[Secure-testing-commits] r2857 - in data: CVE DSA

[Moritz Muehlenhoff]

Author: jmm-guest
Date: 2005-11-24 17:59:29 +0000 (Thu, 24 Nov 2005)
New Revision: 2857

Modified:
   data/CVE/list
   data/DSA/list
Log:
new gaim-encryption issue
more DSA work


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-11-24 13:38:52 UTC (rev 2856)
+++ data/CVE/list	2005-11-24 17:59:29 UTC (rev 2857)
@@ -1,3 +1,5 @@
+CVE-2005-XXXX [potential dos against gaim-encryption]
+	- gaim-encryption <unfixed> (bug #337127)
 CVE-2005-3781 (Unspecified vulnerability in in.named in Solaris 9 allows attackers to ...)
 	NOT-FOR-US: Solaris 
 CVE-2005-3780 (Multiple buffer overflows in IPUpdate 1.1 might allow attackers to ...)
@@ -17539,7 +17541,7 @@
 	- kdbg 1.2.9-1
 CVE-2003-0643 (Integer signedness error in the Linux Socket Filter implementation ...)
 	{DSA-358}
-	NOTE: fixed in 2.4.22-pre10 (Introduced in 2.4.3-pre3)
+	- kernel-source-2.4.27 <not-affected> (Fixed before upload in archive; 2.4.22-pre10)
 CVE-2003-0642 (WatchGuard ServerLock for Windows 2000 before SL 2.0.4 allows local ...)
 	NOT-FOR-US: Watchguard / win
 CVE-2003-0641 (WatchGuard ServerLock for Windows 2000 before SL 2.0.3 allows local ...)
@@ -17566,6 +17568,7 @@
 	NOT-FOR-US: VMware
 CVE-2003-0630 (Multiple buffer overflows in the atari800.svgalib setuid program of ...)
 	{DSA-359}
+	- atari800 1.3.1-2
 CVE-2003-0629 (Cross-site scripting (XSS) vulnerability in PeopleSoft IScript ...)
 	NOT-FOR-US: peoplesoft
 CVE-2003-0628 (PeopleSoft Gateway Administration servlet (gateway.administration) in ...)
@@ -17590,7 +17593,7 @@
 	- man-db 2.4.1-13
 CVE-2003-0619 (Integer signedness error in the decode_fh function of nfs3xdr.c in ...)
 	{DSA-358}
-	NOTE: fixed in 2.4.21-pre3
+	- kernel-source-2.4.27 <not-affected> (Fixed before upload in archive; 2.4.21-pre3)
 CVE-2003-0618 (Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local ...)
 	{DSA-431}
 	- perl 5.8.3-3
@@ -17930,6 +17933,7 @@
 	NOTE: fixed in linux 2.4.21
 CVE-2003-0466 (Off-by-one error in the fb_realpath() function, as derived from the ...)
 	{DSA-357}
+	- wu-ftpd 2.6.2-12
 CVE-2003-0465 (The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the ...)
 	NOTE: generic .c version fixed in 2.6.x but not in 2.4.x
 	NOTE: arch specific asm versions: 
@@ -17947,7 +17951,7 @@
 	- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre10)
 CVE-2003-0461 (/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of ...)
 	{DSA-423 DSA-358}
-	TODO: Check
+	TODO: Check, see http://www.ultramonkey.org/bugs/cve/CAN-2003-0461.shtml
 CVE-2003-0460 (The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 ...)
 	NOT-FOR-US: apache for win and os/2
 CVE-2003-0459 (KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2005-11-24 13:38:52 UTC (rev 2856)
+++ data/DSA/list	2005-11-24 17:59:29 UTC (rev 2857)
@@ -2144,13 +2144,17 @@
 	[woody] - xfstt 1.2.1-3
 [31 Jul 2003] DSA-359 atari800 - buffer overflows
 	{CVE-2003-0630}
-	- atari800 1.3.1-2
+	[woody] - atari800 1.2.2-1woody2
 [31 Jul 2003] DSA-358 linux-kernel-2.4.18 - several vulnerabilities
 	{CVE-2003-0461 CVE-2003-0462 CVE-2003-0476 CVE-2003-0501 CVE-2003-0550 CVE-2003-0551 CVE-2003-0552 CVE-2003-0018 CVE-2003-0619 CVE-2003-0643}
-	NOTE: 2.4.18/2.4.20 not in unstable/testing. Did not check newer ones.
+	[woody] kernel-source-2.4.18 2.4.18-13
+	[woody] kernel-image-2.4.18-1-i386 2.4.18-11
+	[woody] kernel-image-2.4.18-i386bf 2.4.18-5woody4
+	[woody] kernel-source-2.4.18 2.4.18-13
+	[woody] kernel-image-2.4.18-1-alpha 2.4.18-10.
 [31 Jul 2003] DSA-357 wu-ftpd - remote root exploit
 	{CVE-2003-0466}
-	- wu-ftpd 2.6.2-12
+	[woody] - wu-ftpd 2.6.2-3woody1
 [30 Jul 2003] DSA-356 xtokkaetama - buffer overflows
 	{CVE-2003-0611}
 	- xtokkaetama 1.0b-8