Author: fw
Date: 2005-09-12 08:51:44 +0000 (Mon, 12 Sep 2005)
New Revision: 1921
Modified:
data/DSA/list
Log:
Replace "HELP:" by "TODO:". Fix various syntax errors.
Modified: data/DSA/list
==================================================================---
data/DSA/list 2005-09-12 07:54:22 UTC (rev 1920)
+++ data/DSA/list 2005-09-12 08:51:44 UTC (rev 1921)
@@ -952,8 +952,8 @@
- netkit-telnet-ssl 0.17.24+0.1-4
[16 Oct 2004] DSA-568-1 cyrus-sasl-mit - unsanitised input
{CAN-2004-0884}
- NOTE removed from testing
- NOTE maintainer reports hole not in cyrus-sasl2-mit
+ NOTE: removed from testing
+ NOTE: maintainer reports hole not in cyrus-sasl2-mit
[15 Oct 2004] DSA-567-1 tiff - heap overflows
{CAN-2004-0803 CAN-2004-0804 CAN-2004-0886}
- tiff 3.6.1-2
@@ -1057,7 +1057,7 @@
[16 Aug 2004] DSA-537 ruby - insecure file permissions
{CAN-2004-0755}
- ruby1.8 1.8.1+1.8.2pre1-4
- HELP: is ruby1.6 vulnerable?
+ TODO: is ruby1.6 vulnerable?
[04 Aug 2004] DSA-536 libpng - several vulnerabilities
{CAN-2004-0597 CAN-2004-0598 CAN-2004-0599 CAN-2004-0768}
- libpng 1.0.15-6
@@ -1118,7 +1118,7 @@
{CAN-2004-0411}
- kdelibs 3.2.3
[10 Jun 2004] DSA-517 cvs - buffer overflow
- {CAN-2004-0414]
+ {CAN-2004-0414}
- cvs 1.12.9-1
[07 Jun 2004] DSA-516 postgresql - buffer overflow
{CAN-2004-0547}
@@ -1127,7 +1127,7 @@
{CAN-2004-0234 CAN-2004-0235}
! lha 1.14i-8
NOTE: If 1.14i-8 cannot get into testing, the fix for 1.14i-2.0.1
- from the DSA could to updated via t-p-u.
+ NOTE: from the DSA could to updated via t-p-u.
[04 Jun 2004] DSA-514 kernel-image-sparc-2.2 - failing function and TLB flush
{CAN-2004-0077}
- kernel-image-sparc-2.2 9.1
@@ -1344,7 +1344,7 @@
! hsftp 1.15-1
[21 Feb 2004] DSA-446 synaesthesia - insecure file creation
{CAN-2004-0160}
- DSA notes not setuid anymore so ok
+ NOTE: DSA notes not setuid anymore so ok
[21 Feb 2004] DSA-445 lbreakout2 - buffer overflow
{CAN-2004-0158}
- lbreakout2 2.4
@@ -1415,9 +1415,9 @@
- netpbm-free 2:9.25-9
[16 Jan 2004] DSA-425 tcpdump - multiple vulnerabilities
{CAN-2003-1029 CAN-2003-0989 CAN-2004-0055 CAN-2004-0057}
- HELP: No idea if this is fixed, we have a new upstream version
- HELP: that came out after these advisories, but neither the debian nor
- HELP: the upstream changelog seem to mention them.
+ TODO: No idea if this is fixed, we have a new upstream version
+ TODO: that came out after these advisories, but neither the debian nor
+ TODO: the upstream changelog seem to mention them.
NOTE: Mailed maintainer.
[16 Jan 2004] DSA-424 mc - buffer overflow
{CAN-2003-1023}
@@ -1470,7 +1470,7 @@
{CAN-2003-0972}
- screen 4.0.2-0.1
[05 Jan 2004] DSA-407 ethereal - buffer overflows
- {CAN-2003-0925 CAN-2003-0926 CAN-2003-0927 CAN-2003-1012 CAN-2003-1013
+ {CAN-2003-0925 CAN-2003-0926 CAN-2003-0927 CAN-2003-1012 CAN-2003-1013}
- ethereal 0.10.0-1
[05 Jan 2004] DSA-406 lftp - buffer overflow
- lftp 2.6.10-1
@@ -1507,8 +1507,8 @@
[15 Oct 2003] DSA-395 tomcat4 - incorrect input handling
{CAN-2003-0866}
! tomcat4 4.1.24-2
- NOTE another RC (unreproducible?) bug and missing deps (#263201)
- NOTE are keeping the fix out of testing
+ NOTE: another RC (unreproducible?) bug and missing deps (#263201)
+ NOTE: are keeping the fix out of testing
[11 Oct 2003] DSA-394 openssl095 - ASN.1 parsing vulnerability
{CAN-2003-0543 CAN-2003-0544 CAN-2003-0545}
- openssl 0.9.7c
@@ -1525,7 +1525,7 @@
- freesweep 0.88-4.1
[26 Sep 2003] DSA-390 marbles - buffer overflow
{CAN-2003-0830}
- NOTE not present in sid, sarge
+ NOTE: not present in sid, sarge
[20 Sep 2003] DSA-389 ipmasq - insecure packet filtering rules
{CAN-2003-0785}
- ipmasq 3.5.12
@@ -1548,7 +1548,7 @@
{CAN-2003-0693}
{CAN-2003-0695}
{CAN-2003-0682}
- HELP: Screwy changelog does not make sense. Filed bug.
+ TODO: Screwy changelog does not make sense. Filed bug.
[16 Sep 2003] DSA-382 ssh - possible remote vulnerability
{CAN-2003-0693}
- openssh 1:3.6.1p2-6.0
@@ -1612,7 +1612,7 @@
- eroaster 2.2.0-0.5-1
[05 Aug 2003] DSA-365 phpgroupware - several vulnerabilities
{CAN-2003-0504 CAN-2003-0599 CAN-2003-0657}
- - phpgroupware 0.9.14.007-1)
+ - phpgroupware 0.9.14.007-1
[04 Aug 2003] DSA-364 man-db - buffer overflows, arbitrary command execution
{CAN-2003-0620 CAN-2003-0645}
- man-db 2.4.1-13
@@ -1770,8 +1770,8 @@
NOTE: DSA contains some strange non-nethack version numbers
[11 Jun 2003] DSA-315 gnocatan - buffer overflows, denial of service
{CAN-2003-0433}
- HELP: no mention of any security fixes in debian changelog,
- HELP: upstream changelog. Mailed maintainer.
+ TODO: no mention of any security fixes in debian changelog,
+ TODO: upstream changelog. Mailed maintainer.
[11 Jun 2003] DSA-314 atftp - buffer overflow
{CAN-2003-0380}
- atftp 0.6.2
@@ -1809,7 +1809,7 @@
{CAN-2003-0073}
- mysql-dfsg 4.0.12-2
{CAN-2003-0150}
- HELP: not sure if this is fixed
+ TODO: not sure if this is fixed
[07 May 2003] DSA-302 fuzz - privilege escalation
{CAN-2003-0261}
- fuzz 0.6-7.1
@@ -2061,9 +2061,9 @@
[09 Jan 2003] DSA-225 tomcat4 - source disclosure
{CAN-2002-1394}
! tomcat4 4.1.16-1
- NOTE another RC (unreproducible?) bug and missing deps (#263201)
- NOTE are keeping the fix out of testing
- NOTE this is the second unfixed security hole in tomcat4 in testing..
+ NOTE: another RC (unreproducible?) bug and missing deps (#263201)
+ NOTE: are keeping the fix out of testing
+ NOTE: this is the second unfixed security hole in tomcat4 in testing..
[08 Jan 2003] DSA-224 canna - buffer overflow and more
{CAN-2002-1158 CAN-2002-1159}
- canna 3.6p1-1
@@ -2182,20 +2182,20 @@
- apache 1.3.27-0.1
{CAN-2001-0131 CAN-2002-1233}
- apache 1.3.27-1
- HELP: note sure about this
+ TODO: note sure about this
NOTE: I have mailed maintainers
{NO-CAN Several buffer overflows in ApacheBench}
- HELP: I don''t know about this
+ TODO: I don''t know about this
NOTE: I have mailed maintainers
[04 Nov 2002] DSA-187 apache - several vulnerabilities
{CAN-2002-0839 CAN-2002-0840 CAN-2002-0843}
- apache 1.3.27-0.1
{CAN-2001-0131 CAN-2002-1233}
- apache 1.3.27-1
- HELP: note sure about this
+ TODO: note sure about this
NOTE: I have mailed maintainers
{NO-CAN Several buffer overflows in ApacheBench}
- HELP: I don''t know about this
+ TODO: I don''t know about this
NOTE: I have mailed maintainers
[01 Nov 2002] DSA-186 log2mail - buffer overflow
{CAN-2002-1251}