[Secure-testing-commits] r2508 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Thu Oct 20 12:21:07 UTC 2005 

Author: jmm-guest
Date: 2005-10-20 12:21:02 +0000 (Thu, 20 Oct 2005)
New Revision: 2508

Modified:
   data/CVE/list
   data/DSA/list
Log:
convert DSAs from december 2004 to the new format


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-10-20 12:20:09 UTC (rev 2507)
+++ data/CVE/list	2005-10-20 12:21:02 UTC (rev 2508)
@@ -11963,7 +11963,7 @@
 CVE-2004-1308 (Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff ...)
 	{DSA-617-1}
 	- libtiff4 3.6.1-4
-	TODO: other packages containing libtiff code may be vulnerable
+	TODO: other packages containing libtiff code may be vulnerable, e.g. kfax
 CVE-2004-1307 (Integer overflow in the TIFFFetchStripThing function in tif_dirread.c ...)
 	- tiff 3.7.0 (low)
 CVE-2004-1306 (Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 ...)
@@ -12252,6 +12252,7 @@
 	- netkit-rwho 0.17-8
 CVE-2004-1179 (The debstd script in debmake 3.6.x before 3.6.10 and 3.7.x before ...)
 	{DSA-615-1}
+	- debmake 3.7.7
 CVE-2004-1178
 	RESERVED
 CVE-2004-1177 (Cross-site scripting (XSS) vulnerability in the driver script in ...)
@@ -12339,13 +12340,13 @@
 	- mailman 2.1.5-5
 CVE-2004-1142 (Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a ...)
 	{DSA-613-1}
-	- ethereal 0.10.8
+	- ethereal 0.10.8-1
 CVE-2004-1141 (The HTTP dissector in Ethereal 0.10.1 through 0.10.7 allows remote ...)
-	- ethereal 0.10.8
+	- ethereal 0.10.8-1
 CVE-2004-1140 (Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a ...)
-	- ethereal 0.10.8
+	- ethereal 0.10.8-1
 CVE-2004-1139 (Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 ...)
-	- ethereal 0.10.8
+	- ethereal 0.10.8-1
 CVE-2004-1138 (VIM before 6.3 and gVim before 6.3 allow local users to execute ...)
 	- vim 1:6.3-046+0sarge1
 CVE-2004-1137 (Multiple vulnerabilities in the IGMP functionality for Linux kernel ...)
@@ -12615,7 +12616,8 @@
 	- imlib2 1.1.2-2.1
 CVE-2004-1025 (Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, ...)
 	{DSA-618-1}
-	NOTE: fixed in patches for CVE-2004-1026
+	- imlib 1.9.14-17.1 (bug #284925)
+	- imlib+png2 1.9.14-16.1
 CVE-2004-1024
 	RESERVED
 CVE-2004-1023 (Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and ...)
@@ -12688,6 +12690,7 @@
 	- zgv 5.7-1.3 (bug #284124)
 CVE-2004-0998 (Format string vulnerability in telnetd-ssl 0.17 and earlier allows ...)
 	{DSA-616-1}
+	- netkit-telnet-ssl 0.17.24+0.1-6
 CVE-2004-0997
 	RESERVED
 CVE-2004-0996 (main.c in cscope 15-4 and 15-5 creates temporary files with ...)
@@ -13938,6 +13941,7 @@
 	- vice 1.14-2
 CVE-2004-0452 (Race condition in the rmtree function in the File::Path module in Perl ...)
 	{DSA-620-1}
+	- perl 5.8.4-5
 CVE-2004-0451 (Multiple format string vulnerabilities in the (1) logquit, (2) logerr, ...)
 	{DSA-521}
 CVE-2004-0450 (Format string vulnerability in the printlog function in log2mail ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2005-10-20 12:20:09 UTC (rev 2507)
+++ data/DSA/list	2005-10-20 12:21:02 UTC (rev 2508)
@@ -1095,32 +1095,31 @@
 	NOTE: not in unstable
 [31 Dec 2004] DSA-621-1 cupsys - buffer overflow
 	{CVE-2004-1125}
-	- cupsys 1.1.22-2
+        [woody] - cupsys 1.1.14-5woody11
 [30 Dec 2004] DSA-620-1 perl - insecure temporary files / directories
 	{CVE-2004-0452 CVE-2004-0976}
-	- perl 5.8.4-5
+	[woody] - perl 5.6.1-8.8
 [30 Dec 2004] DSA-619-1 xpdf - buffer overflow
 	{CVE-2004-1125}
-	- xpdf 3.00-11
+	[woody] - xpdf 1.00-3.3
 [24 Dec 2004] DSA-618-1 imlib - buffer overflows, integer overflows
 	{CVE-2004-1025 CVE-2004-1026}
-	- imlib 1.9.14-17.1
-	- imlib+png2 1.9.14-16.1
+	[woody] - imlib 1.9.14-2woody2
 [24 Dec 2004] DSA-617-1 libtiff - insufficient input validation
 	{CVE-2004-1308}
-	- libtiff4 3.6.1-4
+	[woody] - tiff 3.5.5-6.woody3
 [23 Dec 2004] DSA-616-1 telnetd-ssl - format string
 	{CVE-2004-0998}
-	- telnetd-ssl 0.17.24+0.1-6
+	[woody] - netkit-telnet-ssl 0.17.17+0.1-2woody3
 [22 Dec 2004] DSA-615-1 debmake - insecure temporary file
 	{CVE-2004-1179}
-	- debmake 3.7.7
+	[woody] - debmake 3.6.10.woody.1
 [21 Dec 2004] DSA-614-1 xzgv - integer overflows
 	{CVE-2004-0994}
-	- xzgv 0.8-3
-[21 Dec 2004] DSA-613-1 ethereal - inifinite loop
+	[woody] - xzgv 0.7-6woody2
+[21 Dec 2004] DSA-613-1 ethereal - infinite loop
 	{CVE-2004-1142}
-	- ethereal 0.10.8-1
+	[woody] - ethereal 0.9.4-1woody9
 [20 Dec 2004] DSA-612-1 a2ps - unsanitised input
 	{CVE-2004-1170}
 	- a2ps 1:4.13b-4.2

More information about the Secure-testing-commits mailing list