[Secure-testing-commits] r2882 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Sun Nov 27 22:37:25 UTC 2005 

Author: jmm-guest
Date: 2005-11-27 22:37:18 +0000 (Sun, 27 Nov 2005)
New Revision: 2882

Modified:
   data/CVE/list
   data/DSA/list
Log:
nfsd mem leak CVEfied
more DSA conversions


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-11-27 21:14:19 UTC (rev 2881)
+++ data/CVE/list	2005-11-27 22:37:18 UTC (rev 2882)
@@ -1007,9 +1007,12 @@
 CVE-2005-3524 (Buffer overflow in the SSL-ready version of linux-ftpd ...)
 	{DSA-896-1}
 	- linux-ftpd-ssl 0.17.18+0.3-5 (bug #339074; high)
-CVE-2005-XXXX [kernel: NFS leases mem leak]
+CVE-2005-3807 [kernel: NFS leases mem leak]
 	- linux-2.6 <unfixed>
 	- kernel-source-2.4.27 <not-affected>
+CVE-2005-3857 [kernel: NFS leases printk syslog spam]
+	- linux-2.6 <unfixed>
+	- kernel-source-2.4.27 <not-affected>
 CVE-2005-XXXX [Insecure temp file usage in migrationtools]
 	- migrationtools <unfixed> (bug #338920; medium)
 CVE-2005-XXXX [user logout in drupal has no effect]
@@ -17884,6 +17887,7 @@
 	- proftpd 1.2.8-8
 CVE-2003-0499 (Mantis 0.17.5 and earlier stores its database password in cleartext in ...)
 	{DSA-335}
+	- mantis 0.17.5-6
 CVE-2003-0498 (Cach&#129;&#195;&#129;&#169; Database 5.x installs the /cachesys/csp directory with insecure ...)
 	NOT-FOR-US: Intersystems Cache database
 CVE-2003-0497 (Cach&#129;&#195;&#129;&#169; Database 5.x installs /cachesys/bin/cache with world-writable ...)
@@ -17904,6 +17908,7 @@
 	NOT-FOR-US: Dantz Retrospect
 CVE-2003-0489 (tcptraceroute 1.4 and earlier does not fully drop privileges after ...)
 	{DSA-330}
+	- tcptraceroute 1.4-4
 CVE-2003-0488 (Multiple cross-site scripting (XSS) vulnerabilities in Kerio ...)
 	NOT-FOR-US: Kerio Mail server
 CVE-2003-0487 (Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote ...)
@@ -17985,8 +17990,10 @@
 	NOT-FOR-US: visnetic website
 CVE-2003-0455 (The imagemagick libmagick library 5.5 and earlier creates temporary ...)
 	{DSA-331}
+	- imagemagick 4:5.5.7-1
 CVE-2003-0454 (Multiple buffer overflows in xgalaga 2.0.34 and earlier allow local ...)
 	{DSA-334}
+	- xgalaga 2.0.34-22
 CVE-2003-0453 (traceroute-nanog 6.1.1 allows local users to overwrite unauthorized ...)
 	{DSA-348}
 	- traceroute-nanog 6.3.6-3
@@ -20491,6 +20498,7 @@
 CVE-2002-1380 (Linux kernel 2.2.x allows local users to cause a denial of service ...)
 	{DSA-336}
 	- kernel-source-2.2.25 2.2.25-2
+	- kernel-image-2.2.25-i386 2.2.25-2
 CVE-2002-1377 (vim 6.0 and 6.1, and possibly other versions, allows attackers to ...)
 	- vim 6.1.263-1
 	NOTE: woody seems to be still vulnerable
@@ -21272,6 +21280,7 @@
 	- apache2 2.0.37
 CVE-2002-0391 (Integer overflow in xdr_array function in RPC servers for operating ...)
 	{DSA-333 DSA-149 DSA-146 DSA-143 DSA-142}
+	- acm 5.0-10
 CVE-2002-0389 (Pipermail in Mailman stores private mail messages with predictable ...)
 CVE-2002-0387 (Buffer overflow in gxnsapi6.dll NSAPI plugin of the Connector Module ...)
 CVE-2002-0384 (Buffer overflow in Jabber plug-in for Gaim client before 0.58 allows ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2005-11-27 21:14:19 UTC (rev 2881)
+++ data/DSA/list	2005-11-27 22:37:18 UTC (rev 2882)
@@ -2218,26 +2218,27 @@
 	[woody] - gtksee 0.5.0-6
 [29 Jun 2003] DSA-336 linux-kernel-2.2.20 - several vulnerabilities
 	{CVE-2002-1380 CVE-2002-0429 CVE-2003-0001 CVE-2003-0127 CVE-2003-0364 CVE-2003-0246 CVE-2003-0244 CVE-2003-0247 CVE-2003-0248}
-	- kernel-source-2.2.25 2.2.25-3
-	NOTE: did not check newer kernels
+	[woody] - kernel-source-2.2.20 2.2.20-5woody2
+	[woody] - kernel-image-2.2.20-i386 2.2.20-5woody3
 [28 Jun 2003] DSA-335 mantis - incorrect permissions
 	{CVE-2003-0499}
-	- mantis 0.17.5-6
+	[woody] - mantis 0.17.1-3
 [28 Jun 2003] DSA-334 xgalaga - buffer overflows
 	{CVE-2003-0454}
-	- xgalaga 2.0.34-22
+	[woody] - xgalaga 2.0.34-19woody1
 [27 Jun 2003] DSA-333 acm - integer overflow
 	{CVE-2002-0391}
-	- acm 5.0-10
+	[woody] - acm 5.0-3.woody.1
 [27 Jun 2003] DSA-332 linux-kernel-2.4.17 - several vulnerabilities
-	{CVE-2002-0429 CVE-2003-0001 CVE-2003-0127 CVE-2003-0244 CVE-2003-0246 CVE-2003-0247 CVE-2003-0248 CVE-2003-0364}	
-	NOTE: note in the archive, and did not check newer kernels
+	{CVE-2002-0429 CVE-2003-0001 CVE-2003-0127 CVE-2003-0244 CVE-2003-0246 CVE-2003-0247 CVE-2003-0248 CVE-2003-0364}
+	[woody] kernel-source-2.4.17 2.4.17-1woody1
+	[woody] kernel-patch-2.4.17-mips 2.4.17-0.020226.2.woody2
 [27 Jun 2003] DSA-331 imagemagick - insecure temporary file
 	{CVE-2003-0455}
-	- imagemagick 4:5.5.7-1
+	[woody] - imagemagick 4:5.4.4.5-1woody1
 [23 Jun 2003] DSA-330 tcptraceroute - failure to drop root privileges
 	{CVE-2003-0489}
-	- tcptraceroute 1.4-4
+	[woody] - tcptraceroute 1.2-2
 [20 Jun 2003] DSA-329 osh - buffer overflows
 	{CVE-2003-0452}
 	- osh 1.7-12

More information about the Secure-testing-commits mailing list