Author: fw
Date: 2005-09-19 11:22:21 +0000 (Mon, 19 Sep 2005)
New Revision: 2044
Modified:
data/CAN/list
data/DSA/list
Log:
More data from bugs-dist.
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-09-19 10:55:56 UTC (rev 2043)
+++ data/CAN/list 2005-09-19 11:22:21 UTC (rev 2044)
@@ -418,7 +418,7 @@
NOTE: not-for-us (SunOS)
CAN-2005-XXXX [osh buffer overflow in handlers.c]
NOTE: This is not the same as -13
- - osh 1.7-14 (bug #323424; medium)
+ - osh 1.7-14 (bug #323424; bug #323482; medium)
CAN-2005-2724 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4
allows ...)
{DSA-793-1}
- courier 0.47-8 (medium; bug #325631)
@@ -1509,9 +1509,9 @@
CAN-2005-XXXX [cgiwrap: CGIs can be used to disclose system information]
- cgiwrap 3.9-3.0etch1 (low)
CAN-2004-2162 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1
allow ...)
- - tutos 1.1.20031017-2.1 (medium)
+ - tutos 1.1.20031017-2.1 (bug #318633; medium)
CAN-2004-2161 (SQL injection vulnerability in file_overview.php in TUTOS 1.1
allows ...)
- - tutos 1.1.20031017-2.1 (medium)
+ - tutos 1.1.20031017-2.1 (bug #318633; medium)
CAN-2005-2550 (Format string vulnerability in Evolution 1.4 through 2.3.6.1
allows ...)
{DTSA-13-1}
- evolution 2.2.3-2etch1 (high; bug #322535)
@@ -3002,10 +3002,10 @@
NOTE: reserved
CAN-2005-2103 (Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0
allows ...)
{DTSA-5-1}
- - gaim 1:1.4.0-5 (high)
+ - gaim 1:1.4.0-5 (high; bug #323706)
CAN-2005-2102 (The AIM/ICQ module in Gaim before 1.5.0 allows remote attackers
to ...)
{DTSA-5-1}
- - gaim 1:1.4.0-5 (medium)
+ - gaim 1:1.4.0-5 (medium; bug #323706)
CAN-2005-2101 (langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary
files in ...)
- kdeedu 4:3.4.2-1 (low)
CAN-2005-2100
@@ -4527,7 +4527,7 @@
{DSA-756-1}
- squirrelmail 2:1.4.4-6 (bug #314374; medium)
CAN-2005-1768 (Race condition in the ia32 compatibility code for the execve
system ...)
- - kernel-source-2.4.27 2.4.27-11 (medium)
+ - kernel-source-2.4.27 2.4.27-11 (medium; bug #319629)
CAN-2005-1767 (Unknown vulnerability in the Linux kernel 2.6.x and 2.4.x allows
local ...)
NOTE: linux-2.6 not affected (already fixed)
- kernel-source-2.4.27 2.4.27-11 (unknown)
@@ -8014,7 +8014,7 @@
- gzip 1.3.5-10
- bzip2 1.0.2-8.1 (bug #321286; medium)
CAN-2005-0757 (The xattr file system code, as backported in Red Hat Enterprise
Linux ...)
- - kernel-source-2.4.27 2.4.27-11
+ - kernel-source-2.4.27 2.4.27-11 (bug #311164)
- kernel-source-2.6.8 2.6.8-17
- kernel-source-2.6.8 2.6.8-16sarge1
TODO: check if it''s fixed in linux-2.6
@@ -10812,8 +10812,10 @@
{DSA-675-1}
CAN-2005-0018 (The f2 shell script in the f2c package 3.1 allows local users to
read ...)
{DSA-661-2}
+ - f2c 20020621-3.4 (bug #292792)
CAN-2005-0017 (The f2c translator in the f2c package 3.1 allows local users to
read ...)
{DSA-661-2}
+ - f2c 20020621-3.4 (bug #292792)
CAN-2005-0016 (Buffer overflow in the exported_display function in xatitv in
gatos ...)
{DSA-640-1}
CAN-2005-0015 (diatheke.pl in Sword 1.5.7a allows remote attackers to execute
...)
@@ -11659,6 +11661,7 @@
- lintian 1.23.6
CAN-2004-0999 (zgv 5.5.3 allows remote attackers to cause a denial of service
...)
{DSA-608-1}
+ - zgv 5.7-1.3 (bug #284124)
CAN-2004-0998 (Format string vulnerability in telnetd-ssl 0.17 and earlier
allows ...)
{DSA-616-1}
CAN-2004-0997
Modified: data/DSA/list
==================================================================---
data/DSA/list 2005-09-19 10:55:56 UTC (rev 2043)
+++ data/DSA/list 2005-09-19 11:22:21 UTC (rev 2044)
@@ -648,7 +648,7 @@
NOTE: fixed in testing at time of DSA
[20 Apr 2005] DSA-661-2 f2c - insecure temporary files
{CAN-2005-0017 CAN-2005-0018}
- - f2c 20020621-3.3
+ - f2c 20020621-3.4 (bug #292792)
NOTE: not fixed in testing at time of DSA
[26 Jan 2005] DSA-660-1 kdebase - missing return value check
{CAN-2005-0078}
@@ -849,7 +849,7 @@
- atari800 1.3.2-1
[14 Dec 2004] DSA-608-1 zgv - integer overflows, unsanitised input
{CAN-2004-1095 CAN-2004-0999}
- - zgv 5.7-1.3
+ - zgv 5.7-1.3 (bug #284124)
NOTE: changelog says he only patched 1095, but diff comparison
NOTE: shows 0999 was also fixed.
[10 Dec 2004] DSA-607-1 xfree86 - several