[Secure-testing-commits] r2842 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Wed Nov 23 14:15:32 UTC 2005 

Author: jmm-guest
Date: 2005-11-23 14:15:28 +0000 (Wed, 23 Nov 2005)
New Revision: 2842

Modified:
   data/CVE/list
   data/DSA/list
Log:
convert aug 2003 to the new DSA format


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-11-23 12:28:48 UTC (rev 2841)
+++ data/CVE/list	2005-11-23 14:15:28 UTC (rev 2842)
@@ -17099,20 +17099,27 @@
 	- ecartis 1.0.0+cvs.20030911
 CVE-2003-0780 (Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL ...)
 	{DSA-381}
+	- mysql-dfsg 4.0.15-1
 CVE-2003-0779 (SQL injection vulnerability in the Call Detail Record (CDR) logging ...)
 	- asterisk 0.7.0
 CVE-2003-0778 (saned in sane-backends 1.0.7 and earlier, and possibly later versions, ...)
 	{DSA-379}
+	- sane-backends 1.0.11-1
 CVE-2003-0777 (saned in sane-backends 1.0.7 and earlier, when debug messages are ...)
 	{DSA-379}
+	- sane-backends 1.0.11-1
 CVE-2003-0776 (saned in sane-backends 1.0.7 and earlier does not properly "check the ...)
 	{DSA-379}
+	- sane-backends 1.0.11-1
 CVE-2003-0775 (saned in sane-backends 1.0.7 and earlier calls malloc with an ...)
 	{DSA-379}
+	- sane-backends 1.0.11-1
 CVE-2003-0774 (saned in sane-backends 1.0.7 and earlier does not quickly handle ...)
 	{DSA-379}
+	- sane-backends 1.0.11-1
 CVE-2003-0773 (saned in sane-backends 1.0.7 and earlier does not check the IP address ...)
 	{DSA-379}
+	- sane-backends 1.0.11-1
 CVE-2003-0772 (Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated ...)
 	NOT-FOR-US: WS_FTP server
 CVE-2003-0771 (Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary ...)
@@ -17202,6 +17209,7 @@
 	NOT-FOR-US: cisco
 CVE-2003-0730 (Multiple integer overflows in the font libraries for XFree86 4.3.0 ...)
 	{DSA-380}
+	- xfree86 4.2.1-12
 CVE-2003-0729 (Buffer overflow in Tellurian TftpdNT 1.8 allows remote attackers to ...)
 	NOT-FOR-US: tellurian tftpdNT
 CVE-2003-0728 (Horde before 2.2.4 allows remote malicious web sites to steal session ...)
@@ -17250,8 +17258,10 @@
 	{DSA-375}
 CVE-2003-0706 (Unknown vulnerability in mah-jong 1.5.6 and earlier allows remote ...)
 	{DSA-378}
+	- mah-jong 1.5.6-2
 CVE-2003-0705 (Buffer overflow in mah-jong 1.5.6 and earlier allows remote attackers ...)
 	{DSA-378}
+	- mah-jong 1.5.6-2
 CVE-2003-0704 (KisMAC before 0.05d trusts user-supplied variables when chown'ing ...)
 	NOT-FOR-US: KisMAC for Mac OS X
 CVE-2003-0703 (KisMAC before 0.05d trusts user-supplied variables to load arbitrary ...)
@@ -17273,11 +17283,15 @@
 	NOT-FOR-US: AIX
 CVE-2003-0695 (Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow ...)
 	{DSA-383 DSA-382}
+	- openssh 1:3.7.1
+	TODO: openssh-krb5: Screwy changelog does not make sense. Filed bug.
 CVE-2003-0694 (The prescan function in Sendmail 8.12.9 allows remote attackers to ...)
 	{DSA-384}
+	- sendmail 8.12.10-1
 CVE-2003-0693 (A "buffer management error" in buffer_append_space of buffer.c for ...)
 	{DSA-383 DSA-382}
 	- openssh 1:3.6.1p2-6.0
+	TODO: openssh-krb5: Screwy changelog does not make sense. Filed bug.
 CVE-2003-0692 (KDM in KDE 3.1.3 and earlier uses a weak session cookie generation ...)
 	{DSA-388}
 	- kdebase 4:3.2
@@ -17304,8 +17318,10 @@
 CVE-2003-0682 ("Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a ...)
 	{DSA-383 DSA-382}
 	- openssh 1:3.6.1p2-9
+	TODO: ssh-krb5: Screwy changelog does not make sense. Filed bug.
 CVE-2003-0681 (A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, ...)
 	{DSA-384}
+	- sendmail 8.12.10-1
 CVE-2003-0680 (Unknown vulnerability in NFS for SGI IRIX 6.5.21 and earlier may allow ...)
 	NOT-FOR-US: SGI IRIX
 CVE-2003-0679 (Unknown vulnerability in the libcpr library for the Checkpoint/Restart ...)
@@ -22858,6 +22874,7 @@
 CVE-1999-0998 (Cisco Cache Engine allows an attacker to replace content in the cache. ...)
 CVE-1999-0997 (wu-ftp with FTP conversion enabled allows an attacker to execute ...)
 	{DSA-377}
+	- wu-ftpd 2.6.2-15
 CVE-1999-0996 (Buffer overflow in Infoseek Ultraseek search engine allows remote ...)
 CVE-1999-0995 (Windows NT Local Security Authority (LSA) allows remote attackers to ...)
 CVE-1999-0994 (Windows NT with SYSKEY reuses the keystream that is used for ...)
@@ -23832,6 +23849,7 @@
 CVE-2002-0165 (LogWatch 2.5 allows local users to gain root privileges via a symlink ...)
 CVE-2002-0164 (Vulnerability in the MIT-SHM extension of the X server on Linux ...)
 	{DSA-380}
+	- xfree86 4.2.1-11
 CVE-2002-0162 (LogWatch before 2.5 allows local users to execute arbitrary code via a ...)
 CVE-2002-0161
 	RESERVED

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2005-11-23 12:28:48 UTC (rev 2841)
+++ data/DSA/list	2005-11-23 14:15:28 UTC (rev 2842)
@@ -2062,43 +2062,33 @@
 	[woody] - hztty 2.0-5.2woody1
 [17 Sep 2003] DSA-384 sendmail - buffer overflows
 	{CVE-2003-0681 CVE-2003-0694}
-	- sendmail 8.12.10-1
+	[woody] - sendmail 8.12.3-6.6
+	[woody] - sendmail-wide 8.12.3+3.5Wbeta-5.5
 [17 Sep 2003] DSA-383 ssh-krb5 - possible remote vulnerability
-	{CVE-2003-0693}
-	{CVE-2003-0695}
-	{CVE-2003-0682}
-	TODO: Screwy changelog does not make sense. Filed bug.
+	{CVE-2003-0693 CVE-2003-0695 CVE-2003-0682}
+	[woody] - openssh-krb5 1:3.4p1-0woody4
 [16 Sep 2003] DSA-382 ssh - possible remote vulnerability
-	{CVE-2003-0693}
-	- openssh 1:3.6.1p2-6.0
-	{CVE-2003-0695}
-	- openssh 1:3.7.1
-	{CVE-2003-0682}
-	- openssh 1:3.6.1p2-9
+	{CVE-2003-0693 CVE-2003-0695 CVE-2003-0682}
+	[woody] - openssh 1:3.4p1-1.woody.3
 [13 Sep 2003] DSA-381 mysql - buffer overflow
 	{CVE-2003-0780}
-	- mysql-dfsg 4.0.15-1
+	[woody] - mysql 3.23.49-8.5
 [12 Sep 2003] DSA-380 xfree86 - buffer overflows, denial of service
-	{CVE-2003-0063}
-	- xfree86 4.2.1-11
-	{CVE-2003-0071}
-	- xfree86 4.2.1-11
-	{CVE-2002-0164}
-	- xfree86 4.2.1-11
-	{CVE-2003-0730}
-	- xfree86 4.2.1-12
+	{CVE-2003-0063 CVE-2003-0071 CVE-2002-0164 CVE-2003-0730}
+	[woody] - xfree86 4.1.0-16woody1
 [11 Sep 2003] DSA-379 sane-backends - several vulnerabilities
 	{CVE-2003-0773 CVE-2003-0774 CVE-2003-0775 CVE-2003-0776 CVE-2003-0777 CVE-2003-0778}
-	- sane-backends 1.0.11-1
+	[woody] - sane-backends 1.0.7-4
 [07 Sep 2003] DSA-378 mah-jong - buffer overflows, denial of service
 	{CVE-2003-0705 CVE-2003-0706}
-	- mah-jong 1.5.6-2
+	[woody] - mah-jong 1.4-2
 [04 Sep 2003] DSA-377 wu-ftpd - insecure program execution
 	{CVE-1999-0997}
-	- wu-ftpd 2.6.2-15
+	[woody] - wu-ftpd 2.6.2-3woody2
 [04 Sep 2003] DSA-376 exim - buffer overflow
 	{CVE-2003-0743}
-	- exim 3.36-8
+	[woody] - exim 3.35-1woody2
+	[woody] - exim-tls 3.35-3woody1
 [29 Aug 2003] DSA-375 node - buffer overflow, format string
 	{CVE-2003-0707 CVE-2003-0708}
 	- node 0.3.2-1

More information about the Secure-testing-commits mailing list