Moritz Muehlenhoff
2005-Nov-07 10:23 UTC
[Secure-testing-commits] r2682 - in data: CVE DSA
Author: jmm-guest
Date: 2005-11-07 10:22:37 +0000 (Mon, 07 Nov 2005)
New Revision: 2682
Modified:
data/CVE/list
data/DSA/list
Log:
convert august to the new DSA format
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-11-07 08:49:52 UTC (rev 2681)
+++ data/CVE/list 2005-11-07 10:22:37 UTC (rev 2682)
@@ -13919,7 +13919,7 @@
CVE-2004-0793 (The calendar program in bsdmainutils 6.0 through 6.0.14 does not
drop ...)
- bsdmainutils 6.0.15
CVE-2004-0792 (Directory traversal vulnerability in the sanitize_path function
in ...)
- - rsync 2.6.3
+ - rsync 2.6.2-3
CVE-2004-0791 (Multiple TCP/IP and ICMP implementations allow remote attackers
to ...)
NOTE: All 2.4 and 2.6 kernels verify the TCP sequence numbering when errors
occur
NOTE: Kernel will never abort due to an ICMP packet
@@ -13950,6 +13950,7 @@
- gdk-pixbuf 0.22.0-7
CVE-2004-0781 (Cross-site scripting (XSS) vulnerability in list.cgi in the
Icecast ...)
{DSA-541}
+ - icecast-server 1:1.3.12-8
CVE-2004-0780
RESERVED
CVE-2004-0779 (The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web
browsers ...)
@@ -13979,6 +13980,8 @@
- lha 1.14i-9 (bug #279870)
CVE-2004-0768 (libpng 1.2.5 and earlier does not properly calculate certain
buffer ...)
{DSA-536}
+ - libpng 1.0.15-6
+ - libpng3 1.2.5.0-7
CVE-2004-0767 (NGSEC StackDefender 1.10 allows attackers to cause a denial of
service ...)
NOT-FOR-US: NGSEC StackDefender
CVE-2004-0766 (NGSEC StackDefender 2.0 allows attackers to cause a denial of
service ...)
@@ -14012,7 +14015,9 @@
RESERVED
CVE-2004-0755 (The FileStore capability in CGI::Session for Ruby before 1.8.1,
and ...)
{DSA-537}
- - gaim 1:0.82.1-1
+ - ruby1.8 1.8.1+1.8.2pre1-4
+ - ruby <removed>
+ TODO: is ruby1.6 vulnerable?
CVE-2004-0754 (Integer overflow in Gaim before 0.82 allows remote attackers to
cause ...)
- gaim 1:0.82.1-1
CVE-2004-0753 (The BMP image processor for (1) gdk-pixbuf before 0.22 and (2)
gtk2 ...)
@@ -14149,15 +14154,22 @@
- lha 1.14i-10 (bug #279870)
CVE-2004-0693 (The GIF parser in the QT library (qt3) before 3.3.3 allows
remote ...)
{DSA-542-1}
+ - qt-x11-free 3:3.3.3-4
+ - qt-copy <removed>
CVE-2004-0692 (The XPM parser in the QT library (qt3) before 3.3.3 allows
remote ...)
{DSA-542-1}
+ - qt-x11-free 3:3.3.3-4
+ - qt-copy <removed>
CVE-2004-0691 (Heap-based buffer overflow in the BMP image format parser for
the QT ...)
{DSA-542-1}
+ - qt-x11-free 3:3.3.3-4
+ - qt-copy <removed>
CVE-2004-0690 (The DCOPServer in KDE 3.2.3 and earlier allows local users to
gain ...)
- kdelibs 4:3.2.3-3.sarge.1
NOTE: in t-p-u, 4.3.3 in unstable is also fixed
CVE-2004-0689 (KDE before 3.3.0 does not properly handle when certain symbolic
links ...)
{DSA-539}
+ - kdelibs 4:3.3.0-1
CVE-2004-0688 (Multiple integer overflows in (1) the xpmParseColors function in
...)
{DSA-561-1 DSA-560-1}
NOTE: Matej Vela has checked that these are backported to lesstif1 as well
@@ -14280,6 +14292,7 @@
{DSA-529}
CVE-2004-0639 (Multiple cross-site scripting (XSS) vulnerabilities in
Squirrelmail ...)
{DSA-535}
+ - squirrelmail 2:1.4.3a-0.1
CVE-2004-0638 (Buffer overflow in the KSDWRTB function in the dbms_system
package ...)
NOT-FOR-US: Oracle
CVE-2004-0637 (Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local
users to ...)
@@ -14366,12 +14379,16 @@
- samba 3.0.5 (bug #260838)
CVE-2004-0599 (Multiple integer overflows in the (1) png_read_png in pngread.c
or (2) ...)
{DSA-571-1 DSA-570-1 DSA-536}
- - libpng3 1.2.5.0-9
- - libpng 1.0.15-8
+ - libpng 1.0.15-6
+ - libpng3 1.2.5.0-7
CVE-2004-0598 (The png_handle_iCCP function in libpng 1.2.5 and earlier allows
remote ...)
{DSA-536}
+ - libpng 1.0.15-6
+ - libpng3 1.2.5.0-7
CVE-2004-0597 (Multiple buffer overflows in libpng 1.2.5 and earlier, as used
in ...)
{DSA-536}
+ - libpng 1.0.15-6
+ - libpng3 1.2.5.0-7
CVE-2004-0596 (The Equalizer Load-balancer for serial network interfaces
(eql.c) in ...)
NOTE: Fixed in upstream ( <= 2.6.7)
CVE-2004-0595 (The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to
...)
@@ -14544,10 +14561,13 @@
{DSA-512}
CVE-2004-0521 (SQL injection vulnerability in SquirrelMail before 1.4.3 RC1
allows ...)
{DSA-535}
+ - squirrelmail 2:1.4.3a-0.1
CVE-2004-0520 (Cross-site scripting (XSS) vulnerability in mime.php for
SquirrelMail ...)
{DSA-535}
+ - squirrelmail 2:1.4.3a-0.1
CVE-2004-0519 (Multiple cross-site scripting (XSS) vulnerabilities in
SquirrelMail ...)
{DSA-535}
+ - squirrelmail 2:1.4.3a-0.1
CVE-2004-0518 (Unknown vulnerability in AppleFileServer for Mac OS X 10.3.4,
related ...)
NOT-FOR-US: MacOS
CVE-2004-0517 (Unknown vulnerability in Mac OS X 10.3.4, related to
"handling of ...)
@@ -14679,6 +14699,8 @@
- mah-jong 1.6.2-1
CVE-2004-0457 (The mysqlhotcopy script in mysql 4.0.20 and earlier, when using
the ...)
{DSA-540}
+ - mysql-dfsg 4.0.20-11
+ - mysql <removed>
CVE-2004-0456 (Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and
possibly ...)
{DSA-527}
CVE-2004-0455 (Buffer overflow in cgi.c in www-sql before 0.5.7 allows local
users to ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2005-11-07 08:49:52 UTC (rev 2681)
+++ data/DSA/list 2005-11-07 10:22:37 UTC (rev 2682)
@@ -1418,29 +1418,29 @@
NOTE: Previous DSA had regressions
[30 Aug 2004] DSA-542-1 qt - unsanitised input
{CVE-2004-0691 CVE-2004-0692 CVE-2004-0693}
- - qt-x11-free 3:3.3.3-4
+ [woody] - qt-copy 3.0.3-20020329-1woody2
[25 Aug 2004] DSA-541 icecast-server - cross site scripting
{CVE-2004-0781}
- - icecast-server 1:1.3.12-8
+ [woody] - icecast-server 1:1.3.11-4.2
[18 Aug 2004] DSA-540 mysql-dfsg - insecure file creation
{CVE-2004-0457}
- - mysql-dfsg 4.0.20-11
+ [woody] - mysql 3.23.49-8.7
[18 Aug 2004] DSA-539 kdelibs - denial of service
{CVE-2004-0689}
- - kdelibs 4:3.2.3-3.sarge.1
+ [woody] - kdelibs 2.2.2-13.woody.12
[17 Aug 2004] DSA-538 rsync - unauthorised directory traversal and file access
- - rsync 2.6.2-3
+ {CVE-2004-0792}
+ [woody] - rsync 2.5.5-0.6
[16 Aug 2004] DSA-537 ruby - insecure file permissions
{CVE-2004-0755}
- - ruby1.8 1.8.1+1.8.2pre1-4
- TODO: is ruby1.6 vulnerable?
+ [woody] - ruby 1.6.7-3woody3
[04 Aug 2004] DSA-536 libpng - several vulnerabilities
{CVE-2004-0597 CVE-2004-0598 CVE-2004-0599 CVE-2004-0768}
- - libpng 1.0.15-6
- - libpng3 1.2.5.0-7
+ [woody] - libpng 1.0.12-3.woody.7
+ [woody] - libpng3 1.2.1-1.1.woody.7
[02 Aug 2004] DSA-535 squirrelmail - several vulnerabilities
{CVE-2004-0519 CVE-2004-0520 CVE-2004-0521 CVE-2004-0639}
- - squirrelmail 2:1.4.3a-0.1
+ [woody] - squirrelmail 1:1.2.6-1.4
[22 Jul 2004] DSA-534 mailreader - directory traversal
{CVE-2002-1581}
- mailreader 2.3.29-9