[Secure-testing-commits] r2825 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Tue Nov 22 11:45:49 UTC 2005 

Author: jmm-guest
Date: 2005-11-22 11:45:44 +0000 (Tue, 22 Nov 2005)
New Revision: 2825

Modified:
   data/CVE/list
   data/DSA/list
Log:
convert october 2003 to the new dsa format


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-11-22 10:19:43 UTC (rev 2824)
+++ data/CVE/list	2005-11-22 11:45:44 UTC (rev 2825)
@@ -16819,6 +16819,7 @@
 	- perl 5.8.2
 CVE-2003-0899 (Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 ...)
 	{DSA-396}
+	- thttpd 2.23beta1-2.3
 CVE-2003-0898 (IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, ...)
 	NOT-FOR-US: IBM DB2
 CVE-2003-0897 ("Shatter" vulnerability in CommCtl32.dll in Windows XP may allow local ...)
@@ -16890,6 +16891,7 @@
 	REJECTED
 CVE-2003-0866 (The Catalina org.apache.catalina.connector.http package in Tomcat ...)
 	{DSA-395}
+	- tomcat4 4.1.24-2
 CVE-2003-0865 (Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r ...)
 	{DSA-435}
 	- mpg123 0.59r-15
@@ -17568,10 +17570,16 @@
 	NOT-FOR-US: up2date
 CVE-2003-0545 (Double-free vulnerability in OpenSSL 0.9.7 allows remote attackers to ...)
 	{DSA-394 DSA-393}
+	- openssl 0.9.7c
+	- openssl096 0.9.6k
 CVE-2003-0544 (OpenSSL 0.9.6 and 0.9.7 does not properly track the number of ...)
 	{DSA-394 DSA-393}
+	- openssl 0.9.7c
+	- openssl096 0.9.6k
 CVE-2003-0543 (Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to ...)
 	{DSA-394 DSA-393}
+	- openssl 0.9.7c
+	- openssl096 0.9.6k
 CVE-2003-0542 (Multiple stack-based buffer overflows in (1) mod_alias and (2) ...)
 	- apache2 2.0.48
 	- apache 1.3.29
@@ -18616,7 +18624,7 @@
 	- stunnel 2:3.24-1
 CVE-2002-1562 (Directory traversal vulnerability in thttpd, when using virtual ...)
 	{DSA-396}
-	- thttpd 2.23beta1-2.3
+	- thttpd 2.23beta1-2.3 (bug #216677)
 CVE-2002-1561 (The RPC component in Windows 2000, Windows NT 4.0, and Windows XP ...)
 	NOT-FOR-US: microsoft
 CVE-2002-1559 (Directory traversal vulnerability in ion-p.exe (aka ion-p) allows ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2005-11-22 10:19:43 UTC (rev 2824)
+++ data/DSA/list	2005-11-22 11:45:44 UTC (rev 2825)
@@ -2007,20 +2007,16 @@
 	[woody] - postgresql 7.2.1-2woody4
 [29 Oct 2003] DSA-396 thttpd - missing input sanitizing, wrong calculation
 	{CVE-2002-1562 CVE-2003-0899}
-	- thttpd 2.23beta1-2.3 (bug #216677)
+	[woody] - thttpd 2.21b-11.2
 [15 Oct 2003] DSA-395 tomcat4 - incorrect input handling
 	{CVE-2003-0866}
-	- tomcat4 4.1.24-2
-	NOTE: another RC (unreproducible?) bug and missing deps (#263201)
-	NOTE: are keeping the fix out of testing
+	[woody] - tomcat4 4.0.3-3woody3
 [11 Oct 2003] DSA-394 openssl095 - ASN.1 parsing vulnerability
 	{CVE-2003-0543 CVE-2003-0544 CVE-2003-0545}
-	- openssl 0.9.7c
-	- openssl096 0.9.6k
+	[woody] - openssl095 0.9.5a-6.woody.3
 [01 Oct 2003] DSA-393 openssl - denial of service
 	{CVE-2003-0543 CVE-2003-0544 CVE-2003-0545}
-	- openssl 0.9.7c
-	- openssl096 0.9.6k
+	[woody] - openssl 0.9.6c-2.woody.4
 [29 Sep 2003] DSA-392 webfs - buffer overflows, file and directory exposure
 	{CVE-2003-0832 CVE-2003-0833}
 	- webfs 1.20

More information about the Secure-testing-commits mailing list