[Secure-testing-commits] r2905 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Wed Nov 30 22:00:49 UTC 2005 

Author: jmm-guest
Date: 2005-11-30 22:00:34 +0000 (Wed, 30 Nov 2005)
New Revision: 2905

Modified:
   data/CVE/list
   data/DSA/list
Log:
convert may 2003 to the new DSA format


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-11-30 21:14:20 UTC (rev 2904)
+++ data/CVE/list	2005-11-30 22:00:34 UTC (rev 2905)
@@ -18499,10 +18499,13 @@
 	- licq 1.2-7-1
 CVE-2003-0362 (Buffer overflow in gPS before 0.10.2 may allow local users to cause a ...)
 	{DSA-307}
+	- gps 1.1.0-1
 CVE-2003-0361 (gPS before 1.1.0 does not properly follow the rgpsp connection source ...)
 	{DSA-307}
+	- gps 1.1.0-1
 CVE-2003-0360 (Multiple buffer overflows in gPS before 1.0.0 allow attackers to cause ...)
 	{DSA-307}
+	- gps 1.1.0-1
 CVE-2003-0359 (nethack 3.4.0 and earlier installs certain setgid binaries with ...)
 	{DSA-316}
 	- nethack 3.4.1-1
@@ -18576,6 +18579,7 @@
 CVE-2003-0328 (EPIC IRC Client (EPIC4) pre2.002, pre2.003, and possibly later ...)
 	{DSA-399 DSA-306}
 	- epic4 1:1.1.11.20030409-2
+	- ircii-pana 1:1.0-0c19-8
 CVE-2003-0327 (Sybase Adaptive Server Enterprise (ASE) 12.5 allows remote attackers ...)
 	NOT-FOR-US: Sybase Adaptive Server Enterprise
 CVE-2003-0326 (Integer overflow in parse_decode_path() of slocate may allow attackers ...)
@@ -18590,10 +18594,13 @@
 	{DSA-287}
 CVE-2003-0323 (Multiple buffer overflows in ircII 20020912 allows remote malicious ...)
 	{DSA-298 DSA-291}
+	- epic4 1:1.1.11.20030409-1
 CVE-2003-0322 (Integer overflow in BitchX IRC client 1.0-0c19 and earlier allows ...)
 	{DSA-306}
+	- ircii-pana 1:1.0-0c19-8
 CVE-2003-0321 (Multiple buffer overflows in BitchX IRC client 1.0-0c19 and earlier ...)
 	{DSA-306}
+	- ircii-pana 1:1.0-0c19-8
 CVE-2003-0320 (header.php in ttCMS 2.3 and earlier allows remote attackers to inject ...)
 	NOT-FOR-US: ttCMS
 CVE-2003-0319 (Buffer overflow in the IMAP server (IMAPMax) for SmartMax MailMax ...)
@@ -18622,6 +18629,7 @@
 	NOT-FOR-US: MSIE
 CVE-2003-0308 (The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely ...)
 	{DSA-305}
+	- sendmail 8.12.9-2
 CVE-2003-0307 (Poster version.two allows remote authenticated users to gain ...)
 	NOT-FOR-US: Poster version.two
 CVE-2003-0306 (Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to ...)
@@ -18722,8 +18730,10 @@
 	NOT-FOR-US: FTGatePro
 CVE-2003-0262 (leksbot 1.2.3 in Debian GNU/Linux installs the KATAXWR as setuid root, ...)
 	{DSA-299}
+	- leksbot 1.2-5 (bug #186421)
 CVE-2003-0261 (fuzz 0.6 and earlier creates temporary files insecurely, which could ...)
 	{DSA-302}
+	- fuzz 0.6-7.1
 CVE-2003-0260 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...)
 	NOT-FOR-US: Cisco
 CVE-2003-0259 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...)
@@ -18834,6 +18844,7 @@
 	NOT-FOR-US: cisco
 CVE-2003-0209 (Integer overflow in the TCP stream reassembly module (stream4) for ...)
 	{DSA-297}
+	- snort 2.0.0-1
 CVE-2003-0208 (Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user ...)
 	NOT-FOR-US: macromedia flash
 CVE-2003-0207 (ps2epsi creates insecure temporary files when calling ghostscript, ...)
@@ -18876,6 +18887,7 @@
 	- apache2 2.0.46
 CVE-2003-0188 (lv reads a .lv file from the current working directory, which allows ...)
 	{DSA-304}
+	- lv 4.49.5-2
 CVE-2003-0187 (The connection tracking core of Netfilter for Linux 2.4.20, with ...)
 	NOTE: only affects kernel 2.4.19, 2.4.20.
 CVE-2003-0186
@@ -18918,6 +18930,7 @@
 	NOT-FOR-US: Apple QuickTime Player
 CVE-2003-0167 (Multiple off-by-one buffer overflows in the IMAP capability for Mutt ...)
 	{DSA-300 DSA-274}
+	- balsa 2.0.10
 CVE-2003-0166 (Integer signedness error in emalloc() function for PHP before 4.3.2 ...)
 	NOTE: not belived to be vulnerable (http://marc.theaimsgroup.com/?l=bugtraq&m=104931415307111&w=2)
 CVE-2003-0165 (Format string vulnerability in Eye Of Gnome (EOG) allows attackers to ...)
@@ -18952,6 +18965,7 @@
 	NOT-FOR-US: BEA WebLogic Server
 CVE-2003-0150 (MySQL 3.23.55 and earlier creates world-writeable files and allows ...)
 	{DSA-303}
+	TODO: not sure if this is fixed
 CVE-2003-0149 (Heap-based buffer overflow in ePO agent for McAfee ePolicy ...)
 	NOT-FOR-US: McAfee ePolicy Orchestrator
 CVE-2003-0148 (The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 ...)
@@ -20526,7 +20540,7 @@
 	NOT-FOR-US: blade encoder not in Debian
 CVE-2003-0073 (Double-free vulnerability in mysqld for MySQL before 3.23.55 allows ...)
 	{DSA-303}
-	- mysql 4.0.12-2
+	- mysql-dfsg 4.0.12-2
 CVE-2003-0071 (The DEC UDK processing feature in the xterm terminal emulator in ...)
 	{DSA-380}
 	- xfree86 4.2.1-11
@@ -24771,6 +24785,7 @@
 CVE-2001-0930 (Sendpage.pl allows remote attackers to execute arbitrary commands via ...)
 CVE-2001-0928 (Buffer overflow in the permitted function of GNOME gtop daemon ...)
 	{DSA-301}
+	- libgtop 1.0.13-4
 CVE-2001-0927 (Format string vulnerability in the permitted function of GNOME ...)
 CVE-2001-0926 (SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers ...)
 CVE-2001-0925 (The default installation of Apache before 1.3.19 allows remote ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2005-11-30 21:14:20 UTC (rev 2904)
+++ data/DSA/list	2005-11-30 22:00:34 UTC (rev 2905)
@@ -2320,39 +2320,37 @@
 	[woody] - gzip 1.3.2-3woody1
 [27 May 2003] DSA-307 gps - multiple vulnerabilities
 	{CVE-2003-0361 CVE-2003-0360 CVE-2003-0362}
-	- gps 1.1.0-1
+	[woody] - gps  0.9.4-1woody1
 [19 May 2003] DSA-306 ircii-pana - buffer overflows, integer overflow
 	{CVE-2003-0321 CVE-2003-0322 CVE-2003-0328}
-	- ircii-pana 1:1.0-0c19-8
+	[woody] - ircii-pana 1.0-0c19-1.1
 [15 May 2003] DSA-305 sendmail - insecure temporary files
 	{CVE-2003-0308}
-	- sendmail 8.12.9-2
+	[woody] - sendmail 8.12.3-6.4
 [15 May 2003] DSA-304 lv - privilege escalation
 	{CVE-2003-0188}
-	- lv 4.49.5-2
+	[woody] - lv 4.49.4-7woody2
 [15 May 2003] DSA-303 mysql - privilege escalation
 	{CVE-2003-0073}
-	- mysql-dfsg 4.0.12-2
-	{CVE-2003-0150}
-	TODO: not sure if this is fixed
+	[woody] - mysql 3.23.49-8.4
 [07 May 2003] DSA-302 fuzz - privilege escalation
 	{CVE-2003-0261}
-	- fuzz 0.6-7.1
+	[woody] - fuzz 0.6-6woody1
 [07 May 2003] DSA-301 libgtop - buffer overflow
 	{CVE-2001-0928}
-	- libgtop 1.0.13-4
+	[woody] - libgtop 1.0.13-3.1
 [06 May 2003] DSA-300 balsa - buffer overflow
 	{CVE-2003-0167}
-	- balsa 2.0.10
+	[woody] - balsa 1.2.4-2.2
 [06 May 2003] DSA-299 leksbot - improper setuid-root execution
 	{CVE-2003-0262}
-	- leksbot 1.2-5 (bug #186421)
+	[woody] - leksbot 1.2-3.1
 [02 May 2003] DSA-298 epic4 - buffer overflows
 	{CVE-2003-0323}
-	- epic4 1:1.1.11.20030409-1
+	[woody] - epic4 1.1.2.20020219-2.1
 [01 May 2003] DSA-297 snort - integer overflow, buffer overflow
 	{CVE-2003-0033 CVE-2003-0209}
-	- snort 2.0.0-1
+	[woody] - snort 1.8.4beta1-3.1
 [30 Apr 2003] DSA-296 kdebase - insecure execution
 	{CVE-2003-0204}
 	- kdebase 4:3.1.0-1

More information about the Secure-testing-commits mailing list