[Secure-testing-commits] r2766 - in data: CVE DSA
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Wed Nov 16 23:34:44 UTC 2005
Author: jmm-guest
Date: 2005-11-16 23:34:39 +0000 (Wed, 16 Nov 2005)
New Revision: 2766
Modified:
data/CVE/list
data/DSA/list
Log:
convert another month of DSAs to the new format
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-11-16 22:40:58 UTC (rev 2765)
+++ data/CVE/list 2005-11-16 23:34:39 UTC (rev 2766)
@@ -15402,6 +15402,7 @@
NOT-FOR-US: general MIME bug with security gateways
CVE-2004-0158 (Buffer overflow in lbreakout2 allows local users to gain 'games' group ...)
{DSA-445}
+ - lbreakout2 2.4
CVE-2004-0157 (x11.c in xonix 1.4 and earlier uses the current working directory to ...)
{DSA-484}
- xonix 1.4-21
@@ -15423,6 +15424,7 @@
- xitalk 1.1.11-11
CVE-2004-0149 (Multiple buffer overflows in xboing before 2.4 allow local users to ...)
{DSA-451}
+ - xboing 2.4-26.1 (bug #174924)
CVE-2004-0147
RESERVED
CVE-2004-0146
@@ -15489,12 +15491,16 @@
- sysstat 5.0.2-1
CVE-2004-0106 (Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to ...)
{DSA-443}
+ - xfree86 4.3.0-2
CVE-2004-0105 (Multiple buffer overflows in Metamail 2.7 and earlier allow remote ...)
{DSA-449}
+ - metamail 2.7-45.2
CVE-2004-0104 (Multiple format string vulnerabilities in Metamail 2.7 and earlier ...)
{DSA-449}
+ - metamail 2.7-45.2
CVE-2004-0103 (crawl before 4.0.0 beta23 does not properly "apply a size check" when ...)
{DSA-432}
+ - crawl 1:4.0.0beta26-4
CVE-2004-0102
RESERVED
CVE-2004-0101
@@ -15505,6 +15511,7 @@
RESERVED
CVE-2004-0097 (Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers ...)
{DSA-448}
+ - pwlib 1.5.2-4
CVE-2004-0092 (Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and ...)
NOT-FOR-US: Safari
CVE-2004-0091 (** DISPUTED ** ...)
@@ -15521,8 +15528,10 @@
NOT-FOR-US: MacOS
CVE-2004-0084 (Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to ...)
{DSA-443}
+ - xfree86 4.3.0-2
CVE-2004-0083 (Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 ...)
{DSA-443}
+ - xfree86 4.3.0-2
CVE-2004-0081 (OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message ...)
{DSA-465}
- openssl <not-affected> (Not affected per DSA-465)
@@ -15580,6 +15589,7 @@
RESERVED
CVE-2004-0047 (Multiple programs in trr19 1.0 do not properly drop privileges before ...)
{DSA-430}
+ - trr19 1.0beta5-17.1 (bug #264702)
CVE-2004-0046 (Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows ...)
NOT-FOR-US: SnapStream PVS LITE
CVE-2004-0043 (Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier ...)
@@ -15643,6 +15653,7 @@
- gaim 1:0.75-2
CVE-2004-0005 (Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause ...)
{DSA-434}
+ - gaim 1:0.75-2
CVE-2004-0003 (Unknown vulnerability in Linux kernel before 2.4.22 allows local users ...)
{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
- kernel-source-2.4.27 2.4.27-1
@@ -15805,6 +15816,7 @@
NOT-FOR-US: Applied Watch Command Center
CVE-2003-0973 (Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x ...)
{DSA-452}
+ - libapache-mod-python 2:2.7.10-1
CVE-2003-0972 (Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, ...)
{DSA-408}
- screen 4.0.2-0.1
@@ -15821,6 +15833,7 @@
NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control
CVE-2003-0965 (Cross-site scripting (XSS) vulnerability in the admin CGI script for ...)
{DSA-436}
+ - mailman 2.1.4-1
CVE-2003-0964
REJECTED
CVE-2003-0963 (Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for ...)
@@ -15829,8 +15842,7 @@
{DSA-404}
CVE-2003-0961 (Integer overflow in the do_brk function for the brk system call in ...)
{DSA-475 DSA-470 DSA-450 DSA-442 DSA-440 DSA-439 DSA-433 DSA-423 DSA-417 DSA-403}
- - kernel-source-2.4.27 2.4.27-1
- NOTE: fixed in 2.4.23-pre7
+ - kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.23-pre7)
CVE-2003-0960 (OpenCA before 0.9.1.4 does not use the correct certificate in a chain ...)
NOT-FOR-US: OpenCA
CVE-2003-0959
@@ -16395,6 +16407,7 @@
RESERVED
CVE-2003-0690 (KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred ...)
{DSA-443 DSA-388}
+ - xfree86 4.3.0-0pre1v2
CVE-2003-0689 (The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows ...)
- glibc 2.2.5
CVE-2003-0688 (The DNS map code in Sendmail 8.12.8 and earlier, when using the ...)
@@ -16537,6 +16550,7 @@
NOTE: fixed in 2.4.21-pre3
CVE-2003-0618 (Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local ...)
{DSA-431}
+ - perl 5.8.3-3
CVE-2003-0617 (mindi 0.58 and earlier does not properly create temporary files, which ...)
{DSA-362}
CVE-2003-0616 (Format string vulnerability in ePO service for McAfee ePolicy ...)
@@ -17073,6 +17087,7 @@
NOT-FOR-US: ICQLite
CVE-2003-0364 (The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows ...)
{DSA-442 DSA-336 DSA-332 DSA-311}
+ - kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21-rc6)
CVE-2003-0363 (Format string vulnerability in LICQ 1.2.6, 1.0.3 and possibly other ...)
- licq 1.2-7-1
CVE-2003-0362 (Buffer overflow in gPS before 0.10.2 may allow local users to cause a ...)
@@ -17319,14 +17334,18 @@
RESERVED
CVE-2003-0248 (The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU ...)
{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
+ - kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.22-pre10)
CVE-2003-0247 (Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows ...)
{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
+ - kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21-rc4)
CVE-2003-0246 (The ioperm system call in Linux kernel 2.4.20 and earlier does not ...)
{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
+ - kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21-rc4)
CVE-2003-0245 (Vulnerability in the apr_psprintf function in the Apache Portable ...)
- apache2 2.0.46
CVE-2003-0244 (The route cache implementation in Linux 2.4, and the Netfilter IP ...)
{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
+ - kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21-rc2)
CVE-2003-0243 (Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to execute ...)
NOT-FOR-US: Happycgi.com Happymall
CVE-2003-0242 (IPSec in Mac OS X before 10.2.6 does not properly handle certain ...)
@@ -17647,6 +17666,7 @@
NOTE: nothing in changelogs
CVE-2003-0038 (Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 ...)
{DSA-436}
+ - mailman 2.1.1-1
CVE-2003-0037 (Buffer overflows in noffle news server 1.0.1 and earlier allow remote ...)
{DSA-244}
CVE-2003-0036 (ml85p, as included in the printer-drivers package for Mandrake Linux, ...)
@@ -17684,6 +17704,7 @@
RESERVED
CVE-2003-0001 (Multiple ethernet Network Interface Card (NIC) device drivers do not ...)
{DSA-442 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311}
+ - kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21-pre5)
CVE-2002-1583 (Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal ...)
NOT-FOR-US: IBM DB2
CVE-2002-1582 (compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail ...)
@@ -18878,8 +18899,10 @@
NOT-FOR-US: os x
CVE-2004-0160 (Synaesthesia 2.2 and earlier allows local users to execute arbitrary ...)
{DSA-446}
+ - synaesthesia <not-affected> (synaesthesia no longer setuid)
CVE-2004-0159 (Format string vulnerability in hsftp 1.11 allows remote authenticated ...)
{DSA-447}
+ - hsftp 1.15-1
CVE-2004-0150 (Buffer overflow in the getaddrinfo function in Python 2.2 before ...)
{DSA-458-3}
- python2.2 2.2.2
@@ -18918,8 +18941,10 @@
NOT-FOR-US: mcafee
CVE-2004-0094 (Integer signedness errors in XFree86 4.1.0 allow remote attackers to ...)
{DSA-443}
+ - xfree86 4.2.1-6
CVE-2004-0093 (XFree86 4.1.0 allows remote attackers to cause a denial of service and ...)
{DSA-443}
+ - xfree86 4.2.1-6
CVE-2004-0089 (Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and 10.2.x ...)
NOT-FOR-US: os x
CVE-2004-0082 (The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and ...)
@@ -18932,6 +18957,7 @@
TODO: test
CVE-2004-0077 (The do_mremap function for the mremap system call in Linux 2.2 to ...)
{DSA-514 DSA-475 DSA-470 DSA-466 DSA-456 DSA-454 DSA-453 DSA-450 DSA-444 DSA-442 DSA-441 DSA-440 DSA-439 DSA-438}
+ - kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.26-pre3)
- kernel-source-2.2.20 <removed>
CVE-2004-0075 (The Vicam USB driver in Linux before 2.4.25 does not use the ...)
- kernel-source-2.4.24 2.4.24-3
@@ -19001,8 +19027,7 @@
- kdepim 4:3.1.5-1
CVE-2003-0985 (The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21 ...)
{DSA-475 DSA-470 DSA-450 DSA-442 DSA-440 DSA-439 DSA-427 DSA-423 DSA-417 DSA-413}
- - kernel-source-2.4.27 2.4.27-1
- NOTE: fixed in 2.4.24-rc1
+ - kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.24-rc1)
CVE-2003-0969 (mpg321 0.2.10 allows remote attackers to overwrite memory and possibly ...)
{DSA-411}
- mpg321 0.2.10.3
@@ -20132,6 +20157,7 @@
CVE-2002-0431 (XTux allows remote attackers to cause a denial of service (CPU ...)
CVE-2002-0429 (The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 ...)
{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
+ - kernel-source-2.2.20 <removed>
CVE-2002-0425 (mIRC DCC server protocol allows remote attackers to gain sensitive ...)
CVE-2002-0424 (efingerd 1.61 and earlier, when configured without the -u option, ...)
CVE-2002-0423 (Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61, ...)
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2005-11-16 22:40:58 UTC (rev 2765)
+++ data/DSA/list 2005-11-16 23:34:39 UTC (rev 2766)
@@ -1787,81 +1787,83 @@
[woody] - kernel-patch-2.2.20-powerpc 2.2.20-3woody1
[29 Feb 2004] DSA-452 libapache-mod-python - denial of service
{CVE-2003-0973}
- - libapache-mod-python 2:2.7.10-1
+ [woody] - libapache-mod-python 2:2.7.8-0.0woody2
[27 Feb 2004] DSA-451 xboing - buffer overflows
{CVE-2004-0149}
- - xboing 2.4-26.1 (bug #174924)
+ [woody] - xboing 2.4-26woody1
[27 Feb 2004] DSA-450 linux-kernel-2.4.19-mips - several vulnerabilities
{CVE-2003-0961 CVE-2003-0985 CVE-2004-0077}
- NOTE: 2.4.19 not present. Did not check newer kernels.
+ [woody] - kernel-source-2.4.19 2.4.19-0.020911.1.woody3
+ [woody] - kernel-patch-2.4.19-mips 2.4.19-4.woody1
[24 Feb 2004] DSA-449 metamail - buffer overflow, format string bugs
{CVE-2004-0104 CVE-2004-0105}
- - metamail 2.7-45.2
+ [woody] - metamail 2.7-45woody.2
[22 Feb 2004] DSA-448 pwlib - several vulnerabilities
{CVE-2004-0097}
- - pwlib 1.5.2-4
+ [woody] - pwlib 1.2.5-5woody1
[22 Feb 2004] DSA-447 hsftp - format string
{CVE-2004-0159}
- - hsftp 1.15-1
+ [woody] - hsftp 1.11-1woody1
[21 Feb 2004] DSA-446 synaesthesia - insecure file creation
{CVE-2004-0160}
- NOTE: DSA notes not setuid anymore so ok
+ [woody] - synaesthesia 2.1-2.1woody1
[21 Feb 2004] DSA-445 lbreakout2 - buffer overflow
{CVE-2004-0158}
- - lbreakout2 2.4
+ [woody] - lbreakout2 2.2.2-1woody1
[20 Feb 2004] DSA-444 linux-kernel-2.4.17-ia64 - missing function return value check
{CVE-2004-0077}
- NOTE: 2.4.17 not present. Did not check newer kernels.
+ [woody] - kernel-image-2.4.17-ia64 011226.16
[19 Feb 2004] DSA-443 xfree86 - several vulnerabilities
- {CVE-2003-0690}
- - xfree86 4.3.0-0pre1v2
- {CVE-2004-0083 CVE-2004-0084 CVE-2004-0106}
- - xfree86 4.3.0-1
- {CVE-2004-0093 CVE-2004-0094}
- - xfree86 4.2.1-6
+ {CVE-2003-0690 CVE-2004-0083 CVE-2004-0084 CVE-2004-0106 CVE-2004-0093 CVE-2004-0094}
+ [woody] - xfree86 4.1.0-16woody3
[19 Feb 2004] DSA-442 linux-kernel-2.4.17-s390 - several vulnerabilities
{CVE-2003-0001 CVE-2003-0244 CVE-2003-0246 CVE-2003-0247 CVE-2003-0248 CVE-2003-0364 CVE-2003-0961 CVE-2003-0985 CVE-2004-0077 CVE-2002-0429}
- NOTE: 2.4.17 not present. Did not check newer kernels.
+ [woody] - kernel-patch-2.4.17-s390 0.0.20020816-0.woody.2
+ [woody] - kernel-image-2.4.17-s390 2.4.17-2.woody.3
[18 Feb 2004] DSA-441 linux-kernel-2.4.17-mips+mipsel - missing function return value check
{CVE-2004-0077}
- NOTE: 2.4.17 not present. Did not check newer kernels.
+ [woody] - kernel-patch-2.4.17-mips 2.4.17-0.020226.2.woody5
[18 Feb 2004] DSA-440 linux-kernel-2.4.17-powerpc-apus - several vulnerabilities
{CVE-2003-0961 CVE-2003-0985 CVE-2004-0077}
- NOTE: 2.4.17 not present. Did not check newer kernels.
+ [woody] - kernel-source-2.4.17 2.4.17-4
+ [woody] - kernel-patch-2.4.17-apus 2.4.17-4
[18 Feb 2004] DSA-439 linux-kernel-2.4.16-arm - several vulnerabilities
{CVE-2003-0961 CVE-2003-0985 CVE-2004-0077}
- NOTE: 2.4.16 not present. Did not check newer kernels.
+ [woody] - kernel-image-2.4.16-lart 2.4.16-20040204
+ [woody] - kernel-image-2.4.16-netwinder 2.4.16-20040204
+ [woody] - kernel-image-2.4.16-riscpc 2.4.16-20040204
+ [woody] - kernel-patch-2.4.16-arm 20040204
[18 Feb 2004] DSA-438 linux-kernel-2.4.18-alpha+i386+powerpc - missing function return value check
{CVE-2004-0077}
- NOTE: 2.4.17 not present. Did not check newer kernels.
+ [woody] - kernel-source-2.4.18 2.4.18-14.2
+ [woody] - kernel-image-2.4.18-1-alpha 2.4.18-14
+ [woody] - kernel-image-2.4.18-1-i386 2.4.18-12.2
+ [woody] - kernel-image-2.4.18-i386bf 2.4.18-5woody7
+ [woody] - kernel-patch-2.4.18-powerpc 2.4.18-1woody4
[11 Feb 2004] DSA-437 cgiemail - open mail relay
{CVE-2002-1575}
- - cgiemail 1.6-20
+ [woody] - cgiemail 1.6-14woody1
[08 Feb 2004] DSA-436 mailman - several vulnerabilities
- {CVE-2003-0991}
- NOTE: apparently specific to mailman 2.0, not 2.1
- {CVE-2003-0965}
- - mailman 2.1.4-1
- {CVE-2003-0038}
- - mailman 2.1.1-1
+ {CVE-2003-0991 CVE-2003-0965 CVE-2003-0038}
+ [woody] - mailman 2.0.11-1woody7
[06 Feb 2004] DSA-435 mpg123 - heap overflow
{CVE-2003-0865}
- - mpg123 0.59r-15
+ [woody] - mpg123 0.59r-13woody2
[05 Feb 2004] DSA-434 gaim - several vulnerabilities
{CVE-2004-0005 CVE-2004-0006 CVE-2004-0007 CVE-2004-0008}
- - gaim 1:0.75-2
+ [woody] - gaim 0.58-2.4
[04 Feb 2004] DSA-433 kernel-patch-2.4.17-mips - integer overflow
{CVE-2003-0961}
- NOTE: 2.4.17 not present. Did not check newer kernels.
+ [woody] - kernel-patch-2.4.17-mips 2.4.17-0.020226.2.woody4
[03 Feb 2004] DSA-432 crawl - buffer overflow
{CVE-2004-0103}
- - crawl 1:4.0.0beta26-4
+ [woody] - crawl 4.0.0beta23-2woody1
[01 Feb 2004] DSA-431 perl - information leak
{CVE-2003-0618}
- - perl 5.8.3-3
+ [woody] - perl 5.6.1-8.6
[28 Jan 2004] DSA-430 trr19 - missing privilege release
{CVE-2004-0047}
- - trr19 1.0beta5-17.1 (bug #264702)
+ [woody] - trr19 1.0beta5-15woody1
[26 Jan 2004] DSA-429 gnupg - cryptographic weakness
{CVE-2003-0971}
- gnupg 1.2.4-1
More information about the Secure-testing-commits
mailing list