Moritz Muehlenhoff
2005-Nov-14 11:10 UTC
[Secure-testing-commits] r2733 - in data: CVE DSA
Author: jmm-guest
Date: 2005-11-14 11:02:45 +0000 (Mon, 14 Nov 2005)
New Revision: 2733
Modified:
data/CVE/list
data/DSA/list
Log:
more bugnums
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-11-14 10:41:34 UTC (rev 2732)
+++ data/CVE/list 2005-11-14 11:02:45 UTC (rev 2733)
@@ -3448,7 +3448,7 @@
- vim 1:6.3-085+1 (bug #320017; medium)
CVE-2005-2367 (Format string vulnerability in the proto_item_set_text function
in ...)
{DSA-853-1}
- - ethereal 0.10.12-1 (bug #320183; medium)
+ - ethereal 0.10.12-1 (bug #320183; bug #320192; medium)
CVE-2005-2366 (Unknown vulnerability in the BER dissector in Ethereal 0.10.11
allows ...)
{DSA-853-1}
- ethereal 0.10.12-1 (bug #320183; low)
@@ -5884,7 +5884,7 @@
CVE-2005-1912
REJECTED
CVE-2005-1911 (The fetchnews NNTP client in leafnode 1.11.2 and earlier can
hang ...)
- - leafnode 1.11.3.rel-1 (low)
+ - leafnode 1.11.3.rel-1 (bug #33886; low)
CVE-2005-1910 (SQL injection vulnerability in login.asp for WWWeb Concepts
Events ...)
NOT-FOR-US: WWWeb Concepts Events System
CVE-2005-1909 (The web server control panel in 602LAN SUITE 2004 allows remote
...)
@@ -6932,7 +6932,7 @@
RESERVED
CVE-2005-1527 (Eval injection vulnerability in awstats.pl in AWStats 6.4 and
earlier, ...)
{DSA-892-1}
- - awstats 6.4-1.1 (bug #322591; bug #334833; medium)
+ - awstats 6.4-1.1 (bug #322591; bug #334833; bug #336137; medium)
CVE-2005-1526 (PHP file inclusion vulnerability in config_settings.php in Cacti
...)
{DSA-764-1}
- cacti 0.8.6e-1 (bug #315703; high)
@@ -8282,7 +8282,7 @@
{DSA-805-1}
NOTE: This is from latest Trustix advisory, exploitation would require to
trick
NOTE: someone into using a maliciously crafted certificate revocation list
- - apache2 2.0.54-5 (bug #320048; bug #320063; low)
+ - apache2 2.0.54-5 (bug #320048; bug #320063; bug #322613; low)
CVE-2005-1267 (The bgp_update_print function in tcpdump 3.x does not properly
handle ...)
{DSA-854-1}
- tcpdump 3.9.0.cvs.20050614-1 (medium)
@@ -12331,7 +12331,7 @@
- squirrelmail 2:1.4.4-1
CVE-2005-0074 (Buffer overflow in pcdsvgaview in xpcd 2.08 allows local users
to ...)
{DSA-676-1}
- - xpcd 2.08-11.1
+ - xpcd 2.08-11.1 (bug #294793)
CVE-2005-0073 (Buffer overflow in queue.c in a support script for sympa 3.3.3,
when ...)
{DSA-677-1}
- sympa 4.1.2-2.1
@@ -12591,7 +12591,7 @@
- kernel-source-2.6.8 2.6.8-13
- kernel-source-2.4.27 2.4.27-8
- kernel-image-2.4.27-i386 2.4.27-8
- - kernel-image-2.4.27-speakup 2.4.27-1.1
+ - kernel-image-2.4.27-speakup 2.4.27-1.1 (bug #295624)
- kernel-patch-powerpc-2.6.8 2.6.8-10
CVE-2004-1339 (SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1
and ...)
NOT-FOR-US: oracle
@@ -14315,7 +14315,7 @@
CVE-2004-0645 (Buffer overflow in the wvHandleDateTimePicture function in wv
library ...)
{DSA-579-1 DSA-550-1}
- abiword 2.0.8
- - wv 1.0.2-0.1
+ - wv 1.0.2-0.1 (bug #264972)
NOTE: fixed version of abiword based on
http://xforce.iss.net/xforce/xfdb/16660
CVE-2004-0644 (The asn1buf_skiptail function in the ASN.1 decoder library for
MIT ...)
{DSA-543-1}
@@ -16226,7 +16226,7 @@
CVE-2003-0741
RESERVED
CVE-2003-0740 (Stunnel 4.00, and 3.24 and earlier, leaks a privileged file
descriptor ...)
- - stunnel 2:3.26
+ - stunnel 2:3.26 (bug #278942)
- stunnel4 2:4.04
CVE-2003-0739 (VMware Workstation 4.0.1 for Linux, build 5289 and earlier,
allows ...)
NOT-FOR-US: VMware
Modified: data/DSA/list
==================================================================---
data/DSA/list 2005-11-14 10:41:34 UTC (rev 2732)
+++ data/DSA/list 2005-11-14 11:02:45 UTC (rev 2733)
@@ -987,7 +987,7 @@
NOTE: not fixed in testing at time of DSA
[11 Feb 2005] DSA-676-1 xpcd - buffer overflow
{CVE-2005-0074}
- [woody] - xpcd 2.08-8woody3 (bug #294793)
+ [woody] - xpcd 2.08-8woody3
NOTE: not fixed in testing at time of DSA
[11 Feb 2005] DSA-674-2 mailman - cross-site scripting, directory traversal
NOTE: only fixed bug in DSA