[Secure-testing-commits] r2044 - in data: CAN DSA

Florian Weimer fw at costa.debian.org
Mon Sep 19 11:22:28 UTC 2005 

Author: fw
Date: 2005-09-19 11:22:21 +0000 (Mon, 19 Sep 2005)
New Revision: 2044

Modified:
   data/CAN/list
   data/DSA/list
Log:
More data from bugs-dist.


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-09-19 10:55:56 UTC (rev 2043)
+++ data/CAN/list	2005-09-19 11:22:21 UTC (rev 2044)
@@ -418,7 +418,7 @@
 	NOTE: not-for-us (SunOS)
 CAN-2005-XXXX [osh buffer overflow in handlers.c]
 	NOTE: This is not the same as -13
-	- osh 1.7-14 (bug #323424; medium)
+	- osh 1.7-14 (bug #323424; bug #323482; medium)
 CAN-2005-2724 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows ...)
 	{DSA-793-1}
 	- courier 0.47-8 (medium; bug #325631)
@@ -1509,9 +1509,9 @@
 CAN-2005-XXXX [cgiwrap: CGIs can be used to disclose system information]
 	- cgiwrap 3.9-3.0etch1 (low)
 CAN-2004-2162 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow ...)
-	- tutos 1.1.20031017-2.1 (medium)
+	- tutos 1.1.20031017-2.1 (bug #318633; medium)
 CAN-2004-2161 (SQL injection vulnerability in file_overview.php in TUTOS 1.1 allows ...)
-	- tutos 1.1.20031017-2.1 (medium)
+	- tutos 1.1.20031017-2.1 (bug #318633; medium)
 CAN-2005-2550 (Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows ...)
 	{DTSA-13-1}
 	- evolution 2.2.3-2etch1 (high; bug #322535)
@@ -3002,10 +3002,10 @@
 	NOTE: reserved
 CAN-2005-2103 (Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows ...)
 	{DTSA-5-1}
-	- gaim 1:1.4.0-5 (high)
+	- gaim 1:1.4.0-5 (high; bug #323706)
 CAN-2005-2102 (The AIM/ICQ module in Gaim before 1.5.0 allows remote attackers to ...)
 	{DTSA-5-1}
-	- gaim 1:1.4.0-5 (medium)
+	- gaim 1:1.4.0-5 (medium; bug #323706)
 CAN-2005-2101 (langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in ...)
 	- kdeedu 4:3.4.2-1 (low)
 CAN-2005-2100
@@ -4527,7 +4527,7 @@
 	{DSA-756-1}
 	- squirrelmail 2:1.4.4-6 (bug #314374; medium)
 CAN-2005-1768 (Race condition in the ia32 compatibility code for the execve system ...)
-	- kernel-source-2.4.27 2.4.27-11 (medium)
+	- kernel-source-2.4.27 2.4.27-11 (medium; bug #319629)
 CAN-2005-1767 (Unknown vulnerability in the Linux kernel 2.6.x and 2.4.x allows local ...)
 	NOTE: linux-2.6 not affected (already fixed)
 	- kernel-source-2.4.27 2.4.27-11 (unknown)
@@ -8014,7 +8014,7 @@
 	- gzip 1.3.5-10
 	- bzip2 1.0.2-8.1 (bug #321286; medium)
 CAN-2005-0757 (The xattr file system code, as backported in Red Hat Enterprise Linux ...)
-	- kernel-source-2.4.27 2.4.27-11
+	- kernel-source-2.4.27 2.4.27-11 (bug #311164)
 	- kernel-source-2.6.8 2.6.8-17
 	- kernel-source-2.6.8 2.6.8-16sarge1
 	TODO: check if it's fixed in linux-2.6
@@ -10812,8 +10812,10 @@
 	{DSA-675-1}
 CAN-2005-0018 (The f2 shell script in the f2c package 3.1 allows local users to read ...)
 	{DSA-661-2}
+	- f2c 20020621-3.4 (bug #292792)
 CAN-2005-0017 (The f2c translator in the f2c package 3.1 allows local users to read ...)
 	{DSA-661-2}
+	- f2c 20020621-3.4 (bug #292792)
 CAN-2005-0016 (Buffer overflow in the exported_display function in xatitv in gatos ...)
 	{DSA-640-1}
 CAN-2005-0015 (diatheke.pl in Sword 1.5.7a allows remote attackers to execute ...)
@@ -11659,6 +11661,7 @@
 	- lintian 1.23.6
 CAN-2004-0999 (zgv 5.5.3 allows remote attackers to cause a denial of service ...)
 	{DSA-608-1}
+	- zgv 5.7-1.3 (bug #284124)
 CAN-2004-0998 (Format string vulnerability in telnetd-ssl 0.17 and earlier allows ...)
 	{DSA-616-1}
 CAN-2004-0997

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2005-09-19 10:55:56 UTC (rev 2043)
+++ data/DSA/list	2005-09-19 11:22:21 UTC (rev 2044)
@@ -648,7 +648,7 @@
 	NOTE: fixed in testing at time of DSA
 [20 Apr 2005] DSA-661-2 f2c - insecure temporary files
 	{CAN-2005-0017 CAN-2005-0018}
-	- f2c 20020621-3.3
+	- f2c 20020621-3.4 (bug #292792)
 	NOTE: not fixed in testing at time of DSA
 [26 Jan 2005] DSA-660-1 kdebase - missing return value check
 	{CAN-2005-0078}
@@ -849,7 +849,7 @@
 	- atari800 1.3.2-1
 [14 Dec 2004] DSA-608-1 zgv - integer overflows, unsanitised input
 	{CAN-2004-1095 CAN-2004-0999}
-	- zgv 5.7-1.3
+	- zgv 5.7-1.3 (bug #284124)
 	NOTE: changelog says he only patched 1095, but diff comparison
 	NOTE: shows 0999 was also fixed.
 [10 Dec 2004] DSA-607-1 xfree86 - several

More information about the Secure-testing-commits mailing list