Secure testing commits - Nov 2005 - r2848 - in data: CVE DSA

Author: jmm-guest
Date: 2005-11-23 23:41:32 +0000 (Wed, 23 Nov 2005)
New Revision: 2848

Modified:
   data/CVE/list
   data/DSA/list
Log:
convert another month of DSAs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2005-11-23 22:30:25 UTC (rev 2847)
+++ data/CVE/list	2005-11-23 23:41:32 UTC (rev 2848)
@@ -17263,8 +17263,10 @@
 	- whois 4.6.7
 CVE-2003-0708 (Format string vulnerability in LinuxNode (node) before 0.3.2 may
allow ...)
 	{DSA-375}
+	- node 0.3.2-1
 CVE-2003-0707 (Buffer overflow in LinuxNode (node) before 0.3.2 allows remote
...)
 	{DSA-375}
+	- node 0.3.2-1
 CVE-2003-0706 (Unknown vulnerability in mah-jong 1.5.6 and earlier allows
remote ...)
 	{DSA-378}
 	- mah-jong 1.5.6-2
@@ -17318,8 +17320,10 @@
 	REJECTED
 CVE-2003-0686 (Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier,
when ...)
 	{DSA-374}
+	- libpam-smb <removed>
 CVE-2003-0685 (Buffer overflow in Netris 0.52 and earlier, and possibly other
...)
 	{DSA-372}
+	- netris 0.52-1
 CVE-2003-0684
 	RESERVED
 CVE-2003-0683 (NFS in SGI 6.5.21m and 6.5.21f does not perform access checks in
...)
@@ -17343,6 +17347,7 @@
 	NOT-FOR-US: Sun iPlanet
 CVE-2003-0672 (Format string vulnerability in pam-pgsql 0.5.2 and earlier
allows ...)
 	{DSA-370}
+	- pam-pgsql 0.5.2-7
 CVE-2003-0671 (Format string vulnerability in tcpflow, when used in a setuid
context, ...)
 	NOT-FOR-US: sustworks IPNetSentryX
 CVE-2003-0670 (Sustworks IPNetSentryX and IPNetMonitorX allow local users to
sniff ...)
@@ -17373,22 +17378,27 @@
 	NOT-FOR-US: docview / caldera
 CVE-2003-0657 (Multiple SQL injection vulnerabilities in the infolog module for
...)
 	{DSA-365}
+	- phpgroupware 0.9.14.007-1
 CVE-2003-0656 (eroaster before 2.2.0 allows local users to overwrite arbitrary
files ...)
 	{DSA-366}
+	- eroaster 2.2.0-0.5-1
 CVE-2003-0655 (rscsi in cdrtools 2.01 and earlier allows local users to
overwrite ...)
 	- cdrecord 4:2.0+a18-1
 CVE-2003-0654 (Buffer overflow in autorespond may allow remote attackers to
execute ...)
 	{DSA-373}
+	- autorespond 2.0.4-1
 CVE-2003-0653 (The OSI networking kernel (sys/netiso) in NetBSD 1.6.1 and
earlier ...)
 	NOT-FOR-US: NetBSD
 CVE-2003-0652 (Buffer overflow in xtokkaetama allows local users to gain
privileges ...)
 	{DSA-367}
+	- xtokkaetama 1.0b-9
 CVE-2003-0651 (Buffer overflow in the mylo_log logging function for mod_mylo
0.2.1 ...)
 	NOT-FOR-US: mod_mylo for apache
 CVE-2003-0650 (Directory traversal vulnerability in GSAPAK.EXE for GameSpy
Arcade, ...)
 	NOT-FOR-US: gamespy
 CVE-2003-0649 (Buffer overflow in xpcd-svga for xpcd 2.08 and earlier allows
local ...)
 	{DSA-368}
+	- xpcd 2.08-9
 CVE-2003-0648 (Multiple buffer overflows in vfte, based on FTE, before 0.50,
allow ...)
 	{DSA-472}
 	- fte 0.50.0-1.1 (bug #203871)
@@ -17398,6 +17408,7 @@
 	NOT-FOR-US: ActiveX
 CVE-2003-0645 (man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled
DEFINE ...)
 	{DSA-364}
+	- man-db 2.4.1-13
 CVE-2003-0644 (Kdbg 1.1.0 through 1.2.8 does not check permissions of the
.kdbgrc ...)
 	- kdbg 1.2.9-1
 CVE-2003-0643 (Integer signedness error in the Linux Socket Filter
implementation ...)
@@ -17439,6 +17450,7 @@
 	NOT-FOR-US: peoplesoft
 CVE-2003-0625 (Off-by-one error in certain versions of xfstt allows remote
attackers ...)
 	{DSA-360}
+	- xfstt 1.5.1-1
 CVE-2003-0624 (Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp
for ...)
 	NOT-FOR-US: BEA WebLogic
 CVE-2003-0623 (Cross-site scripting (XSS) vulnerability in the Administration
Console ...)
@@ -17449,6 +17461,7 @@
 	NOT-FOR-US: BEA Tuxedo
 CVE-2003-0620 (Multiple buffer overflows in man-db 2.4.1 and earlier, when
installed ...)
 	{DSA-364}
+	- man-db 2.4.1-13
 CVE-2003-0619 (Integer signedness error in the decode_fh function of nfs3xdr.c
in ...)
 	{DSA-358}
 	NOTE: fixed in 2.4.21-pre3
@@ -17457,12 +17470,15 @@
 	- perl 5.8.3-3
 CVE-2003-0617 (mindi 0.58 and earlier does not properly create temporary files,
which ...)
 	{DSA-362}
+	- mindi 0.86-1
 CVE-2003-0616 (Format string vulnerability in ePO service for McAfee ePolicy
...)
 	NOT-FOR-US: McAfee
 CVE-2003-0615 (Cross-site scripting (XSS) vulnerability in start_form() of
CGI.pm ...)
 	{DSA-371}
+	- perl 5.8.0-19
 CVE-2003-0614 (Cross-site scripting (XSS) vulnerability in search.php of
Gallery 1.1 ...)
 	{DSA-355}
+	- zblast 1.2.1-7
 CVE-2003-0613 (Buffer overflow in zblast-svgalib of zblast 1.2.1 and earlier
allows ...)
 	{DSA-369}
 CVE-2003-0612 (Multiple buffer overflows in main.c for Crafty 19.3 allow local
users ...)
@@ -17496,6 +17512,7 @@
 	RESERVED
 CVE-2003-0599 (Unknown vulnerability in the Virtual File System (VFS)
capability for ...)
 	{DSA-365}
+	- phpgroupware 0.9.14.007-1
 CVE-2003-0598
 	REJECTED
 CVE-2003-0597 (Unknown vulnerability in display of Merge before 5.3.23a in
UnixWare ...)
@@ -17535,6 +17552,7 @@
 	REJECTED
 CVE-2003-0581 (X Fontserver for Truetype fonts (xfstt) 1.4 allows remote
attackers to ...)
 	{DSA-360}
+	- xfstt 1.5-1
 CVE-2003-0580 (Buffer overflow in uvadmsh in IBM U2 UniVerse 10.0.0.9 and
earlier ...)
 	NOT-FOR-US: IBM U2 UniVerse
 CVE-2003-0579 (uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier trusts the ...)
@@ -17633,6 +17651,7 @@
 	- gtkhtml 1.0.4-6.2
 CVE-2003-0540 (The address parser code in Postfix 1.1.12 and earlier allows
remote ...)
 	{DSA-363}
+	- postfix 1.1.12
 CVE-2003-0539 (skk (Simple Kana to Kanji conversion program) 12.1 and earlier,
and ...)
 	{DSA-343}
 CVE-2003-0538 (The mailcap file for mozart 1.2.5 and earlier causes Oz
applications ...)
@@ -17705,6 +17724,7 @@
 	NOT-FOR-US: Microsoft
 CVE-2003-0504 (Multiple cross-site scripting (XSS) vulnerabilities in
Phpgroupware ...)
 	{DSA-365}
+	- phpgroupware 0.9.14.007-1
 CVE-2003-0503 (Buffer overflow in the ShellExecute API function of SHELL32.DLL
in ...)
 	NOT-FOR-US: Microsoft
 CVE-2003-0502 (Apple QuickTime / Darwin Streaming Server before 4.1.3g allows
remote ...)
@@ -17779,6 +17799,7 @@
 	NOT-FOR-US: microsoft
 CVE-2003-0468 (Postfix 1.1.11 and earlier allows remote attackers to use
Postfix to ...)
 	{DSA-363}
+	- postfix 1.1.12
 CVE-2003-0467 (Unknown vulnerability in ip_nat_sack_adjust of Netfilter in
Linux ...)
 	NOTE: fixed in linux 2.4.21
 CVE-2003-0466 (Off-by-one error in the fb_realpath() function, as derived from
the ...)
@@ -17805,6 +17826,7 @@
 	NOT-FOR-US: apache for win and os/2
 CVE-2003-0459 (KDE Konqueror for KDE 3.1.2 and earlier does not remove
authentication ...)
 	{DSA-361}
+	- kdelibs 4:3.1.3-1
 CVE-2003-0458 (Unknown vulnerability in HP NonStop Server D40.00 through
D48.03, and ...)
 	NOT-FOR-US: HP
 CVE-2003-0457
@@ -17987,6 +18009,7 @@
 	NOT-FOR-US: Prishtina FTP client
 CVE-2003-0370 (Konqueror Embedded and KDE 2.2.2 and earlier does not validate
the ...)
 	{DSA-361}
+	- kdelibs 4:3.1.3-1
 CVE-2003-0369
 	RESERVED
 CVE-2003-0368 (Nokia Gateway GPRS support node (GGSN) allows remote attackers
to ...)

Modified: data/DSA/list
==================================================================---
data/DSA/list	2005-11-23 22:30:25 UTC (rev 2847)
+++ data/DSA/list	2005-11-23 23:41:32 UTC (rev 2848)
@@ -2091,54 +2091,53 @@
 	[woody] - exim-tls 3.35-3woody1
 [29 Aug 2003] DSA-375 node - buffer overflow, format string
 	{CVE-2003-0707 CVE-2003-0708}
-	- node 0.3.2-1
+	[woody] - node 0.3.0a-2woody1
 [26 Aug 2003] DSA-374 libpam-smb - buffer overflow
 	{CVE-2003-0686}
-	NOTE: not in sid/sarge
+	[woody] - libpam-smb 1.1.6-1.1woody1
 [16 Aug 2003] DSA-373 autorespond - buffer overflow
 	{CVE-2003-0654}
-	- autorespond 2.0.4-1
+	[woody] - autorespond 2.0.2-2woody1
 [16 Aug 2003] DSA-372 netris - buffer overflow
 	{CVE-2003-0685}
-	- netris 0.52-1
+	[woody] - netris 0.5-4woody1
 [11 Aug 2003] DSA-371 perl - cross-site scripting
 	{CVE-2003-0615}
-	- perl 5.8.0-19
+	[woody] - perl 5.6.1-8.3
 [08 Aug 2003] DSA-370 pam-pgsql - format string
 	{CVE-2003-0672}
-	- pam-pgsql 0.5.2-7
+	[woody] - pam-pgsql 0.5.2-3woody1
 [08 Aug 2003] DSA-369 zblast - buffer overflow
 	{CVE-2003-0613}
-	- zblast 1.2.1-7
+	[woody] - zblast 1.2pre-5woody2
 [08 Aug 2003] DSA-368 xpcd - buffer overflow
 	{CVE-2003-0649}
-	- xpcd 2.08-9
+	[woody] - xpcd 2.08-8woody1
 [08 Aug 2003] DSA-367 xtokkaetama - buffer overflow
 	{CVE-2003-0652}
-	- xtokkaetama 1.0b-9
+	[woody] - xtokkaetama 1.0b-6woody2
 [05 Aug 2003] DSA-366 eroaster - insecure temporary file
 	{CVE-2003-0656}
-	- eroaster 2.2.0-0.5-1
+	[woody] - eroaster 2.1.0.0.3-2woody1
 [05 Aug 2003] DSA-365 phpgroupware - several vulnerabilities
 	{CVE-2003-0504 CVE-2003-0599 CVE-2003-0657}
-	- phpgroupware 0.9.14.007-1
+	[woody] - phpgroupware 0.9.14-0.RC3.2.woody2
 [04 Aug 2003] DSA-364 man-db - buffer overflows, arbitrary command execution
 	{CVE-2003-0620 CVE-2003-0645}
-	- man-db 2.4.1-13
+	[woody] - man-db 2.3.20-18.woody.4
 [03 Aug 2003] DSA-363 postfix - denial of service, bounce-scanning
 	{CVE-2003-0468 CVE-2003-0540}
-	- postfix 1.1.12
+	[woody] - postfix 1.1.11-0.woody3
 [02 Aug 2003] DSA-362 mindi - insecure temporary file
 	{CVE-2003-0617}
-	- mindi 0.86-1
+	[woody] - mindi 0.58.r5-1woody1
 [01 Aug 2003] DSA-361 kdelibs, kdelibs-crypto - several vulnerabilities
 	{CVE-2003-0459 CVE-2003-0370}
-	- kdelibs 4:3.1.3-1
+	[woody] - kdelibs 2.2.2-13.woody.8
+	[woody] - kdelibs-crypto 2.2.2-6woody2
 [01 Aug 2003] DSA-360 xfstt - several vulnerabilities
-	{CVE-2003-0581}
-	- xfstt 1.5-1
-	{CVE-2003-0625}
-	- xfstt 1.5.1-1
+	{CVE-2003-0581 CVE-2003-0625}
+	[woody] - xfstt 1.2.1-3
 [31 Jul 2003] DSA-359 atari800 - buffer overflows
 	{CVE-2003-0630}
 	- atari800 1.3.1-2