Moritz Muehlenhoff
2005-Oct-23 18:23 UTC
[Secure-testing-commits] r2537 - in data: CVE DSA
Author: jmm-guest
Date: 2005-10-23 18:22:48 +0000 (Sun, 23 Oct 2005)
New Revision: 2537
Modified:
data/CVE/list
data/DSA/list
Log:
more DSA entries reworked
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-10-23 14:01:19 UTC (rev 2536)
+++ data/CVE/list 2005-10-23 18:22:48 UTC (rev 2537)
@@ -12628,9 +12628,9 @@
NOT-FOR-US: fetch on FreeBSD
CVE-2004-1052 (Buffer overflow in the getnickuserhost function in BNC 2.8.9,
and ...)
{DSA-595-1}
- NOTE: bnc is not in sarge or unstable (is in woody)
+ - bnc <removed>
CVE-2004-1051 (sudo before 1.6.8p2 allows local users to execute arbitrary
commands ...)
- {DSA-596-2 DSA-596-1}
+ {DSA-596-2}
- sudo 1.6.8p3-1
CVE-2004-1050 (Heap-based buffer overflow in Internet Explorer 6 allows remote
...)
NOT-FOR-US: Microsoft
@@ -13060,6 +13060,7 @@
- koffice 1:1.3.4-1
NOTE: only affects source package, not used in binary
- cupsys <unfixed> (bug #324460; unimportant)
+ - tetex-bin 2.0.2-23
CVE-2004-0887 (SUSE Linux Enterprise Server 9 on the S/390 platform does not
properly ...)
NOTE: waldi provided this info
- linux-kernel-image-2.6.8-s390 2.6.8-3
Modified: data/DSA/list
==================================================================---
data/DSA/list 2005-10-23 14:01:19 UTC (rev 2536)
+++ data/DSA/list 2005-10-23 18:22:48 UTC (rev 2537)
@@ -1164,45 +1164,42 @@
[29 Nov 2004] DSA-602-1 libgd2 - integer overlow
{CVE-2004-0941 CVE-2004-0990}
NOTE: different from fixes from earlier DSA for these CVEs; 2004-0941 new
- - libgd2 2.0.33-1.1
+ [woody] - libgd2 2.0.1-10woody2
[29 Nov 2004] DSA-601-1 libgd1 - integer overflow
{CVE-2004-0941 CVE-2004-0990}
NOTE: different from fixes from earlier DSA for these CVEs; 2004-0941 new
- - libgd 1.8.4-36.1
+ [woody] - libgd 1.8.4-17.woody4
[25 Nov 2004] DSA-599-1 tetex-bin - integer overflows
{CVE-2004-0888}
- - tetex-bin 2.0.2-23
+ [woody] - tetex-bin 20011202-7.3
[25 Nov 2004] DSA-598-1 yardradius - buffer overflow
{CVE-2004-0987}
- - yardradius 1.0.20-15
+ [woody] - yardradius 1.0.20-2woody1
[25 Nov 2004] DSA-597-1 cyrus-imapd - buffer overflow
{CVE-2004-1012 CVE-2004-1013}
- - cyrus21-imapd 2.1.17-1
+ [woody] - cyrus21-imapd 1.5.19-9.2
[24 Nov 2004] DSA-596-2 sudo - missing input sanitising
{CVE-2004-1051}
- - sudo 1.6.8p3-1
-[24 Nov 2004] DSA-596-1 sudo - missing input sanitising
- {CVE-2004-1051}
- - sudo 1.6.8p3-1
+ [woody] - sudo 1.6.6-1.3
[24 Nov 2004] DSA-595-1 bnc - buffer overflow
{CVE-2004-1052}
- NOTE: package not in sarge or sid
+ [woody] - bnc 2.6.4-3.3
[17 Nov 2004] DSA-594-1 apache - buffer overflows
{CVE-2004-0940}
- - apache 1.3.33-2
+ [woody] - apache 1.3.26-0woody6
[16 Nov 2004] DSA-593-1 imagemagick - buffer overflow
{CVE-2004-0981}
- - imagemagick 6:6.0.6.2-1.5
+ [woody] - imagemagick 5.4.4.5-1woody4
[12 Nov 2004] DSA-592-1 ez-ipupdate - format string
{CVE-2004-0980}
- - ez-ipupdate 3.0.11b8-8
+ [woody] - ez-ipupdate 3.0.11b5-1woody2
[09 Nov 2004] DSA-591-1 libgd2 - integer overflows
{CVE-2004-0990}
- - libgd2 2.0.30-1
+ [woody] - libgd 1.8.4-17.woody3
+ [woody] - libgd2 2.0.1-10woody1
[09 Nov 2004] DSA-590-1 gnats - format string vulnerability
{CVE-2004-0623}
- NOTE: DSA got version of fix for unstable wrong
- - gnats 4.0-6.1
+ [woody] - gnats 3.999.beta1+cvs20020303-2
[09 Nov 2004] DSA-589-1 libgd - integer overflows
{CVE-2004-0990}
- libgd 1.8.4-36.1
@@ -1301,7 +1298,7 @@
- xfree86 4.3.0.dfsg.1-8
[07 Oct 2004] DSA-600-1 samba - arbitrary file access
{CVE-2004-0815}
- NOTE: not affected according to DSA
+ [woody] - samba 2.2.3a-14.1
[07 Oct 2004] DSA-560-1 lesstif1-1 - integer and stack overflows
{CVE-2004-0687 CVE-2004-0688}
- lesstif1-1 1:0.93.94-10