Moritz Muehlenhoff
2005-Nov-11 14:14 UTC
[Secure-testing-commits] r2720 - in data: CVE DSA
Author: jmm-guest
Date: 2005-11-11 14:14:10 +0000 (Fri, 11 Nov 2005)
New Revision: 2720
Modified:
data/CVE/list
data/DSA/list
Log:
convert june 2004 to the new format
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-11-11 10:58:46 UTC (rev 2719)
+++ data/CVE/list 2005-11-11 14:14:10 UTC (rev 2720)
@@ -14474,6 +14474,7 @@
NOT-FOR-US: Linksys routers
CVE-2004-0579 (Format string vulnerability in super before 3.23 allows local
users to ...)
{DSA-522}
+ - super 3.23.0-1
CVE-2004-0578 (WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other
versions ...)
NOT-FOR-US: Wingate
CVE-2004-0577 (WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other
versions ...)
@@ -14551,6 +14552,7 @@
- aspell 0.50.5-3
CVE-2004-0547 (Buffer overflow in the ODBC driver for PostgreSQL before 7.2.1
allows ...)
{DSA-516}
+ - postgresql 07.03.0200-3
CVE-2004-0546
RESERVED
CVE-2004-0545 (LVM for AIX 5.1 and 5.2 allows local users to overwrite
arbitrary ...)
@@ -14600,8 +14602,10 @@
NOT-FOR-US: Change_passwd SquirrelMail plugin not present in debian
CVE-2004-0523 (Multiple buffer overflows in krb5_aname_to_localname for MIT
Kerberos ...)
{DSA-520}
+ - krb5 1.3.3-2
CVE-2004-0522 (Gallery 1.4.3 and earlier allows remote attackers to bypass ...)
{DSA-512}
+ - gallery 1.4.3-pl2-1
CVE-2004-0521 (SQL injection vulnerability in SquirrelMail before 1.4.3 RC1
allows ...)
{DSA-535}
- squirrelmail 2:1.4.3a-0.1
@@ -14750,9 +14754,10 @@
- pavuk 0.9pl28-3 (bug #264684)
CVE-2004-0455 (Buffer overflow in cgi.c in www-sql before 0.5.7 allows local
users to ...)
{DSA-523}
+ - www-sql 0.5.7-18
CVE-2004-0454 (Buffer overflow in the msg function for rlpr daemon (rlprd) 2.04
...)
{DSA-524}
- - rlpr 2.05-1 (bug #255402)
+ - rlpr 2.02-7.1 (bug #255402)
CVE-2004-0453 (Format string vulnerability in the monitor "memory
dump" command in ...)
- vice 1.14-2
CVE-2004-0452 (Race condition in the rmtree function in the File::Path module
in Perl ...)
@@ -14760,8 +14765,10 @@
- perl 5.8.4-5
CVE-2004-0451 (Multiple format string vulnerabilities in the (1) logquit, (2)
logerr, ...)
{DSA-521}
+ - sup 1.8-11
CVE-2004-0450 (Format string vulnerability in the printlog function in log2mail
...)
{DSA-513}
+ - log2mail 0.2.8-3
CVE-2004-0449
RESERVED
CVE-2004-0448 (Format string vulnerability in the log function for jftpgw
0.13.4 and ...)
@@ -14849,6 +14856,7 @@
- mailman 2.1.4-5
CVE-2004-0411 (The URI handlers in Konqueror for KDE 3.2.2 and earlier do not
...)
{DSA-518}
+ - kdelibs 4:3.2.3
CVE-2004-0410
RESERVED
NOTE: An empty CVE, never published.
@@ -14895,6 +14903,7 @@
NOTE: not fixed in 2.4.27 by inspection, didn''t bother with a bug
CVE-2004-0393 (Format string vulnerability in the msg function for rlpr daemon
...)
{DSA-524}
+ - rlpr 2.02-7.1 (bug #255402)
CVE-2004-0392 (racoon before 20040407b allows remote attackers to cause a
denial of ...)
- apache 1.3.31-2
CVE-2004-0391 (Cisco Wireless LAN Solution Engine (WLSE) 2.0 through 2.5 and
Hosting ...)
@@ -15187,8 +15196,10 @@
NOT-FOR-US: thePHOTOtool
CVE-2004-0235 (Multiple directory traversal vulnerabilities in LHA 1.14 allow
remote ...)
{DSA-515}
+ - lha 1.14i-8
CVE-2004-0234 (Multiple stack-based buffer overflows in the get_header function
in ...)
{DSA-515}
+ - lha 1.14i-8
CVE-2004-0233 (Utempter allows device names that contain .. (dot dot) directory
...)
NOT-FOR-US: utempter
CVE-2004-0232 (Multiple format string vulnerabilities in Midnight Commander
(mc) ...)
@@ -18832,6 +18843,7 @@
TODO: test
CVE-2004-0077 (The do_mremap function for the mremap system call in Linux 2.2
to ...)
{DSA-514 DSA-475 DSA-470 DSA-466 DSA-456 DSA-454 DSA-453 DSA-450 DSA-444
DSA-442 DSA-441 DSA-440 DSA-439 DSA-438}
+ - kernel-source-2.2.20 <removed>
CVE-2004-0075 (The Vicam USB driver in Linux before 2.4.25 does not use the
...)
- kernel-source-2.4.24 2.4.24-3
NOTE: fixed in 2.4.26-pre3
Modified: data/DSA/list
==================================================================---
data/DSA/list 2005-11-11 10:58:46 UTC (rev 2719)
+++ data/DSA/list 2005-11-11 14:14:10 UTC (rev 2720)
@@ -1512,49 +1512,46 @@
[woody] - webmin 0.94-7woody2
[24 Jun 2004] DSA-525 apache - buffer overflow
{CVE-2004-0492}
- - apache 1.3.31-2
+ [woody] - apache 1.3.26-0woody5
[19 Jun 2004] DSA-524 rlpr - several vulnerabilities
{CVE-2004-0393 CVE-2004-0454}
- - rlpr 2.02-7.1 (bug #255402)
+ [woody] - rlpr 2.02-7woody1
[19 Jun 2004] DSA-523 www-sql - buffer overflow
{CVE-2004-0455}
- - www-sql 0.5.7-18
+ [woody] - www-sql 0.5.7-17woody1
[19 Jun 2004] DSA-522 super - format string vulnerability
{CVE-2004-0579}
- - super 3.23.0-1
+ [woody] - super 3.16.1-1.2
[18 Jun 2004] DSA-521 sup - format string vulnerability
{CVE-2004-0451}
- - sup 1.8-11
+ [woody] - sup 1.8-8woody2
[16 Jun 2004] DSA-520 krb5 - buffer overflows
{CVE-2004-0523}
- - krb5 1.3.3-2
+ [woody] - krb5 1.2.4-5woody5
[15 Jun 2004] DSA-519 cvs - several vulnerabilities
{CVE-2004-0416 CVE-2004-0417 CVE-2004-0418}
- - cvs 1:1.12.9-1
+ [woody] - cvs 1.11.1p1debian-9woody7
[14 Jun 2004] DSA-518 kdelibs - unsanitised input
{CVE-2004-0411}
- - kdelibs 4:3.2.3
+ [woody] - kdelibs 2.2.2-13.woody.10
[10 Jun 2004] DSA-517 cvs - buffer overflow
{CVE-2004-0414}
- - cvs 1:1.12.9-1
+ [woody] - cvs 1.11.1p1debian-9woody6
[07 Jun 2004] DSA-516 postgresql - buffer overflow
{CVE-2004-0547}
- - postgresql 07.03.0200-3.
+ [woody] - postgresql 7.2.1-2woody5
[05 Jun 2004] DSA-515 lha - several vulnerabilities
{CVE-2004-0234 CVE-2004-0235}
- - lha 1.14i-8
- NOTE: If 1.14i-8 cannot get into testing, the fix for 1.14i-2.0.1
- NOTE: from the DSA could to updated via t-p-u.
+ [woody] - lha 1.14i-2woody1
[04 Jun 2004] DSA-514 kernel-image-sparc-2.2 - failing function and TLB flush
{CVE-2004-0077}
- - kernel-image-sparc-2.2 9.1
- NOTE: did not check other versions of the kernel
+ [woody] - kernel-source-2.2.20 2.2.20-5woody3
[03 Jun 2004] DSA-513 log2mail - format string
{CVE-2004-0450}
- - log2mail 0.2.8-3
+ [woody] - log2mail 0.2.5.2
[02 Jun 2004] DSA-512 gallery - unauthenticated access
{CVE-2004-0522}
- - gallery 1.4.3-pl2-1
+ [woody] - gallery 1.2.5-8woody2
[30 May 2004] DSA-511 ethereal - buffer overflows
{CVE-2004-0176}
- ethereal 0.10.3-1