Author: fw
Date: 2005-10-23 14:01:19 +0000 (Sun, 23 Oct 2005)
New Revision: 2536
Modified:
data/CVE/list
data/DSA/list
Log:
Remaining DSAs from January 2005
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-10-23 13:27:20 UTC (rev 2535)
+++ data/CVE/list 2005-10-23 14:01:19 UTC (rev 2536)
@@ -11884,7 +11884,9 @@
- exim4 4.34-10
CVE-2005-0021 (Multiple buffer overflows in Exim before 4.43 may allow
attackers to ...)
{DSA-637-1 DSA-635-1}
- TODO: check
+ - exim4 4.34-10
+ - exim 3.36-13
+ - exim-tls <removed>
CVE-2005-0020 (Buffer overflow in playmidi before 2.4 allows local users to
execute ...)
{DSA-641-1}
- playmidi 2.4debian-3
@@ -11998,7 +12000,7 @@
NOT-FOR-US: MSIE
CVE-2004-1318 (Cross-site scripting (XSS) vulnerability in namazu.cgi for
Namazu ...)
{DSA-627-1}
- - namazu2 2.0.14
+ - namazu2 2.0.14-1
CVE-2004-1317 (Stack-based buffer overflow in doexec.c in Netcat for Windows
1.1, ...)
NOTE: apparently only affects netcat in windows
CVE-2004-1316 (Heap-based buffer overflow in MSG_UnEscapeSearchUrl in ...)
@@ -12281,7 +12283,7 @@
- kernel-source-2.6.8 2.6.8-14
CVE-2004-1189 (The add_to_history function in svr_principal.c in libkadm5srv
for MIT ...)
{DSA-629-1}
- TODO: check
+ - krb5 1.3.6-1
CVE-2004-1188 (The pnm_get_chunk function in xine 0.99.2 and earlier, and other
...)
- xine-lib 1-rc8-1
CVE-2004-1187 (Heap-based buffer overflow in the pnm_get_chunk function for
xine ...)
@@ -12297,13 +12299,13 @@
- enscript 1.6.4-6
CVE-2004-1183 (Integer overflow in the tiffdump utility for libtiff 3.7.1 and
earlier ...)
{DSA-626-1}
- - libtiff-tools 3.6.1-5
+ - tiff 3.6.1-5
CVE-2004-1182 (hfaxd in HylaFAX before 4.2.1, when installed with a
"weak" ...)
{DSA-634-1}
- TODO: check
+ - hylafax 1:4.2.1-1
CVE-2004-1181 (htmlheadline before 21.8 allows local users to overwrite
arbitrary ...)
{DSA-622-1}
- NOTE: htmlheadline not in unstable
+ - htmlheadline <removed>
CVE-2004-1180 (Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on
...)
{DSA-678-1}
- netkit-rwho 0.17-8
@@ -12350,7 +12352,7 @@
NOT-FOR-US: Microsoft
CVE-2004-1165 (Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP
...)
{DSA-631-1}
- TODO: check
+ - kdelibs 4:3.3.2-1
CVE-2004-1164 (The lock manager in Cisco CNS Network Registrar 6.0 through
6.1.1.3 ...)
NOT-FOR-US: Cisco
CVE-2004-1163 (Cisco CNS Network Registrar Central Configuration Management
(CCM) ...)
@@ -13792,10 +13794,12 @@
RESERVED
CVE-2004-0561 (Format string vulnerability in the log routine for gopher daemon
...)
{DSA-638-1}
- TODO: check
+ - gopher 3.0.6
+ NOTE: deprecated in favor of pygopherd
CVE-2004-0560 (Integer overflow in gopher daemon (gopherd) 3.0.3 allows remote
...)
{DSA-638-1}
- TODO: check
+ - gopher 3.0.6
+ NOTE: deprecated in favor of pygopherd
CVE-2004-0559 (The maketemp.pl script in Usermin 1.070 and 1.080 allows local
users ...)
{DSA-544-1}
CVE-2004-0558 (The Internet Printing Protocol (IPP) implementation in CUPS
before ...)
@@ -16840,7 +16844,7 @@
{DSA-229}
CVE-2003-0014 (gsinterf.c in bmv 1.2 and earlier allows local users to
overwrite ...)
{DSA-633-1}
- TODO: check
+ - bmv 1.2-17
CVE-2003-0011 (Unknown vulnerability in the DNS intrusion detection application
...)
NOT-FOR-US: Microsoft
CVE-2003-0010 (Integer overflow in JsArrayFunctionHeapSort function used by
Windows ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2005-10-23 13:27:20 UTC (rev 2535)
+++ data/DSA/list 2005-10-23 14:01:19 UTC (rev 2536)
@@ -1038,69 +1038,71 @@
NOTE: not fixed in testing at time of DSA
[13 Jan 2005] DSA-638-1 gopher - several
{CVE-2004-0560 CVE-2004-0561}
- NOTE: not in sarge
+ [woody] - gopher 3.0.3woody2
+ NOTE: gopherd binary package removed post-woody
[13 Jan 2005] DSA-637-1 exim-tls - buffer overflow
{CVE-2005-0021}
+ [woody] - exim-tls 3.35-3woody3
NOTE: not in sarge
[12 Jan 2005] DSA-636-1 glibc - insecure temporary files
{CVE-2004-0968}
- - glibc 2.3.2.ds1-20
+ [woody] - glibc 2.2.5-11.8
NOTE: fixed in testing at time of DSA
[12 Jan 2005] DSA-635-1 exim - buffer overflow
{CVE-2005-0021}
- - exim4 4.34-10
- NOTE: fixed in testing at time of DSA
- - exim 3.36-13
- NOTE: not fixed in testing at time of DSA
+ [woody] - exim 3.35-1woody4
+ NOTE: exim4 fixed in testing at time of DSA
+ NOTE: exim not fixed in testing at time of DSA
[11 Jan 2005] DSA-634-1 hylafax - weak hostname and username validation
{CVE-2004-1182}
- - hylafax 1:4.2.1-1
+ [woody] - hylafax 1:4.1.1-3.1
NOTE: fixed in testing at time of DSA
[11 Jan 2005] DSA-633-1 bmv - insecure temporary file
{CVE-2003-0014}
- - bmv 1.2-17
+ [woody] - bmv 1.2-14.2
NOTE: fixed in testing at time of DSA
[10 Jan 2005] DSA-632-1 linpopup - buffer overflow
{CVE-2004-1282}
- - linpopup 1.2.0-7
+ [woody] - linpopup 1.2.0-2woody1
NOTE: fixed in testing at time of DSA
[10 Jan 2005] DSA-631-1 kdelibs - unsanitised input
{CVE-2004-1165}
- - kdelibs 4:3.3.2-1
+ [woody] - kdelibs 4:2.2.2-13.woody.13
NOTE: not fixed in testing at time of DSA
[10 Jan 2005] DSA-630-1 lintian - insecure temporary directory
{CVE-2004-1000}
- - lintian 1.23.6
+ [woody] - lintian 1.20.17.1
NOTE: not fixed in testing at time of DSA
[07 Jan 2005] DSA-629-1 krb5 - buffer overflow
{CVE-2004-1189}
- - krb5 1.3.6-1
+ [woody] - krb5 1.2.4-5woody7
NOTE: not fixed in testing at time of DSA
[06 Jan 2005] DSA-628-1 imlib2 - integer overflows
{CVE-2004-1026}
- - imlib2 1.1.2-2.1
+ [woody] - imlib2 1.0.5-2woody2
NOTE: not fixed in testing at time of DSA
[06 Jan 2005] DSA-627-1 namazu2 - unsanitised input
{CVE-2004-1318}
- - namazu2 2.0.14-1
+ [woody] - namazu2 2.0.10-1woody3
NOTE: not fixed in testing at time of DSA
[06 Jan 2005] DSA-626-1 tiff - unsanitised input
{CVE-2004-1183}
- - libtiff4 3.6.1-5
+ [woody] - tiff 3.5.5-6.woody5
NOTE: not fixed in testing at time of DSA
[05 Jan 2005] DSA-625-1 pcal - buffer overflows
{CVE-2004-1289}
- - pcal 4.8.0-1
+ [woody] - pcal 4.7-8woody1
NOTE: not fixed in testing at time of DSA
[05 Jan 2005] DSA-624-1 zip - buffer overflow
{CVE-2004-1010}
- - zip 2.30-8
+ [woody] - zip 2.30-5woody2
NOTE: fixed in testing at time of DSA
[04 Jan 2005] DSA-623-1 nasm - buffer overflow
{CVE-2004-1287}
- - nasm 0.98.38-1.1
+ [woody] - nasm 0.98.28cvs-1woody2
[03 Jan 2005] DSA-622-1 htmlheadline - insecure temporary files
{CVE-2004-1181}
+ [woody] - htmlheadline 21.8-3
NOTE: not in unstable
[31 Dec 2004] DSA-621-1 cupsys - buffer overflow
{CVE-2004-1125}