Moritz Muehlenhoff
2005-Nov-24 18:00 UTC
[Secure-testing-commits] r2857 - in data: CVE DSA
Author: jmm-guest
Date: 2005-11-24 17:59:29 +0000 (Thu, 24 Nov 2005)
New Revision: 2857
Modified:
data/CVE/list
data/DSA/list
Log:
new gaim-encryption issue
more DSA work
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-11-24 13:38:52 UTC (rev 2856)
+++ data/CVE/list 2005-11-24 17:59:29 UTC (rev 2857)
@@ -1,3 +1,5 @@
+CVE-2005-XXXX [potential dos against gaim-encryption]
+ - gaim-encryption <unfixed> (bug #337127)
CVE-2005-3781 (Unspecified vulnerability in in.named in Solaris 9 allows
attackers to ...)
NOT-FOR-US: Solaris
CVE-2005-3780 (Multiple buffer overflows in IPUpdate 1.1 might allow attackers
to ...)
@@ -17539,7 +17541,7 @@
- kdbg 1.2.9-1
CVE-2003-0643 (Integer signedness error in the Linux Socket Filter
implementation ...)
{DSA-358}
- NOTE: fixed in 2.4.22-pre10 (Introduced in 2.4.3-pre3)
+ - kernel-source-2.4.27 <not-affected> (Fixed before upload in archive;
2.4.22-pre10)
CVE-2003-0642 (WatchGuard ServerLock for Windows 2000 before SL 2.0.4 allows
local ...)
NOT-FOR-US: Watchguard / win
CVE-2003-0641 (WatchGuard ServerLock for Windows 2000 before SL 2.0.3 allows
local ...)
@@ -17566,6 +17568,7 @@
NOT-FOR-US: VMware
CVE-2003-0630 (Multiple buffer overflows in the atari800.svgalib setuid program
of ...)
{DSA-359}
+ - atari800 1.3.1-2
CVE-2003-0629 (Cross-site scripting (XSS) vulnerability in PeopleSoft IScript
...)
NOT-FOR-US: peoplesoft
CVE-2003-0628 (PeopleSoft Gateway Administration servlet
(gateway.administration) in ...)
@@ -17590,7 +17593,7 @@
- man-db 2.4.1-13
CVE-2003-0619 (Integer signedness error in the decode_fh function of nfs3xdr.c
in ...)
{DSA-358}
- NOTE: fixed in 2.4.21-pre3
+ - kernel-source-2.4.27 <not-affected> (Fixed before upload in archive;
2.4.21-pre3)
CVE-2003-0618 (Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a
local ...)
{DSA-431}
- perl 5.8.3-3
@@ -17930,6 +17933,7 @@
NOTE: fixed in linux 2.4.21
CVE-2003-0466 (Off-by-one error in the fb_realpath() function, as derived from
the ...)
{DSA-357}
+ - wu-ftpd 2.6.2-12
CVE-2003-0465 (The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL
pad the ...)
NOTE: generic .c version fixed in 2.6.x but not in 2.4.x
NOTE: arch specific asm versions:
@@ -17947,7 +17951,7 @@
- kernel-source-2.4.27 <not-affected> (Fixed before upload in the
archive; 2.4.22-pre10)
CVE-2003-0461 (/proc/tty/driver/serial in Linux 2.4.x reveals the exact number
of ...)
{DSA-423 DSA-358}
- TODO: Check
+ TODO: Check, see http://www.ultramonkey.org/bugs/cve/CAN-2003-0461.shtml
CVE-2003-0460 (The rotatelogs program on Apache before 1.3.28, for Windows and
OS/2 ...)
NOT-FOR-US: apache for win and os/2
CVE-2003-0459 (KDE Konqueror for KDE 3.1.2 and earlier does not remove
authentication ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2005-11-24 13:38:52 UTC (rev 2856)
+++ data/DSA/list 2005-11-24 17:59:29 UTC (rev 2857)
@@ -2144,13 +2144,17 @@
[woody] - xfstt 1.2.1-3
[31 Jul 2003] DSA-359 atari800 - buffer overflows
{CVE-2003-0630}
- - atari800 1.3.1-2
+ [woody] - atari800 1.2.2-1woody2
[31 Jul 2003] DSA-358 linux-kernel-2.4.18 - several vulnerabilities
{CVE-2003-0461 CVE-2003-0462 CVE-2003-0476 CVE-2003-0501 CVE-2003-0550
CVE-2003-0551 CVE-2003-0552 CVE-2003-0018 CVE-2003-0619 CVE-2003-0643}
- NOTE: 2.4.18/2.4.20 not in unstable/testing. Did not check newer ones.
+ [woody] kernel-source-2.4.18 2.4.18-13
+ [woody] kernel-image-2.4.18-1-i386 2.4.18-11
+ [woody] kernel-image-2.4.18-i386bf 2.4.18-5woody4
+ [woody] kernel-source-2.4.18 2.4.18-13
+ [woody] kernel-image-2.4.18-1-alpha 2.4.18-10.
[31 Jul 2003] DSA-357 wu-ftpd - remote root exploit
{CVE-2003-0466}
- - wu-ftpd 2.6.2-12
+ [woody] - wu-ftpd 2.6.2-3woody1
[30 Jul 2003] DSA-356 xtokkaetama - buffer overflows
{CVE-2003-0611}
- xtokkaetama 1.0b-8