[Secure-testing-commits] r2763 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Wed Nov 16 18:04:08 UTC 2005 

Author: jmm-guest
Date: 2005-11-16 18:04:03 +0000 (Wed, 16 Nov 2005)
New Revision: 2763

Modified:
   data/CVE/list
   data/DSA/list
Log:
convert another month to the new DSA format


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-11-16 17:35:40 UTC (rev 2762)
+++ data/CVE/list	2005-11-16 18:04:03 UTC (rev 2763)
@@ -15018,9 +15018,8 @@
 	[woody] - ethereal <not-affected> (Not vulnerable per DSA-511)
 CVE-2004-0366 (SQL injection vulnerability in the libpam-pgsql library before 0.5.2 ...)
 	{DSA-469}
-	NOTE: Changes probably too intrusive during freeze, maintainer did not yet ask
-	NOTE: for approval on d-release
-	- pam-pgsql 0.5.2-9
+	- pam-pgsql 0.5.2-7.1
+	NOTE: fix was accidentially reverted in a later upload and later re-introduced in 0.5.2-9
 CVE-2004-0365 (The dissect_attribute_value_pairs function in packet-radius.c for ...)
 	- ethereal 0.10.3 (bug #239576)
 	[woody] - ethereal <not-affected> (Not vulnerable per DSA-511)
@@ -15413,10 +15412,13 @@
 	- nfs-utils 1:1.0.5-3
 CVE-2004-0153 (Multiple format string vulnerabilities in emil 2.1.0 and earlier may ...)
 	{DSA-468}
+	- emil 2.1.0-beta9-14
 CVE-2004-0152 (Multiple stack-based buffer overflows in (1) the encode_mime function, ...)
 	{DSA-468}
+	- emil 2.1.0-beta9-14
 CVE-2004-0151 (Unknown vulnerability in xitalk 1.1.11 and earlier allows local users ...)
 	{DSA-462}
+	- xitalk 1.1.11-11
 CVE-2004-0149 (Multiple buffer overflows in xboing before 2.4 allow local users to ...)
 	{DSA-451}
 CVE-2004-0147
@@ -15475,6 +15477,8 @@
 	- openssl 0.9.7d-1
 CVE-2004-0110 (Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft ...)
 	{DSA-455}
+	- libxml 1:1.8.17-5
+	- libxml2 2.6.6-1
 CVE-2004-0109 (Buffer overflow in the ISO9660 file system component for Linux kernel ...)
 	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
 	- kernel-source-2.4.27 2.4.27-1
@@ -15519,9 +15523,11 @@
 	{DSA-443}
 CVE-2004-0081 (OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message ...)
 	{DSA-465}
+	- openssl <not-affected> (Not affected per DSA-465)
+	- openssl096 0.9.6m-1
 CVE-2004-0079 (The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and ...)
 	{DSA-465}
-	- openssl096 0.9.6m-1
+	- openssl 0.9.7d-1
 CVE-2004-0076
 	REJECTED
 CVE-2004-0074 (Multiple buffer overflows in xsok 1.02 allows local users to gain ...)
@@ -16196,8 +16202,10 @@
 	{DSA-385}
 CVE-2003-0782 (Multiple buffer overflows in ecartis before 1.0.0 allow attackers to ...)
 	{DSA-467}
+	- ecartis 1.0.0+cvs.20030911
 CVE-2003-0781 (Unknown vulnerability in ecartis before 1.0.0 does not properly ...)
 	{DSA-467}
+	- ecartis 1.0.0+cvs.20030911
 CVE-2003-0780 (Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL ...)
 	{DSA-381}
 CVE-2003-0779 (SQL injection vulnerability in the Call Detail Record (CDR) logging ...)
@@ -16584,6 +16592,7 @@
 	NOT-FOR-US: opera
 CVE-2003-0592 (Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers ...)
 	{DSA-459}
+	- kdelibs 4:3.1.3-1
 CVE-2003-0591
 	REJECTED
 CVE-2003-0590 (Cross-site scripting (XSS) vulnerability in Splatt Forum allows remote ...)
@@ -18851,9 +18860,10 @@
 	- calife 2.8.6-1 (bug #235157)
 CVE-2004-0186 (smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, ...)
 	{DSA-463}
+	- samba 3.0.2-2
 CVE-2004-0185 (Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp ...)
 	{DSA-457}
-	- wu-ftpd 2.6.2-17.2
+	- wu-ftpd 2.6.2-17.1
 CVE-2004-0173 (Directory traversal vulnerability in Apache 1.3.29 and earlier, and ...)
 	NOT-FOR-US: apache/cygwin
 CVE-2004-0171 (FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote ...)
@@ -18873,7 +18883,7 @@
 	- python2.2 2.2.2
 CVE-2004-0148 (wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, ...)
 	{DSA-457}
-	- wu-ftpd 2.6.2-17.2
+	- wu-ftpd 2.6.2-17.1
 CVE-2004-0131 (The rad_print_request function in logger.c for GNU Radius daemon ...)
 	NOT-FOR-US: gnu radiusd, not in debian
 CVE-2004-0129 (Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 ...)
@@ -18894,8 +18904,10 @@
 	- apache2 2.0.52
 CVE-2004-0111 (gdk-pixbuf before 0.20 allows attackers to cause a denial of service ...)
 	{DSA-464}
+	- gdk-pixbuf 0.22.0-3
 CVE-2004-0108 (The isag utility, which processes sysstat data, allows local users to ...)
 	{DSA-460}
+	- sysstat 5.0.2-1
 CVE-2004-0099 (mksnap_ffs in FreeBSD 5.1 and 5.2 only sets the snapshot flag when ...)
 	NOT-FOR-US: freebsd
 CVE-2004-0096 (Unknown vulnerability in mod_python 2.7.9 allows remote attackers to ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2005-11-16 17:35:40 UTC (rev 2762)
+++ data/DSA/list	2005-11-16 18:04:03 UTC (rev 2763)
@@ -1721,57 +1721,70 @@
 	[woody] - kernel-image-2.4.17-hppa 32.3
 [29 Mar 2004] DSA-469 pam-pgsql - missing input sanitising
 	{CVE-2004-0366}
-	- pam-pgsql 0.5.2-7.1
+	[woody] - pam-pgsql 0.5.2-3woody2
 [24 Mar 2004] DSA-468 emil - several vulnerabilities
 	{CVE-2004-0152 CVE-2004-0153}
-	- emil 2.1.0-beta9-14
+	[woody] - emil 2.1.0-beta9-11woody1
 [23 Mar 2004] DSA-467 ecartis - several vulnerabilities
 	{CVE-2003-0781 CVE-2003-0782}
-	- ecartis 1.0.0+cvs.20030911
+	[woody] - ecartis 0.129a+1.0.0-snap20020514-1.2
 [18 Mar 2004] DSA-466 linux-kernel-2.2.10-powerpc-apus - failing function and TLB flush
 	{CVE-2004-0077}
-	NOTE: 2.2.10 not present. Did not check newer kernels.
+	[woody] - kernel-source-2.2.10 2.2.10-2
+	[woody] kernel-image-2.2.10-powerpc-apus 2.2.10-13woody1
 [17 Mar 2004] DSA-465 openssl - several vulnerabilities
 	{CVE-2004-0079 CVE-2004-0081}
-	- openssl 0.9.7d-1
-	NOTE: CVE-2004-0081 only affects 0.9.6.
-	NOTE: 0.9.7d also fixes CVE-2004-0112
-	- openssl 0.9.6l
-	- openssl096 0.9.6m-1
+	[woody] - openssl 0.9.6c-2.woody.6
+	[woody] - openssl094 0.9.6m-1 0.9.4-6.woody.4
+	[woody] - openssl095 0.9.6m-1 0.9.5a-6.woody.5
 [16 Mar 2004] DSA-464 gdk-pixbuf - broken image handling
 	{CVE-2004-0111}
-	- gdk-pixbuf 0.22.0-3
+	[woody] - gdk-pixbuf 0.17.0-2woody1
 [12 Mar 2004] DSA-463 samba - privilege escalation
 	{CVE-2004-0186}
-	- samba 3.0.2-2
+	[woody] - samba 2.2.3a-13
 [12 Mar 2004] DSA-462 xitalk - missing privilege release
 	{CVE-2004-0151}
-	- xitalk 1.1.11-11
+	[woody] - xitalk 1.1.11-9.1woody1
 [11 Mar 2004] DSA-461 calife - buffer overflow
 	{CVE-2004-0188}
-	[woody] - calife 2.8.4c-1woody1 (bug #235157)
+	[woody] - calife 2.8.4c-1woody1
 [10 Mar 2004] DSA-460 sysstat - insecure temporary file
 	{CVE-2004-0108}
-	- sysstat 5.0.2-1
+	[woody] - sysstat 5.0.1-1
 [10 Mar 2004] DSA-459 kdelibs - cookie path traversal
 	{CVE-2003-0592}
-	- kdelibs 4:3.1.3-1
+	[woody] - kdelibs 4:2.2.2-6woody3
+	[woody] - kdelibs-crypto 4:2.2.2-13.woody.9
 [08 Mar 2004] DSA-457 wu-ftpd - several vulnerabilities
 	{CVE-2004-0148 CVE-2004-0185}
-	- wu-ftpd 2.6.2-17.1
+	[woody] - wu-ftpd 2.6.2-3woody4
 [06 Mar 2004] DSA-456 linux-kernel-2.2.19-arm - failing function and TLB flush
 	{CVE-2004-0077}
-	NOTE: 2.2.19 not present. Did not check newer kernels.
+	[woody] - kernel-source-2.2.19 2.2.19.1-4woody1
+	[woody] - kernel-patch-2.2.19-arm 20040303
+	[woody] - kernel-image-2.2.19-netwinder 20040303
+	[woody] - kernel-image-2.2.19-riscpc 20040303
 [03 Mar 2004] DSA-455 libxml - buffer overflows
 	{CVE-2004-0110}
-	- libxml 1:1.8.17-5
-	- libxml2 2.6.6-1
+	[woody] - libxml 1.8.17-2woody1 
+	[woody] - libxml2 2.4.19-4woody1
 [02 Mar 2004] DSA-454 linux-kernel-2.2.22-alpha - failing function and TLB flush
 	{CVE-2004-0077}
-	NOTE: 2.2.22 not present. Did not check newer kernels.
+	[woody] - kernel-source-2.2.22 2.2.22-1woody1
+	[woody] - kernel-image-2.2.22-alpha 2.2.22-2
 [02 Mar 2004] DSA-453 linux-kernel-2.2.20-i386+m68k+powerpc - failing function and TLB flush
 	{CVE-2004-0077}
-	NOTE: 2.2.20 not present. Did not check newer kernels.
+        [woody] - kernel-source-2.2.20 2.2.20-5woody3
+        [woody] - kernel-image-2.2.20-i386 2.2.20-5woody5
+        [woody] - kernel-image-2.2.20-reiserfs-i386 2.2.20-4woody1
+        [woody] - kernel-image-2.2.20-amiga 2.20-4
+        [woody] - kernel-image-2.2.20-atari 2.2.20-3
+        [woody] - kernel-image-2.2.20-bvme6000 2.2.20-3
+        [woody] - kernel-image-2.2.20-mac 2.2.20-3
+        [woody] - kernel-image-2.2.20-mvme147 2.2.20-3
+        [woody] - kernel-image-2.2.20-mvme16x 2.2.20-3
+        [woody] - kernel-patch-2.2.20-powerpc 2.2.20-3woody1
 [29 Feb 2004] DSA-452 libapache-mod-python - denial of service
 	{CVE-2003-0973}
 	- libapache-mod-python 2:2.7.10-1

More information about the Secure-testing-commits mailing list