Author: fw
Date: 2005-11-14 12:51:33 +0000 (Mon, 14 Nov 2005)
New Revision: 2736
Modified:
data/CVE/list
data/DSA/list
Log:
DSA-137 cleanup. Add DSA-135 because it''s referenced. A couple of
syntax fixes. Restore CVE-2001-0683 and CVE-2002-0683.
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-11-14 12:28:31 UTC (rev 2735)
+++ data/CVE/list 2005-11-14 12:51:33 UTC (rev 2736)
@@ -1,11 +1,9 @@
CVE-2005-XXXX [XSS in Horde]
- horde2 <unfixed> (bug #338983; unknown)
-CVE-2002-0683 (Directory traversal vulnerability in Carello 1.3 allows remote
...)
- TODO: check
CVE-2005-XXXX [Insecure temp file usage in migrationtools]
- migrationtools <unfixed> (bug #338920; medium)
CVE-2005-XXXX [user logout in drupal has no effect]
- [sarge] drupal <not-affected> (bug was introduced after 4.5.3)
+ [sarge] - drupal <not-affected> (bug was introduced after 4.5.3)
- drupal 4.5.5-3 (bug #336719; medium)
CVE-2005-XXXX [incorrect use of the PAM framework by courier]
- courier 0.47-12 (bug #211920; medium)
@@ -18719,7 +18717,7 @@
NOT-FOR-US: no_package
CVE-2002-0684 (Buffer overflow in DNS resolver functions that perform lookup of
...)
- glibc 2.2.5-8
-CVE-2001-0683 (Memory leak in Netscape Collabra Server 3.5.4 and earlier allows
a ...)
+CVE-2002-0683 (Directory traversal vulnerability in Carello 1.3 allows remote
...)
NOT-FOR-US: no_package
CVE-2002-0681 (Cross-site scripting vulnerability in GoAhead Web Server 2.1
allows ...)
NOT-FOR-US: no_package
@@ -19996,8 +19994,7 @@
{DSA-160}
CVE-2002-0658 (OSSP mm library (libmm) before 1.2.0 allows the local Apache
user to ...)
{DSA-137}
- - libmm11 1.1.3-6.1
- - libmm13 1.3.1-1
+ - mm 1.3.1-1
CVE-2002-0653 (Off-by-one buffer overflow in rewrite_command hook for mod_ssl
Apache ...)
- libapache-mod-ssl 2.8.9-2
STOP: this is approximatly the release of woody, so we can stop here
@@ -23407,7 +23404,7 @@
CVE-2001-0688 (Broker FTP Server 5.9.5.0 allows a remote attacker to cause a
denial ...)
CVE-2001-0687 (Broker FTP server 5.9.5 for Windows NT and 9x allows a remote
attacker ...)
CVE-2001-0684 (Netscape Collabra Server 3.5.4 and earlier allows a remote
attacker to ...)
-CVE-2001-0683
+CVE-2001-0683 (Memory leak in Netscape Collabra Server 3.5.4 and earlier allows
a ...)
CVE-2001-0681 (Buffer overflow in ftpd in QPC QVT/Net 5.0 and QVT/Term 5.0
allows a ...)
CVE-2001-0679 (A buffer overflow in InterScan VirusWall 3.23 and 3.3 allows a
remote ...)
CVE-2001-0678 (A buffer overflow in reggo.dll file used by Trend Micro
InterScan ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2005-11-14 12:28:31 UTC (rev 2735)
+++ data/DSA/list 2005-11-14 12:51:33 UTC (rev 2736)
@@ -2773,7 +2773,10 @@
- gallery 1.3-3
[30 Jul 2002] DSA-137 mm - insecure temporary files
{CVE-2002-0658}
- - mm 1.1.3-7
+ [woody] - mm 1.1.3-6.1
[30 Jul 2002] DSA-136 openssl - multiple remote exploits
{CVE-2002-0655 CVE-2002-0656 CVE-2002-0657 CVE-2002-0659}
- openssl 0.9.6e-1
+[02 Jul 2002] DSA-135 libapache-mod-ssl -- buffer overflow / DoS
+ {CVE-2002-0653}
+ [woody] - libapache-mod-ssl 2.8.9-2