Moritz Muehlenhoff
2005-Nov-18 15:02 UTC
[Secure-testing-commits] r2785 - in data: CVE DSA
Author: jmm-guest
Date: 2005-11-18 15:01:54 +0000 (Fri, 18 Nov 2005)
New Revision: 2785
Modified:
data/CVE/list
data/DSA/list
Log:
more DSA conversions
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-11-18 10:31:04 UTC (rev 2784)
+++ data/CVE/list 2005-11-18 15:01:54 UTC (rev 2785)
@@ -16273,6 +16273,7 @@
NOTE: show the beaviour described in
http://www.securitytracker.com/alerts/2004/Jan/1008628.html
CVE-2004-0041 (mod-auth-shadow 1.4 and earlier does not properly enforce the
...)
{DSA-421}
+ - mod-auth-shadow 1.4-1
CVE-2004-0039 (Multiple format string vulnerabilities in HTTP Application ...)
NOT-FOR-US: Check Point Firewall
CVE-2004-0038 (McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a
Patch 3 ...)
@@ -16395,6 +16396,7 @@
NOT-FOR-US: solaris
CVE-2003-1023 (Stack-based buffer overflow in vfs_s_resolve_symlink of
vfs/direntry.c ...)
{DSA-424}
+ - mc 1:4.6.0-4.6.1-pre1-1
CVE-2003-1021 (The scosession program in OpenServer 5.0.6 and 5.0.7 allows
local ...)
NOT-FOR-US: SCO
CVE-2003-1020 (The format_send_to_gui function in formats.c for irssi before
0.8.9 ...)
@@ -16495,6 +16497,7 @@
- screen 4.0.2-0.1
CVE-2003-0971 (GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates
ElGamal ...)
{DSA-429}
+ - gnupg 1.2.4-1
CVE-2003-0970 (The Network Management Port on Sun Fire B1600 systems allows
remote ...)
NOT-FOR-US: Sun Fire B1600
CVE-2003-0968 (Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb
...)
@@ -17366,13 +17369,13 @@
NOT-FOR-US: Netscape
CVE-2003-0552 (Linux 2.4.x allows remote attackers to spoof the bridge
Forwarding ...)
{DSA-423 DSA-358}
- NOTE: fixed in 2.4.22-pre3
+ - kernel-source-2.4.27 <not-affected> (Fixed before upload in the
archive; 2.4.22-pre3)
CVE-2003-0551 (The STP protocol implementation in Linux 2.4.x does not properly
...)
{DSA-423 DSA-358}
- NOTE: fixed in 2.4.22-pre3
+ - kernel-source-2.4.27 <not-affected> (Fixed before upload in the
archive; 2.4.22-pre3)
CVE-2003-0550 (The STP protocol, as enabled in Linux 2.4.x, does not provide
...)
{DSA-423 DSA-358}
- NOTE: fixed in 2.4.22-pre3
+ - kernel-source-2.4.27 <not-affected> (Fixed before upload in the
archive; 2.4.22-pre3)
CVE-2003-0549 (The X Display Manager Control Protocol (XDMCP) support for GDM
before ...)
- gdm 2.4.1.5
CVE-2003-0548 (The X Display Manager Control Protocol (XDMCP) support for GDM
before ...)
@@ -17474,7 +17477,7 @@
NOT-FOR-US: Apple Quicktime
CVE-2003-0501 (The /proc filesystem in Linux allows local users to obtain
sensitive ...)
{DSA-423 DSA-358}
- NOTE: fixed in 2.4.22-pre10
+ - kernel-source-2.4.27 <not-affected> (Fixed before upload in the
archive; 2.4.22-pre10)
CVE-2003-0500 (SQL injection vulnerability in the PostgreSQL authentication
module ...)
{DSA-338}
CVE-2003-0499 (Mantis 0.17.5 and earlier stores its database password in
cleartext in ...)
@@ -17525,7 +17528,7 @@
- wzdftpd 0.2
CVE-2003-0476 (The execve system call in Linux 2.4.x records the file
descriptor of ...)
{DSA-423 DSA-358}
- NOTE: fixed in 2.4.22-pre4
+ - kernel-source-2.4.27 <not-affected> (Fixed before upload in the
archive; 2.4.22-pre4)
CVE-2003-0475 (Directory traversal vulnerability in iWeb Server 2 allows remote
...)
NOT-FOR-US: iWeb server
CVE-2003-0474 (Directory traversal vulnerability in iWeb Server allows remote
...)
@@ -17560,8 +17563,10 @@
RESERVED
CVE-2003-0462 (A race condition in the way env_start and env_end pointers are
...)
{DSA-423 DSA-358}
+ - kernel-source-2.4.27 <not-affected> (Fixed before upload in the
archive; 2.4.22-pre10)
CVE-2003-0461 (/proc/tty/driver/serial in Linux 2.4.x reveals the exact number
of ...)
{DSA-423 DSA-358}
+ TODO: Check
CVE-2003-0460 (The rotatelogs program on Apache before 1.3.28, for Windows and
OS/2 ...)
NOT-FOR-US: apache for win and os/2
CVE-2003-0459 (KDE Konqueror for KDE 3.1.2 and earlier does not remove
authentication ...)
@@ -18248,7 +18253,7 @@
- evolution 1.2.3
CVE-2003-0127 (The kernel module loader in Linux kernel 2.2.x before 2.2.25,
and ...)
{DSA-495 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311 DSA-276 DSA-270}
- TODO: Map this on current kernels
+ - kernel-source-2.4.27 <not-affected> (Fixed before upload in the
archive, in 2.4.21)
CVE-2003-0126 (The web interface for SOHO Routefinder 550 firmware 4.63 and
earlier, ...)
NOT-FOR-US: SOHO Routefinder 550 firmware
CVE-2003-0121 (Clearswift MAILsweeper 4.x allows remote attackers to bypass
...)
@@ -19664,6 +19669,7 @@
NOT-FOR-US: phpgedview, not in debian
CVE-2004-0028 (jitterbug 1.6.2 does not properly sanitize inputs, which allows
remote ...)
{DSA-420}
+ - jitterbug 1.6.2-4.5
CVE-2004-0016 (The calendar module for phpgroupware 0.9.14 does not enforce the
"save ...)
{DSA-419}
CVE-2004-0015 (vbox3 0.1.8 and earlier does not properly drop privileges before
...)
@@ -19857,7 +19863,7 @@
NOT-FOR-US: redhat 8.0 only
CVE-2003-0018 (Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle
the ...)
{DSA-423 DSA-358}
- NOTE: fixed after 2.6/2.4.21 kernel
+ - kernel-source-2.4.27 <not-affected> (Fixed before upload into archive;
in 2.4.21)
CVE-2003-0017 (Apache 2.0 before 2.0.44 on Windows platforms allows remote
attackers ...)
NOT-FOR-US: apache on windows
CVE-2003-0016 (Apache before 2.0.44, when running on unpatched Windows 9x and
Me ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2005-11-18 10:31:04 UTC (rev 2784)
+++ data/DSA/list 2005-11-18 15:01:54 UTC (rev 2785)
@@ -1880,16 +1880,16 @@
[woody] - trr19 1.0beta5-15woody1
[26 Jan 2004] DSA-429 gnupg - cryptographic weakness
{CVE-2003-0971}
- - gnupg 1.2.4-1
+ [woody] - gnupg 1.0.6-4woody1
[20 Jan 2004] DSA-428 slocate - buffer overflow
{CVE-2003-0848}
- - slocate 2.7-3
+ [woody] - slocate 2.6-1.3.2
[19 Jan 2004] DSA-427 linux-kernel-2.4.17-mips+mipsel - missing boundary check
{CVE-2003-0985}
- NOTE: 2.4.17 not present. Did not check newer kernels.
+ [woody] - kernel-patch-2.4.17-mips 2.4.17-0.020226.2.woody3
[18 Jan 2004] DSA-426 netpbm-free - insecure temporary files
{CVE-2003-0924}
- - netpbm-free 2:9.25-9
+ [woody] - netpbm-free 2:9.20-8.4
[16 Jan 2004] DSA-425 tcpdump - multiple vulnerabilities
{CVE-2003-1029 CVE-2003-0989 CVE-2004-0055 CVE-2004-0057}
TODO: No idea if this is fixed, we have a new upstream version
@@ -1898,18 +1898,18 @@
NOTE: Mailed maintainer.
[16 Jan 2004] DSA-424 mc - buffer overflow
{CVE-2003-1023}
- - mc 1:4.6.0-4.6.1-pre1-1
+ [woody] - mc 4.5.55-1.2woody2
[15 Jan 2004] DSA-423 linux-kernel-2.4.17-ia64 - several vulnerabilities
{CVE-2003-0001 CVE-2003-0018 CVE-2003-0127 CVE-2003-0461 CVE-2003-0462
CVE-2003-0476 CVE-2003-0501 CVE-2003-0550 CVE-2003-0551 CVE-2003-0552
CVE-2003-0961 CVE-2003-0985}
- NOTE: 2.4.17 not present. Did not check newer kernels.
+ [woody] - kernel-image-2.4.17-ia64 kernel-image-2.4.17-ia64
[13 Jan 2004] DSA-422 cvs - remote vulnerability
- - cvs 1:1.11.11
+ [woody] - cvs 1.11.11
[12 Jan 2004] DSA-421 mod-auth-shadow - password expiration
{CVE-2004-0041}
- - mod-auth-shadow 1.4-1
+ [woody] - mod-auth-shadow 1.3-3.1woody.1
[12 Jan 2004] DSA-420 jitterbug - improperly sanitised input
{CVE-2004-0028}
- - jitterbug 1.6.2-4.5
+ [woody] - jitterbug 1.6.2-4.2woody2
[09 Jan 2004] DSA-419 phpgroupware - missing filename sanitising, SQL injection
{CVE-2004-0016 CVE-2004-0017}
- phpgroupware 0.9.14.007-4