thr3ads.net - Secure testing commits - [Secure-testing-commits] r2875

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2005-Nov-27 20:06 UTC
[Secure-testing-commits] r2875 - in data: CVE DSA

Author: jmm-guest
Date: 2005-11-27 20:05:59 +0000 (Sun, 27 Nov 2005)
New Revision: 2875

Modified:
   data/CVE/list
   data/DSA/list
Log:
convert july 2003 to the new format


Modified: data/CVE/list
==================================================================---
data/CVE/list	2005-11-27 19:38:29 UTC (rev 2874)
+++ data/CVE/list	2005-11-27 20:05:59 UTC (rev 2875)
@@ -1,3 +1,6 @@
+CVE-2003-XXXX [Insecure tempfile in x-face-el]
+	- x-face-el 1.3.6.23-1
+	NOTE: DSA-340
 CVE-2005-XXXX [Buffer overflow in unalz]
 	- unalz <unfixed> (bug #340842; medium)
 CVE-2005-XXXX [potential dos against gaim-encryption]
@@ -17606,13 +17609,15 @@
 	- perl 5.8.0-19
 CVE-2003-0614 (Cross-site scripting (XSS) vulnerability in search.php of
Gallery 1.1 ...)
 	{DSA-355}
-	- zblast 1.2.1-7
+	- gallery 1.3.4-3
 CVE-2003-0613 (Buffer overflow in zblast-svgalib of zblast 1.2.1 and earlier
allows ...)
 	{DSA-369}
+	- zblast 1.2.1-7
 CVE-2003-0612 (Multiple buffer overflows in main.c for Crafty 19.3 allow local
users ...)
 	- crafty 19.3-1
 CVE-2003-0611 (Multiple buffer overflows in xtokkaetama 1.0 allow local users
to ...)
 	{DSA-356}
+	- xtokkaetama 1.0b-8
 CVE-2003-0610 (Directory traversal vulnerability in ePO agent for McAfee
ePolicy ...)
 	NOT-FOR-US: McAfee
 CVE-2003-0609 (Stack-based buffer overflow in the runtime linker, ld.so.1, on
Solaris ...)
@@ -17621,6 +17626,7 @@
 	RESERVED
 CVE-2003-0607 (Buffer overflow in xconq 7.4.1 allows local users to become part
of ...)
 	{DSA-354}
+	- xconq 7.4.1-2.1 (bug #202963)
 CVE-2003-0606 (sup 1.8 and earlier does not properly create temporary files,
which ...)
 	{DSA-353}
 	- sup 1.8-9
@@ -17647,7 +17653,7 @@
 	NOT-FOR-US: Unixware
 CVE-2003-0596 (FDclone 2.00a, and other versions before 2.02a, creates
temporary ...)
 	{DSA-352}
-	- fdclone 2.02a
+	- fdclone 2.04-1
 CVE-2003-0595 (Buffer overflow in WiTango Application Server and Tango 2000
allows ...)
 	NOT-FOR-US: WiTango Application Server and Tango 2000
 CVE-2003-0594 (Mozilla allows remote attackers to bypass intended cookie access
...)
@@ -17782,14 +17788,20 @@
 	- postfix 1.1.12
 CVE-2003-0539 (skk (Simple Kana to Kanji conversion program) 12.1 and earlier,
and ...)
 	{DSA-343}
+	- skk 10.62a-6
+	- ddskk 12.1.cvs.20030622-1
 CVE-2003-0538 (The mailcap file for mozart 1.2.5 and earlier causes Oz
applications ...)
 	{DSA-342}
+	- mozart 1.2.5.20030212-2
 CVE-2003-0537 (The liece Emacs IRC client 2.0+0.20030527 and earlier creates
...)
 	{DSA-341}
+	- liece 2.0+0.20030527cvs-1
 CVE-2003-0536 (Directory traversal vulnerability in phpSysInfo 2.1 and earlier
allows ...)
 	{DSA-346}
+	- phpsysinfo 2.1-1
 CVE-2003-0535 (Buffer overflow in xbl 1.0k and earlier allows local users to
gain ...)
 	{DSA-345}
+	- xbl 1.0k-6
 CVE-2003-0534
 	RESERVED
 CVE-2003-0533 (Stack-based buffer overflow in certain Active Directory service
...)
@@ -17830,6 +17842,7 @@
 	- mgetty 1.1.29 (bug #199351)
 CVE-2003-0515 (SQL injection vulnerabilities in the (1) PostgreSQL or (2) MySQL
...)
 	{DSA-347}
+	- teapop 0.3.5-2
 CVE-2003-0514 (Apple Safari allows remote attackers to bypass intended cookie
access ...)
 	NOT-FOR-US: Safari
 CVE-2003-0513 (Microsoft Internet Explorer allows remote attackers to bypass
intended ...)
@@ -17862,6 +17875,7 @@
 	- kernel-source-2.4.27 <not-affected> (Fixed before upload in the
archive; 2.4.22-pre10)
 CVE-2003-0500 (SQL injection vulnerability in the PostgreSQL authentication
module ...)
 	{DSA-338}
+	- proftpd 1.2.8-8
 CVE-2003-0499 (Mantis 0.17.5 and earlier stores its database password in
cleartext in ...)
 	{DSA-335}
 CVE-2003-0498 (Cach&#129;&#195;&#129;&#169; Database 5.x
installs the /cachesys/csp directory with insecure ...)
@@ -17969,6 +17983,7 @@
 	{DSA-334}
 CVE-2003-0453 (traceroute-nanog 6.1.1 allows local users to overwrite
unauthorized ...)
 	{DSA-348}
+	- traceroute-nanog 6.3.6-3
 CVE-2003-0452 (Buffer overflows in osh before 1.7-11 allow local users to
execute ...)
 	{DSA-329}
 CVE-2003-0451 (Multiple buffer overflows in xbl before 1.0k allow local users
to gain ...)
@@ -17987,14 +18002,18 @@
 	{DSA-328}
 CVE-2003-0444 (Heap-based buffer overflow in GTKSee 0.5 and 0.5.1 allows remote
...)
 	{DSA-337}
+	- gtksee 0.5.6-1
 CVE-2003-0443
 	RESERVED
 CVE-2003-0442 (Cross-site scripting (XSS) vulnerability in the transparent SID
...)
 	{DSA-351}
+	- php4 4:4.3.2+rc3-1
 CVE-2003-0441 (Multiple buffer overflows in Orville Write (orville-write) 2.53
and ...)
 	{DSA-326}
 CVE-2003-0440 (The (1) semi MIME library 1.14.5 and earlier, and (2) wemi
1.14.0 and ...)
 	{DSA-339}
+	- semi 1.14.5+20030609-1 (bug #223456)
+	- wemi <removed>
 CVE-2003-0439
 	RESERVED
 CVE-2003-0438 (eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows
local ...)
@@ -18164,6 +18183,7 @@
 	{DSA-316}
 CVE-2003-0358 (Buffer overflow in (1) nethack 3.4.0 and earlier, and (2)
falconseye ...)
 	{DSA-350 DSA-316}
+	- falconseye 1.9.3-9
 CVE-2003-0357 (Multiple integer overflow vulnerabilities in Ethereal 0.9.11 and
...)
 	{DSA-313}
 CVE-2003-0356 (Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and
earlier ...)
@@ -18328,6 +18348,7 @@
 	NOT-FOR-US: Phorum
 CVE-2003-0282 (Directory traversal vulnerability in UnZip 5.50 allows attackers
to ...)
 	{DSA-344}
+	- unzip 5.50-3
 CVE-2003-0281 (Buffer overflow in Firebird 1.0.2 and other versions before 1.5,
and ...)
 	- firebird2 1.5.1-1
 	NOTE: firebird (1) in debian is very insecure and vulnerable, but
@@ -18390,6 +18411,7 @@
 	- apache2 2.0.47
 CVE-2003-0252 (Off-by-one error in the xlog function of mountd in the Linux NFS
utils ...)
 	{DSA-349}
+	- nfs-utils 1:1.0.3-2
 CVE-2003-0251 (ypserv NIS server before 2.7 allows remote attackers to cause a
denial ...)
 	NOTE: actually, we need ypserv 2.7, nis 3.11 has ypserv 2.13
 	- nis 3.11

Modified: data/DSA/list
==================================================================---
data/DSA/list	2005-11-27 19:38:29 UTC (rev 2874)
+++ data/DSA/list	2005-11-27 20:05:59 UTC (rev 2875)
@@ -2157,66 +2157,65 @@
 	[woody] - wu-ftpd 2.6.2-3woody1
 [30 Jul 2003] DSA-356 xtokkaetama - buffer overflows
 	{CVE-2003-0611}
-	- xtokkaetama 1.0b-8
+	[woody] - xtokkaetama 1.0b-6woody1
 [30 Jul 2003] DSA-355 gallery - cross-site scripting
 	{CVE-2003-0614}
-	- gallery 1.3.4-3
+	[woody] - gallery 1.25-8woody1
 [29 Jul 2003] DSA-354 xconq - buffer overflows
 	{CVE-2003-0607}
-	- xconq 7.4.1-2.1 (bug #202963)
+	[woody] - xconq 7.4.1-2woody2
 [29 Jul 2003] DSA-353 sup - insecure temporary file
 	{CVE-2003-0606}
-	- sup 1.8-9
+	[woody] - sup 1.8-8woody1
 [22 Jul 2003] DSA-352 fdclone - insecure temporary directory
 	{CVE-2003-0596}
-	- fdclone 2.04-1
+	[woody] - fdclone 2.00a-1woody3
 [16 Jul 2003] DSA-351 php4 - cross-site scripting
 	{CVE-2003-0442}
-	- php4 4:4.3.2+rc3-1
+	[woody] - php4 4:4.1.2-6woody3
 [15 Jul 2003] DSA-350 falconseye - buffer overflow
 	{CVE-2003-0358}
-	NOTE: not in testing, fixed in unstable
-	- falconseye 1.9.3-9
+	[woody] - falconseye 1.9.3-7woody3
 [14 Jul 2003] DSA-349 nfs-utils - buffer overflow
 	{CVE-2003-0252}
-	- nfs-utils 1:1.0.3-2
+	[woody] - nfs-utils 1:1.0-2woody1
 [11 Jul 2003] DSA-348 traceroute-nanog - integer overflow, buffer overflow
 	{CVE-2003-0453}
-	- traceroute-nanog 6.1.1-1.3
+	[woody] - traceroute-nanog 6.1.1-1.3
 [08 Jul 2003] DSA-347 teapop - SQL injection
 	{CVE-2003-0515}
-	- teapop 0.3.5-2
+	[woody] - teapop 0.3.4-1woody2
 [08 Jul 2003] DSA-346 phpsysinfo - directory traversal
 	{CVE-2003-0536}
-	- phpsysinfo 2.1-1
+	[woody] - phpsysinfo 2.0-3woody1 
 [08 Jul 2003] DSA-345 xbl - buffer overflow
 	{CVE-2003-0535}
-	- xbl 1.0k-6
+	[woody] - xbl 1.0k-3woody2
 [08 Jul 2003] DSA-344 unzip - directory traversal
 	{CVE-2003-0282}
-	- unzip 5.50-3
+	[woody] - unzip 5.50-1woody2
 [08 Jul 2003] DSA-343 skk, ddskk - insecure temporary file
 	{CVE-2003-0539}
-	- skk 10.62a-6
-	- ddskk 12.1.cvs.20030622-1
+	[woody] - skk 10.62a-4woody1
+	[woody] - ddskk 11.6.rel.0-2woody1
 [07 Jul 2003] DSA-342 mozart - unsafe mailcap configuration
 	{CVE-2003-0538}
-	NOTE: mozart is not in sarge
-	- mozart 1.2.5.20030212-2
+	[woody] - mozart 1.2.3.20011204-3woody1
 [07 Jul 2003] DSA-341 liece - insecure temporary file
 	{CVE-2003-0537}
-	- liece 2.0+0.20030527cvs-1
+	[woody] - liece 2.0+0.20020217cvs-2.1
 [06 Jul 2003] DSA-340 x-face-el - insecure temporary file
-	- x-face-el 1.3.6.23-1
+	[woody] - x-face-el 1.3.6.19-1woody1
 [06 Jul 2003] DSA-339 semi - insecure temporary file
 	{CVE-2003-0440}
-	- semi 1.14.5+20030609-1 (bug #223456)
+	[woody] - semi 1.14.3.cvs.2001.08.10-1woody2
+	[woody] - wemi 1.14.0.20010802wemiko-1.3
 [29 Jun 2003] DSA-338 proftpd - SQL injection
 	{CVE-2003-0500}
-	- proftpd 1.2.8-8
+	[woody] - proftpd 1.2.4+1.2.5rc1-5woody2
 [29 Jun 2003] DSA-337 gtksee - buffer overflow
 	{CVE-2003-0444}
-	- gtksee 0.5.6-1
+	[woody] - gtksee 0.5.0-6
 [29 Jun 2003] DSA-336 linux-kernel-2.2.20 - several vulnerabilities
 	{CVE-2002-1380 CVE-2002-0429 CVE-2003-0001 CVE-2003-0127 CVE-2003-0364
CVE-2003-0246 CVE-2003-0244 CVE-2003-0247 CVE-2003-0248}
 	- kernel-source-2.2.25 2.2.25-3
Secure testing commits - Nov 2005 - r2875 - in data: CVE DSA

[Secure-testing-commits] r2875 - in data: CVE DSA
