Moritz Muehlenhoff
2005-Nov-22 11:46 UTC
[Secure-testing-commits] r2825 - in data: CVE DSA
Author: jmm-guest
Date: 2005-11-22 11:45:44 +0000 (Tue, 22 Nov 2005)
New Revision: 2825
Modified:
data/CVE/list
data/DSA/list
Log:
convert october 2003 to the new dsa format
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-11-22 10:19:43 UTC (rev 2824)
+++ data/CVE/list 2005-11-22 11:45:44 UTC (rev 2825)
@@ -16819,6 +16819,7 @@
- perl 5.8.2
CVE-2003-0899 (Buffer overflow in defang in libhttpd.c for thttpd 2.21 to
2.23b1 ...)
{DSA-396}
+ - thttpd 2.23beta1-2.3
CVE-2003-0898 (IBM DB2 7.2 before FixPak 10a, and earlier versions including
7.1, ...)
NOT-FOR-US: IBM DB2
CVE-2003-0897 ("Shatter" vulnerability in CommCtl32.dll in
Windows XP may allow local ...)
@@ -16890,6 +16891,7 @@
REJECTED
CVE-2003-0866 (The Catalina org.apache.catalina.connector.http package in
Tomcat ...)
{DSA-395}
+ - tomcat4 4.1.24-2
CVE-2003-0865 (Heap-based buffer overflow in readstring of httpget.c for mpg123
0.59r ...)
{DSA-435}
- mpg123 0.59r-15
@@ -17568,10 +17570,16 @@
NOT-FOR-US: up2date
CVE-2003-0545 (Double-free vulnerability in OpenSSL 0.9.7 allows remote
attackers to ...)
{DSA-394 DSA-393}
+ - openssl 0.9.7c
+ - openssl096 0.9.6k
CVE-2003-0544 (OpenSSL 0.9.6 and 0.9.7 does not properly track the number of
...)
{DSA-394 DSA-393}
+ - openssl 0.9.7c
+ - openssl096 0.9.6k
CVE-2003-0543 (Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote
attackers to ...)
{DSA-394 DSA-393}
+ - openssl 0.9.7c
+ - openssl096 0.9.6k
CVE-2003-0542 (Multiple stack-based buffer overflows in (1) mod_alias and (2)
...)
- apache2 2.0.48
- apache 1.3.29
@@ -18616,7 +18624,7 @@
- stunnel 2:3.24-1
CVE-2002-1562 (Directory traversal vulnerability in thttpd, when using virtual
...)
{DSA-396}
- - thttpd 2.23beta1-2.3
+ - thttpd 2.23beta1-2.3 (bug #216677)
CVE-2002-1561 (The RPC component in Windows 2000, Windows NT 4.0, and Windows
XP ...)
NOT-FOR-US: microsoft
CVE-2002-1559 (Directory traversal vulnerability in ion-p.exe (aka ion-p)
allows ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2005-11-22 10:19:43 UTC (rev 2824)
+++ data/DSA/list 2005-11-22 11:45:44 UTC (rev 2825)
@@ -2007,20 +2007,16 @@
[woody] - postgresql 7.2.1-2woody4
[29 Oct 2003] DSA-396 thttpd - missing input sanitizing, wrong calculation
{CVE-2002-1562 CVE-2003-0899}
- - thttpd 2.23beta1-2.3 (bug #216677)
+ [woody] - thttpd 2.21b-11.2
[15 Oct 2003] DSA-395 tomcat4 - incorrect input handling
{CVE-2003-0866}
- - tomcat4 4.1.24-2
- NOTE: another RC (unreproducible?) bug and missing deps (#263201)
- NOTE: are keeping the fix out of testing
+ [woody] - tomcat4 4.0.3-3woody3
[11 Oct 2003] DSA-394 openssl095 - ASN.1 parsing vulnerability
{CVE-2003-0543 CVE-2003-0544 CVE-2003-0545}
- - openssl 0.9.7c
- - openssl096 0.9.6k
+ [woody] - openssl095 0.9.5a-6.woody.3
[01 Oct 2003] DSA-393 openssl - denial of service
{CVE-2003-0543 CVE-2003-0544 CVE-2003-0545}
- - openssl 0.9.7c
- - openssl096 0.9.6k
+ [woody] - openssl 0.9.6c-2.woody.4
[29 Sep 2003] DSA-392 webfs - buffer overflows, file and directory exposure
{CVE-2003-0832 CVE-2003-0833}
- webfs 1.20