Author: fw
Date: 2005-11-08 21:18:04 +0000 (Tue, 08 Nov 2005)
New Revision: 2697
Modified:
data/CVE/list
data/DSA/list
Log:
Another discripancy spotted by Willi Mann: The DSA-820 update
also fixes CVE-2005-2769, according to its changelog.
Switch to source package courier to avoid conflict.
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-11-08 21:14:22 UTC (rev 2696)
+++ data/CVE/list 2005-11-08 21:18:04 UTC (rev 2697)
@@ -1882,7 +1882,7 @@
CVE-2005-2770 (WRQ Reflection for Secure IT Windows Server 6.0 (formerly known
as ...)
NOT-FOR-US: Reflection for Secure IT
CVE-2005-2769 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and
...)
- - sqwebmail 0.47-9 (bug #327727; medium)
+ - courier 0.47-9 (bug #327727; medium)
CVE-2005-2768 (Heap-based buffer overflow in the Sophos Antivirus Library, as
used by ...)
NOT-FOR-US: Sophos AntiVirus
CVE-2005-2767 (Buffer overflow in LeapFTP allows remote attackers to execute
...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2005-11-08 21:14:22 UTC (rev 2696)
+++ data/DSA/list 2005-11-08 21:18:04 UTC (rev 2697)
@@ -313,10 +313,12 @@
NOTE: not fixed in testing at time of DSA (waiting on gmp)
NOTE: python2.3 is not in woody
[24 Sep 2005] DSA-820-1 courier - missing input sanitising
- {CVE-2005-2820}
+ {CVE-2005-2820 CVE-2005-2769}
[woody] - courier 0.37.3-2.7 (medium)
[sarge] - courier 0.47-4sarge3 (medium)
NOTE: fixed in testing at time of DSA
+ NOTE: CVE-2005-2769 listed as fixed in the changelog, missing from
+ NOTE: DSA.
[23 Sep 2005] DSA-819-1 python2.1 - integer overflow
{CVE-2005-2491}
[woody] - python2.1 2.1.3-3.4 (medium)