thr3ads.net - Secure testing commits - [Secure-testing-commits] r2890

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2005-Nov-29 14:56 UTC
[Secure-testing-commits] r2890 - in data: CVE DSA

Author: jmm-guest
Date: 2005-11-29 14:56:28 +0000 (Tue, 29 Nov 2005)
New Revision: 2890

Modified:
   data/CVE/list
   data/DSA/list
Log:
june 2003 converted to new DSA format


Modified: data/CVE/list
==================================================================---
data/CVE/list	2005-11-29 09:20:03 UTC (rev 2889)
+++ data/CVE/list	2005-11-29 14:56:28 UTC (rev 2890)
@@ -18006,10 +18006,13 @@
 	- traceroute-nanog 6.3.6-3
 CVE-2003-0452 (Buffer overflows in osh before 1.7-11 allow local users to
execute ...)
 	{DSA-329}
+	- osh 1.7-12
 CVE-2003-0451 (Multiple buffer overflows in xbl before 1.0k allow local users
to gain ...)
 	{DSA-327}
+	- xbl 1.0k-5
 CVE-2003-0450 (Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows
...)
 	{DSA-321}
+	- radiusd-cistron 1.6.6-2
 CVE-2003-0449 (Progress Database 9.1 to 9.1D06 trusts user input to find and
load ...)
 	NOT-FOR-US: progress database
 CVE-2003-0448 (Portmon 1.7 and possibly earlier versions allows local users to
read ...)
@@ -18020,6 +18023,7 @@
 	NOT-FOR-US: microsoft
 CVE-2003-0445 (Buffer overflow in webfs before 1.17.1 allows remote attackers
to ...)
 	{DSA-328}
+	- webfs 1.20
 CVE-2003-0444 (Heap-based buffer overflow in GTKSee 0.5 and 0.5.1 allows remote
...)
 	{DSA-337}
 	- gtksee 0.5.6-1
@@ -18030,6 +18034,7 @@
 	- php4 4:4.3.2+rc3-1
 CVE-2003-0441 (Multiple buffer overflows in Orville Write (orville-write) 2.53
and ...)
 	{DSA-326}
+	- orville-write 2.54-1
 CVE-2003-0440 (The (1) semi MIME library 1.14.5 and earlier, and (2) wemi
1.14.0 and ...)
 	{DSA-339}
 	- semi 1.14.5+20030609-1 (bug #223456)
@@ -18038,12 +18043,14 @@
 	RESERVED
 CVE-2003-0438 (eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows
local ...)
 	{DSA-325}
+	- eldav 0.7.2-1
 CVE-2003-0437 (Buffer overflow in search.cgi for mnoGoSearch 3.2.10 allows
remote ...)
 	- mnogosearch-common 3.2.11
 CVE-2003-0436 (Buffer overflow in search.cgi for mnoGoSearch 3.1.20 allows
remote ...)
 	- mnogosearch-common 3.2.11
 CVE-2003-0435 (Buffer overflow in net_swapscore for typespeed 0.4.1 and earlier
...)
 	{DSA-322}
+	- typespeed 0.4.4
 CVE-2003-0434 (Various PDF viewers including (1) Adobe Acrobat 5.06 and (2)
Xpdf 1.01 ...)
 	NOTE: various pdf viewers
 	NOTE: kpdf does not seem to support hyperlinks; so not vulnerable
@@ -18051,18 +18058,24 @@
 	- xpdf 2.02pl1-1
 CVE-2003-0433 (Multiple buffer overflows in gnocatan 0.6.1 and earlier allow
...)
 	{DSA-315}
+	- gnocatan 0.8.0-1 (bug #328136)
+	- pioneers <not-affected> (bug #328136)
 CVE-2003-0432 (Ethereal 0.9.12 and earlier does not handle certain strings
properly, ...)
 	{DSA-324}
+	- ethereal 0.9.13-1
 CVE-2003-0431 (The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier
does not ...)
 	{DSA-324}
+	- ethereal 0.9.13-1
 CVE-2003-0430 (The SPNEGO dissector in Ethereal 0.9.12 and earlier allows
remote ...)
-	- ethereal 0.9.13
+	- ethereal 0.9.13-1
 CVE-2003-0429 (The OSI dissector in Ethereal 0.9.12 and earlier allows remote
...)
 	{DSA-324}
+	- ethereal 0.9.13-1
 CVE-2003-0428 (Unknown vulnerability in the DCERPC (DCE/RPC) dissector in
Ethereal ...)
 	{DSA-324}
 CVE-2003-0427 (Buffer overflow in mikmod 3.1.6 and earlier allows remote
attackers to ...)
 	{DSA-320}
+	- mikmod 3.1.6-6
 CVE-2003-0426 (The installation of Apple QuickTime / Darwin Streaming Server
before ...)
 	NOT-FOR-US: Apple
 CVE-2003-0425 (Directory traversal vulnerability in Apple QuickTime / Darwin
...)
@@ -18153,10 +18166,13 @@
 	RESERVED
 CVE-2003-0382 (Buffer overflow in Eterm 0.9.2 allows local users to gain
privileges ...)
 	{DSA-309}
+	- eterm 0.9.2-1
 CVE-2003-0381 (Multiple vulnerabilities in noweb 2.9 and earlier creates
temporary ...)
 	{DSA-323}
+	- noweb 2.10c-3.1 (bug #271146)
 CVE-2003-0380 (Buffer overflow in atftp daemon (atftpd) 0.6.1 and earlier, and
...)
 	{DSA-314}
+	- atftp 0.6.2
 CVE-2003-0379 (Unknown vulnerability in Apple File Service (AFP Server) for Mac
OS X ...)
 	NOT-FOR-US: MaxOS
 CVE-2003-0378 (The Kerberos login authentication feature in Mac OS X, when used
with ...)
@@ -18184,8 +18200,10 @@
 	NOT-FOR-US: Nokia Gateway GPRS
 CVE-2003-0367 (znew in the gzip package allows local users to overwrite
arbitrary ...)
 	{DSA-308}
+	- gzip 1.3.5-6
 CVE-2003-0366 (lyskom-server 2.0.7 and earlier allows unauthenticated users to
cause ...)
 	{DSA-318}
+	- lyskom-server 2.0.7-2
 CVE-2003-0365 (ICQLite 2003a creates the ICQ Lite directory with an ACE for
&quot;Full ...)
 	NOT-FOR-US: ICQLite
 CVE-2003-0364 (The TCP/IP fragment reassembly handling in the Linux kernel 2.4
allows ...)
@@ -18201,13 +18219,20 @@
 	{DSA-307}
 CVE-2003-0359 (nethack 3.4.0 and earlier installs certain setgid binaries with
...)
 	{DSA-316}
+	- nethack 3.4.1-1
+	- jnethack 1.1.5-15
 CVE-2003-0358 (Buffer overflow in (1) nethack 3.4.0 and earlier, and (2)
falconseye ...)
 	{DSA-350 DSA-316}
 	- falconseye 1.9.3-9
+	- nethack 3.4.1-1
+	- slashem 0.0.6E4F8-6
+	- jnethack 1.1.5-15
 CVE-2003-0357 (Multiple integer overflow vulnerabilities in Ethereal 0.9.11 and
...)
 	{DSA-313}
+	- ethereal 0.9.12-1
 CVE-2003-0356 (Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and
earlier ...)
 	{DSA-313}
+	- ethereal 0.9.12-1
 CVE-2003-0355 (Safari 1.0 Beta 2 (v73) and earlier does not validate the Common
Name ...)
 	NOT-FOR-US: Safari
 CVE-2003-0354 (Unknown vulnerability in GNU Ghostscript before 7.07 allows
attackers ...)
@@ -18551,6 +18576,7 @@
 	{DSA-280}
 CVE-2003-0195 (CUPS before 1.1.19 allows remote attackers to cause a denial of
...)
 	{DSA-317}
+	- cupsys 1.1.19final-1
 CVE-2003-0194 (tcpdump does not properly drop privileges to the pcap user when
...)
 	NOTE: apparently a redhat specific compilation prolem of tcpdump
 CVE-2003-0193 (msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local
users ...)
@@ -18715,6 +18741,7 @@
 	NOT-FOR-US: ServerMask
 CVE-2003-0101 (miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before
1.000 ...)
 	{DSA-319}
+	- webmin 1.070-1
 CVE-2003-0099 (Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x
before ...)
 	{DSA-277}
 CVE-2003-0098 (Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before
...)
@@ -22948,6 +22975,7 @@
 CVE-1999-1333 (automatic download option in ncftp 2.4.2 FTP client in Red Hat
Linux ...)
 CVE-1999-1332 (gzexe in the gzip package on Red Hat Linux 5.0 and earlier
allows ...)
 	{DSA-308}
+	- gzip 1.3.5-6
 CVE-1999-1331 (netcfg 2.16-1 in Red Hat Linux 4.2 allows the Ethernet interface
to be ...)
 CVE-1999-1330 (The snprintf function in the db library 1.85.4 ignores the size
...)
 CVE-1999-1329 (Buffer overflow in SysVInit in Red Hat Linux 5.1 and earlier
allows ...)

Modified: data/DSA/list
==================================================================---
data/DSA/list	2005-11-29 09:20:03 UTC (rev 2889)
+++ data/DSA/list	2005-11-29 14:56:28 UTC (rev 2890)
@@ -2241,75 +2241,73 @@
 	[woody] - tcptraceroute 1.2-2
 [20 Jun 2003] DSA-329 osh - buffer overflows
 	{CVE-2003-0452}
-	- osh 1.7-12
+	[woody] - osh 1.7-11woody1
 [19 Jun 2003] DSA-328 webfs - buffer overflow
 	{CVE-2003-0445}
-	- webfs 1.20
+	[woody] - webfs 1.17.1
 [19 Jun 2003] DSA-327 xbl - buffer overflows
 	{CVE-2003-0451}
-	- xbl 1.0k-5
+	[woody] - xbl 1.0k-3woody1
 [19 Jun 2003] DSA-326 orville-write - buffer overflows
 	{CVE-2003-0441}
-	- orville-write 2.54-1
+	[woody] - orville-write 2.53-4woody1
 [19 Jun 2003] DSA-325 eldav - insecure temporary file
 	{CVE-2003-0438}
-	- eldav 0.7.2-1
+	[woody] - eldav 0.0.20020411-1woody1
 [18 Jun 2003] DSA-324 ethereal - several vulnerabilities
 	{CVE-2003-0428 CVE-2003-0429 CVE-2003-0431 CVE-2003-0432}
-	- ethereal 0.9.13-1.
+	[woody] - ethereal 0.9.4-1woody5
 [16 Jun 2003] DSA-323 noweb - insecure temporary files
 	{CVE-2003-0381}
-	- noweb 2.10c-3.1 (bug #271146)
+	[woody] - noweb 2.9a-7.3
 [16 Jun 2003] DSA-322 typespeed - buffer overflow
 	{CVE-2003-0435}
-	- typespeed 0.4.4
+	[woody] - typespeed 0.4.1-2.2
 [13 Jun 2003] DSA-321 radiusd-cistron - buffer overflow
 	{CVE-2003-0450}
-	- radiusd-cistron 1.6.6-2
+	[woody] - radiusd-cistron 1.6.6-1woody1
 [13 Jun 2003] DSA-320 mikmod - buffer overflow
 	{CVE-2003-0427}
-	- mikmod 3.1.6-6
+	[woody] - mikmod 3.1.6-4woody3
 [12 Jun 2003] DSA-319 webmin - session ID spoofing
 	{CVE-2003-0101}
-	- webmin 1.070-1
+	[woody] - webmin 0.94-7woody1
 [12 Jun 2003] DSA-318 lyskom-server - denial of service
 	{CVE-2003-0366}
-	- lyskom-server 2.0.7-2
+	[woody] - lyskom-server 2.0.6-1woody1
 [11 Jun 2003] DSA-317 cupsys - denial of service
 	{CVE-2003-0195}
-	- cupsys 1.1.19final-1
+	[woody] - cupsys 1.1.14-5
 [11 Jun 2003] DSA-316 nethack - buffer overflow, incorrect permissions
 	{CVE-2003-0358 CVE-2003-0359}
-	- nethack 3.4.1-1
-	- slashem 0.0.6E4F8-6
-	- jnethack 1.1.5-15
-	NOTE: DSA contains some strange non-nethack version numbers
+	[woody] - nethack 3.4.0-3.0woody3
+	[woody] - slashem 0.0.6E4F8-4.0woody3
 [11 Jun 2003] DSA-315 gnocatan - buffer overflows, denial of service
 	{CVE-2003-0433}
-	- gnocatan 0.8.0-1 (bug #328136)
-	- pioneers <not-affected> (bug #328136)
-	NOTE: maintainer confirmed that the security fixes are included
+	[woody] - gnocatan 0.6.1-5woody2
 [11 Jun 2003] DSA-314 atftp - buffer overflow
 	{CVE-2003-0380}
-	- atftp 0.6.2
+	[woody] - atftp 0.6.1.1.0woody1
 [11 Jun 2003] DSA-313 ethereal - buffer overflows, integer overflows
 	{CVE-2003-0356 CVE-2003-0357}
-	- ethereal 0.9.12-1
+	[woody] - ethereal 0.9.4-1woody4
 [09 Jun 2003] DSA-312 kernel-patch-2.4.18-powerpc - several vulnerabilities
 	{CVE-2002-0429 CVE-2003-0001 CVE-2003-0127 CVE-2003-0244 CVE-2003-0246
CVE-2003-0247 CVE-2003-0248}
-	NOTE: not in unstable/testing. Did not check other versions.
+	[woody] - kernel-patch-2.4.18-powerpc 2.4.18-1woody1
 [08 Jun 2003] DSA-311 linux-kernel-2.4.18 - several vulnerabilities
 	{CVE-2002-0429 CVE-2003-0001 CVE-2003-0127 CVE-2003-0244 CVE-2003-0246
CVE-2003-0247 CVE-2003-0248 CVE-2003-0364}
-	NOTE: not in unstable/testing. Did not check other versions.
+	[woody] - kernel-source-2.4.18 2.4.18-9
+	[woody] - kernel-image-2.4.18-1-i386 2.4.18-8
+	[woody] - kernel-image-2.4.18-i386bf 2.4.18-5woody1.
 [08 Jun 2003] DSA-310 xaos - improper setuid-root execution
 	{CVE-2003-0385}
-	- xaos 3.1r-4
+	[woody] - xaos 3.0-23woody1
 [06 Jun 2003] DSA-309 eterm - buffer overflow
 	{CVE-2003-0382}
-	- eterm 0.9.2-1
+	[woody] - eterm 0.9.2-0pre2002042903.1
 [06 Jun 2003] DSA-308 gzip - insecure temporary files
 	{CVE-1999-1332 CVE-2003-0367}
-	- gzip 1.3.5-6
+	[woody] - gzip 1.3.2-3woody1
 [27 May 2003] DSA-307 gps - multiple vulnerabilities
 	{CVE-2003-0361 CVE-2003-0360 CVE-2003-0362}
 	- gps 1.1.0-1
Secure testing commits - Nov 2005 - r2890 - in data: CVE DSA

[Secure-testing-commits] r2890 - in data: CVE DSA
