Moritz Muehlenhoff
2005-Nov-14 16:36 UTC
[Secure-testing-commits] r2739 - in data: CVE DSA
Author: jmm-guest
Date: 2005-11-14 16:35:36 +0000 (Mon, 14 Nov 2005)
New Revision: 2739
Modified:
data/CVE/list
data/DSA/list
Log:
convert apr 2004 to the new DSA format
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-11-14 15:15:01 UTC (rev 2738)
+++ data/CVE/list 2005-11-14 16:35:36 UTC (rev 2739)
@@ -14936,6 +14936,7 @@
NOT-FOR-US: RealNetworks Helix Universal Server
CVE-2004-0388 (The mysqld_multi script in MySQL allows local users to overwrite
...)
{DSA-483}
+ - mysql-dfsg 4.0.18-6
CVE-2004-0387 (Stack-based buffer overflow in the RT3 plugin, as used in
RealPlayer ...)
NOT-FOR-US: RealPlayer plugin
CVE-2004-0386 (Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and
earlier, ...)
@@ -14950,6 +14951,7 @@
NOT-FOR-US: CUPS printing system in Mac OS X
CVE-2004-0381 (mysqlbug in MySQL allows local users to overwrite arbitrary
files via ...)
{DSA-483}
+ - mysql-dfsg 4.0.18-4
CVE-2004-0380 (The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2
...)
NOT-FOR-US: Microsoft Outlook Express
CVE-2004-0379 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft
...)
@@ -14960,16 +14962,20 @@
NOT-FOR-US: perl; Win32 is affected, UNIX systems not
CVE-2004-0376 (oftpd 0.3.6 and earlier allows remote attackers to cause a
denial of ...)
{DSA-473}
+ - oftpd 20040304-1
CVE-2004-0375 (SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004,
Norton ...)
NOT-FOR-US: Symantec Norton Internet Security
CVE-2004-0374 (Interchange before 5.0.1 allows remote attackers to
"expose the ...)
{DSA-471}
+ - interchange 5.0.1-1
CVE-2004-0373
RESERVED
CVE-2004-0372 (xine allows local users to overwrite arbitrary files via a
symlink ...)
{DSA-477}
+ - xine-ui 0.99.1-1
CVE-2004-0371 (Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not
properly ...)
{DSA-476}
+ - heimdal 0.6.1-1
CVE-2004-0370 (The setsockopt call in the KAME Project IPv6 implementation, as
used ...)
NOT-FOR-US: KAME
CVE-2004-0369 (Buffer overflow in Entrust LibKmp ISAKMP library, as used by
Symantec ...)
@@ -15323,6 +15329,7 @@
{DSA-486}
CVE-2004-0179 (Multiple format string vulnerabilities in (1) neon 0.24.4 and
earlier, ...)
{DSA-487}
+ - neon 0.24.5-1
CVE-2004-0178 (The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x
before ...)
{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
- kernel-source-2.4.27 2.4.27-1
@@ -15365,8 +15372,10 @@
{DSA-445}
CVE-2004-0157 (x11.c in xonix 1.4 and earlier uses the current working
directory to ...)
{DSA-484}
+ - xonix 1.4-21
CVE-2004-0156 (Format string vulnerabilities in the (1) die or (2) log_event
...)
{DSA-485}
+ - ssmtp 2.60.7
CVE-2004-0155 (The KAME IKE Daemon Racoon, when authenticating a peer during
Phase 1, ...)
- racoon 0.2.5-2
CVE-2004-0154 (rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows
attackers ...)
@@ -15781,7 +15790,7 @@
{DSA-404}
CVE-2003-0961 (Integer overflow in the do_brk function for the brk system call
in ...)
{DSA-475 DSA-470 DSA-450 DSA-442 DSA-440 DSA-439 DSA-433 DSA-423 DSA-417
DSA-403}
- NOTE: do_brk hole
+ - kernel-source-2.4.27 2.4.27-1
NOTE: fixed in 2.4.23-pre7
CVE-2003-0960 (OpenCA before 0.9.1.4 does not use the correct certificate in a
chain ...)
NOT-FOR-US: OpenCA
@@ -16424,6 +16433,7 @@
{DSA-368}
CVE-2003-0648 (Multiple buffer overflows in vfte, based on FTE, before 0.50,
allow ...)
{DSA-472}
+ - fte 0.50.0-1.1 (bug #203871)
CVE-2003-0647 (Buffer overflow in the HTTP server for Cisco IOS 12.2 and
earlier ...)
NOT-FOR-US: Cisco
CVE-2003-0646 (Multiple buffer overflows in ActiveX controls used by Trend
Micro ...)
@@ -18804,6 +18814,7 @@
NOT-FOR-US: symantec
CVE-2004-0189 (The "%xx" URL decoding function in Squid
2.5STABLE4 and earlier allows ...)
{DSA-474}
+ - squid 2.5.5-1
CVE-2004-0188 (Heap-based buffer overflow in Calife 2.8.5 and earlier may allow
local ...)
{DSA-461}
- calife 2.8.6-1 (bug #235157)
@@ -18945,6 +18956,7 @@
- kdepim 4:3.1.5-1
CVE-2003-0985 (The mremap system call (do_mremap) in Linux kernel 2.4.x before
2.4.21 ...)
{DSA-475 DSA-470 DSA-450 DSA-442 DSA-440 DSA-439 DSA-427 DSA-423 DSA-417
DSA-413}
+ - kernel-source-2.4.27 2.4.27-1
NOTE: fixed in 2.4.24-rc1
CVE-2003-0969 (mpg321 0.2.10 allows remote attackers to overwrite memory and
possibly ...)
{DSA-411}
Modified: data/DSA/list
==================================================================---
data/DSA/list 2005-11-14 15:15:01 UTC (rev 2738)
+++ data/DSA/list 2005-11-14 16:35:36 UTC (rev 2739)
@@ -1643,60 +1643,66 @@
[woody] - logcheck 1.1.1-13.1woody1
[16 Apr 2004] DSA-487 neon - format string
{CVE-2004-0179}
- - neon 0.24.5-1
+ [woody] - neon 0.19.3-2woody3
[16 Apr 2004] DSA-486 cvs - several vulnerabilities
{CVE-2004-0180 CVE-2004-0405}
- - cvs 1:1.12.5-4
+ [woody] - cvs 1.11.1p1debian-9woody2
[14 Apr 2004] DSA-485 ssmtp - format string
{CVE-2004-0156}
- - ssmtp 2.60.7
+ [woody] - ssmtp 2.50.6.1
[14 Apr 2004] DSA-484 xonix - failure to drop privileges
{CVE-2004-0157}
- - xonix 1.4-21
+ [woody] - xonix 1.4-19woody1
[14 Apr 2004] DSA-483 mysql - insecure temporary file creation
- {CVE-2004-0381}
- - mysql-dfsg 4.0.18-4
- {CVE-2004-0388}
- - mysql-dfsg 4.0.18-6
+ {CVE-2004-0381 CVE-2004-0388}
+ [woody] - mysql 3.23.49-8.6
[14 Apr 2004] DSA-482 linux-kernel-2.4.17-apus+s390 - several vulnerabilities
{CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178}
- NOTE: 2.4.17 not present. Did not check newer kernels.
+ [woody] - kernel-source-2.4.17 2.4.17-1woody3
+ [woody] - kernel-patch-2.4.17-apus 2.4.17-5
+ [woody] - kernel-patch-2.4.17-s390 2.4.17-2.woody.4
+ [woody] - kernel-image-2.4.17-s390 2.4.17-2.woody.4
[14 Apr 2004] DSA-481 linux-kernel-2.4.17-ia64 - several vulnerabilities
{CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178}
- NOTE: 2.4.17 not present. Did not check newer kernels.
+ [woody] - kernel-image-2.4.17-ia64 011226.17
[14 Apr 2004] DSA-480 linux-kernel-2.4.17+2.4.18-hppa - several vulnerabilities
{CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178}
- NOTE: 2.4.17/18 not present. Did not check newer kernels.
+ [woody] - kernel-image-2.4.17-hppa 32.4
+ [woody] - kernel-image-2.4.18-hppa 62.3
[14 Apr 2004] DSA-479 linux-kernel-2.4.18-alpha+i386+powerpc - several
vulnerabilities
{CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178}
- NOTE: 2.4.18 not present. Did not check newer kernels.
+ [woody] - kernel-source-2.4.18 2.4.18-14.3
+ [woody] - kernel-image-2.4.18-1-alpha 2.4.18-15
+ [woody] - kernel-image-2.4.18-1-i386 2.4.18-13
+ [woody] - kernel-image-2.4.18-i386bf 2.4.18-5woody8
+ [woody] - kernel-patch-2.4.18-powerpc 2.4.18-1woody5
[06 Apr 2004] DSA-478 tcpdump - denial of service
{CVE-2004-0183 CVE-2004-0184}
- - tcpdump 3.7.2-4
+ [woody] - tcpdump 3.6.2-2.8
[06 Apr 2004] DSA-477 xine-ui - insecure temporary file creation
{CVE-2004-0372}
- - xine-ui 0.99.1-1
+ [woody] - xine-ui 0.9.8-5
[06 Apr 2004] DSA-476 heimdal - cross-realm
{CVE-2004-0371}
- - heimdal 0.6.1-1
+ [woody] - heimdal 0.4e-7.woody.8.1
[05 Apr 2004] DSA-475 linux-kernel-2.4.18-hppa - several vulnerabilities
{CVE-2003-0961 CVE-2003-0985 CVE-2004-0077}
- NOTE: 2.4.18 not present. Did not check newer kernels.
+ [woody] - kernel-image-2.4.18-hppa 62.1
[03 Apr 2004] DSA-474 squid - ACL bypass
{CVE-2004-0189}
- - squid 2.5.5-1
+ [woody] - squid 2.4.6-2woody2
[03 Apr 2004] DSA-473 oftpd - denial of service
{CVE-2004-0376}
- - oftpd 20040304-1
+ [woody] - oftpd 0.3.6-6
[03 Apr 2004] DSA-472 fte - several vulnerabilities
{CVE-2003-0648}
- - fte 0.50.0-1.1 (bug #203871)
+ [woody] - fte 0.50.0-1.1 0.49.13-15woody1
[02 Apr 2004] DSA-471 interchange - missing input sanitising
{CVE-2004-0374}
- - interchange 5.0.1-1
+ [woody] - interchange 4.8.3.20020306-1.woody.2
[01 Apr 2004] DSA-470 linux-kernel-2.4.17-hppa - several vulnerabilities
{CVE-2003-0961 CVE-2003-0985 CVE-2004-0077}
- NOTE: 2.4.17 not present. Did not check newer kernels.
+ [woody] - kernel-image-2.4.17-hppa 32.3
[29 Mar 2004] DSA-469 pam-pgsql - missing input sanitising
{CVE-2004-0366}
- pam-pgsql 0.5.2-7.1