Moritz Muehlenhoff
2005-Nov-03 11:32 UTC
[Secure-testing-commits] r2651 - in data: CVE DSA
Author: jmm-guest
Date: 2005-11-03 11:31:26 +0000 (Thu, 03 Nov 2005)
New Revision: 2651
Modified:
data/CVE/list
data/DSA/list
Log:
convert september DSAs to new format
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-11-03 10:21:21 UTC (rev 2650)
+++ data/CVE/list 2005-11-03 11:31:26 UTC (rev 2651)
@@ -13515,8 +13515,10 @@
- samba 3.0.7
CVE-2004-0881 (getmail 4.x before 4.2.0, and other versions before 3.2.5, when
run as ...)
{DSA-553-1}
+ - getmail 3.2.5-1
CVE-2004-0880 (getmail 4.x before 4.2.0, when run as root, allows local users
to ...)
{DSA-553-1}
+ - getmail 3.2.5-1
CVE-2004-0879
RESERVED
CVE-2004-0878
@@ -13623,6 +13625,7 @@
- speedtouch 1.3.1
CVE-2004-0833 (Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and
...)
{DSA-554-1}
+ - sendmail 8.13.1-13
CVE-2004-0832 (The (1) ntlm_fetch_string and (2) ntlm_get_string functions in
Squid ...)
- squid 2.5.6-8
CVE-2004-0831 (McAfee VirusScan 4.5.1 does not drop SYSTEM privileges before
allowing ...)
@@ -13700,6 +13703,7 @@
- tiff 3.6.1-2
CVE-2004-0802 (Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows
remote ...)
{DSA-552-1}
+ - imlib2 1.1.0-12.4
CVE-2004-0801 (Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2
allows ...)
- foomatic-filters 3.0.2
CVE-2004-0800 (Format string vulnerability in CDE Mailer (dtmail) on Solaris 8
and 9 ...)
@@ -13716,6 +13720,7 @@
NOT-FOR-US: IBM DB2 DB2RCMD.EXE
CVE-2004-0794 (Multiple signal handler race conditions in lukemftpd (aka tnftpd
...)
{DSA-551-1}
+ - lukemftpd 1.1-2.2 (bug #266370)
CVE-2004-0793 (The calendar program in bsdmainutils 6.0 through 6.0.14 does not
drop ...)
- bsdmainutils 6.0.15
CVE-2004-0792 (Directory traversal vulnerability in the sanitize_path function
in ...)
@@ -13730,6 +13735,8 @@
TODO: check
CVE-2004-0788 (Integer overflow in the ICO image decoder for (1) gdk-pixbuf
before ...)
{DSA-549-1 DSA-546-1}
+ - gtk+2.0 2.4.9-2
+ - gdk-pixbuf 0.22.0-7
CVE-2004-0787 (Cross-site scripting (XSS) vulnerability in the web frontend in
OpenCA ...)
NOT-FOR-US: seems OpenCA is
CVE-2004-0786 (The IPv6 URI parsing routines in the apr-util library for Apache
...)
@@ -13741,8 +13748,11 @@
- gaim 1:0.82
CVE-2004-0783 (Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in
the XPM ...)
{DSA-549-1}
+ - gtk+2.0 2.4.9-2
CVE-2004-0782 (Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM
image ...)
{DSA-549-1 DSA-546-1}
+ - gtk+2.0 2.4.9-2
+ - gdk-pixbuf 0.22.0-7
CVE-2004-0781 (Cross-site scripting (XSS) vulnerability in list.cgi in the
Icecast ...)
{DSA-541}
CVE-2004-0780
@@ -13765,6 +13775,7 @@
RESERVED
CVE-2004-0772 (Double-free vulnerabilities in error handling code in krb524d
for MIT ...)
{DSA-543-1}
+ - krb5 1.3.4-3
CVE-2004-0771 (Buffer overflow in the extract_one function from lhext.c in LHA
may ...)
- lha 1.14i-9 (bug #279870)
CVE-2004-0770 (romload.c in DGen Emulator 1.23 and earlier allows local users
to ...)
@@ -13811,6 +13822,7 @@
- gaim 1:0.82.1-1
CVE-2004-0753 (The BMP image processor for (1) gdk-pixbuf before 0.22 and (2)
gtk2 ...)
{DSA-546-1}
+ - gdk-pixbuf 0.22.0-7
CVE-2004-0752 (OpenOffice (OOo) 1.1.2 creates predictable directory names with
...)
- openoffice.org 1.1.2-4
CVE-2004-0751 (The char_buffer_read function in the mod_ssl module for Apache
2.x, ...)
@@ -14056,13 +14068,17 @@
CVE-2004-0645 (Buffer overflow in the wvHandleDateTimePicture function in wv
library ...)
{DSA-579-1 DSA-550-1}
- abiword 2.0.8
+ - wv 1.0.2-0.1
NOTE: fixed version of abiword based on
http://xforce.iss.net/xforce/xfdb/16660
CVE-2004-0644 (The asn1buf_skiptail function in the ASN.1 decoder library for
MIT ...)
{DSA-543-1}
+ - krb5 1.3.4-3
CVE-2004-0643 (Double-free vulnerability in the krb5_rd_cred function for MIT
...)
{DSA-543-1}
+ - krb5 1.3.4-3
CVE-2004-0642 (Double-free vulnerabilities in the error handling code for ASN.1
...)
{DSA-543-1}
+ - krb5 1.3.4-3
CVE-2004-0641 (Thomson SpeedTouch 510 ADSL Router with firmware GV8BAA3.270,
and ...)
NOT-FOR-US: Thomson hardware ADSL router
CVE-2004-0640 (Format string vulnerability in the SSL_set_verify function in
...)
@@ -14238,6 +14254,7 @@
- rp-pppoe 3.5-4
CVE-2004-0563 (The tspc.conf configuration file in freenet6 before 0.9.6 and
before ...)
{DSA-555-1}
+ - freenet6 1.0-2.2
CVE-2004-0562
RESERVED
CVE-2004-0561 (Format string vulnerability in the log routine for gopher daemon
...)
@@ -14250,8 +14267,11 @@
NOTE: deprecated in favor of pygopherd
CVE-2004-0559 (The maketemp.pl script in Usermin 1.070 and 1.080 allows local
users ...)
{DSA-544-1}
+ - webmin 1.160-1
+ - usermin 1.090-1
CVE-2004-0558 (The Internet Printing Protocol (IPP) implementation in CUPS
before ...)
{DSA-545-1}
+ - cupsys 1.1.20final+rc1-6
CVE-2004-0557 (Multiple buffer overflows in the st_wavstartread function in
wav.c for ...)
{DSA-565-1}
- sox 12.17.4-9 (bug #262083)
@@ -18501,7 +18521,8 @@
CVE-2004-0159 (Format string vulnerability in hsftp 1.11 allows remote
authenticated ...)
{DSA-447}
CVE-2004-0150 (Buffer overflow in the getaddrinfo function in Python 2.2 before
...)
- {DSA-458-2 DSA-458}
+ {DSA-458-3}
+ - python2.2 <not-affected> (Not affected according to DSA-458)
CVE-2004-0148 (wu-ftpd 2.6.2 and earlier, with the restricted-gid option
enabled, ...)
{DSA-457}
- wu-ftpd 2.6.2-17.2
Modified: data/DSA/list
==================================================================---
data/DSA/list 2005-11-03 10:21:21 UTC (rev 2650)
+++ data/DSA/list 2005-11-03 11:31:26 UTC (rev 2651)
@@ -1360,25 +1360,25 @@
[woody] - netkit-telnet 0.17-18woody2
[30 Sep 2004] DSA-555-1 freenet6 - file permissions
{CVE-2004-0563}
- - freenet6 1.0-2.2
+ [woody] - freenet6 0.9.6-1woody2
[27 Sep 2004] DSA-554-1 sendmail - pre-set password
{CVE-2004-0833}
- - sendmail 8.13.1-13
+ [woody] - sendmail 8.12.3-7.1
[27 Sep 2004] DSA-553-1 getmail - symlink vulnerability
{CVE-2004-0880 CVE-2004-0881}
- - getmail 3.2.5-1
+ [woody] - getmail 2.3.7-2
[22 Sep 2004] DSA-552-1 imlib2 - unsanitised input
{CVE-2004-0802}
- - imlib2 1.1.0-12.4
+ [woody] - imlib2 1.0.5-2woody1
[21 Sep 2004] DSA-551-1 lukemftpd - incorrect internal variable handling
{CVE-2004-0794}
- - lukemftpd 1.1-2.2 (bug #266370)
+ [woody] - lukemftpd 1.1-1woody2
[20 Sep 2004] DSA-550-1 wv - buffer overflow
{CVE-2004-0645}
- - wv 1.0.2-0.1 (bug #264972)
+ [woody] - wv 0.7.1+rvt-2woody3 (bug #264972)
[17 Sep 2004] DSA-549-1 gtk+2.0 - multiple holes
{CVE-2004-0782 CVE-2004-0783 CVE-2004-0788}
- - gtk+2.0 2.4.9-2
+ [woody] - gtk+2.0 2.0.2-5woody2
[26 Oct 2005] DSA-548-2 imlib - unsanitised input
{CVE-2004-0817}
[woody] - imlib 1.9.14-2woody3
@@ -1386,23 +1386,23 @@
NOTE: Initial -1 fix was incomplete
[16 Sep 2004] DSA-547-1 imagemagick - buffer overflows
{CVE-2004-0827}
- - imagemagick 6:6.0.6.2-1
-[16 Sep 2004] DSA-546-1 gdk-pixbuf - multiple holes
+ [woody] - imagemagick 5.4.4.5-1woody3
+[16 Sep 2004] DSA-546-1 gdk-pixbuf - several vulnerabilities
{CVE-2004-0753 CVE-2004-0782 CVE-2004-0788}
- - gdk-pixbuf 0.22.0-7
+ [woody] - gdk-pixbuf 0.17.0-2woody2
[15 Sep 2004] DSA-545-1 cupsys - denial of service
{CVE-2004-0558}
- - cupsys 1.1.20final+rc1-6
+ [woody] - cupsys 1.1.14-5woody6
[14 Sep 2004] DSA-544-1 webmin - insecure temporary directory
{CVE-2004-0559}
- - webmin 1.160-1
- - usermin 1.090-1
+ [woody] - webmin 0.94-7woody3
[31 Aug 2004] DSA-543-1 krb5 -- several vulnerabilities
{CVE-2004-0642 CVE-2004-0643 CVE-2004-0644 CVE-2004-0772}
- - krb5 1.3.4-3
-[31 Aug 2004] DSA-458-2 python2.2 - buffer overflow
+ [woody] - krb5 1.2.4-5woody6
+[31 Aug 2004] DSA-458-3 python2.2 - buffer overflow
{CVE-2004-0150}
- NOTE: not affected according to DSA
+ [woody] - python2.2 2.2.1-4.6
+ NOTE: Previous DSA had regressions
[30 Aug 2004] DSA-542-1 qt - unsanitised input
{CVE-2004-0691 CVE-2004-0692 CVE-2004-0693}
- qt-x11-free 3:3.3.3-4
@@ -1668,9 +1668,6 @@
[10 Mar 2004] DSA-459 kdelibs - cookie path traversal
{CVE-2003-0592}
- kdelibs 4:3.1.3-1
-[09 Mar 2004] DSA-458 python2.2 - buffer overflow
- {CVE-2004-0150}
- NOTE: not affected according to DSA
[08 Mar 2004] DSA-457 wu-ftpd - several vulnerabilities
{CVE-2004-0148 CVE-2004-0185}
- wu-ftpd 2.6.2-17.1