[Secure-testing-commits] r2815 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Mon Nov 21 18:43:36 UTC 2005 

Author: jmm-guest
Date: 2005-11-21 18:43:31 +0000 (Mon, 21 Nov 2005)
New Revision: 2815

Modified:
   data/CVE/list
   data/DSA/list
Log:
net netpbm dsa, update on old glibc issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-11-21 16:10:03 UTC (rev 2814)
+++ data/CVE/list	2005-11-21 18:43:31 UTC (rev 2815)
@@ -268,7 +268,6 @@
 	NOT-FOR-US: Ekinboard
 CVE-2005-3637
 	REJECTED
-	NOT-FOR-US: Antville 
 CVE-2005-3636 (Cross-site scripting (XSS) vulnerability in SAP Web Application Server ...)
 	NOT-FOR-US: SAP Web Application Server
 CVE-2005-3635 (Multiple cross-site scripting (XSS) vulnerabilities in SAP Web ...)
@@ -277,8 +276,10 @@
 	NOT-FOR-US: SAP Web Application Server
 CVE-2005-3633 (HTTP response splitting vulnerability in frameset.htm in SAP Web ...)
 	NOT-FOR-US: SAP Web Application Server
-CVE-2005-3632
+CVE-2005-3632 [buffer overflows in netpbm's pnmtopng]
 	RESERVED
+	- netpbm-free 10.0-11
+	TODO: Check, whether this is the same as CVE-2005-3662
 CVE-2005-3631
 	RESERVED
 CVE-2005-3630
@@ -12289,8 +12290,9 @@
 CVE-2004-1454 (Cisco IOS 12.0S, 12.2, and 12.3, with Open Shortest Path First (OSPF) ...)
 	NOT-FOR-US: Cisco
 CVE-2004-1453 (GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, ...)
+	- glibc 2.3.5 (bug #272210; low)
 	NOTE: according to GOTO Masanori this is not a security problem
-	NOTE: see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=272210
+	NOTE: Not exactly sure, which version fixed it, but we play safe with the current
 CVE-2004-1452 (Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions ...)
 	NOT-FOR-US: Gentoo specific
 CVE-2004-1451 (Mozilla before 1.6 does not display the entire URL in the status bar ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2005-11-21 16:10:03 UTC (rev 2814)
+++ data/DSA/list	2005-11-21 18:43:31 UTC (rev 2815)
@@ -1,3 +1,8 @@
+[21 Nov 2005] DSA-904-1 netpbm-free - buffer overflows
+	{CVE-2005-3632}
+	[woody] - netpbm-free 9.20-8.5
+	[sarge] - netpbm-free 10.0-8sarge2
+	NOTE: not fixed in testing at time of DSA (unfixed in sid)
 [21 Nov 2005] DSA-903-1 unzip - race condition
 	{CVE-2005-2475}
 	[woody] - unzip 5.50-1woody4

More information about the Secure-testing-commits mailing list