thr3ads.net - Secure testing commits - [Secure-testing-commits] r2553

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2005-Oct-24 14:36 UTC
[Secure-testing-commits] r2553 - in data: CVE DSA

Author: jmm-guest
Date: 2005-10-24 14:36:16 +0000 (Mon, 24 Oct 2005)
New Revision: 2553

Modified:
   data/CVE/list
   data/DSA/list
Log:
more DSA conversions


Modified: data/CVE/list
==================================================================---
data/CVE/list	2005-10-24 14:18:13 UTC (rev 2552)
+++ data/CVE/list	2005-10-24 14:36:16 UTC (rev 2553)
@@ -12945,7 +12945,6 @@
 	NOTE: not vulnerable according to
http://www.debian.org/security/nonvulns-sarge
 CVE-2004-0955
 	REJECTED
-	{DSA-571-1 DSA-570-1}
 CVE-2004-0954
 	REJECTED
 CVE-2004-0953 (Buffer overflow in the C2S module in the open source Jabber 2.x
server ...)
@@ -13017,6 +13016,7 @@
 	NOT-FOR-US: MacOS
 CVE-2004-0923 (CUPS 1.1.20 and earlier records authentication information for a
...)
 	{DSA-566-1}
+	- cupsys 1.1.20final+rc1-9
 CVE-2004-0922 (AFP Server on Mac OS X 10.3.x to 10.3.5, under certain
conditions, ...)
 	NOT-FOR-US: MacOS
 CVE-2004-0921 (AFP Server on Mac OS X 10.3.x to 10.3.5, when a guest has
mounted an ...)
@@ -13048,11 +13048,12 @@
 	- openmotif 2.2.3-1.1 (bug #309819; medium)
 CVE-2004-0913 (Unknown vulnerability in ecartis 0.x before ...)
 	{DSA-572-1}
-	- squid 2.5.6-9
+	- ecartis 1.0.0+cvs.20030911-8
 CVE-2004-0912
 	RESERVED
 CVE-2004-0911 (telnetd for netkit 0.17 and earlier, and possibly other
versions, on ...)
 	{DSA-569-1 DSA-556-1}
+	- netkit-telnet-ssl 0.17.24+0.1-4
 CVE-2004-0910
 	REJECTED
 CVE-2004-0909 (Mozilla Firefox before the Preview Release, Mozilla before
1.7.3, and ...)
@@ -13114,10 +13115,13 @@
 CVE-2004-0888 (Multiple integer overflows in xpdf 2.0 and 3.0, and other
packages ...)
 	{DSA-599-1 DSA-581-1 DSA-573-1}
 	- koffice 1:1.3.4-1
-	NOTE: only affects source package, not used in binary
-	- cupsys <unfixed> (bug #324460; unimportant)
+	NOTE: only affects cupsys source package, not used in binary
+	- cupsys 1.1.20final+rc1-10 (bug #324460; unimportant)
 	- tetex-bin 2.0.2-23
  	- xpdf 3.00-9
+	- kpdf 4:3.3.1-1 (bug #278173)
+	- gpdf 2.8.0-1
+	- kfax 4:3.3.1-1 (bug #280373)
 CVE-2004-0887 (SUSE Linux Enterprise Server 9 on the S/390 platform does not
properly ...)
 	NOTE: waldi provided this info
 	- linux-kernel-image-2.6.8-s390 2.6.8-3
@@ -13126,10 +13130,13 @@
 CVE-2004-0886 (Multiple integer overflows in libtiff 3.6.1 and earlier allow
remote ...)
 	{DSA-567-1}
 	- kdegraphics 3.3.2-1
+	- tiff 3.6.1-2
 CVE-2004-0885 (The mod_ssl module in Apache 2.0.35 through 2.0.52, when using
the ...)
 	- apache2 2.0.52-2
 CVE-2004-0884 (The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18
and ...)
 	{DSA-568-1 DSA-563-1}
+	- cyrus-sasl-mit <removed>
+	NOTE: maintainer reports hole not in cyrus-sasl2-mit
 CVE-2004-0883 (Multiple vulnerabilities in the samba filesystem (smbfs) in
Linux ...)
 	- kernel-source-2.4.27 2.4.27-6
 	- kernel-source-2.6.8 2.6.8-13
@@ -13312,11 +13319,12 @@
 	- mpg123 0.59r-16
 CVE-2004-0804 (Vulnerability in tif_dirread.c for libtiff allows remote
attackers to ...)
 	{DSA-567-1}
-	NOTE: not vulnerable according to
http://www.debian.org/security/nonvulns-sarge
 	- kdegraphics 3.3.2-1
+	- tiff 3.6.1-2
 CVE-2004-0803 (Multiple vulnerabilities in the RLE (run length encoding)
decoders for ...)
 	{DSA-567-1}
 	- kdegraphics 3.3.2-1
+	- tiff 3.6.1-2
 CVE-2004-0802 (Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows
remote ...)
 	{DSA-552-1}
 CVE-2004-0801 (Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2
allows ...)
@@ -13769,6 +13777,8 @@
 	- samba 3.0.5 (bug #260838)
 CVE-2004-0599 (Multiple integer overflows in the (1) png_read_png in pngread.c
or (2) ...)
 	{DSA-536}
+	- libpng3 1.2.5.0-9
+	- libpng 1.0.15-8
 CVE-2004-0598 (The png_handle_iCCP function in libpng 1.2.5 and earlier allows
remote ...)
 	{DSA-536}
 CVE-2004-0597 (Multiple buffer overflows in libpng 1.2.5 and earlier, as used
in ...)
@@ -13865,6 +13875,7 @@
 	{DSA-545-1}
 CVE-2004-0557 (Multiple buffer overflows in the st_wavstartread function in
wav.c for ...)
 	{DSA-565-1}
+	- sox 12.17.4-9 (bug #262083)
 CVE-2004-0556
 	RESERVED
 CVE-2004-0555 (Buffer overflow in (1) queue.c and (2) queued.c in queue before
1.30.1 ...)
@@ -21390,6 +21401,7 @@
 CVE-1999-0711 (The oratclsh interpreter in Oracle 8.x Intelligent Agent for
Unix ...)
 CVE-1999-0710 (The RedHat squid program installs cachemgr.cgi in a public web
...)
 	{DSA-576-1}
+	- squid 2.5.7-1
 CVE-1999-0708 (Buffer overflow in cfingerd allows local users to gain root
privileges ...)
 CVE-1999-0707 (The default FTP configuration in HP Visualize Conference allows
...)
 CVE-1999-0706 (Linux xmonisdn package allows local users to gain root
privileges by ...)

Modified: data/DSA/list
==================================================================---
data/DSA/list	2005-10-24 14:18:13 UTC (rev 2552)
+++ data/DSA/list	2005-10-24 14:36:16 UTC (rev 2553)
@@ -1240,50 +1240,43 @@
 	[woody] - mpg123 0.59r-13woody4
 [29 Oct 2004] DSA-577-1 postgresql - symlink vulnerability
 	{CVE-2004-0977}
-	- postgresql 7.4.6-1
+	[woody] - postgresql 7.2.1-2woody6
 [29 Oct 2004] DSA-576-1 squid - multiple
 	{CVE-1999-0710 CVE-2004-0918}
-	- squid 2.5.7-1
+	[woody] - squid 2.4.6-2woody4
 [28 Oct 2004] DSA-575-1 catdoc - insecure temporary file
 	{CVE-2003-0193}
-	- catdoc 0.91.5-2
+	[woody] - catdoc 0.91.5-1.woody3
 [28 Oct 2004] DSA-574-1 cabextract - missing directory sanitising
 	{CVE-2004-0916}
-	- cabextract 1.1-1
+	[woody] - cabextract 0.2-2b
 [21 Oct 2004] DSA-573-1 cupsys - integer overflows
 	{CVE-2004-0888}
-	- cupsys 1.1.20final+rc1-10
-	{CVE-2004-0889}
-	- xpdf 3.00-10
-	NOTE: kpdf and kfax are fixed in sarge, bug #278173 and #280373 for reference
-	- kpdf 4:3.3.1-1
-	- gpdf 2.8.0-1
-	- kfax 4:3.3.1-1
+	[woody] - cupsys 1.1.14-5woody10
 [21 Oct 2004] DSA-572-1 ecartis - multiple
 	{CVE-2004-0913}
-	- ecartis 1.0.0+cvs.20030911-8
+	[woody] - ecartis 0.129a+1.0.0-snap20020514-1.3
 [20 Oct 2004] DSA-571-1 libpng3 - buffer overflows, integer overflow
-	{CVE-2004-0955}
-	- libpng3 1.2.5.0-9
+	{CVE-2004-0599}
+	[woody] - libpng3 1.2.1-1.1.woody.9
 [20 Oct 2004] DSA-570-1 libpng - integer overflow
-	{CVE-2004-0955}
-	- libpng 1.0.15-8
+	{CVE-2004-0599}
+	[woody] - libpng 1.0.12-3.woody.9
 [18 Oct 2004] DSA-569-1 netkit-telnet-ssl - invalid free(3)
 	{CVE-2004-0911}
-	- netkit-telnet-ssl 0.17.24+0.1-4
+	[woody] - netkit-telnet-ssl 0.17.17+0.1-2woody2
 [16 Oct 2004] DSA-568-1 cyrus-sasl-mit - unsanitised input
 	{CVE-2004-0884}
-	NOTE: removed from testing
-	NOTE: maintainer reports hole not in cyrus-sasl2-mit
+	[woody] - cyrus-sasl-mit 1.5.24-15woody3
 [15 Oct 2004] DSA-567-1 tiff - heap overflows
 	{CVE-2004-0803 CVE-2004-0804 CVE-2004-0886}
-	- tiff 3.6.1-2
+	[woody] - tiff 3.5.5-6woody1
 [14 Oct 2004] DSA-566-1 cupsys - unsanitised input
 	{CVE-2004-0923}
-	- cupsys 1.1.20final+rc1-9
+	[woody] - cupsys 1.1.14-5woody7
 [13 Oct 2004] DSA-565-1 sox - buffer overflows
 	{CVE-2004-0557}
-	- sox 12.17.4-9 (bug #262083)
+	[woody] - sox 12.17.3-4woody2 (bug #262083)
 [13 Oct 2004] DSA-564-1 mpg123 - missing user input sanitising
 	{CVE-2004-0805}
 	- mpg123 0.59r-16
Secure testing commits - Oct 2005 - r2553 - in data: CVE DSA

[Secure-testing-commits] r2553 - in data: CVE DSA
