[Secure-testing-commits] r2536 - in data: CVE DSA

Florian Weimer fw at costa.debian.org
Sun Oct 23 14:01:25 UTC 2005 

Author: fw
Date: 2005-10-23 14:01:19 +0000 (Sun, 23 Oct 2005)
New Revision: 2536

Modified:
   data/CVE/list
   data/DSA/list
Log:
Remaining DSAs from January 2005


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-10-23 13:27:20 UTC (rev 2535)
+++ data/CVE/list	2005-10-23 14:01:19 UTC (rev 2536)
@@ -11884,7 +11884,9 @@
 	- exim4 4.34-10
 CVE-2005-0021 (Multiple buffer overflows in Exim before 4.43 may allow attackers to ...)
 	{DSA-637-1 DSA-635-1}
-	TODO: check
+	- exim4 4.34-10
+	- exim 3.36-13
+	- exim-tls <removed>
 CVE-2005-0020 (Buffer overflow in playmidi before 2.4 allows local users to execute ...)
 	{DSA-641-1}
 	- playmidi 2.4debian-3
@@ -11998,7 +12000,7 @@
 	NOT-FOR-US: MSIE
 CVE-2004-1318 (Cross-site scripting (XSS) vulnerability in namazu.cgi for Namazu ...)
 	{DSA-627-1}
-	- namazu2 2.0.14
+	- namazu2 2.0.14-1
 CVE-2004-1317 (Stack-based buffer overflow in doexec.c in Netcat for Windows 1.1, ...)
 	NOTE: apparently only affects netcat in windows
 CVE-2004-1316 (Heap-based buffer overflow in MSG_UnEscapeSearchUrl in ...)
@@ -12281,7 +12283,7 @@
 	- kernel-source-2.6.8 2.6.8-14
 CVE-2004-1189 (The add_to_history function in svr_principal.c in libkadm5srv for MIT ...)
 	{DSA-629-1}
-	TODO: check
+	- krb5 1.3.6-1
 CVE-2004-1188 (The pnm_get_chunk function in xine 0.99.2 and earlier, and other ...)
 	- xine-lib 1-rc8-1
 CVE-2004-1187 (Heap-based buffer overflow in the pnm_get_chunk function for xine ...)
@@ -12297,13 +12299,13 @@
 	- enscript 1.6.4-6
 CVE-2004-1183 (Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier ...)
 	{DSA-626-1}
-	- libtiff-tools 3.6.1-5
+	- tiff 3.6.1-5
 CVE-2004-1182 (hfaxd in HylaFAX before 4.2.1, when installed with a &quot;weak&quot; ...)
 	{DSA-634-1}
-	TODO: check
+	- hylafax 1:4.2.1-1
 CVE-2004-1181 (htmlheadline before 21.8 allows local users to overwrite arbitrary ...)
 	{DSA-622-1}
-	NOTE: htmlheadline not in unstable
+	- htmlheadline <removed>
 CVE-2004-1180 (Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on ...)
 	{DSA-678-1}
 	- netkit-rwho 0.17-8
@@ -12350,7 +12352,7 @@
 	NOT-FOR-US: Microsoft
 CVE-2004-1165 (Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP ...)
 	{DSA-631-1}
-	TODO: check
+	- kdelibs 4:3.3.2-1
 CVE-2004-1164 (The lock manager in Cisco CNS Network Registrar 6.0 through 6.1.1.3 ...)
 	NOT-FOR-US: Cisco
 CVE-2004-1163 (Cisco CNS Network Registrar Central Configuration Management (CCM) ...)
@@ -13792,10 +13794,12 @@
 	RESERVED
 CVE-2004-0561 (Format string vulnerability in the log routine for gopher daemon ...)
 	{DSA-638-1}
-	TODO: check
+	- gopher 3.0.6
+	NOTE: deprecated in favor of pygopherd
 CVE-2004-0560 (Integer overflow in gopher daemon (gopherd) 3.0.3 allows remote ...)
 	{DSA-638-1}
-	TODO: check
+	- gopher 3.0.6
+	NOTE: deprecated in favor of pygopherd
 CVE-2004-0559 (The maketemp.pl script in Usermin 1.070 and 1.080 allows local users ...)
 	{DSA-544-1}
 CVE-2004-0558 (The Internet Printing Protocol (IPP) implementation in CUPS before ...)
@@ -16840,7 +16844,7 @@
 	{DSA-229}
 CVE-2003-0014 (gsinterf.c in bmv 1.2 and earlier allows local users to overwrite ...)
 	{DSA-633-1}
-	TODO: check
+	- bmv 1.2-17
 CVE-2003-0011 (Unknown vulnerability in the DNS intrusion detection application ...)
 	NOT-FOR-US: Microsoft
 CVE-2003-0010 (Integer overflow in JsArrayFunctionHeapSort function used by Windows ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2005-10-23 13:27:20 UTC (rev 2535)
+++ data/DSA/list	2005-10-23 14:01:19 UTC (rev 2536)
@@ -1038,69 +1038,71 @@
 	NOTE: not fixed in testing at time of DSA
 [13 Jan 2005] DSA-638-1 gopher - several
 	{CVE-2004-0560 CVE-2004-0561}
-	NOTE: not in sarge
+	[woody] - gopher 3.0.3woody2
+	NOTE: gopherd binary package removed post-woody
 [13 Jan 2005] DSA-637-1 exim-tls - buffer overflow
 	{CVE-2005-0021}
+	[woody] - exim-tls 3.35-3woody3
 	NOTE: not in sarge
 [12 Jan 2005] DSA-636-1 glibc - insecure temporary files
 	{CVE-2004-0968}
-	- glibc 2.3.2.ds1-20
+	[woody] - glibc 2.2.5-11.8
 	NOTE: fixed in testing at time of DSA
 [12 Jan 2005] DSA-635-1 exim - buffer overflow
 	{CVE-2005-0021}
-	- exim4 4.34-10
-	NOTE: fixed in testing at time of DSA
-	- exim 3.36-13
-	NOTE: not fixed in testing at time of DSA
+	[woody] - exim 3.35-1woody4
+	NOTE: exim4 fixed in testing at time of DSA
+	NOTE: exim not fixed in testing at time of DSA
 [11 Jan 2005] DSA-634-1 hylafax - weak hostname and username validation
 	{CVE-2004-1182}
-	- hylafax 1:4.2.1-1
+	[woody] - hylafax 1:4.1.1-3.1
 	NOTE: fixed in testing at time of DSA
 [11 Jan 2005] DSA-633-1 bmv - insecure temporary file
 	{CVE-2003-0014}
-	- bmv 1.2-17
+	[woody] - bmv 1.2-14.2
 	NOTE: fixed in testing at time of DSA
 [10 Jan 2005] DSA-632-1 linpopup - buffer overflow
 	{CVE-2004-1282}
-	- linpopup 1.2.0-7
+	[woody] - linpopup 1.2.0-2woody1
 	NOTE: fixed in testing at time of DSA
 [10 Jan 2005] DSA-631-1 kdelibs - unsanitised input
 	{CVE-2004-1165}
-	- kdelibs 4:3.3.2-1
+	[woody] - kdelibs 4:2.2.2-13.woody.13
 	NOTE: not fixed in testing at time of DSA
 [10 Jan 2005] DSA-630-1 lintian - insecure temporary directory
 	{CVE-2004-1000}
-	- lintian 1.23.6
+	[woody] - lintian 1.20.17.1
 	NOTE: not fixed in testing at time of DSA
 [07 Jan 2005] DSA-629-1 krb5 - buffer overflow
 	{CVE-2004-1189}
-	- krb5 1.3.6-1
+	[woody] - krb5 1.2.4-5woody7
 	NOTE: not fixed in testing at time of DSA
 [06 Jan 2005] DSA-628-1 imlib2 - integer overflows
 	{CVE-2004-1026}
-	- imlib2 1.1.2-2.1
+	[woody] - imlib2 1.0.5-2woody2
 	NOTE: not fixed in testing at time of DSA
 [06 Jan 2005] DSA-627-1 namazu2 - unsanitised input
 	{CVE-2004-1318}
-	- namazu2 2.0.14-1
+	[woody] - namazu2 2.0.10-1woody3
 	NOTE: not fixed in testing at time of DSA
 [06 Jan 2005] DSA-626-1 tiff - unsanitised input
 	{CVE-2004-1183}
-	- libtiff4 3.6.1-5
+	[woody] - tiff 3.5.5-6.woody5
 	NOTE: not fixed in testing at time of DSA
 [05 Jan 2005] DSA-625-1 pcal - buffer overflows
 	{CVE-2004-1289}
-	- pcal 4.8.0-1
+	[woody] - pcal 4.7-8woody1
 	NOTE: not fixed in testing at time of DSA
 [05 Jan 2005] DSA-624-1 zip - buffer overflow
 	{CVE-2004-1010}
-	- zip 2.30-8
+	[woody] - zip 2.30-5woody2
 	NOTE: fixed in testing at time of DSA
 [04 Jan 2005] DSA-623-1 nasm - buffer overflow
 	{CVE-2004-1287}
-	- nasm 0.98.38-1.1
+	[woody] - nasm 0.98.28cvs-1woody2
 [03 Jan 2005] DSA-622-1 htmlheadline - insecure temporary files
 	{CVE-2004-1181}
+	[woody] - htmlheadline 21.8-3
 	NOTE: not in unstable
 [31 Dec 2004] DSA-621-1 cupsys - buffer overflow
 	{CVE-2004-1125}

More information about the Secure-testing-commits mailing list