Moritz Muehlenhoff
2005-Oct-23 10:22 UTC
[Secure-testing-commits] r2533 - in data: CVE DSA
Author: jmm-guest
Date: 2005-10-23 10:21:45 +0000 (Sun, 23 Oct 2005)
New Revision: 2533
Modified:
data/CVE/list
data/DSA/list
Log:
convert the remaining DSA/list entries from DSA/list to the new format
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-10-21 21:14:20 UTC (rev 2532)
+++ data/CVE/list 2005-10-23 10:21:45 UTC (rev 2533)
@@ -12743,6 +12743,8 @@
CVE-2004-0999 (zgv 5.5.3 allows remote attackers to cause a denial of service
...)
{DSA-608-1}
- zgv 5.7-1.3 (bug #284124)
+ NOTE: changelog says he only patched 1095, but diff comparison
+ NOTE: shows 0999 was also fixed.
CVE-2004-0998 (Format string vulnerability in telnetd-ssl 0.17 and earlier
allows ...)
{DSA-616-1}
- netkit-telnet-ssl 0.17.24+0.1-6
@@ -12760,6 +12762,7 @@
- xzgv 0.8-3
CVE-2004-0993 (Buffer overflow in hpsockd before 0.6 allows remote attackers to
cause ...)
{DSA-604-1}
+ - hpsockd 0.14
CVE-2004-0992 (Format string vulnerability in the -a option (daemon mode) in
...)
NOT-FOR-US: Proxytunnel
CVE-2004-0991 (Buffer overflow in mpg123 before 0.59s-r9 allows remote
attackers to ...)
@@ -12808,7 +12811,7 @@
CVE-2004-0975 (The der_chop script in the openssl package in Trustix Secure
Linux 1.5 ...)
{DSA-603-1}
- openssl 0.9.7e-3
- NOTE: also includes other security fixes than this CVE
+ NOTE: -1 claimed to include it, but it was missing
CVE-2004-0974 (The netatalk package in Trustix Secure Linux 1.5 through 2.1,
and ...)
NOTE: local; low
- netatalk 1.6.4a-1
@@ -13121,6 +13124,7 @@
RESERVED
CVE-2004-0852 (Buffer overflow in htget 0.93 allows remote attackers to execute
...)
{DSA-611-1}
+ - htget <removed>
CVE-2004-0851 (The (1) write_list and (2) dump_curr_list functions in Net-Acct
before ...)
{DSA-559-1}
CVE-2004-0850 (Star before 1.5_alpha46 does not drop the effective user ID
(euid) ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2005-10-21 21:14:20 UTC (rev 2532)
+++ data/DSA/list 2005-10-23 10:21:45 UTC (rev 2533)
@@ -1133,33 +1133,31 @@
- a2ps 1:4.13b-4.2
[20 Dec 2004] DSA-611-1 htget - buffer overflow
{CVE-2004-0852}
- NOTE: htget not in sarge or unstable
+ [woody] - htget 0.93-1.1woody1
[17 Dec 2004] DSA-610-1 cscope - insecure temporary file
{CVE-2004-0996}
- - cscope 15.5-1
+ [woody] - cscope 15.3-1woody2
[14 Dec 2004] DSA-609-1 atari800 - buffer overflows
{CVE-2004-1076}
- - atari800 1.3.2-1
+ [woody] - atari800 1.2.2-1woody3
[14 Dec 2004] DSA-608-1 zgv - integer overflows, unsanitised input
{CVE-2004-1095 CVE-2004-0999}
- - zgv 5.7-1.3 (bug #284124)
- NOTE: changelog says he only patched 1095, but diff comparison
- NOTE: shows 0999 was also fixed.
+ [woody] - zgv 5.5-3woody1
[10 Dec 2004] DSA-607-1 xfree86 - several
{CVE-2004-0914}
- - xfree86 4.3.0.dfsg.1-9
+ [woody] - xfree86 4.1.0-16woody5
[08 Dec 2004] DSA-606-1 nfs-utils - wrong signal handler
{CVE-2004-1014}
- - nfs-utils 1:1.0.6-3.1
+ [woody] - nfs-utils 1.0-2woody2
[06 Dec 2004] DSA-605-1 viewcvs - settings not honored
{CVE-2004-0915}
- - viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.2
+ [woody] - viewcvs 0.9.2-4woody1
[03 Dec 2004] DSA-604-1 hpsockd - missing input sanitising
{CVE-2004-0993}
- - hpsockd 0.14
+ [woody] - hpsockd 0.6.woody1
[01 Dec 2004] DSA-603-1 openssl - insecure temporary file
{CVE-2004-0975}
- - openssl 0.9.7e-3
+ [woody] - openssl 0.9.6c-2.woody.7
[29 Nov 2004] DSA-602-1 libgd2 - integer overlow
{CVE-2004-0941 CVE-2004-0990}
NOTE: different from fixes from earlier DSA for these CVEs; 2004-0941 new