[Secure-testing-commits] r2890 - in data: CVE DSA
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Tue Nov 29 14:56:32 UTC 2005
Author: jmm-guest
Date: 2005-11-29 14:56:28 +0000 (Tue, 29 Nov 2005)
New Revision: 2890
Modified:
data/CVE/list
data/DSA/list
Log:
june 2003 converted to new DSA format
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-11-29 09:20:03 UTC (rev 2889)
+++ data/CVE/list 2005-11-29 14:56:28 UTC (rev 2890)
@@ -18006,10 +18006,13 @@
- traceroute-nanog 6.3.6-3
CVE-2003-0452 (Buffer overflows in osh before 1.7-11 allow local users to execute ...)
{DSA-329}
+ - osh 1.7-12
CVE-2003-0451 (Multiple buffer overflows in xbl before 1.0k allow local users to gain ...)
{DSA-327}
+ - xbl 1.0k-5
CVE-2003-0450 (Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows ...)
{DSA-321}
+ - radiusd-cistron 1.6.6-2
CVE-2003-0449 (Progress Database 9.1 to 9.1D06 trusts user input to find and load ...)
NOT-FOR-US: progress database
CVE-2003-0448 (Portmon 1.7 and possibly earlier versions allows local users to read ...)
@@ -18020,6 +18023,7 @@
NOT-FOR-US: microsoft
CVE-2003-0445 (Buffer overflow in webfs before 1.17.1 allows remote attackers to ...)
{DSA-328}
+ - webfs 1.20
CVE-2003-0444 (Heap-based buffer overflow in GTKSee 0.5 and 0.5.1 allows remote ...)
{DSA-337}
- gtksee 0.5.6-1
@@ -18030,6 +18034,7 @@
- php4 4:4.3.2+rc3-1
CVE-2003-0441 (Multiple buffer overflows in Orville Write (orville-write) 2.53 and ...)
{DSA-326}
+ - orville-write 2.54-1
CVE-2003-0440 (The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and ...)
{DSA-339}
- semi 1.14.5+20030609-1 (bug #223456)
@@ -18038,12 +18043,14 @@
RESERVED
CVE-2003-0438 (eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local ...)
{DSA-325}
+ - eldav 0.7.2-1
CVE-2003-0437 (Buffer overflow in search.cgi for mnoGoSearch 3.2.10 allows remote ...)
- mnogosearch-common 3.2.11
CVE-2003-0436 (Buffer overflow in search.cgi for mnoGoSearch 3.1.20 allows remote ...)
- mnogosearch-common 3.2.11
CVE-2003-0435 (Buffer overflow in net_swapscore for typespeed 0.4.1 and earlier ...)
{DSA-322}
+ - typespeed 0.4.4
CVE-2003-0434 (Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 ...)
NOTE: various pdf viewers
NOTE: kpdf does not seem to support hyperlinks; so not vulnerable
@@ -18051,18 +18058,24 @@
- xpdf 2.02pl1-1
CVE-2003-0433 (Multiple buffer overflows in gnocatan 0.6.1 and earlier allow ...)
{DSA-315}
+ - gnocatan 0.8.0-1 (bug #328136)
+ - pioneers <not-affected> (bug #328136)
CVE-2003-0432 (Ethereal 0.9.12 and earlier does not handle certain strings properly, ...)
{DSA-324}
+ - ethereal 0.9.13-1
CVE-2003-0431 (The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not ...)
{DSA-324}
+ - ethereal 0.9.13-1
CVE-2003-0430 (The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote ...)
- - ethereal 0.9.13
+ - ethereal 0.9.13-1
CVE-2003-0429 (The OSI dissector in Ethereal 0.9.12 and earlier allows remote ...)
{DSA-324}
+ - ethereal 0.9.13-1
CVE-2003-0428 (Unknown vulnerability in the DCERPC (DCE/RPC) dissector in Ethereal ...)
{DSA-324}
CVE-2003-0427 (Buffer overflow in mikmod 3.1.6 and earlier allows remote attackers to ...)
{DSA-320}
+ - mikmod 3.1.6-6
CVE-2003-0426 (The installation of Apple QuickTime / Darwin Streaming Server before ...)
NOT-FOR-US: Apple
CVE-2003-0425 (Directory traversal vulnerability in Apple QuickTime / Darwin ...)
@@ -18153,10 +18166,13 @@
RESERVED
CVE-2003-0382 (Buffer overflow in Eterm 0.9.2 allows local users to gain privileges ...)
{DSA-309}
+ - eterm 0.9.2-1
CVE-2003-0381 (Multiple vulnerabilities in noweb 2.9 and earlier creates temporary ...)
{DSA-323}
+ - noweb 2.10c-3.1 (bug #271146)
CVE-2003-0380 (Buffer overflow in atftp daemon (atftpd) 0.6.1 and earlier, and ...)
{DSA-314}
+ - atftp 0.6.2
CVE-2003-0379 (Unknown vulnerability in Apple File Service (AFP Server) for Mac OS X ...)
NOT-FOR-US: MaxOS
CVE-2003-0378 (The Kerberos login authentication feature in Mac OS X, when used with ...)
@@ -18184,8 +18200,10 @@
NOT-FOR-US: Nokia Gateway GPRS
CVE-2003-0367 (znew in the gzip package allows local users to overwrite arbitrary ...)
{DSA-308}
+ - gzip 1.3.5-6
CVE-2003-0366 (lyskom-server 2.0.7 and earlier allows unauthenticated users to cause ...)
{DSA-318}
+ - lyskom-server 2.0.7-2
CVE-2003-0365 (ICQLite 2003a creates the ICQ Lite directory with an ACE for "Full ...)
NOT-FOR-US: ICQLite
CVE-2003-0364 (The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows ...)
@@ -18201,13 +18219,20 @@
{DSA-307}
CVE-2003-0359 (nethack 3.4.0 and earlier installs certain setgid binaries with ...)
{DSA-316}
+ - nethack 3.4.1-1
+ - jnethack 1.1.5-15
CVE-2003-0358 (Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye ...)
{DSA-350 DSA-316}
- falconseye 1.9.3-9
+ - nethack 3.4.1-1
+ - slashem 0.0.6E4F8-6
+ - jnethack 1.1.5-15
CVE-2003-0357 (Multiple integer overflow vulnerabilities in Ethereal 0.9.11 and ...)
{DSA-313}
+ - ethereal 0.9.12-1
CVE-2003-0356 (Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier ...)
{DSA-313}
+ - ethereal 0.9.12-1
CVE-2003-0355 (Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name ...)
NOT-FOR-US: Safari
CVE-2003-0354 (Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers ...)
@@ -18551,6 +18576,7 @@
{DSA-280}
CVE-2003-0195 (CUPS before 1.1.19 allows remote attackers to cause a denial of ...)
{DSA-317}
+ - cupsys 1.1.19final-1
CVE-2003-0194 (tcpdump does not properly drop privileges to the pcap user when ...)
NOTE: apparently a redhat specific compilation prolem of tcpdump
CVE-2003-0193 (msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users ...)
@@ -18715,6 +18741,7 @@
NOT-FOR-US: ServerMask
CVE-2003-0101 (miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 ...)
{DSA-319}
+ - webmin 1.070-1
CVE-2003-0099 (Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before ...)
{DSA-277}
CVE-2003-0098 (Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before ...)
@@ -22948,6 +22975,7 @@
CVE-1999-1333 (automatic download option in ncftp 2.4.2 FTP client in Red Hat Linux ...)
CVE-1999-1332 (gzexe in the gzip package on Red Hat Linux 5.0 and earlier allows ...)
{DSA-308}
+ - gzip 1.3.5-6
CVE-1999-1331 (netcfg 2.16-1 in Red Hat Linux 4.2 allows the Ethernet interface to be ...)
CVE-1999-1330 (The snprintf function in the db library 1.85.4 ignores the size ...)
CVE-1999-1329 (Buffer overflow in SysVInit in Red Hat Linux 5.1 and earlier allows ...)
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2005-11-29 09:20:03 UTC (rev 2889)
+++ data/DSA/list 2005-11-29 14:56:28 UTC (rev 2890)
@@ -2241,75 +2241,73 @@
[woody] - tcptraceroute 1.2-2
[20 Jun 2003] DSA-329 osh - buffer overflows
{CVE-2003-0452}
- - osh 1.7-12
+ [woody] - osh 1.7-11woody1
[19 Jun 2003] DSA-328 webfs - buffer overflow
{CVE-2003-0445}
- - webfs 1.20
+ [woody] - webfs 1.17.1
[19 Jun 2003] DSA-327 xbl - buffer overflows
{CVE-2003-0451}
- - xbl 1.0k-5
+ [woody] - xbl 1.0k-3woody1
[19 Jun 2003] DSA-326 orville-write - buffer overflows
{CVE-2003-0441}
- - orville-write 2.54-1
+ [woody] - orville-write 2.53-4woody1
[19 Jun 2003] DSA-325 eldav - insecure temporary file
{CVE-2003-0438}
- - eldav 0.7.2-1
+ [woody] - eldav 0.0.20020411-1woody1
[18 Jun 2003] DSA-324 ethereal - several vulnerabilities
{CVE-2003-0428 CVE-2003-0429 CVE-2003-0431 CVE-2003-0432}
- - ethereal 0.9.13-1.
+ [woody] - ethereal 0.9.4-1woody5
[16 Jun 2003] DSA-323 noweb - insecure temporary files
{CVE-2003-0381}
- - noweb 2.10c-3.1 (bug #271146)
+ [woody] - noweb 2.9a-7.3
[16 Jun 2003] DSA-322 typespeed - buffer overflow
{CVE-2003-0435}
- - typespeed 0.4.4
+ [woody] - typespeed 0.4.1-2.2
[13 Jun 2003] DSA-321 radiusd-cistron - buffer overflow
{CVE-2003-0450}
- - radiusd-cistron 1.6.6-2
+ [woody] - radiusd-cistron 1.6.6-1woody1
[13 Jun 2003] DSA-320 mikmod - buffer overflow
{CVE-2003-0427}
- - mikmod 3.1.6-6
+ [woody] - mikmod 3.1.6-4woody3
[12 Jun 2003] DSA-319 webmin - session ID spoofing
{CVE-2003-0101}
- - webmin 1.070-1
+ [woody] - webmin 0.94-7woody1
[12 Jun 2003] DSA-318 lyskom-server - denial of service
{CVE-2003-0366}
- - lyskom-server 2.0.7-2
+ [woody] - lyskom-server 2.0.6-1woody1
[11 Jun 2003] DSA-317 cupsys - denial of service
{CVE-2003-0195}
- - cupsys 1.1.19final-1
+ [woody] - cupsys 1.1.14-5
[11 Jun 2003] DSA-316 nethack - buffer overflow, incorrect permissions
{CVE-2003-0358 CVE-2003-0359}
- - nethack 3.4.1-1
- - slashem 0.0.6E4F8-6
- - jnethack 1.1.5-15
- NOTE: DSA contains some strange non-nethack version numbers
+ [woody] - nethack 3.4.0-3.0woody3
+ [woody] - slashem 0.0.6E4F8-4.0woody3
[11 Jun 2003] DSA-315 gnocatan - buffer overflows, denial of service
{CVE-2003-0433}
- - gnocatan 0.8.0-1 (bug #328136)
- - pioneers <not-affected> (bug #328136)
- NOTE: maintainer confirmed that the security fixes are included
+ [woody] - gnocatan 0.6.1-5woody2
[11 Jun 2003] DSA-314 atftp - buffer overflow
{CVE-2003-0380}
- - atftp 0.6.2
+ [woody] - atftp 0.6.1.1.0woody1
[11 Jun 2003] DSA-313 ethereal - buffer overflows, integer overflows
{CVE-2003-0356 CVE-2003-0357}
- - ethereal 0.9.12-1
+ [woody] - ethereal 0.9.4-1woody4
[09 Jun 2003] DSA-312 kernel-patch-2.4.18-powerpc - several vulnerabilities
{CVE-2002-0429 CVE-2003-0001 CVE-2003-0127 CVE-2003-0244 CVE-2003-0246 CVE-2003-0247 CVE-2003-0248}
- NOTE: not in unstable/testing. Did not check other versions.
+ [woody] - kernel-patch-2.4.18-powerpc 2.4.18-1woody1
[08 Jun 2003] DSA-311 linux-kernel-2.4.18 - several vulnerabilities
{CVE-2002-0429 CVE-2003-0001 CVE-2003-0127 CVE-2003-0244 CVE-2003-0246 CVE-2003-0247 CVE-2003-0248 CVE-2003-0364}
- NOTE: not in unstable/testing. Did not check other versions.
+ [woody] - kernel-source-2.4.18 2.4.18-9
+ [woody] - kernel-image-2.4.18-1-i386 2.4.18-8
+ [woody] - kernel-image-2.4.18-i386bf 2.4.18-5woody1.
[08 Jun 2003] DSA-310 xaos - improper setuid-root execution
{CVE-2003-0385}
- - xaos 3.1r-4
+ [woody] - xaos 3.0-23woody1
[06 Jun 2003] DSA-309 eterm - buffer overflow
{CVE-2003-0382}
- - eterm 0.9.2-1
+ [woody] - eterm 0.9.2-0pre2002042903.1
[06 Jun 2003] DSA-308 gzip - insecure temporary files
{CVE-1999-1332 CVE-2003-0367}
- - gzip 1.3.5-6
+ [woody] - gzip 1.3.2-3woody1
[27 May 2003] DSA-307 gps - multiple vulnerabilities
{CVE-2003-0361 CVE-2003-0360 CVE-2003-0362}
- gps 1.1.0-1
More information about the Secure-testing-commits
mailing list