Moritz Muehlenhoff
2005-Nov-13 23:00 UTC
[Secure-testing-commits] r2727 - in data: CVE DSA
Author: jmm-guest
Date: 2005-11-13 23:00:06 +0000 (Sun, 13 Nov 2005)
New Revision: 2727
Modified:
data/CVE/list
data/DSA/list
Log:
convert another month of DSA entries
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-11-13 21:58:59 UTC (rev 2726)
+++ data/CVE/list 2005-11-13 23:00:06 UTC (rev 2727)
@@ -1,8 +1,3 @@
-CVE-2005-XXXX [kernel: NFS leases mem leak]
- - linux-2.6 <unfixed>
- NOTE: Pinged Horms
-CVE-2002-0683 (Directory traversal vulnerability in Carello 1.3 allows remote
...)
- TODO: check
CVE-2005-XXXX [user logout in drupal has no effect]
[sarge] drupal <not-affected> (bug was introduced after 4.5.3)
- drupal 4.5.5-3 (bug #336719; medium)
@@ -14806,6 +14801,7 @@
NOT-FOR-US: FreeBSD
CVE-2004-0434 (k5admind (kadmind) for Heimdal allows remote attackers to
execute ...)
{DSA-504}
+ - heimdal 0.6.2-1
CVE-2004-0433 (Multiple buffer overflows in the Real-Time Streaming Protocol
(RTSP) ...)
NOTE: mplayer not in Debian
- xine-lib 1-rc4
@@ -14825,6 +14821,7 @@
NOTE: Fixed in 2.6.6/2.4.26 kernel
CVE-2004-0426 (rsync before 2.6.1 does not properly sanitize paths when running
a ...)
{DSA-499}
+ - rsync 2.6.1-1
CVE-2004-0425 (Heap-based buffer overflow in SiteMinder Affiliate Agent 4.x
allows ...)
NOT-FOR-US: windows
CVE-2004-0424 (Integer overflow in the ip_setsockopt function in Linux kernel
2.4.22 ...)
@@ -14835,6 +14832,7 @@
NOTE: The package doesn''t enable that flag so it is safe.
CVE-2004-0422 (flim before 1.14.3 creates temporary files insecurely, which
allows ...)
{DSA-500}
+ - flim 1:1.14.6+0.20040415-1
CVE-2004-0421 (The Portable Network Graphics library (libpng) 1.0.15 and
earlier ...)
{DSA-498}
CVE-2004-0420 (The Windows Shell application in Windows 98, Windows ME, Windows
NT ...)
@@ -14883,17 +14881,23 @@
- racoon 0.3.1-3
CVE-2004-0402 (Buffer overflow in xpcd-svga in xpcd before 2.08, and possibly
other ...)
{DSA-508}
+ - xpcd 2.08-10
CVE-2004-0401 (Unknown vulnerability in libtasn1 0.1.x before 0.1.2, and 0.2.x
before ...)
- libtasn1 0.1.2-2
CVE-2004-0400 (Stack-based buffer overflow in Exim 4 before 4.33, when the ...)
{DSA-502 DSA-501}
- exim 3.36-11
+ - exim4 4.33-1
+ - exis-tls <removed>
CVE-2004-0399 (Stack-based buffer overflow in Exim 3.35, and other versions
before 4, ...)
{DSA-502 DSA-501}
- exim 3.36-11
+ - exim4 4.33-1
+ - exis-tls <removed>
CVE-2004-0398 (Heap-based buffer overflow in the ne_rfc1036_parse date parsing
...)
{DSA-507 DSA-506}
-
+ - cadaver 0.22.1-3
+ - neon 0.24.6.dfsg-1
CVE-2004-0397 (Stack-based buffer overflow during the apr_time_t data
conversion in ...)
- subversion 1.0.3-1
NOTE: fix history: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=249791
@@ -14902,6 +14906,7 @@
- cvs 1:1.12.5-6
CVE-2004-0395 (The xatitv program in the gatos package does not properly drop
root ...)
{DSA-509}
+ - gatos 0.0.5-12
CVE-2004-0394 (A "potential" buffer overflow exists in the
panic() function in Linux ...)
NOTE: apparently not very exploitable, does not affect 2.6
NOTE: patch: http://www.ultramonkey.org/bugs/cve-patch/CVE-2004-0394.patch
@@ -18694,7 +18699,7 @@
NOT-FOR-US: no_package
CVE-2002-0684 (Buffer overflow in DNS resolver functions that perform lookup of
...)
- glibc 2.2.5-8
-CVE-2001-0683 (Memory leak in Netscape Collabra Server 3.5.4 and earlier allows
a ...)
+CVE-2001-0683 (Directory traversal vulnerability in Carello 1.3 allows remote
...)
NOT-FOR-US: no_package
CVE-2002-0681 (Cross-site scripting vulnerability in GoAhead Web Server 2.1
allows ...)
NOT-FOR-US: no_package
@@ -19974,6 +19979,7 @@
- libmm11 1.1.3-6.1
- libmm13 1.3.1-1
CVE-2002-0653 (Off-by-one buffer overflow in rewrite_command hook for mod_ssl
Apache ...)
+ {DSA-135}
- libapache-mod-ssl 2.8.9-2
STOP: this is approximatly the release of woody, so we can stop here
CVE-2002-0651 (Buffer overflow in the DNS resolver code used in libc, glibc,
and ...)
@@ -23382,7 +23388,7 @@
CVE-2001-0688 (Broker FTP Server 5.9.5.0 allows a remote attacker to cause a
denial ...)
CVE-2001-0687 (Broker FTP server 5.9.5 for Windows NT and 9x allows a remote
attacker ...)
CVE-2001-0684 (Netscape Collabra Server 3.5.4 and earlier allows a remote
attacker to ...)
-CVE-2001-0683
+CVE-2001-0683 (Memory leak in Netscape Collabra Server 3.5.4 and earlier allows
a ...)
CVE-2001-0681 (Buffer overflow in ftpd in QPC QVT/Net 5.0 and QVT/Term 5.0
allows a ...)
CVE-2001-0679 (A buffer overflow in InterScan VirusWall 3.23 and 3.3 allows a
remote ...)
CVE-2001-0678 (A buffer overflow in reggo.dll file used by Trend Micro
InterScan ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2005-11-13 21:58:59 UTC (rev 2726)
+++ data/DSA/list 2005-11-13 23:00:06 UTC (rev 2727)
@@ -1563,35 +1563,34 @@
[woody] - gatos 0.0.5-6woody1
[22 May 2004] DSA-508 xpcd - buffer overflow
{CVE-2004-0402}
- - xpcd 2.08-10
+ [woody] - xpcd 2.08-8woody2
[19 May 2004] DSA-507 cadaver - buffer overflow
{CVE-2004-0398}
- - cadaver 0.22.1-3
+ [woody] - cadaver 0.18.0-1woody3
[19 May 2004] DSA-506 neon - buffer overflow
{CVE-2004-0398}
- - neon 0.24.6.dfsg-1
+ [woody] - neon 0.19.3-2woody5
[19 May 2004] DSA-505 cvs - heap overflow
{CVE-2004-0396}
- - cvs 1:1.12.5-6
+ [woody] - cvs 1.11.1p1debian-9woody4
[18 May 2004] DSA-504 heimdal - missing input sanitising
{CVE-2004-0434}
- - heimdal 0.6.2-1
+ [woody] - heimdal 0.4e-7.woody.9
[13 May 2004] DSA-503 mah-jong - missing argument check
{CVE-2004-0458}
- - mah-jong 1.6.2-1
+ [woody] - mah-jong 1.4-3
[11 May 2004] DSA-502 exim-tls - buffer overflow
{CVE-2004-0399 CVE-2004-0400}
- NOTE: exim-tls not in sarge
+ [woody] - exim-tls 3.35-3woody2
[07 May 2004] DSA-501 exim - buffer overflow
{CVE-2004-0399 CVE-2004-0400}
- - exim 3.36-11
- - exim4 4.33-1
+ [woody] - exim 3.35-1woody3
[01 May 2004] DSA-500 flim - insecure temporary file
{CVE-2004-0422}
- - flim 1:1.14.6+0.20040415-1
+ [woody] - flim 1.14.3-9woody1
[01 May 2004] DSA-499 rsync - directory traversal
{CVE-2004-0426}
- - rsync 2.6.1-1
+ [woody] - rsync 2.5.5-0.5
[30 Apr 2004] DSA-498 libpng - out of bound access
{CVE-2004-0421}
- libpng 1.0.15-5