Moritz Muehlenhoff
2005-Oct-20 12:21 UTC
[Secure-testing-commits] r2508 - in data: CVE DSA
Author: jmm-guest
Date: 2005-10-20 12:21:02 +0000 (Thu, 20 Oct 2005)
New Revision: 2508
Modified:
data/CVE/list
data/DSA/list
Log:
convert DSAs from december 2004 to the new format
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-10-20 12:20:09 UTC (rev 2507)
+++ data/CVE/list 2005-10-20 12:21:02 UTC (rev 2508)
@@ -11963,7 +11963,7 @@
CVE-2004-1308 (Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for
libtiff ...)
{DSA-617-1}
- libtiff4 3.6.1-4
- TODO: other packages containing libtiff code may be vulnerable
+ TODO: other packages containing libtiff code may be vulnerable, e.g. kfax
CVE-2004-1307 (Integer overflow in the TIFFFetchStripThing function in
tif_dirread.c ...)
- tiff 3.7.0 (low)
CVE-2004-1306 (Heap-based buffer overflow in winhlp32.exe in Windows NT,
Windows 2000 ...)
@@ -12252,6 +12252,7 @@
- netkit-rwho 0.17-8
CVE-2004-1179 (The debstd script in debmake 3.6.x before 3.6.10 and 3.7.x
before ...)
{DSA-615-1}
+ - debmake 3.7.7
CVE-2004-1178
RESERVED
CVE-2004-1177 (Cross-site scripting (XSS) vulnerability in the driver script in
...)
@@ -12339,13 +12340,13 @@
- mailman 2.1.5-5
CVE-2004-1142 (Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a
...)
{DSA-613-1}
- - ethereal 0.10.8
+ - ethereal 0.10.8-1
CVE-2004-1141 (The HTTP dissector in Ethereal 0.10.1 through 0.10.7 allows
remote ...)
- - ethereal 0.10.8
+ - ethereal 0.10.8-1
CVE-2004-1140 (Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a
...)
- - ethereal 0.10.8
+ - ethereal 0.10.8-1
CVE-2004-1139 (Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4
...)
- - ethereal 0.10.8
+ - ethereal 0.10.8-1
CVE-2004-1138 (VIM before 6.3 and gVim before 6.3 allow local users to execute
...)
- vim 1:6.3-046+0sarge1
CVE-2004-1137 (Multiple vulnerabilities in the IGMP functionality for Linux
kernel ...)
@@ -12615,7 +12616,8 @@
- imlib2 1.1.2-2.1
CVE-2004-1025 (Multiple heap-based buffer overflows in imlib 1.9.14 and
earlier, ...)
{DSA-618-1}
- NOTE: fixed in patches for CVE-2004-1026
+ - imlib 1.9.14-17.1 (bug #284925)
+ - imlib+png2 1.9.14-16.1
CVE-2004-1024
RESERVED
CVE-2004-1023 (Kerio Winroute Firewall before 6.0.9, ServerFirewall before
1.0.1, and ...)
@@ -12688,6 +12690,7 @@
- zgv 5.7-1.3 (bug #284124)
CVE-2004-0998 (Format string vulnerability in telnetd-ssl 0.17 and earlier
allows ...)
{DSA-616-1}
+ - netkit-telnet-ssl 0.17.24+0.1-6
CVE-2004-0997
RESERVED
CVE-2004-0996 (main.c in cscope 15-4 and 15-5 creates temporary files with ...)
@@ -13938,6 +13941,7 @@
- vice 1.14-2
CVE-2004-0452 (Race condition in the rmtree function in the File::Path module
in Perl ...)
{DSA-620-1}
+ - perl 5.8.4-5
CVE-2004-0451 (Multiple format string vulnerabilities in the (1) logquit, (2)
logerr, ...)
{DSA-521}
CVE-2004-0450 (Format string vulnerability in the printlog function in log2mail
...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2005-10-20 12:20:09 UTC (rev 2507)
+++ data/DSA/list 2005-10-20 12:21:02 UTC (rev 2508)
@@ -1095,32 +1095,31 @@
NOTE: not in unstable
[31 Dec 2004] DSA-621-1 cupsys - buffer overflow
{CVE-2004-1125}
- - cupsys 1.1.22-2
+ [woody] - cupsys 1.1.14-5woody11
[30 Dec 2004] DSA-620-1 perl - insecure temporary files / directories
{CVE-2004-0452 CVE-2004-0976}
- - perl 5.8.4-5
+ [woody] - perl 5.6.1-8.8
[30 Dec 2004] DSA-619-1 xpdf - buffer overflow
{CVE-2004-1125}
- - xpdf 3.00-11
+ [woody] - xpdf 1.00-3.3
[24 Dec 2004] DSA-618-1 imlib - buffer overflows, integer overflows
{CVE-2004-1025 CVE-2004-1026}
- - imlib 1.9.14-17.1
- - imlib+png2 1.9.14-16.1
+ [woody] - imlib 1.9.14-2woody2
[24 Dec 2004] DSA-617-1 libtiff - insufficient input validation
{CVE-2004-1308}
- - libtiff4 3.6.1-4
+ [woody] - tiff 3.5.5-6.woody3
[23 Dec 2004] DSA-616-1 telnetd-ssl - format string
{CVE-2004-0998}
- - telnetd-ssl 0.17.24+0.1-6
+ [woody] - netkit-telnet-ssl 0.17.17+0.1-2woody3
[22 Dec 2004] DSA-615-1 debmake - insecure temporary file
{CVE-2004-1179}
- - debmake 3.7.7
+ [woody] - debmake 3.6.10.woody.1
[21 Dec 2004] DSA-614-1 xzgv - integer overflows
{CVE-2004-0994}
- - xzgv 0.8-3
-[21 Dec 2004] DSA-613-1 ethereal - inifinite loop
+ [woody] - xzgv 0.7-6woody2
+[21 Dec 2004] DSA-613-1 ethereal - infinite loop
{CVE-2004-1142}
- - ethereal 0.10.8-1
+ [woody] - ethereal 0.9.4-1woody9
[20 Dec 2004] DSA-612-1 a2ps - unsanitised input
{CVE-2004-1170}
- a2ps 1:4.13b-4.2