Moritz Muehlenhoff
2005-Nov-23 14:15 UTC
[Secure-testing-commits] r2842 - in data: CVE DSA
Author: jmm-guest
Date: 2005-11-23 14:15:28 +0000 (Wed, 23 Nov 2005)
New Revision: 2842
Modified:
data/CVE/list
data/DSA/list
Log:
convert aug 2003 to the new DSA format
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-11-23 12:28:48 UTC (rev 2841)
+++ data/CVE/list 2005-11-23 14:15:28 UTC (rev 2842)
@@ -17099,20 +17099,27 @@
- ecartis 1.0.0+cvs.20030911
CVE-2003-0780 (Buffer overflow in get_salt_from_password from sql_acl.cc for
MySQL ...)
{DSA-381}
+ - mysql-dfsg 4.0.15-1
CVE-2003-0779 (SQL injection vulnerability in the Call Detail Record (CDR)
logging ...)
- asterisk 0.7.0
CVE-2003-0778 (saned in sane-backends 1.0.7 and earlier, and possibly later
versions, ...)
{DSA-379}
+ - sane-backends 1.0.11-1
CVE-2003-0777 (saned in sane-backends 1.0.7 and earlier, when debug messages
are ...)
{DSA-379}
+ - sane-backends 1.0.11-1
CVE-2003-0776 (saned in sane-backends 1.0.7 and earlier does not properly
"check the ...)
{DSA-379}
+ - sane-backends 1.0.11-1
CVE-2003-0775 (saned in sane-backends 1.0.7 and earlier calls malloc with an
...)
{DSA-379}
+ - sane-backends 1.0.11-1
CVE-2003-0774 (saned in sane-backends 1.0.7 and earlier does not quickly handle
...)
{DSA-379}
+ - sane-backends 1.0.11-1
CVE-2003-0773 (saned in sane-backends 1.0.7 and earlier does not check the IP
address ...)
{DSA-379}
+ - sane-backends 1.0.11-1
CVE-2003-0772 (Multiple buffer overflows in WS_FTP 3 and 4 allow remote
authenticated ...)
NOT-FOR-US: WS_FTP server
CVE-2003-0771 (Gallery.pm in Apache::Gallery (aka A::G) uses predictable
temporary ...)
@@ -17202,6 +17209,7 @@
NOT-FOR-US: cisco
CVE-2003-0730 (Multiple integer overflows in the font libraries for XFree86
4.3.0 ...)
{DSA-380}
+ - xfree86 4.2.1-12
CVE-2003-0729 (Buffer overflow in Tellurian TftpdNT 1.8 allows remote attackers
to ...)
NOT-FOR-US: tellurian tftpdNT
CVE-2003-0728 (Horde before 2.2.4 allows remote malicious web sites to steal
session ...)
@@ -17250,8 +17258,10 @@
{DSA-375}
CVE-2003-0706 (Unknown vulnerability in mah-jong 1.5.6 and earlier allows
remote ...)
{DSA-378}
+ - mah-jong 1.5.6-2
CVE-2003-0705 (Buffer overflow in mah-jong 1.5.6 and earlier allows remote
attackers ...)
{DSA-378}
+ - mah-jong 1.5.6-2
CVE-2003-0704 (KisMAC before 0.05d trusts user-supplied variables when
chown''ing ...)
NOT-FOR-US: KisMAC for Mac OS X
CVE-2003-0703 (KisMAC before 0.05d trusts user-supplied variables to load
arbitrary ...)
@@ -17273,11 +17283,15 @@
NOT-FOR-US: AIX
CVE-2003-0695 (Multiple "buffer management errors" in OpenSSH
before 3.7.1 may allow ...)
{DSA-383 DSA-382}
+ - openssh 1:3.7.1
+ TODO: openssh-krb5: Screwy changelog does not make sense. Filed bug.
CVE-2003-0694 (The prescan function in Sendmail 8.12.9 allows remote attackers
to ...)
{DSA-384}
+ - sendmail 8.12.10-1
CVE-2003-0693 (A "buffer management error" in
buffer_append_space of buffer.c for ...)
{DSA-383 DSA-382}
- openssh 1:3.6.1p2-6.0
+ TODO: openssh-krb5: Screwy changelog does not make sense. Filed bug.
CVE-2003-0692 (KDM in KDE 3.1.3 and earlier uses a weak session cookie
generation ...)
{DSA-388}
- kdebase 4:3.2
@@ -17304,8 +17318,10 @@
CVE-2003-0682 ("Memory bugs" in OpenSSH 3.7.1 and earlier,
with unknown impact, a ...)
{DSA-383 DSA-382}
- openssh 1:3.6.1p2-9
+ TODO: ssh-krb5: Screwy changelog does not make sense. Filed bug.
CVE-2003-0681 (A "potential buffer overflow in ruleset
parsing" for Sendmail 8.12.9, ...)
{DSA-384}
+ - sendmail 8.12.10-1
CVE-2003-0680 (Unknown vulnerability in NFS for SGI IRIX 6.5.21 and earlier may
allow ...)
NOT-FOR-US: SGI IRIX
CVE-2003-0679 (Unknown vulnerability in the libcpr library for the
Checkpoint/Restart ...)
@@ -22858,6 +22874,7 @@
CVE-1999-0998 (Cisco Cache Engine allows an attacker to replace content in the
cache. ...)
CVE-1999-0997 (wu-ftp with FTP conversion enabled allows an attacker to execute
...)
{DSA-377}
+ - wu-ftpd 2.6.2-15
CVE-1999-0996 (Buffer overflow in Infoseek Ultraseek search engine allows
remote ...)
CVE-1999-0995 (Windows NT Local Security Authority (LSA) allows remote
attackers to ...)
CVE-1999-0994 (Windows NT with SYSKEY reuses the keystream that is used for
...)
@@ -23832,6 +23849,7 @@
CVE-2002-0165 (LogWatch 2.5 allows local users to gain root privileges via a
symlink ...)
CVE-2002-0164 (Vulnerability in the MIT-SHM extension of the X server on Linux
...)
{DSA-380}
+ - xfree86 4.2.1-11
CVE-2002-0162 (LogWatch before 2.5 allows local users to execute arbitrary code
via a ...)
CVE-2002-0161
RESERVED
Modified: data/DSA/list
==================================================================---
data/DSA/list 2005-11-23 12:28:48 UTC (rev 2841)
+++ data/DSA/list 2005-11-23 14:15:28 UTC (rev 2842)
@@ -2062,43 +2062,33 @@
[woody] - hztty 2.0-5.2woody1
[17 Sep 2003] DSA-384 sendmail - buffer overflows
{CVE-2003-0681 CVE-2003-0694}
- - sendmail 8.12.10-1
+ [woody] - sendmail 8.12.3-6.6
+ [woody] - sendmail-wide 8.12.3+3.5Wbeta-5.5
[17 Sep 2003] DSA-383 ssh-krb5 - possible remote vulnerability
- {CVE-2003-0693}
- {CVE-2003-0695}
- {CVE-2003-0682}
- TODO: Screwy changelog does not make sense. Filed bug.
+ {CVE-2003-0693 CVE-2003-0695 CVE-2003-0682}
+ [woody] - openssh-krb5 1:3.4p1-0woody4
[16 Sep 2003] DSA-382 ssh - possible remote vulnerability
- {CVE-2003-0693}
- - openssh 1:3.6.1p2-6.0
- {CVE-2003-0695}
- - openssh 1:3.7.1
- {CVE-2003-0682}
- - openssh 1:3.6.1p2-9
+ {CVE-2003-0693 CVE-2003-0695 CVE-2003-0682}
+ [woody] - openssh 1:3.4p1-1.woody.3
[13 Sep 2003] DSA-381 mysql - buffer overflow
{CVE-2003-0780}
- - mysql-dfsg 4.0.15-1
+ [woody] - mysql 3.23.49-8.5
[12 Sep 2003] DSA-380 xfree86 - buffer overflows, denial of service
- {CVE-2003-0063}
- - xfree86 4.2.1-11
- {CVE-2003-0071}
- - xfree86 4.2.1-11
- {CVE-2002-0164}
- - xfree86 4.2.1-11
- {CVE-2003-0730}
- - xfree86 4.2.1-12
+ {CVE-2003-0063 CVE-2003-0071 CVE-2002-0164 CVE-2003-0730}
+ [woody] - xfree86 4.1.0-16woody1
[11 Sep 2003] DSA-379 sane-backends - several vulnerabilities
{CVE-2003-0773 CVE-2003-0774 CVE-2003-0775 CVE-2003-0776 CVE-2003-0777
CVE-2003-0778}
- - sane-backends 1.0.11-1
+ [woody] - sane-backends 1.0.7-4
[07 Sep 2003] DSA-378 mah-jong - buffer overflows, denial of service
{CVE-2003-0705 CVE-2003-0706}
- - mah-jong 1.5.6-2
+ [woody] - mah-jong 1.4-2
[04 Sep 2003] DSA-377 wu-ftpd - insecure program execution
{CVE-1999-0997}
- - wu-ftpd 2.6.2-15
+ [woody] - wu-ftpd 2.6.2-3woody2
[04 Sep 2003] DSA-376 exim - buffer overflow
{CVE-2003-0743}
- - exim 3.36-8
+ [woody] - exim 3.35-1woody2
+ [woody] - exim-tls 3.35-3woody1
[29 Aug 2003] DSA-375 node - buffer overflow, format string
{CVE-2003-0707 CVE-2003-0708}
- node 0.3.2-1