[Secure-testing-commits] r2533 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Sun Oct 23 10:21:56 UTC 2005 

Author: jmm-guest
Date: 2005-10-23 10:21:45 +0000 (Sun, 23 Oct 2005)
New Revision: 2533

Modified:
   data/CVE/list
   data/DSA/list
Log:
convert the remaining DSA/list entries from DSA/list to the new format


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-10-21 21:14:20 UTC (rev 2532)
+++ data/CVE/list	2005-10-23 10:21:45 UTC (rev 2533)
@@ -12743,6 +12743,8 @@
 CVE-2004-0999 (zgv 5.5.3 allows remote attackers to cause a denial of service ...)
 	{DSA-608-1}
 	- zgv 5.7-1.3 (bug #284124)
+	NOTE: changelog says he only patched 1095, but diff comparison
+	NOTE: shows 0999 was also fixed.
 CVE-2004-0998 (Format string vulnerability in telnetd-ssl 0.17 and earlier allows ...)
 	{DSA-616-1}
 	- netkit-telnet-ssl 0.17.24+0.1-6
@@ -12760,6 +12762,7 @@
 	- xzgv 0.8-3
 CVE-2004-0993 (Buffer overflow in hpsockd before 0.6 allows remote attackers to cause ...)
 	{DSA-604-1}
+	- hpsockd 0.14
 CVE-2004-0992 (Format string vulnerability in the -a option (daemon mode) in ...)
 	NOT-FOR-US: Proxytunnel
 CVE-2004-0991 (Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to ...)
@@ -12808,7 +12811,7 @@
 CVE-2004-0975 (The der_chop script in the openssl package in Trustix Secure Linux 1.5 ...)
 	{DSA-603-1}
 	- openssl 0.9.7e-3
-	NOTE: also includes other security fixes than this CVE
+	NOTE: -1 claimed to include it, but it was missing
 CVE-2004-0974 (The netatalk package in Trustix Secure Linux 1.5 through 2.1, and ...)
 	NOTE: local; low
 	- netatalk 1.6.4a-1
@@ -13121,6 +13124,7 @@
 	RESERVED
 CVE-2004-0852 (Buffer overflow in htget 0.93 allows remote attackers to execute ...)
 	{DSA-611-1}
+	- htget <removed> 
 CVE-2004-0851 (The (1) write_list and (2) dump_curr_list functions in Net-Acct before ...)
 	{DSA-559-1}
 CVE-2004-0850 (Star before 1.5_alpha46 does not drop the effective user ID (euid) ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2005-10-21 21:14:20 UTC (rev 2532)
+++ data/DSA/list	2005-10-23 10:21:45 UTC (rev 2533)
@@ -1133,33 +1133,31 @@
 	- a2ps 1:4.13b-4.2
 [20 Dec 2004] DSA-611-1 htget - buffer overflow
 	{CVE-2004-0852}
-	NOTE: htget not in sarge or unstable
+	[woody] - htget 0.93-1.1woody1
 [17 Dec 2004] DSA-610-1 cscope - insecure temporary file
 	{CVE-2004-0996}
-	- cscope 15.5-1
+	[woody] - cscope 15.3-1woody2
 [14 Dec 2004] DSA-609-1 atari800 - buffer overflows
 	{CVE-2004-1076}
-	- atari800 1.3.2-1
+	[woody] - atari800 1.2.2-1woody3
 [14 Dec 2004] DSA-608-1 zgv - integer overflows, unsanitised input
 	{CVE-2004-1095 CVE-2004-0999}
-	- zgv 5.7-1.3 (bug #284124)
-	NOTE: changelog says he only patched 1095, but diff comparison
-	NOTE: shows 0999 was also fixed.
+	[woody] - zgv 5.5-3woody1
 [10 Dec 2004] DSA-607-1 xfree86 - several
 	{CVE-2004-0914}
-	- xfree86 4.3.0.dfsg.1-9
+	[woody] - xfree86 4.1.0-16woody5
 [08 Dec 2004] DSA-606-1 nfs-utils - wrong signal handler
 	{CVE-2004-1014}
-	- nfs-utils 1:1.0.6-3.1
+	[woody] - nfs-utils 1.0-2woody2
 [06 Dec 2004] DSA-605-1 viewcvs - settings not honored
 	{CVE-2004-0915}
-	- viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.2
+	[woody] - viewcvs 0.9.2-4woody1
 [03 Dec 2004] DSA-604-1 hpsockd - missing input sanitising
 	{CVE-2004-0993}
-	- hpsockd 0.14
+	[woody] - hpsockd 0.6.woody1
 [01 Dec 2004] DSA-603-1 openssl - insecure temporary file
 	{CVE-2004-0975}
-	- openssl 0.9.7e-3
+	[woody] - openssl 0.9.6c-2.woody.7
 [29 Nov 2004] DSA-602-1 libgd2 - integer overlow
 	{CVE-2004-0941 CVE-2004-0990}
 	NOTE: different from fixes from earlier DSA for these CVEs; 2004-0941 new

More information about the Secure-testing-commits mailing list