thr3ads.net - Secure testing commits - [Secure-testing-commits] r2766

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2005-Nov-16 23:35 UTC
[Secure-testing-commits] r2766 - in data: CVE DSA

Author: jmm-guest
Date: 2005-11-16 23:34:39 +0000 (Wed, 16 Nov 2005)
New Revision: 2766

Modified:
   data/CVE/list
   data/DSA/list
Log:
convert another month of DSAs to the new format


Modified: data/CVE/list
==================================================================---
data/CVE/list	2005-11-16 22:40:58 UTC (rev 2765)
+++ data/CVE/list	2005-11-16 23:34:39 UTC (rev 2766)
@@ -15402,6 +15402,7 @@
 	NOT-FOR-US: general MIME bug with security gateways
 CVE-2004-0158 (Buffer overflow in lbreakout2 allows local users to gain
''games'' group ...)
 	{DSA-445}
+	- lbreakout2 2.4
 CVE-2004-0157 (x11.c in xonix 1.4 and earlier uses the current working
directory to ...)
 	{DSA-484}
 	- xonix 1.4-21
@@ -15423,6 +15424,7 @@
 	- xitalk 1.1.11-11
 CVE-2004-0149 (Multiple buffer overflows in xboing before 2.4 allow local users
to ...)
 	{DSA-451}
+	- xboing 2.4-26.1 (bug #174924)
 CVE-2004-0147
 	RESERVED
 CVE-2004-0146
@@ -15489,12 +15491,16 @@
 	- sysstat 5.0.2-1
 CVE-2004-0106 (Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0,
related to ...)
 	{DSA-443}
+	- xfree86 4.3.0-2
 CVE-2004-0105 (Multiple buffer overflows in Metamail 2.7 and earlier allow
remote ...)
 	{DSA-449}
+	- metamail 2.7-45.2
 CVE-2004-0104 (Multiple format string vulnerabilities in Metamail 2.7 and
earlier ...)
 	{DSA-449}
+	- metamail 2.7-45.2
 CVE-2004-0103 (crawl before 4.0.0 beta23 does not properly &quot;apply a
size check&quot; when ...)
 	{DSA-432}
+	- crawl 1:4.0.0beta26-4
 CVE-2004-0102
 	RESERVED
 CVE-2004-0101
@@ -15505,6 +15511,7 @@
 	RESERVED
 CVE-2004-0097 (Multiple vulnerabilities in PWLib before 1.6.0 allow remote
attackers ...)
 	{DSA-448}
+	- pwlib 1.5.2-4
 CVE-2004-0092 (Unknown vulnerability in Safari web browser in Mac OS X 10.2.8
and ...)
 	NOT-FOR-US: Safari
 CVE-2004-0091 (** DISPUTED ** ...)
@@ -15521,8 +15528,10 @@
 	NOT-FOR-US: MacOS
 CVE-2004-0084 (Buffer overflow in the ReadFontAlias function in XFree86 4.1.0
to ...)
 	{DSA-443}
+	- xfree86 4.3.0-2
 CVE-2004-0083 (Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0
...)
 	{DSA-443}
+	- xfree86 4.3.0-2
 CVE-2004-0081 (OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown
message ...)
 	{DSA-465}
 	- openssl <not-affected> (Not affected per DSA-465)
@@ -15580,6 +15589,7 @@
 	RESERVED
 CVE-2004-0047 (Multiple programs in trr19 1.0 do not properly drop privileges
before ...)
 	{DSA-430}
+	- trr19 1.0beta5-17.1 (bug #264702)
 CVE-2004-0046 (Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE
allows ...)
 	NOT-FOR-US: SnapStream PVS LITE
 CVE-2004-0043 (Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and
earlier ...)
@@ -15643,6 +15653,7 @@
 	- gaim 1:0.75-2
 CVE-2004-0005 (Multiple buffer overflows in Gaim 0.75 allow remote attackers to
cause ...)
 	{DSA-434}
+	- gaim 1:0.75-2
 CVE-2004-0003 (Unknown vulnerability in Linux kernel before 2.4.22 allows local
users ...)
 	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
 	- kernel-source-2.4.27 2.4.27-1
@@ -15805,6 +15816,7 @@
 	NOT-FOR-US: Applied Watch Command Center
 CVE-2003-0973 (Unknown vulnerability in mod_python 3.0.x before 3.0.4, and
2.7.x ...)
 	{DSA-452}
+	- libapache-mod-python 2:2.7.10-1
 CVE-2003-0972 (Integer signedness error in ansi.c for GNU screen 4.0.1 and
earlier, ...)
 	{DSA-408}
 	- screen 4.0.2-0.1
@@ -15821,6 +15833,7 @@
 	NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control
 CVE-2003-0965 (Cross-site scripting (XSS) vulnerability in the admin CGI script
for ...)
 	{DSA-436}
+	- mailman 2.1.4-1
 CVE-2003-0964
 	REJECTED
 CVE-2003-0963 (Buffer overflows in (1) try_netscape_proxy and (2)
try_squid_eplf for ...)
@@ -15829,8 +15842,7 @@
 	{DSA-404}
 CVE-2003-0961 (Integer overflow in the do_brk function for the brk system call
in ...)
 	{DSA-475 DSA-470 DSA-450 DSA-442 DSA-440 DSA-439 DSA-433 DSA-423 DSA-417
DSA-403}
-	- kernel-source-2.4.27 2.4.27-1
-	NOTE: fixed in 2.4.23-pre7
+	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload;
2.4.23-pre7)
 CVE-2003-0960 (OpenCA before 0.9.1.4 does not use the correct certificate in a
chain ...)
 	NOT-FOR-US: OpenCA
 CVE-2003-0959
@@ -16395,6 +16407,7 @@
 	RESERVED
 CVE-2003-0690 (KDM in KDE 3.1.3 and earlier does not verify whether the
pam_setcred ...)
 	{DSA-443 DSA-388}
+	- xfree86 4.3.0-0pre1v2
 CVE-2003-0689 (The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier
allows ...)
 	- glibc 2.2.5
 CVE-2003-0688 (The DNS map code in Sendmail 8.12.8 and earlier, when using the
...)
@@ -16537,6 +16550,7 @@
 	NOTE: fixed in 2.4.21-pre3
 CVE-2003-0618 (Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a
local ...)
 	{DSA-431}
+	- perl 5.8.3-3
 CVE-2003-0617 (mindi 0.58 and earlier does not properly create temporary files,
which ...)
 	{DSA-362}
 CVE-2003-0616 (Format string vulnerability in ePO service for McAfee ePolicy
...)
@@ -17073,6 +17087,7 @@
 	NOT-FOR-US: ICQLite
 CVE-2003-0364 (The TCP/IP fragment reassembly handling in the Linux kernel 2.4
allows ...)
 	{DSA-442 DSA-336 DSA-332 DSA-311}
+	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload;
2.4.21-rc6)
 CVE-2003-0363 (Format string vulnerability in LICQ 1.2.6, 1.0.3 and possibly
other ...)
 	- licq 1.2-7-1
 CVE-2003-0362 (Buffer overflow in gPS before 0.10.2 may allow local users to
cause a ...)
@@ -17319,14 +17334,18 @@
 	RESERVED
 CVE-2003-0248 (The mxcsr code in Linux kernel 2.4 allows attackers to modify
CPU ...)
 	{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
+	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload;
2.4.22-pre10)
 CVE-2003-0247 (Unknown vulnerability in the TTY layer of the Linux kernel 2.4
allows ...)
 	{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
+	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload;
2.4.21-rc4)
 CVE-2003-0246 (The ioperm system call in Linux kernel 2.4.20 and earlier does
not ...)
 	{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
+	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload;
2.4.21-rc4)
 CVE-2003-0245 (Vulnerability in the apr_psprintf function in the Apache
Portable ...)
 	- apache2 2.0.46
 CVE-2003-0244 (The route cache implementation in Linux 2.4, and the Netfilter
IP ...)
 	{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
+	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload;
2.4.21-rc2)
 CVE-2003-0243 (Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to
execute ...)
 	NOT-FOR-US: Happycgi.com Happymall
 CVE-2003-0242 (IPSec in Mac OS X before 10.2.6 does not properly handle certain
...)
@@ -17647,6 +17666,7 @@
 	NOTE: nothing in changelogs
 CVE-2003-0038 (Cross-site scripting (XSS) vulnerability in options.py for
Mailman 2.1 ...)
 	{DSA-436}
+	- mailman 2.1.1-1
 CVE-2003-0037 (Buffer overflows in noffle news server 1.0.1 and earlier allow
remote ...)
 	{DSA-244}
 CVE-2003-0036 (ml85p, as included in the printer-drivers package for Mandrake
Linux, ...)
@@ -17684,6 +17704,7 @@
 	RESERVED
 CVE-2003-0001 (Multiple ethernet Network Interface Card (NIC) device drivers do
not ...)
 	{DSA-442 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311}
+	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload;
2.4.21-pre5)
 CVE-2002-1583 (Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal
...)
 	NOT-FOR-US: IBM DB2
 CVE-2002-1582 (compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using
Sendmail ...)
@@ -18878,8 +18899,10 @@
 	NOT-FOR-US: os x
 CVE-2004-0160 (Synaesthesia 2.2 and earlier allows local users to execute
arbitrary ...)
 	{DSA-446}
+	- synaesthesia <not-affected> (synaesthesia no longer setuid)
 CVE-2004-0159 (Format string vulnerability in hsftp 1.11 allows remote
authenticated ...)
 	{DSA-447}
+	- hsftp 1.15-1
 CVE-2004-0150 (Buffer overflow in the getaddrinfo function in Python 2.2 before
...)
 	{DSA-458-3}
 	- python2.2 2.2.2
@@ -18918,8 +18941,10 @@
 	NOT-FOR-US: mcafee
 CVE-2004-0094 (Integer signedness errors in XFree86 4.1.0 allow remote
attackers to ...)
 	{DSA-443}
+	- xfree86 4.2.1-6
 CVE-2004-0093 (XFree86 4.1.0 allows remote attackers to cause a denial of
service and ...)
 	{DSA-443}
+	- xfree86 4.2.1-6
 CVE-2004-0089 (Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and
10.2.x ...)
 	NOT-FOR-US: os x
 CVE-2004-0082 (The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and
...)
@@ -18932,6 +18957,7 @@
 	TODO: test
 CVE-2004-0077 (The do_mremap function for the mremap system call in Linux 2.2
to ...)
 	{DSA-514 DSA-475 DSA-470 DSA-466 DSA-456 DSA-454 DSA-453 DSA-450 DSA-444
DSA-442 DSA-441 DSA-440 DSA-439 DSA-438}
+	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload;
2.4.26-pre3)
 	- kernel-source-2.2.20 <removed>
 CVE-2004-0075 (The Vicam USB driver in Linux before 2.4.25 does not use the
...)
 	- kernel-source-2.4.24 2.4.24-3
@@ -19001,8 +19027,7 @@
 	- kdepim 4:3.1.5-1
 CVE-2003-0985 (The mremap system call (do_mremap) in Linux kernel 2.4.x before
2.4.21 ...)
 	{DSA-475 DSA-470 DSA-450 DSA-442 DSA-440 DSA-439 DSA-427 DSA-423 DSA-417
DSA-413}
-	- kernel-source-2.4.27 2.4.27-1
-	NOTE: fixed in 2.4.24-rc1
+	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload;
2.4.24-rc1)
 CVE-2003-0969 (mpg321 0.2.10 allows remote attackers to overwrite memory and
possibly ...)
 	{DSA-411}
 	- mpg321 0.2.10.3
@@ -20132,6 +20157,7 @@
 CVE-2002-0431 (XTux allows remote attackers to cause a denial of service (CPU
...)
 CVE-2002-0429 (The iBCS routines in arch/i386/kernel/traps.c for Linux kernels
2.4.18 ...)
 	{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
+	- kernel-source-2.2.20 <removed>
 CVE-2002-0425 (mIRC DCC server protocol allows remote attackers to gain
sensitive ...)
 CVE-2002-0424 (efingerd 1.61 and earlier, when configured without the -u
option, ...)
 CVE-2002-0423 (Buffer overflow in efingerd 1.5 and earlier, and possibly up to
1.61, ...)

Modified: data/DSA/list
==================================================================---
data/DSA/list	2005-11-16 22:40:58 UTC (rev 2765)
+++ data/DSA/list	2005-11-16 23:34:39 UTC (rev 2766)
@@ -1787,81 +1787,83 @@
         [woody] - kernel-patch-2.2.20-powerpc 2.2.20-3woody1
 [29 Feb 2004] DSA-452 libapache-mod-python - denial of service
 	{CVE-2003-0973}
-	- libapache-mod-python 2:2.7.10-1
+	[woody] - libapache-mod-python 2:2.7.8-0.0woody2
 [27 Feb 2004] DSA-451 xboing - buffer overflows
 	{CVE-2004-0149}
-	- xboing 2.4-26.1 (bug #174924)
+	[woody] - xboing 2.4-26woody1
 [27 Feb 2004] DSA-450 linux-kernel-2.4.19-mips - several vulnerabilities
 	{CVE-2003-0961 CVE-2003-0985 CVE-2004-0077}
-	NOTE: 2.4.19 not present. Did not check newer kernels.
+	[woody] - kernel-source-2.4.19 2.4.19-0.020911.1.woody3
+	[woody] - kernel-patch-2.4.19-mips 2.4.19-4.woody1
 [24 Feb 2004] DSA-449 metamail - buffer overflow, format string bugs
 	{CVE-2004-0104 CVE-2004-0105}
-	- metamail 2.7-45.2
+	[woody] - metamail 2.7-45woody.2
 [22 Feb 2004] DSA-448 pwlib - several vulnerabilities
 	{CVE-2004-0097}
-	- pwlib 1.5.2-4
+	[woody] - pwlib 1.2.5-5woody1
 [22 Feb 2004] DSA-447 hsftp - format string
 	{CVE-2004-0159}
-	- hsftp 1.15-1
+	[woody] - hsftp 1.11-1woody1
 [21 Feb 2004] DSA-446 synaesthesia - insecure file creation
 	{CVE-2004-0160}
-	NOTE: DSA notes not setuid anymore so ok
+	[woody] - synaesthesia 2.1-2.1woody1
 [21 Feb 2004] DSA-445 lbreakout2 - buffer overflow
 	{CVE-2004-0158}
-	- lbreakout2 2.4
+	[woody] - lbreakout2 2.2.2-1woody1
 [20 Feb 2004] DSA-444 linux-kernel-2.4.17-ia64 - missing function return value
check
 	{CVE-2004-0077}
-	NOTE: 2.4.17 not present. Did not check newer kernels.
+	[woody] - kernel-image-2.4.17-ia64 011226.16
 [19 Feb 2004] DSA-443 xfree86 - several vulnerabilities
-	{CVE-2003-0690}
-	- xfree86 4.3.0-0pre1v2
-	{CVE-2004-0083 CVE-2004-0084 CVE-2004-0106}
-	- xfree86 4.3.0-1
-	{CVE-2004-0093 CVE-2004-0094}
-	- xfree86 4.2.1-6
+	{CVE-2003-0690 CVE-2004-0083 CVE-2004-0084 CVE-2004-0106 CVE-2004-0093
CVE-2004-0094}
+	[woody] - xfree86 4.1.0-16woody3
 [19 Feb 2004] DSA-442 linux-kernel-2.4.17-s390 - several vulnerabilities
 	{CVE-2003-0001 CVE-2003-0244 CVE-2003-0246 CVE-2003-0247 CVE-2003-0248
CVE-2003-0364 CVE-2003-0961 CVE-2003-0985 CVE-2004-0077 CVE-2002-0429}
-	NOTE: 2.4.17 not present. Did not check newer kernels.
+	[woody] - kernel-patch-2.4.17-s390 0.0.20020816-0.woody.2
+	[woody] - kernel-image-2.4.17-s390 2.4.17-2.woody.3
 [18 Feb 2004] DSA-441 linux-kernel-2.4.17-mips+mipsel - missing function return
value check
 	{CVE-2004-0077}
-	NOTE: 2.4.17 not present. Did not check newer kernels.
+	[woody] - kernel-patch-2.4.17-mips 2.4.17-0.020226.2.woody5 
 [18 Feb 2004] DSA-440 linux-kernel-2.4.17-powerpc-apus - several
vulnerabilities
 	{CVE-2003-0961 CVE-2003-0985 CVE-2004-0077}
-	NOTE: 2.4.17 not present. Did not check newer kernels.
+ 	[woody] - kernel-source-2.4.17 2.4.17-4
+	[woody] - kernel-patch-2.4.17-apus 2.4.17-4
 [18 Feb 2004] DSA-439 linux-kernel-2.4.16-arm - several vulnerabilities
 	{CVE-2003-0961 CVE-2003-0985 CVE-2004-0077}
-	NOTE: 2.4.16 not present. Did not check newer kernels.
+	[woody] - kernel-image-2.4.16-lart 2.4.16-20040204
+	[woody] - kernel-image-2.4.16-netwinder 2.4.16-20040204
+	[woody] - kernel-image-2.4.16-riscpc 2.4.16-20040204
+	[woody] - kernel-patch-2.4.16-arm 20040204
 [18 Feb 2004] DSA-438 linux-kernel-2.4.18-alpha+i386+powerpc - missing function
return value check
 	{CVE-2004-0077}
-	NOTE: 2.4.17 not present. Did not check newer kernels.
+	[woody] - kernel-source-2.4.18 2.4.18-14.2
+	[woody] - kernel-image-2.4.18-1-alpha 2.4.18-14
+	[woody] - kernel-image-2.4.18-1-i386 2.4.18-12.2
+	[woody] - kernel-image-2.4.18-i386bf 2.4.18-5woody7
+	[woody] - kernel-patch-2.4.18-powerpc 2.4.18-1woody4
 [11 Feb 2004] DSA-437 cgiemail - open mail relay
 	{CVE-2002-1575}
-	- cgiemail 1.6-20
+	[woody] - cgiemail 1.6-14woody1
 [08 Feb 2004] DSA-436 mailman - several vulnerabilities
-	{CVE-2003-0991}
-	NOTE: apparently specific to mailman 2.0, not 2.1
-	{CVE-2003-0965}
-	- mailman 2.1.4-1
-	{CVE-2003-0038}
-	- mailman 2.1.1-1
+	{CVE-2003-0991 CVE-2003-0965 CVE-2003-0038}
+	[woody]	- mailman 2.0.11-1woody7
 [06 Feb 2004] DSA-435 mpg123 - heap overflow
 	{CVE-2003-0865}
-	- mpg123 0.59r-15
+	[woody]	- mpg123 0.59r-13woody2
 [05 Feb 2004] DSA-434 gaim - several vulnerabilities
 	{CVE-2004-0005 CVE-2004-0006 CVE-2004-0007 CVE-2004-0008}
-	- gaim 1:0.75-2
+	[woody] - gaim 0.58-2.4
 [04 Feb 2004] DSA-433 kernel-patch-2.4.17-mips - integer overflow
 	{CVE-2003-0961}
-	NOTE: 2.4.17 not present. Did not check newer kernels.
+	[woody] - kernel-patch-2.4.17-mips 2.4.17-0.020226.2.woody4
 [03 Feb 2004] DSA-432 crawl - buffer overflow
 	{CVE-2004-0103}
-	- crawl 1:4.0.0beta26-4
+	[woody] - crawl 4.0.0beta23-2woody1
 [01 Feb 2004] DSA-431 perl - information leak
 	{CVE-2003-0618}
-	- perl 5.8.3-3
+	[woody] - perl 5.6.1-8.6
 [28 Jan 2004] DSA-430 trr19 - missing privilege release
 	{CVE-2004-0047}
-	- trr19 1.0beta5-17.1 (bug #264702)
+	[woody] - trr19 1.0beta5-15woody1
 [26 Jan 2004] DSA-429 gnupg - cryptographic weakness
 	{CVE-2003-0971}
 	- gnupg 1.2.4-1
Secure testing commits - Nov 2005 - r2766 - in data: CVE DSA

[Secure-testing-commits] r2766 - in data: CVE DSA
