Moritz Muehlenhoff
2005-Nov-02 11:05 UTC
[Secure-testing-commits] r2644 - in data: CVE DSA
Author: jmm-guest
Date: 2005-11-02 10:48:41 +0000 (Wed, 02 Nov 2005)
New Revision: 2644
Modified:
data/CVE/list
data/DSA/list
Log:
convert the remaining DSA entries from oct to the new format
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-11-02 10:25:37 UTC (rev 2643)
+++ data/CVE/list 2005-11-02 10:48:41 UTC (rev 2644)
@@ -13416,6 +13416,7 @@
CVE-2004-0911 (telnetd for netkit 0.17 and earlier, and possibly other
versions, on ...)
{DSA-569-1 DSA-556-1}
- netkit-telnet-ssl 0.17.24+0.1-4
+ - netkit-telnet 0.17-26
CVE-2004-0910
REJECTED
CVE-2004-0909 (Mozilla Firefox before the Preview Release, Mozilla before
1.7.3, and ...)
@@ -13496,9 +13497,9 @@
CVE-2004-0885 (The mod_ssl module in Apache 2.0.35 through 2.0.52, when using
the ...)
- apache2 2.0.52-2
CVE-2004-0884 (The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18
and ...)
- {DSA-568-1 DSA-563-1}
- - cyrus-sasl-mit <removed>
- NOTE: maintainer reports hole not in cyrus-sasl2-mit
+ {DSA-568-1 DSA-563-3}
+ - cyrus-sasl <removed>
+ - cyrus-sasl2 2.1.19-1.3 (bug #275431)
CVE-2004-0883 (Multiple vulnerabilities in the samba filesystem (smbfs) in
Linux ...)
- kernel-source-2.4.27 2.4.27-6
- kernel-source-2.6.8 2.6.8-13
@@ -13578,6 +13579,7 @@
- htget <removed>
CVE-2004-0851 (The (1) write_list and (2) dump_curr_list functions in Net-Acct
before ...)
{DSA-559-1}
+ - net-acct 0.71-7
CVE-2004-0850 (Star before 1.5_alpha46 does not drop the effective user ID
(euid) ...)
- star 1.5a46
CVE-2004-0849 (Integer overflow in the asn_decode_string() function defined in
asn1.c ...)
@@ -13605,10 +13607,13 @@
NOT-FOR-US: microsoft
CVE-2004-0837 (MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows
attackers to ...)
{DSA-562-2}
+ - mysql <removed>
CVE-2004-0836 (Buffer overflow in the mysql_real_connect function in MySQL 4.x
before ...)
{DSA-562-2}
+ - mysql <removed>
CVE-2004-0835 (MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2,
and ...)
{DSA-562-2}
+ - mysql <removed>
CVE-2004-0834 (Format string vulnerability in Speedtouch USB driver before
1.3.1 ...)
- speedtouch 1.3.1
CVE-2004-0833 (Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and
...)
@@ -13670,6 +13675,7 @@
CVE-2004-0809 (The mod_dav module in Apache 2.0.50 and earlier allows remote
...)
{DSA-558-1}
- apache2 2.0.51-1
+ - libapache-mod-dav 1.0.3-10
CVE-2004-0808 (The process_logon_packet function in the nmbd server for Samba
3.0.6 ...)
- samba 3.0.7
CVE-2004-0807 (Samba 3.0.6 and earlier allows remote attackers to cause a
denial of ...)
@@ -13943,15 +13949,19 @@
CVE-2004-0688 (Multiple integer overflows in (1) the xpmParseColors function in
...)
{DSA-561-1 DSA-560-1}
NOTE: Matej Vela has checked that these are backported to lesstif1 as well
- - lesstif1-1 1:0.93.94-9
+ - lesstif1-1 1:0.93.94-10
NOTE: openmotif is non-free
- openmotif 2.2.3-1.1 (bug #308819; low)
+ - xfree86 4.3.0.dfsg.1-8
+ - xorg-x11 <not-affected> (Fixed before introduction into archive)
CVE-2004-0687 (Multiple stack-based buffer overflows in (1) xpmParseColors in
...)
{DSA-561-1 DSA-560-1}
NOTE: Matej Vela has checked that these are backported to lesstif1 as well
- - lesstif1-1 1:0.93.94-9
+ - lesstif1-1 1:0.93.94-10
NOTE: openmotif is non-free
- openmotif 2.2.3-1.1 (bug #308819; low)
+ - xfree86 4.3.0.dfsg.1-8
+ - xorg-x11 <not-affected> (Fixed before introduction into archive)
CVE-2004-0686 (Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4,
when the ...)
- samba 3.0.5 (bug #260839; bug #260838)
CVE-2004-0685 (Certain USB drivers in the Linux 2.4 kernel use the copy_to_user
...)
@@ -14220,6 +14230,7 @@
NOTE: appears fixed in 2.4.27/2.6.8
CVE-2004-0564 (Roaring Penguin pppoe (rp-ppoe), if installed or configured to
run ...)
{DSA-557-1}
+ - pppoe 3.5-4
CVE-2004-0563 (The tspc.conf configuration file in freenet6 before 0.9.6 and
before ...)
{DSA-555-1}
CVE-2004-0562
Modified: data/DSA/list
==================================================================---
data/DSA/list 2005-11-02 10:25:37 UTC (rev 2643)
+++ data/DSA/list 2005-11-02 10:48:41 UTC (rev 2644)
@@ -1324,36 +1324,35 @@
[woody] - sox 12.17.3-4woody2 (bug #262083)
[13 Oct 2004] DSA-564-1 mpg123 - missing user input sanitising
{CVE-2004-0805}
- - mpg123 0.59r-16
-[12 Oct 2004] DSA-563-1 cyrus-sasl - unsanitised input
+ [woody] - mpg123 0.59r-13woody3
+[12 Oct 2004] DSA-563-3 cyrus-sasl - unsanitised input
{CVE-2004-0884}
- - cyrus-sasl 1.5.28-6.2 (bug #275432)
- - cyrus-sasl2 2.1.19-1.3 (bug #275431)
+ [woody] - cyrus-sasl 1.5.27-3.1woody5 (bug #275432)
+ NOTE: 563-1 and 563-2 had problems on sparc/arm and with sendmail
[11 Oct 2004] DSA-562-2 mysql - several vulnerabilities
{CVE-2004-0835 CVE-2004-0836 CVE-2004-0837}
- - mysql 4.0.21-1
+ [woody] - mysql 3.23.49-8.8
[11 Oct 2004] DSA-561-1 xfree86 - integer and stack overflows
{CVE-2004-0687 CVE-2004-0688}
- - xfree86 4.3.0.dfsg.1-8
+ [woody] - xfree86 4.1.0-16woody4
[07 Oct 2004] DSA-600-1 samba - arbitrary file access
{CVE-2004-0815}
[woody] - samba 2.2.3a-14.1
[07 Oct 2004] DSA-560-1 lesstif1-1 - integer and stack overflows
{CVE-2004-0687 CVE-2004-0688}
- - lesstif1-1 1:0.93.94-10
+ [woody] - lesstif1-1 0.93.18-5
[06 Oct 2004] DSA-559-1 net-acct - insecure temporary file
{CVE-2004-0851}
- - net-acct 0.71-7
+ [woody] - net-acct 0.71-5woody1
[06 Oct 2004] DSA-558-1 libapache-mod-dav - null pointer dereference
{CVE-2004-0809}
- - libapache-mod-dav 1.0.3-10
- - apache2 2.0.51-1
+ [woody] - libapache-mod-dav 1.0.3-3.1
[04 Oct 2004] DSA-557-1 pppoe - missing privilegue dropping
{CVE-2004-0564}
- - pppoe 3.5-4
+ [woody] - pppoe 3.3-1.2
[03 Oct 2004] DSA-556-1 netkit-telnet - invalid free(3)
{CVE-2004-0911}
- - netkit-telnet 0.17-26
+ [woody] - netkit-telnet 0.17-18woody2
[30 Sep 2004] DSA-555-1 freenet6 - file permissions
{CVE-2004-0563}
- freenet6 1.0-2.2