[Secure-testing-commits] r2785 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Fri Nov 18 15:01:59 UTC 2005 

Author: jmm-guest
Date: 2005-11-18 15:01:54 +0000 (Fri, 18 Nov 2005)
New Revision: 2785

Modified:
   data/CVE/list
   data/DSA/list
Log:
more DSA conversions


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-11-18 10:31:04 UTC (rev 2784)
+++ data/CVE/list	2005-11-18 15:01:54 UTC (rev 2785)
@@ -16273,6 +16273,7 @@
 	NOTE: show the beaviour described in http://www.securitytracker.com/alerts/2004/Jan/1008628.html
 CVE-2004-0041 (mod-auth-shadow 1.4 and earlier does not properly enforce the ...)
 	{DSA-421}
+	- mod-auth-shadow 1.4-1
 CVE-2004-0039 (Multiple format string vulnerabilities in HTTP Application ...)
 	NOT-FOR-US: Check Point Firewall
 CVE-2004-0038 (McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 ...)
@@ -16395,6 +16396,7 @@
 	NOT-FOR-US: solaris
 CVE-2003-1023 (Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c ...)
 	{DSA-424}
+	- mc 1:4.6.0-4.6.1-pre1-1
 CVE-2003-1021 (The scosession program in OpenServer 5.0.6 and 5.0.7 allows local ...)
 	NOT-FOR-US: SCO
 CVE-2003-1020 (The format_send_to_gui function in formats.c for irssi before 0.8.9 ...)
@@ -16495,6 +16497,7 @@
 	- screen 4.0.2-0.1
 CVE-2003-0971 (GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal ...)
 	{DSA-429}
+	- gnupg 1.2.4-1
 CVE-2003-0970 (The Network Management Port on Sun Fire B1600 systems allows remote ...)
 	NOT-FOR-US: Sun Fire B1600
 CVE-2003-0968 (Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb ...)
@@ -17366,13 +17369,13 @@
 	NOT-FOR-US: Netscape
 CVE-2003-0552 (Linux 2.4.x allows remote attackers to spoof the bridge Forwarding ...)
 	{DSA-423 DSA-358}
-	NOTE: fixed in 2.4.22-pre3
+	- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre3)
 CVE-2003-0551 (The STP protocol implementation in Linux 2.4.x does not properly ...)
 	{DSA-423 DSA-358}
-	NOTE: fixed in 2.4.22-pre3
+	- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre3)
 CVE-2003-0550 (The STP protocol, as enabled in Linux 2.4.x, does not provide ...)
 	{DSA-423 DSA-358}
-	NOTE: fixed in 2.4.22-pre3
+	- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre3)
 CVE-2003-0549 (The X Display Manager Control Protocol (XDMCP) support for GDM before ...)
 	- gdm 2.4.1.5
 CVE-2003-0548 (The X Display Manager Control Protocol (XDMCP) support for GDM before ...)
@@ -17474,7 +17477,7 @@
 	NOT-FOR-US: Apple Quicktime
 CVE-2003-0501 (The /proc filesystem in Linux allows local users to obtain sensitive ...)
 	{DSA-423 DSA-358}
-	NOTE: fixed in 2.4.22-pre10
+	- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre10)
 CVE-2003-0500 (SQL injection vulnerability in the PostgreSQL authentication module ...)
 	{DSA-338}
 CVE-2003-0499 (Mantis 0.17.5 and earlier stores its database password in cleartext in ...)
@@ -17525,7 +17528,7 @@
 	- wzdftpd 0.2
 CVE-2003-0476 (The execve system call in Linux 2.4.x records the file descriptor of ...)
 	{DSA-423 DSA-358}
-	NOTE: fixed in 2.4.22-pre4
+	- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre4)
 CVE-2003-0475 (Directory traversal vulnerability in iWeb Server 2 allows remote ...)
 	NOT-FOR-US: iWeb server
 CVE-2003-0474 (Directory traversal vulnerability in iWeb Server allows remote ...)
@@ -17560,8 +17563,10 @@
 	RESERVED
 CVE-2003-0462 (A race condition in the way env_start and env_end pointers are ...)
 	{DSA-423 DSA-358}
+	- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre10)
 CVE-2003-0461 (/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of ...)
 	{DSA-423 DSA-358}
+	TODO: Check
 CVE-2003-0460 (The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 ...)
 	NOT-FOR-US: apache for win and os/2
 CVE-2003-0459 (KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication ...)
@@ -18248,7 +18253,7 @@
 	- evolution 1.2.3
 CVE-2003-0127 (The kernel module loader in Linux kernel 2.2.x before 2.2.25, and ...)
 	{DSA-495 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311 DSA-276 DSA-270}
-	TODO: Map this on current kernels
+	- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive, in 2.4.21)
 CVE-2003-0126 (The web interface for SOHO Routefinder 550 firmware 4.63 and earlier, ...)
 	NOT-FOR-US: SOHO Routefinder 550 firmware
 CVE-2003-0121 (Clearswift MAILsweeper 4.x allows remote attackers to bypass ...)
@@ -19664,6 +19669,7 @@
 	NOT-FOR-US: phpgedview, not in debian
 CVE-2004-0028 (jitterbug 1.6.2 does not properly sanitize inputs, which allows remote ...)
 	{DSA-420}
+	- jitterbug 1.6.2-4.5
 CVE-2004-0016 (The calendar module for phpgroupware 0.9.14 does not enforce the &quot;save ...)
 	{DSA-419}
 CVE-2004-0015 (vbox3 0.1.8 and earlier does not properly drop privileges before ...)
@@ -19857,7 +19863,7 @@
 	NOT-FOR-US: redhat 8.0 only
 CVE-2003-0018 (Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the ...)
 	{DSA-423 DSA-358}
-	NOTE: fixed after 2.6/2.4.21 kernel
+	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; in 2.4.21)
 CVE-2003-0017 (Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers ...)
 	NOT-FOR-US: apache on windows
 CVE-2003-0016 (Apache before 2.0.44, when running on unpatched Windows 9x and Me ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2005-11-18 10:31:04 UTC (rev 2784)
+++ data/DSA/list	2005-11-18 15:01:54 UTC (rev 2785)
@@ -1880,16 +1880,16 @@
 	[woody] - trr19 1.0beta5-15woody1
 [26 Jan 2004] DSA-429 gnupg - cryptographic weakness
 	{CVE-2003-0971}
-	- gnupg 1.2.4-1
+	[woody] - gnupg 1.0.6-4woody1
 [20 Jan 2004] DSA-428 slocate - buffer overflow
 	{CVE-2003-0848}
-	- slocate 2.7-3
+	[woody] - slocate 2.6-1.3.2
 [19 Jan 2004] DSA-427 linux-kernel-2.4.17-mips+mipsel - missing boundary check
 	{CVE-2003-0985}
-	NOTE: 2.4.17 not present. Did not check newer kernels.
+	[woody] - kernel-patch-2.4.17-mips 2.4.17-0.020226.2.woody3
 [18 Jan 2004] DSA-426 netpbm-free - insecure temporary files
 	{CVE-2003-0924}
-	- netpbm-free 2:9.25-9
+	[woody] - netpbm-free 2:9.20-8.4
 [16 Jan 2004] DSA-425 tcpdump - multiple vulnerabilities
 	{CVE-2003-1029 CVE-2003-0989 CVE-2004-0055 CVE-2004-0057}
 	TODO: No idea if this is fixed, we have a new upstream version
@@ -1898,18 +1898,18 @@
 	NOTE: Mailed maintainer.
 [16 Jan 2004] DSA-424 mc - buffer overflow
 	{CVE-2003-1023}
-	- mc 1:4.6.0-4.6.1-pre1-1
+	[woody]	- mc 4.5.55-1.2woody2
 [15 Jan 2004] DSA-423 linux-kernel-2.4.17-ia64 - several vulnerabilities
 	{CVE-2003-0001 CVE-2003-0018 CVE-2003-0127 CVE-2003-0461 CVE-2003-0462 CVE-2003-0476 CVE-2003-0501 CVE-2003-0550 CVE-2003-0551 CVE-2003-0552 CVE-2003-0961 CVE-2003-0985}
-	NOTE: 2.4.17 not present. Did not check newer kernels.
+	[woody] - kernel-image-2.4.17-ia64 kernel-image-2.4.17-ia64
 [13 Jan 2004] DSA-422 cvs - remote vulnerability
-	- cvs 1:1.11.11
+	[woody]	- cvs 1.11.11
 [12 Jan 2004] DSA-421 mod-auth-shadow - password expiration
 	{CVE-2004-0041}
-	- mod-auth-shadow 1.4-1
+	[woody]	- mod-auth-shadow 1.3-3.1woody.1
 [12 Jan 2004] DSA-420 jitterbug - improperly sanitised input
 	{CVE-2004-0028}
-	- jitterbug 1.6.2-4.5
+	[woody] - jitterbug 1.6.2-4.2woody2
 [09 Jan 2004] DSA-419 phpgroupware - missing filename sanitising, SQL injection
 	{CVE-2004-0016 CVE-2004-0017}
 	- phpgroupware 0.9.14.007-4

More information about the Secure-testing-commits mailing list