[Git][security-tracker-team/security-tracker][master] Review some older DSAs with missing incremental updates
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Sep 13 14:31:56 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e41a2245 by Salvatore Bonaccorso at 2025-09-13T15:30:33+02:00
Review some older DSAs with missing incremental updates
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -875060,13 +875060,13 @@ CVE-2003-0697 (Format string vulnerability in lpd in the bos.rte.printers filese
CVE-2003-0696 (The getipnodebyname() API in AIX 5.1 and 5.2 does not properly close s ...)
NOT-FOR-US: AIX
CVE-2003-0695 (Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow ...)
- {DSA-383 DSA-382}
+ {DSA-383 DSA-382-3 DSA-382-2}
- openssh 1:3.7.1
CVE-2003-0694 (The prescan function in Sendmail 8.12.9 allows remote attackers to exe ...)
{DSA-384}
- sendmail 8.12.10-1
CVE-2003-0693 (A "buffer management error" in buffer_append_space of buffer.c for Ope ...)
- {DSA-383 DSA-382}
+ {DSA-383 DSA-382-3 DSA-382-2 DSA-382-1}
- openssh 1:3.6.1p2-6.0
CVE-2003-0692 (KDM in KDE 3.1.3 and earlier uses a weak session cookie generation alg ...)
{DSA-388}
@@ -875094,7 +875094,7 @@ CVE-2003-0684
CVE-2003-0683 (NFS in SGI 6.5.21m and 6.5.21f does not perform access checks in certa ...)
NOT-FOR-US: SGI
CVE-2003-0682 ("Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a dif ...)
- {DSA-383 DSA-382}
+ {DSA-383 DSA-382-3}
- openssh 1:3.6.1p2-9
CVE-2003-0681 (A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, ...)
{DSA-384}
@@ -875176,7 +875176,7 @@ CVE-2003-0645 (man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled DE
CVE-2003-0644 (Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc fil ...)
- kdbg 1.2.9-1
CVE-2003-0643 (Integer signedness error in the Linux Socket Filter implementation (fi ...)
- {DSA-358}
+ {DSA-358-1}
- kernel-source-2.4.27 <not-affected> (Fixed before upload in archive; 2.4.22-pre10)
CVE-2003-0642 (WatchGuard ServerLock for Windows 2000 before SL 2.0.4 allows local us ...)
NOT-FOR-US: Watchguard / win
@@ -875228,7 +875228,7 @@ CVE-2003-0620 (Multiple buffer overflows in man-db 2.4.1 and earlier, when insta
{DSA-364}
- man-db 2.4.1-13
CVE-2003-0619 (Integer signedness error in the decode_fh function of nfs3xdr.c in Lin ...)
- {DSA-358}
+ {DSA-358-1}
- kernel-source-2.4.27 <not-affected> (Fixed before upload in archive; 2.4.21-pre3)
CVE-2003-0618 (Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local u ...)
{DSA-431}
@@ -875380,13 +875380,13 @@ CVE-2003-0554 (NeoModus Direct Connect 1.0 build 9, and possibly other versions,
CVE-2003-0553 (Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) ...)
NOT-FOR-US: Netscape
CVE-2003-0552 (Linux 2.4.x allows remote attackers to spoof the bridge Forwarding tab ...)
- {DSA-423 DSA-358}
+ {DSA-423 DSA-358-1}
- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre3)
CVE-2003-0551 (The STP protocol implementation in Linux 2.4.x does not properly verif ...)
- {DSA-423 DSA-358}
+ {DSA-423 DSA-358-1}
- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre3)
CVE-2003-0550 (The STP protocol, as enabled in Linux 2.4.x, does not provide sufficie ...)
- {DSA-423 DSA-358}
+ {DSA-423 DSA-358-1}
- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre3)
CVE-2003-0549 (The X Display Manager Control Protocol (XDMCP) support for GDM before ...)
- gdm 2.4.1.5
@@ -875503,7 +875503,7 @@ CVE-2003-0503 (Buffer overflow in the ShellExecute API function of SHELL32.DLL i
CVE-2003-0502 (Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote ...)
NOT-FOR-US: Apple Quicktime
CVE-2003-0501 (The /proc filesystem in Linux allows local users to obtain sensitive i ...)
- {DSA-423 DSA-358}
+ {DSA-423 DSA-358-1}
- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre10)
CVE-2003-0500 (SQL injection vulnerability in the PostgreSQL authentication module (m ...)
{DSA-338}
@@ -875557,7 +875557,7 @@ CVE-2003-0478 (Format string vulnerability in (1) Bahamut IRCd 1.4.35 and earlie
CVE-2003-0477 (wzdftpd 0.1rc4 and earlier allows remote attackers to cause a denial o ...)
- wzdftpd 0.2
CVE-2003-0476 (The execve system call in Linux 2.4.x records the file descriptor of t ...)
- {DSA-423 DSA-358}
+ {DSA-423 DSA-358-1}
- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre4)
CVE-2003-0475 (Directory traversal vulnerability in iWeb Server 2 allows remote attac ...)
NOT-FOR-US: iWeb server
@@ -875595,11 +875595,11 @@ CVE-2003-0464 (The RPC code in Linux kernel 2.4 sets the reuse flag when sockets
CVE-2003-0463
REJECTED
CVE-2003-0462 (A race condition in the way env_start and env_end pointers are initial ...)
- {DSA-423 DSA-358}
+ {DSA-423 DSA-358-1}
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.1)
- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre10)
CVE-2003-0461 (/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of cha ...)
- {DSA-423 DSA-358}
+ {DSA-423 DSA-358-1}
[sarge] - kernel-source-2.6.8 <not-affected> (Fixed before upload into archive; 2.6.1)
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.1)
- kernel-source-2.4.27 2.4.27-1
@@ -875843,12 +875843,12 @@ CVE-2003-0360 (Multiple buffer overflows in gPS before 1.0.0 allow attackers to
{DSA-307}
- gps 1.1.0-1
CVE-2003-0359 (nethack 3.4.0 and earlier installs certain setgid binaries with insecu ...)
- {DSA-316}
+ {DSA-316-3 DSA-316-1}
- nethack 3.4.1-1
- jnethack 1.1.5-15
- slashem 0.0.6E4F8-6
CVE-2003-0358 (Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1 ...)
- {DSA-350 DSA-316}
+ {DSA-350 DSA-316-3 DSA-316-2 DSA-316-1}
- falconseye 1.9.3-9
- nethack 3.4.1-1
- slashem 0.0.6E4F8-6
@@ -876170,7 +876170,7 @@ CVE-2003-0216 (Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users
CVE-2003-0215 (SQL injection vulnerability in bttlxeForum 2.0 beta 3 and earlier allo ...)
NOT-FOR-US: bttlxeForum / win
CVE-2003-0214 (run-mailcap in mime-support 3.22 and earlier allows local users to ove ...)
- {DSA-292}
+ {DSA-292-3 DSA-292-2 DSA-292-1}
- mime-support 3.23-1
CVE-2003-0213 (ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote attac ...)
{DSA-295}
@@ -877692,16 +877692,16 @@ CVE-2002-0660 (Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 1.2.1-1.1.
- libpng 1.0.12-4
- libpng3 1.2.1-2
CVE-2002-0659 (The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and ea ...)
- {DSA-136}
+ {DSA-136-3 DSA-136-2 DSA-136-1}
- openssl 0.9.6e-1
CVE-2002-0657 (Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos ena ...)
- {DSA-136}
+ {DSA-136-3 DSA-136-2 DSA-136-1}
- openssl 0.9.6e-1
CVE-2002-0656 (Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and ea ...)
- {DSA-136}
+ {DSA-136-3 DSA-136-2 DSA-136-1}
- openssl 0.9.6e-1
CVE-2002-0655 (OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not prop ...)
- {DSA-136}
+ {DSA-136-3 DSA-136-2 DSA-136-1}
- openssl 0.9.6e-1
CVE-2002-1412 (Gallery photo album package before 1.3.1 allows local and possibly rem ...)
{DSA-138}
@@ -878055,7 +878055,7 @@ CVE-2003-0020 (Apache does not filter terminal escape sequences from its error l
CVE-2003-0019 (uml_net in the kernel-utils package for Red Hat Linux 8.0 has incorrec ...)
NOT-FOR-US: redhat 8.0 only
CVE-2003-0018 (Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O ...)
- {DSA-423 DSA-358}
+ {DSA-423 DSA-358-1}
- linux-2.6 <not-affected> (Fixed before upload into archive; in 2.5.27)
- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; in 2.4.21)
CVE-2003-0017 (Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers ...)
=====================================
data/DSA/list
=====================================
@@ -19496,9 +19496,15 @@
[17 Sep 2003] DSA-383 ssh-krb5 - possible remote vulnerability
{CVE-2003-0693 CVE-2003-0695 CVE-2003-0682}
[woody] - openssh-krb5 3.4p1-0woody4
-[16 Sep 2003] DSA-382 ssh - possible remote vulnerability
+[21 Sep 2003] DSA-382-3 ssh - possible remote vulnerability
{CVE-2003-0693 CVE-2003-0695 CVE-2003-0682}
[woody] - openssh 1:3.4p1-1.woody.3
+[17 Sep 2003] DSA-382-2 ssh - possible remote vulnerability
+ {CVE-2003-0693 CVE-2003-0695}
+ [woody] - openssh 1:3.4p1-1.woody.2
+[16 Sep 2003] DSA-382-1 ssh - possible remote vulnerability
+ {CVE-2003-0693}
+ [woody] - openssh 1:3.4p1-1.1
[13 Sep 2003] DSA-381 mysql - buffer overflow
{CVE-2003-0780}
[woody] - mysql 3.23.49-8.5
@@ -19551,9 +19557,13 @@
[05 Aug 2003] DSA-365 phpgroupware - several vulnerabilities
{CVE-2003-0504 CVE-2003-0599 CVE-2003-0657}
[woody] - phpgroupware 0.9.14-0.RC3.2.woody2
+[18 Aug 2003] DSA-364-3 man-db - buffer overflows, arbitrary command execution
+ [woody] - man-db 2.3.20-18.woody.4
+[08 Aug 2003] DSA-364-2 man-db - buffer overflows, arbitrary command execution
+ [woody] - man-db 2.3.20-18.woody.3
[04 Aug 2003] DSA-364 man-db - buffer overflows, arbitrary command execution
{CVE-2003-0620 CVE-2003-0645}
- [woody] - man-db 2.3.20-18.woody.4
+ [woody] - man-db 2.3.20-18.woody.2
[03 Aug 2003] DSA-363 postfix - denial of service, bounce-scanning
{CVE-2003-0468 CVE-2003-0540}
[woody] - postfix 1.1.11-0.woody3
@@ -19570,12 +19580,23 @@
[31 Jul 2003] DSA-359 atari800 - buffer overflows
{CVE-2003-0630}
[woody] - atari800 1.2.2-1woody2
-[31 Jul 2003] DSA-358 linux-kernel-2.4.18 - several vulnerabilities
- {CVE-2003-0461 CVE-2003-0462 CVE-2003-0476 CVE-2003-0501 CVE-2003-0550 CVE-2003-0551 CVE-2003-0552 CVE-2003-0018 CVE-2003-0619 CVE-2003-0643}
+[13 Aug 2003] DSA-358-4 linux-kernel-2.4.18 - several vulnerabilities
[woody] - kernel-source-2.4.18 2.4.18-13
- [woody] - kernel-image-2.4.18-1-i386 2.4.18-11
[woody] - kernel-image-2.4.18-i386bf 2.4.18-5woody4
- [woody] - kernel-image-2.4.18-1-alpha 2.4.18-10.
+ [woody] - kernel-image-2.4.18-1-i386 2.4.18-11
+ [woody] - kernel-image-2.4.18-1-alpha 2.4.18-10
+[04 Aug 2003] DSA-358-3 linux-kernel-2.4.18 - several vulnerabilities
+ [woody] - kernel-image-2.4.18-i386bf 2.4.18-5woody3
+[05 Aug 2003] DSA-358-2 linux-kernel-2.4.18 - several vulnerabilities
+ [woody] - kernel-source-2.4.18 2.4.18-12
+ [woody] - kernel-image-2.4.18-1-i386 2.4.18-10
+ [woody] - kernel-image-2.4.18-1-alpha 2.4.18-9
+[31 Jul 2003] DSA-358-1 linux-kernel-2.4.18 - several vulnerabilities
+ {CVE-2003-0461 CVE-2003-0462 CVE-2003-0476 CVE-2003-0501 CVE-2003-0550 CVE-2003-0551 CVE-2003-0552 CVE-2003-0018 CVE-2003-0619 CVE-2003-0643}
+ [woody] - kernel-source-2.4.18 2.4.18-11
+ [woody] - kernel-image-2.4.18-1-i386 2.4.18-9
+ [woody] - kernel-image-2.4.18-i386bf 2.4.18-5woody2
+ [woody] - kernel-image-2.4.18-1-alpha 2.4.18-8
[31 Jul 2003] DSA-357 wu-ftpd - remote root exploit
{CVE-2003-0466}
[woody] - wu-ftpd 2.6.2-3woody1
@@ -19702,10 +19723,15 @@
[11 Jun 2003] DSA-317 cupsys - denial of service
{CVE-2003-0195}
[woody] - cupsys 1.1.14-5
-[11 Jun 2003] DSA-316 nethack - buffer overflow, incorrect permissions
+[17 Jun 2003] DSA-316-3 jnethack - buffer overflow, incorrect permissions
{CVE-2003-0358 CVE-2003-0359}
- [woody] - nethack 3.4.0-3.0woody3
+ [woody] - jnethack 1.1.5-11woody2
+[11 Jun 2003] DSA-316-2 slashem - buffer overflow
+ {CVE-2003-0358}
[woody] - slashem 0.0.6E4F8-4.0woody3
+[11 Jun 2003] DSA-316-1 nethack - buffer overflow, incorrect permissions
+ {CVE-2003-0358 CVE-2003-0359}
+ [woody] - nethack 3.4.0-3.0woody3
[11 Jun 2003] DSA-315 gnocatan - buffer overflows, denial of service
{CVE-2003-0433}
[woody] - gnocatan 0.6.1-5woody2
@@ -19777,9 +19803,15 @@
[23 Apr 2003] DSA-293 kdelibs - insecure execution
{CVE-2003-0204}
[woody] - kdebase 4:2.2.2-13.woody.7
-[22 Apr 2003] DSA-292 mime-support - insecure temporary file creation
+[30 Apr 2003] DSA-292-3 mime-support - insecure temporary file creation
{CVE-2003-0214}
[woody] - mime-support 3.18-1.3
+[23 Apr 2003] DSA-292-2 mime-support - insecure temporary file creation
+ {CVE-2003-0214}
+ [woody] - mime-support 3.18-1.2
+[22 Apr 2003] DSA-292-1 mime-support - insecure temporary file creation
+ {CVE-2003-0214}
+ [woody] - mime-support 3.18-1.1
[22 Apr 2003] DSA-291 ircii - buffer overflows
{CVE-2003-0323}
[woody] - ircii 20020322-1.1
@@ -20255,11 +20287,19 @@
[30 Jul 2002] DSA-137 mm - insecure temporary files
{CVE-2002-0658}
[woody] - mm 1.1.3-6.1
-[30 Jul 2002] DSA-136 openssl - multiple remote exploits
+[17 Sep 2002] DSA-136-3 openssl - multiple remote exploits
{CVE-2002-0655 CVE-2002-0656 CVE-2002-0657 CVE-2002-0659}
[woody] - openssl094 0.9.4-6.woody.2
+[15 Sep 2002] DSA-136-2 openssl - multiple remote exploits
+ {CVE-2002-0655 CVE-2002-0656 CVE-2002-0657 CVE-2002-0659}
+ [woody] - openssl094 0.9.4-6.woody.1
[woody] - openssl095 0.9.5a-6.woody.1
[woody] - openssl 0.9.6c-2.woody.1
+[30 Jul 2002] DSA-136-1 openssl - multiple remote exploits
+ {CVE-2002-0655 CVE-2002-0656 CVE-2002-0657 CVE-2002-0659}
+ [woody] - openssl094 0.9.4-6.woody.0
+ [woody] - openssl095 0.9.5a-6.woody.0
+ [woody] - openssl 0.9.6c-2.woody.0
[02 Jul 2002] DSA-135 libapache-mod-ssl -- buffer overflow / DoS
{CVE-2002-0653}
[woody] - libapache-mod-ssl 2.8.9-2
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e41a224570d2824cebe0b2e4e534d0743c8696cc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e41a224570d2824cebe0b2e4e534d0743c8696cc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250913/a7226c67/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list