Moritz Muehlenhoff
2005-Nov-27 22:37 UTC
[Secure-testing-commits] r2882 - in data: CVE DSA
Author: jmm-guest
Date: 2005-11-27 22:37:18 +0000 (Sun, 27 Nov 2005)
New Revision: 2882
Modified:
data/CVE/list
data/DSA/list
Log:
nfsd mem leak CVEfied
more DSA conversions
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-11-27 21:14:19 UTC (rev 2881)
+++ data/CVE/list 2005-11-27 22:37:18 UTC (rev 2882)
@@ -1007,9 +1007,12 @@
CVE-2005-3524 (Buffer overflow in the SSL-ready version of linux-ftpd ...)
{DSA-896-1}
- linux-ftpd-ssl 0.17.18+0.3-5 (bug #339074; high)
-CVE-2005-XXXX [kernel: NFS leases mem leak]
+CVE-2005-3807 [kernel: NFS leases mem leak]
- linux-2.6 <unfixed>
- kernel-source-2.4.27 <not-affected>
+CVE-2005-3857 [kernel: NFS leases printk syslog spam]
+ - linux-2.6 <unfixed>
+ - kernel-source-2.4.27 <not-affected>
CVE-2005-XXXX [Insecure temp file usage in migrationtools]
- migrationtools <unfixed> (bug #338920; medium)
CVE-2005-XXXX [user logout in drupal has no effect]
@@ -17884,6 +17887,7 @@
- proftpd 1.2.8-8
CVE-2003-0499 (Mantis 0.17.5 and earlier stores its database password in
cleartext in ...)
{DSA-335}
+ - mantis 0.17.5-6
CVE-2003-0498 (CachÃ© Database 5.x
installs the /cachesys/csp directory with insecure ...)
NOT-FOR-US: Intersystems Cache database
CVE-2003-0497 (CachÃ© Database 5.x
installs /cachesys/bin/cache with world-writable ...)
@@ -17904,6 +17908,7 @@
NOT-FOR-US: Dantz Retrospect
CVE-2003-0489 (tcptraceroute 1.4 and earlier does not fully drop privileges
after ...)
{DSA-330}
+ - tcptraceroute 1.4-4
CVE-2003-0488 (Multiple cross-site scripting (XSS) vulnerabilities in Kerio
...)
NOT-FOR-US: Kerio Mail server
CVE-2003-0487 (Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote
...)
@@ -17985,8 +17990,10 @@
NOT-FOR-US: visnetic website
CVE-2003-0455 (The imagemagick libmagick library 5.5 and earlier creates
temporary ...)
{DSA-331}
+ - imagemagick 4:5.5.7-1
CVE-2003-0454 (Multiple buffer overflows in xgalaga 2.0.34 and earlier allow
local ...)
{DSA-334}
+ - xgalaga 2.0.34-22
CVE-2003-0453 (traceroute-nanog 6.1.1 allows local users to overwrite
unauthorized ...)
{DSA-348}
- traceroute-nanog 6.3.6-3
@@ -20491,6 +20498,7 @@
CVE-2002-1380 (Linux kernel 2.2.x allows local users to cause a denial of
service ...)
{DSA-336}
- kernel-source-2.2.25 2.2.25-2
+ - kernel-image-2.2.25-i386 2.2.25-2
CVE-2002-1377 (vim 6.0 and 6.1, and possibly other versions, allows attackers
to ...)
- vim 6.1.263-1
NOTE: woody seems to be still vulnerable
@@ -21272,6 +21280,7 @@
- apache2 2.0.37
CVE-2002-0391 (Integer overflow in xdr_array function in RPC servers for
operating ...)
{DSA-333 DSA-149 DSA-146 DSA-143 DSA-142}
+ - acm 5.0-10
CVE-2002-0389 (Pipermail in Mailman stores private mail messages with
predictable ...)
CVE-2002-0387 (Buffer overflow in gxnsapi6.dll NSAPI plugin of the Connector
Module ...)
CVE-2002-0384 (Buffer overflow in Jabber plug-in for Gaim client before 0.58
allows ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2005-11-27 21:14:19 UTC (rev 2881)
+++ data/DSA/list 2005-11-27 22:37:18 UTC (rev 2882)
@@ -2218,26 +2218,27 @@
[woody] - gtksee 0.5.0-6
[29 Jun 2003] DSA-336 linux-kernel-2.2.20 - several vulnerabilities
{CVE-2002-1380 CVE-2002-0429 CVE-2003-0001 CVE-2003-0127 CVE-2003-0364
CVE-2003-0246 CVE-2003-0244 CVE-2003-0247 CVE-2003-0248}
- - kernel-source-2.2.25 2.2.25-3
- NOTE: did not check newer kernels
+ [woody] - kernel-source-2.2.20 2.2.20-5woody2
+ [woody] - kernel-image-2.2.20-i386 2.2.20-5woody3
[28 Jun 2003] DSA-335 mantis - incorrect permissions
{CVE-2003-0499}
- - mantis 0.17.5-6
+ [woody] - mantis 0.17.1-3
[28 Jun 2003] DSA-334 xgalaga - buffer overflows
{CVE-2003-0454}
- - xgalaga 2.0.34-22
+ [woody] - xgalaga 2.0.34-19woody1
[27 Jun 2003] DSA-333 acm - integer overflow
{CVE-2002-0391}
- - acm 5.0-10
+ [woody] - acm 5.0-3.woody.1
[27 Jun 2003] DSA-332 linux-kernel-2.4.17 - several vulnerabilities
- {CVE-2002-0429 CVE-2003-0001 CVE-2003-0127 CVE-2003-0244 CVE-2003-0246
CVE-2003-0247 CVE-2003-0248 CVE-2003-0364}
- NOTE: note in the archive, and did not check newer kernels
+ {CVE-2002-0429 CVE-2003-0001 CVE-2003-0127 CVE-2003-0244 CVE-2003-0246
CVE-2003-0247 CVE-2003-0248 CVE-2003-0364}
+ [woody] kernel-source-2.4.17 2.4.17-1woody1
+ [woody] kernel-patch-2.4.17-mips 2.4.17-0.020226.2.woody2
[27 Jun 2003] DSA-331 imagemagick - insecure temporary file
{CVE-2003-0455}
- - imagemagick 4:5.5.7-1
+ [woody] - imagemagick 4:5.4.4.5-1woody1
[23 Jun 2003] DSA-330 tcptraceroute - failure to drop root privileges
{CVE-2003-0489}
- - tcptraceroute 1.4-4
+ [woody] - tcptraceroute 1.2-2
[20 Jun 2003] DSA-329 osh - buffer overflows
{CVE-2003-0452}
- osh 1.7-12