Moritz Muehlenhoff
2005-Nov-09 23:14 UTC
[Secure-testing-commits] r2705 - in data: CVE DSA
Author: jmm-guest
Date: 2005-11-09 22:41:36 +0000 (Wed, 09 Nov 2005)
New Revision: 2705
Modified:
data/CVE/list
data/DSA/list
Log:
convert july''s DSAs to the new format
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-11-09 22:26:34 UTC (rev 2704)
+++ data/CVE/list 2005-11-09 22:41:36 UTC (rev 2705)
@@ -14157,6 +14157,7 @@
NOT-FOR-US: Solaris
CVE-2004-0700 (Format string vulnerability in the mod_proxy hook functions
function ...)
{DSA-532}
+ TODO: Check, when this was fixed in sid
CVE-2004-0699 (Heap-based buffer overflow in ASN.1 decoding library in Check
Point ...)
NOT-FOR-US: Check Point VPN
CVE-2004-0698 (4D WebSTAR 5.3.2 and earlier allows local users to read and
modify ...)
@@ -14282,6 +14283,7 @@
NOT-FOR-US: Cisco
CVE-2004-0649 (Buffer overflow in write_packet in control.c for l2tpd may allow
...)
{DSA-530}
+ - l2tpd 0.70-pre20031121-2
CVE-2004-0648 (Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and
Thunderbird ...)
- mozilla 2:1.7.1
- mozilla-firefox 0.9.2
@@ -14308,6 +14310,7 @@
NOT-FOR-US: Thomson hardware ADSL router
CVE-2004-0640 (Format string vulnerability in the SSL_set_verify function in
...)
{DSA-529}
+ - netkit-telnet-ssl 0.17.24+0.1-2
CVE-2004-0639 (Multiple cross-site scripting (XSS) vulnerabilities in
Squirrelmail ...)
{DSA-535}
- squirrelmail 2:1.4.3a-0.1
@@ -14319,10 +14322,13 @@
NOT-FOR-US: AOL Instant Messenger
CVE-2004-0635 (The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows
remote ...)
{DSA-528}
+ - ethereal 0.10.5-1
CVE-2004-0634 (The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4
allows ...)
- ethereal 0.10.5
+ [woody] - ethereal <not-affected> (Not vulnerable according to DSA-528)
CVE-2004-0633 (The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows
remote ...)
- ethereal 0.10.5
+ [woody] - ethereal <not-affected> (Not vulnerable according to DSA-528)
CVE-2004-0632 (Adobe Reader 6.0 does not properly handle null characters when
...)
NOT-FOR-US: adobe reader
CVE-2004-0631 (Buffer overflow in the uudecoding feature for Adobe Acrobat
Reader ...)
@@ -14412,8 +14418,10 @@
CVE-2004-0595 (The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to
...)
{DSA-669-1 DSA-531}
- php3 3:3.0.18-27
+ - php4 4:4.3.8-1
CVE-2004-0594 (The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x
up to ...)
{DSA-669-1 DSA-531}
+ - php4 4:4.3.8-1
NOTE: DSA claims PHP3 is vulnerable, but this is not mentioned
NOTE: in the changelog.
CVE-2004-0593 (Sygate Enforcer 3.5MR1 and earlier passes broadcast traffic
before ...)
@@ -14422,6 +14430,7 @@
RESERVED
CVE-2004-0591 (Cross-site scripting (XSS) vulnerability in the print_header_uc
...)
{DSA-533}
+ - courier 0.45.4-4
CVE-2004-0590 (FreeS/WAN 1.x and 2.x, and other related products including ...)
- freeswan 2.04-10
- openswan 2.2.0
@@ -14652,6 +14661,7 @@
CVE-2004-0488 (Stack-based buffer overflow in the ssl_util_uuencode_binary
function ...)
{DSA-532}
- apache2 2.0.50-1
+ - libapache-mod-ssl 2.8.19-1
CVE-2004-0487 (A certain ActiveX control in Symantec Norton AntiVirus 2004
allows ...)
NOT-FOR-US: Norton
CVE-2004-0486 (HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that
it did ...)
@@ -14721,6 +14731,7 @@
- mysql <removed>
CVE-2004-0456 (Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and
possibly ...)
{DSA-527}
+ - pavuk 0.9pl28-3 (bug #264684)
CVE-2004-0455 (Buffer overflow in cgi.c in www-sql before 0.5.7 allows local
users to ...)
{DSA-523}
CVE-2004-0454 (Buffer overflow in the msg function for rlpr daemon (rlprd) 2.04
...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2005-11-09 22:26:34 UTC (rev 2704)
+++ data/DSA/list 2005-11-09 22:41:36 UTC (rev 2705)
@@ -1479,32 +1479,32 @@
[woody] - squirrelmail 1:1.2.6-1.4
[22 Jul 2004] DSA-534 mailreader - directory traversal
{CVE-2002-1581}
- - mailreader 2.3.29-9
+ [woody] - mailreader 2.3.29-5woody1
[22 Jul 2004] DSA-533 courier - cross-site scripting
{CVE-2004-0591}
- - courier 0.45.4-4
+ [woody] - courier 0.37.3-2.5
[22 Jul 2004] DSA-532 libapache-mod-ssl - several vulnerabilities
{CVE-2004-0488 CVE-2004-0700}
- - libapache-mod-ssl 2.8.19-1
+ [woody] - libapache-mod-ssl 2.8.9-2.4
[20 Jul 2004] DSA-531 php4 - several vulnerabilities
{CVE-2004-0594 CVE-2004-0595}
- - php4 4:4.3.8-1
+ [woody] - php4 4.1.2-7
[17 Jul 2004] DSA-530 l2tpd - buffer overflow
{CVE-2004-0649}
- - l2tpd 0.70-pre20031121-2
+ [woody] - l2tpd 0.67-1.2
[17 Jul 2004] DSA-529 netkit-telnet-ssl - format string
{CVE-2004-0640}
- - netkit-telnet-ssl 0.17.24+0.1-2
+ [woody] - netkit-telnet-ssl 0.17.17+0.1-2woody1
[17 Jul 2004] DSA-528 ethereal - denial of service
{CVE-2004-0635}
- - ethereal 0.10.5-1
+ [woody] - ethereal 0.9.4-1woody8
[03 Jul 2004] DSA-527 pavuk - buffer overflow
{CVE-2004-0456}
NOTE: DSA is incorrect; pavuk is in sarge and unstable.
- - pavuk 0.9pl28-3 (bug #264684)
+ [woody] - pavuk 0.9pl28-1woody1
[03 Jul 2004] DSA-526 webmin - several vulnerabilities
{CVE-2004-0582 CVE-2004-0583}
- - webmin 1.150-1
+ [woody] - webmin 0.94-7woody2
[24 Jun 2004] DSA-525 apache - buffer overflow
{CVE-2004-0492}
- apache 1.3.31-2