@@ -15323,6 +15329,7 @@
 	{DSA-486}
 CVE-2004-0179 (Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, ...)
 	{DSA-487}
+	- neon 0.24.5-1
 CVE-2004-0178 (The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before ...)
 	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
 	- kernel-source-2.4.27 2.4.27-1
@@ -15365,8 +15372,10 @@
 	{DSA-445}
 CVE-2004-0157 (x11.c in xonix 1.4 and earlier uses the current working directory to ...)
 	{DSA-484}
+	- xonix 1.4-21
 CVE-2004-0156 (Format string vulnerabilities in the (1) die or (2) log_event ...)
 	{DSA-485}
+	- ssmtp 2.60.7
 CVE-2004-0155 (The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, ...)
 	- racoon 0.2.5-2
 CVE-2004-0154 (rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers ...)
@@ -15781,7 +15790,7 @@
 	{DSA-404}
 CVE-2003-0961 (Integer overflow in the do_brk function for the brk system call in ...)
 	{DSA-475 DSA-470 DSA-450 DSA-442 DSA-440 DSA-439 DSA-433 DSA-423 DSA-417 DSA-403}
-	NOTE: do_brk hole
+	- kernel-source-2.4.27 2.4.27-1
 	NOTE: fixed in 2.4.23-pre7
 CVE-2003-0960 (OpenCA before 0.9.1.4 does not use the correct certificate in a chain ...)
 	NOT-FOR-US: OpenCA
@@ -16424,6 +16433,7 @@
 	{DSA-368}
 CVE-2003-0648 (Multiple buffer overflows in vfte, based on FTE, before 0.50, allow ...)
 	{DSA-472}
+	- fte 0.50.0-1.1 (bug #203871)
 CVE-2003-0647 (Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier ...)
 	NOT-FOR-US: Cisco
 CVE-2003-0646 (Multiple buffer overflows in ActiveX controls used by Trend Micro ...)
@@ -18804,6 +18814,7 @@
 	NOT-FOR-US: symantec
 CVE-2004-0189 (The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows ...)
 	{DSA-474}
+	- squid 2.5.5-1
 CVE-2004-0188 (Heap-based buffer overflow in Calife 2.8.5 and earlier may allow local ...)
 	{DSA-461}
 	- calife 2.8.6-1 (bug #235157)
@@ -18945,6 +18956,7 @@
 	- kdepim 4:3.1.5-1
 CVE-2003-0985 (The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21 ...)
 	{DSA-475 DSA-470 DSA-450 DSA-442 DSA-440 DSA-439 DSA-427 DSA-423 DSA-417 DSA-413}
+	- kernel-source-2.4.27 2.4.27-1
 	NOTE: fixed in 2.4.24-rc1
 CVE-2003-0969 (mpg321 0.2.10 allows remote attackers to overwrite memory and possibly ...)
 	{DSA-411}

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2005-11-14 15:15:01 UTC (rev 2738)
+++ data/DSA/list	2005-11-14 16:35:36 UTC (rev 2739)
@@ -1643,60 +1643,66 @@
 	[woody]	- logcheck 1.1.1-13.1woody1
 [16 Apr 2004] DSA-487 neon - format string
 	{CVE-2004-0179}
-	- neon 0.24.5-1
+	[woody] - neon 0.19.3-2woody3
 [16 Apr 2004] DSA-486 cvs - several vulnerabilities
 	{CVE-2004-0180 CVE-2004-0405}
-	- cvs 1:1.12.5-4
+	[woody]	- cvs 1.11.1p1debian-9woody2
 [14 Apr 2004] DSA-485 ssmtp - format string
 	{CVE-2004-0156}
-	- ssmtp 2.60.7
+	[woody]	- ssmtp 2.50.6.1
 [14 Apr 2004] DSA-484 xonix - failure to drop privileges
 	{CVE-2004-0157}
-	- xonix 1.4-21
+	[woody]	- xonix 1.4-19woody1
 [14 Apr 2004] DSA-483 mysql - insecure temporary file creation
-	{CVE-2004-0381}
-	- mysql-dfsg 4.0.18-4
-	{CVE-2004-0388}
-	- mysql-dfsg 4.0.18-6
+	{CVE-2004-0381 CVE-2004-0388}
+	[woody] - mysql 3.23.49-8.6
 [14 Apr 2004] DSA-482 linux-kernel-2.4.17-apus+s390 - several vulnerabilities
 	{CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178}
-	NOTE: 2.4.17 not present. Did not check newer kernels.
+	[woody] - kernel-source-2.4.17 2.4.17-1woody3
+	[woody] - kernel-patch-2.4.17-apus 2.4.17-5
+	[woody] - kernel-patch-2.4.17-s390 2.4.17-2.woody.4
+	[woody] - kernel-image-2.4.17-s390 2.4.17-2.woody.4
 [14 Apr 2004] DSA-481 linux-kernel-2.4.17-ia64 - several vulnerabilities
 	{CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178}
-	NOTE: 2.4.17 not present. Did not check newer kernels.
+	[woody] - kernel-image-2.4.17-ia64 011226.17
 [14 Apr 2004] DSA-480 linux-kernel-2.4.17+2.4.18-hppa - several vulnerabilities
 	{CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178}
-	NOTE: 2.4.17/18 not present. Did not check newer kernels.
+	[woody] - kernel-image-2.4.17-hppa 32.4
+	[woody] - kernel-image-2.4.18-hppa 62.3
 [14 Apr 2004] DSA-479 linux-kernel-2.4.18-alpha+i386+powerpc - several vulnerabilities
 	{CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178}
-	NOTE: 2.4.18 not present. Did not check newer kernels.
+	[woody] - kernel-source-2.4.18 2.4.18-14.3
+	[woody] - kernel-image-2.4.18-1-alpha 2.4.18-15
+	[woody] - kernel-image-2.4.18-1-i386 2.4.18-13
+	[woody] - kernel-image-2.4.18-i386bf 2.4.18-5woody8
+	[woody] - kernel-patch-2.4.18-powerpc 2.4.18-1woody5
 [06 Apr 2004] DSA-478 tcpdump - denial of service
 	{CVE-2004-0183 CVE-2004-0184}
-	- tcpdump 3.7.2-4
+	[woody] - tcpdump 3.6.2-2.8
 [06 Apr 2004] DSA-477 xine-ui - insecure temporary file creation
 	{CVE-2004-0372}
-	- xine-ui 0.99.1-1
+	[woody]	- xine-ui 0.9.8-5
 [06 Apr 2004] DSA-476 heimdal - cross-realm
 	{CVE-2004-0371}
-	- heimdal 0.6.1-1
+	[woody]	- heimdal 0.4e-7.woody.8.1
 [05 Apr 2004] DSA-475 linux-kernel-2.4.18-hppa - several vulnerabilities
 	{CVE-2003-0961 CVE-2003-0985 CVE-2004-0077}
-	NOTE: 2.4.18 not present. Did not check newer kernels.
+	[woody] - kernel-image-2.4.18-hppa 62.1
 [03 Apr 2004] DSA-474 squid - ACL bypass
 	{CVE-2004-0189}
-	- squid 2.5.5-1
+	[woody] - squid 2.4.6-2woody2
 [03 Apr 2004] DSA-473 oftpd - denial of service
 	{CVE-2004-0376}
-	- oftpd 20040304-1
+	[woody]	- oftpd 0.3.6-6
 [03 Apr 2004] DSA-472 fte - several vulnerabilities
 	{CVE-2003-0648}
-	- fte 0.50.0-1.1 (bug #203871)
+	[woody] - fte 0.50.0-1.1 0.49.13-15woody1
 [02 Apr 2004] DSA-471 interchange - missing input sanitising
 	{CVE-2004-0374}
-	- interchange 5.0.1-1
+	[woody] - interchange 4.8.3.20020306-1.woody.2
 [01 Apr 2004] DSA-470 linux-kernel-2.4.17-hppa - several vulnerabilities
 	{CVE-2003-0961 CVE-2003-0985 CVE-2004-0077}
-	NOTE: 2.4.17 not present. Did not check newer kernels.
+	[woody] - kernel-image-2.4.17-hppa 32.3
 [29 Mar 2004] DSA-469 pam-pgsql - missing input sanitising
 	{CVE-2004-0366}
 	- pam-pgsql 0.5.2-7.1




More information about the Secure-testing-commits mailing list