Moritz Muehlenhoff
2005-Nov-30 22:01 UTC
[Secure-testing-commits] r2905 - in data: CVE DSA
Author: jmm-guest
Date: 2005-11-30 22:00:34 +0000 (Wed, 30 Nov 2005)
New Revision: 2905
Modified:
data/CVE/list
data/DSA/list
Log:
convert may 2003 to the new DSA format
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-11-30 21:14:20 UTC (rev 2904)
+++ data/CVE/list 2005-11-30 22:00:34 UTC (rev 2905)
@@ -18499,10 +18499,13 @@
- licq 1.2-7-1
CVE-2003-0362 (Buffer overflow in gPS before 0.10.2 may allow local users to
cause a ...)
{DSA-307}
+ - gps 1.1.0-1
CVE-2003-0361 (gPS before 1.1.0 does not properly follow the rgpsp connection
source ...)
{DSA-307}
+ - gps 1.1.0-1
CVE-2003-0360 (Multiple buffer overflows in gPS before 1.0.0 allow attackers to
cause ...)
{DSA-307}
+ - gps 1.1.0-1
CVE-2003-0359 (nethack 3.4.0 and earlier installs certain setgid binaries with
...)
{DSA-316}
- nethack 3.4.1-1
@@ -18576,6 +18579,7 @@
CVE-2003-0328 (EPIC IRC Client (EPIC4) pre2.002, pre2.003, and possibly later
...)
{DSA-399 DSA-306}
- epic4 1:1.1.11.20030409-2
+ - ircii-pana 1:1.0-0c19-8
CVE-2003-0327 (Sybase Adaptive Server Enterprise (ASE) 12.5 allows remote
attackers ...)
NOT-FOR-US: Sybase Adaptive Server Enterprise
CVE-2003-0326 (Integer overflow in parse_decode_path() of slocate may allow
attackers ...)
@@ -18590,10 +18594,13 @@
{DSA-287}
CVE-2003-0323 (Multiple buffer overflows in ircII 20020912 allows remote
malicious ...)
{DSA-298 DSA-291}
+ - epic4 1:1.1.11.20030409-1
CVE-2003-0322 (Integer overflow in BitchX IRC client 1.0-0c19 and earlier
allows ...)
{DSA-306}
+ - ircii-pana 1:1.0-0c19-8
CVE-2003-0321 (Multiple buffer overflows in BitchX IRC client 1.0-0c19 and
earlier ...)
{DSA-306}
+ - ircii-pana 1:1.0-0c19-8
CVE-2003-0320 (header.php in ttCMS 2.3 and earlier allows remote attackers to
inject ...)
NOT-FOR-US: ttCMS
CVE-2003-0319 (Buffer overflow in the IMAP server (IMAPMax) for SmartMax
MailMax ...)
@@ -18622,6 +18629,7 @@
NOT-FOR-US: MSIE
CVE-2003-0308 (The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not
securely ...)
{DSA-305}
+ - sendmail 8.12.9-2
CVE-2003-0307 (Poster version.two allows remote authenticated users to gain
...)
NOT-FOR-US: Poster version.two
CVE-2003-0306 (Buffer overflow in EXPLORER.EXE on Windows XP allows attackers
to ...)
@@ -18722,8 +18730,10 @@
NOT-FOR-US: FTGatePro
CVE-2003-0262 (leksbot 1.2.3 in Debian GNU/Linux installs the KATAXWR as setuid
root, ...)
{DSA-299}
+ - leksbot 1.2-5 (bug #186421)
CVE-2003-0261 (fuzz 0.6 and earlier creates temporary files insecurely, which
could ...)
{DSA-302}
+ - fuzz 0.6-7.1
CVE-2003-0260 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware
Client ...)
NOT-FOR-US: Cisco
CVE-2003-0259 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware
Client ...)
@@ -18834,6 +18844,7 @@
NOT-FOR-US: cisco
CVE-2003-0209 (Integer overflow in the TCP stream reassembly module (stream4)
for ...)
{DSA-297}
+ - snort 2.0.0-1
CVE-2003-0208 (Cross-site scripting (XSS) vulnerability in Macromedia Flash ad
user ...)
NOT-FOR-US: macromedia flash
CVE-2003-0207 (ps2epsi creates insecure temporary files when calling
ghostscript, ...)
@@ -18876,6 +18887,7 @@
- apache2 2.0.46
CVE-2003-0188 (lv reads a .lv file from the current working directory, which
allows ...)
{DSA-304}
+ - lv 4.49.5-2
CVE-2003-0187 (The connection tracking core of Netfilter for Linux 2.4.20, with
...)
NOTE: only affects kernel 2.4.19, 2.4.20.
CVE-2003-0186
@@ -18918,6 +18930,7 @@
NOT-FOR-US: Apple QuickTime Player
CVE-2003-0167 (Multiple off-by-one buffer overflows in the IMAP capability for
Mutt ...)
{DSA-300 DSA-274}
+ - balsa 2.0.10
CVE-2003-0166 (Integer signedness error in emalloc() function for PHP before
4.3.2 ...)
NOTE: not belived to be vulnerable
(http://marc.theaimsgroup.com/?l=bugtraq&m=104931415307111&w=2)
CVE-2003-0165 (Format string vulnerability in Eye Of Gnome (EOG) allows
attackers to ...)
@@ -18952,6 +18965,7 @@
NOT-FOR-US: BEA WebLogic Server
CVE-2003-0150 (MySQL 3.23.55 and earlier creates world-writeable files and
allows ...)
{DSA-303}
+ TODO: not sure if this is fixed
CVE-2003-0149 (Heap-based buffer overflow in ePO agent for McAfee ePolicy ...)
NOT-FOR-US: McAfee ePolicy Orchestrator
CVE-2003-0148 (The default installation of MSDE via McAfee ePolicy Orchestrator
2.0 ...)
@@ -20526,7 +20540,7 @@
NOT-FOR-US: blade encoder not in Debian
CVE-2003-0073 (Double-free vulnerability in mysqld for MySQL before 3.23.55
allows ...)
{DSA-303}
- - mysql 4.0.12-2
+ - mysql-dfsg 4.0.12-2
CVE-2003-0071 (The DEC UDK processing feature in the xterm terminal emulator in
...)
{DSA-380}
- xfree86 4.2.1-11
@@ -24771,6 +24785,7 @@
CVE-2001-0930 (Sendpage.pl allows remote attackers to execute arbitrary
commands via ...)
CVE-2001-0928 (Buffer overflow in the permitted function of GNOME gtop daemon
...)
{DSA-301}
+ - libgtop 1.0.13-4
CVE-2001-0927 (Format string vulnerability in the permitted function of GNOME
...)
CVE-2001-0926 (SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote
attackers ...)
CVE-2001-0925 (The default installation of Apache before 1.3.19 allows remote
...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2005-11-30 21:14:20 UTC (rev 2904)
+++ data/DSA/list 2005-11-30 22:00:34 UTC (rev 2905)
@@ -2320,39 +2320,37 @@
[woody] - gzip 1.3.2-3woody1
[27 May 2003] DSA-307 gps - multiple vulnerabilities
{CVE-2003-0361 CVE-2003-0360 CVE-2003-0362}
- - gps 1.1.0-1
+ [woody] - gps 0.9.4-1woody1
[19 May 2003] DSA-306 ircii-pana - buffer overflows, integer overflow
{CVE-2003-0321 CVE-2003-0322 CVE-2003-0328}
- - ircii-pana 1:1.0-0c19-8
+ [woody] - ircii-pana 1.0-0c19-1.1
[15 May 2003] DSA-305 sendmail - insecure temporary files
{CVE-2003-0308}
- - sendmail 8.12.9-2
+ [woody] - sendmail 8.12.3-6.4
[15 May 2003] DSA-304 lv - privilege escalation
{CVE-2003-0188}
- - lv 4.49.5-2
+ [woody] - lv 4.49.4-7woody2
[15 May 2003] DSA-303 mysql - privilege escalation
{CVE-2003-0073}
- - mysql-dfsg 4.0.12-2
- {CVE-2003-0150}
- TODO: not sure if this is fixed
+ [woody] - mysql 3.23.49-8.4
[07 May 2003] DSA-302 fuzz - privilege escalation
{CVE-2003-0261}
- - fuzz 0.6-7.1
+ [woody] - fuzz 0.6-6woody1
[07 May 2003] DSA-301 libgtop - buffer overflow
{CVE-2001-0928}
- - libgtop 1.0.13-4
+ [woody] - libgtop 1.0.13-3.1
[06 May 2003] DSA-300 balsa - buffer overflow
{CVE-2003-0167}
- - balsa 2.0.10
+ [woody] - balsa 1.2.4-2.2
[06 May 2003] DSA-299 leksbot - improper setuid-root execution
{CVE-2003-0262}
- - leksbot 1.2-5 (bug #186421)
+ [woody] - leksbot 1.2-3.1
[02 May 2003] DSA-298 epic4 - buffer overflows
{CVE-2003-0323}
- - epic4 1:1.1.11.20030409-1
+ [woody] - epic4 1.1.2.20020219-2.1
[01 May 2003] DSA-297 snort - integer overflow, buffer overflow
{CVE-2003-0033 CVE-2003-0209}
- - snort 2.0.0-1
+ [woody] - snort 1.8.4beta1-3.1
[30 Apr 2003] DSA-296 kdebase - insecure execution
{CVE-2003-0204}
- kdebase 4:3.1.0-1