thr3ads.net - Secure testing commits - [Secure-testing-commits] r2929

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2005-Dec-02 22:50 UTC
[Secure-testing-commits] r2929 - in data: CVE DSA

Author: jmm-guest
Date: 2005-12-02 22:49:44 +0000 (Fri, 02 Dec 2005)
New Revision: 2929

Modified:
   data/CVE/list
   data/DSA/list
Log:
convert april 2003 to the new DSA format


Modified: data/CVE/list
==================================================================---
data/CVE/list	2005-12-02 17:12:55 UTC (rev 2928)
+++ data/CVE/list	2005-12-02 22:49:44 UTC (rev 2929)
@@ -18764,9 +18764,12 @@
 	NOTE: maelstrom in sarge tests not vulnerable to exploit. Unsure when fixed.
 CVE-2003-0324 (Buffer overflows in EPIC IRC Client (EPIC4) 1.0.1 allows remote
...)
 	{DSA-287}
+	- epic4 1:1.1.11.20030409-1
+	- epic 3.004-19
 CVE-2003-0323 (Multiple buffer overflows in ircII 20020912 allows remote
malicious ...)
 	{DSA-298 DSA-291}
 	- epic4 1:1.1.11.20030409-1
+	- ircii 20030315-1
 CVE-2003-0322 (Integer overflow in BitchX IRC client 1.0-0c19 and earlier
allows ...)
 	{DSA-306}
 	- ircii-pana 1:1.0-0c19-8
@@ -19006,10 +19009,13 @@
 	NOT-FOR-US: bttlxeForum / win
 CVE-2003-0214 (run-mailcap in mime-support 3.22 and earlier allows local users
to ...)
 	{DSA-292}
+	- mime-support 3.23-1
 CVE-2003-0213 (ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote
...)
 	{DSA-295}
+	- pptpd 1.1.4-0.b3.2
 CVE-2003-0212 (handleAccept in rinetd before 0.62 does not properly resize the
...)
 	{DSA-289}
+	- rinetd 0.61-2
 CVE-2003-0211 (Memory leak in xinetd 2.3.10 allows remote attackers to cause a
denial ...)
 	- xinetd 1:2.3.11
 CVE-2003-0210 (Buffer overflow in the administration service (CSAdmin) for
Cisco ...)
@@ -19021,18 +19027,27 @@
 	NOT-FOR-US: macromedia flash
 CVE-2003-0207 (ps2epsi creates insecure temporary files when calling
ghostscript, ...)
 	{DSA-286}
+	- gs-common 0.3.3.1
 CVE-2003-0206 (gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote
...)
 	{DSA-294}
+	- grellm-newsticker <removed>
 CVE-2003-0205 (gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote
...)
 	{DSA-294}
+	- grellm-newsticker <removed>
 CVE-2003-0204 (KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to
...)
 	{DSA-296 DSA-293 DSA-284}
+	- kdebase 4:3.1.0-1
+	- kdebase 4:3.1.0-1
+	- kdegraphics 4:3.1.0-1
 CVE-2003-0203 (Buffer overflow in moxftp 2.2 and earlier allows remote
malicious FTP ...)
 	{DSA-281}
+	- moxftp 2.2-18.20
 CVE-2003-0202 (The (1) halstead and (2) gather_stats scripts in metrics 1.0
allow ...)
 	{DSA-279}
+	- metrics <removed>
 CVE-2003-0201 (Buffer overflow in the call_trans2open function in trans2.c for
Samba ...)
 	{DSA-280}
+	- samba 3.0
 CVE-2003-0200
 	RESERVED
 CVE-2003-0199
@@ -19043,6 +19058,7 @@
 	NOT-FOR-US: Interbase Database
 CVE-2003-0196 (Multiple buffer overflows in Samba before 2.2.8a may allow
remote ...)
 	{DSA-280}
+	- samba 3.0
 CVE-2003-0195 (CUPS before 1.1.19 allows remote attackers to cause a denial of
...)
 	{DSA-317}
 	- cupsys 1.1.19final-1
@@ -19090,6 +19106,7 @@
 	NOT-FOR-US: IRIX
 CVE-2003-0173 (xfsdq in xfsdump does not create quota information files
securely, ...)
 	{DSA-283}
+	- xfsdump 2.2.8-1
 CVE-2003-0172 (Buffer overflow in openlog function for PHP 4.3.1 on Windows
operating ...)
 	NOTE: not belived to be vulnerable
(http://marc.theaimsgroup.com/?l=bugtraq&m=104931415307111&w=2)
 CVE-2003-0171 (DirectoryServices in MacOS X trusts the PATH environment
variable to ...)
@@ -19115,6 +19132,8 @@
 	{DSA-271}
 CVE-2003-0161 (The prescan() function in the address parser (parseaddr.c) in
Sendmail ...)
 	{DSA-290 DSA-278}
+	- sendmail-wide 8.12.9+3.5Wbeta-1
+	- sendmail 8.12.9-1
 CVE-2003-0160 (Multiple cross-site scripting (XSS) vulnerabilities in
SquirrelMail ...)
 	- squirrelmail 1:1.2.11
 CVE-2003-0159 (Heap-based buffer overflow in the NTLMSSP code for Ethereal
0.9.9 and ...)
@@ -19143,10 +19162,13 @@
 	NOT-FOR-US: McAfee ePolicy Orchestrator
 CVE-2003-0147 (OpenSSL does not use RSA blinding by default, which allows local
and ...)
 	{DSA-288}
+	- openssl 0.9.7b-1
+	- openssl096 0.9.6j-1
 CVE-2003-0146 (Multiple vulnerabilities in NetPBM 9.20 and earlier, and
possibly ...)
 	{DSA-263}
 CVE-2003-0144 (Buffer overflow in the lprm command in the lprold lpr package on
SuSE ...)
 	{DSA-275 DSA-267}
+	- lpr-ppd 1:0.72-3
 CVE-2003-0142 (Adobe Acrobat Reader (acroread) 6, under certain circumstances
when ...)
 	NOT-FOR-US: acroread
 CVE-2003-0141 (The PNG deflate algorithm in RealOne Player 6.0.11.x and
earlier, ...)
@@ -19161,6 +19183,7 @@
 	NOT-FOR-US: Nokia Serving GPRS support node
 CVE-2003-0136 (psbanner in the LPRng package allows local users to overwrite
...)
 	{DSA-285}
+	- lprng 3.8.20-4.
 CVE-2003-0135 (vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP
...)
 	NOTE: red-hat specific compilation problem of vsftpd
 CVE-2003-0134 (Unknown vulnerability in filestat.c for Apache running on OS2,
...)
@@ -19171,6 +19194,8 @@
 	- apache2 2.0.45
 CVE-2003-0131 (The SSL and TLS components for OpenSSL 0.9.6i and earlier,
0.9.7, and ...)
 	{DSA-288}
+	- openssl 0.9.7b-1
+	- openssl096 0.9.6j-1
 CVE-2003-0130 (The handle_image function in mail-format.c for Ximian Evolution
Mail ...)
 	- evolution 1.2.3
 CVE-2003-0129 (Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote
...)
@@ -19215,8 +19240,10 @@
 	- webmin 1.070-1
 CVE-2003-0099 (Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x
before ...)
 	{DSA-277}
+	- apcupsd 3.8.5-1.2
 CVE-2003-0098 (Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before
...)
 	{DSA-277}
+	- apcupsd 3.8.5-1.2
 CVE-2003-0096 (Multiple buffer overflows in Oracle 9i Database release 2,
Release 1, ...)
 	NOT-FOR-US: Oracle
 CVE-2003-0092 (Heap-based buffer overflow in dtsession for Solaris 2.5.1
through ...)
@@ -19290,6 +19317,7 @@
 	RESERVED
 CVE-2003-0028 (Integer overflow in the xdrmem_getbytes() function, and possibly
other ...)
 	{DSA-282 DSA-272 DSA-266}
+	- glibc 2.3.1-16
 CVE-2003-0026 (Multiple stack-based buffer overflows in the error handling
routines ...)
 	{DSA-231}
 CVE-2003-0025 (Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier
allow ...)

Modified: data/DSA/list
==================================================================---
data/DSA/list	2005-12-02 17:12:55 UTC (rev 2928)
+++ data/DSA/list	2005-12-02 22:49:44 UTC (rev 2929)
@@ -2366,71 +2366,71 @@
 	[woody] - snort 1.8.4beta1-3.1
 [30 Apr 2003] DSA-296 kdebase - insecure execution
 	{CVE-2003-0204}
-	- kdebase 4:3.1.0-1
+	[woody] - kdebase 2.2.2-14.4
 [30 Apr 2003] DSA-295 pptpd - buffer overflow
 	{CVE-2003-0213}
-	- pptpd 1.1.4-0.b3.2
+	[woody] - pptpd 1.1.2-1.4
 [23 Apr 2003] DSA-294 gkrellm-newsticker - missing quoting, incomplete parser
 	{CVE-2003-0205 CVE-2003-0206}
-	NOTE: not in unstable/testing
+	[woody] - grellm-newsticker 0.3-3.1
 [23 Apr 2003] DSA-293 kdelibs - insecure execution
 	{CVE-2003-0204}
-	- kdebase 4:3.1.0-1
+	[woody] - kdebase 2.2.2-13.woody.7
 [22 Apr 2003] DSA-292 mime-support - insecure temporary file creation
 	{CVE-2003-0214}
-	- mime-support 3.23-1
+	[woody] - mime-support 3.18-1.3
 [22 Apr 2003] DSA-291 ircii - buffer overflows
 	{CVE-2003-0323}
-	- ircii 20030315-1
+	[woody] - ircii 20020322-1.1
 [17 Apr 2003] DSA-290 sendmail-wide - char-to-int conversion
 	{CVE-2003-0161}
-	- sendmail-wide 8.12.9+3.5Wbeta-1
+	[woody] - sendmail-wide 8.12.3+3.5Wbeta-5.4
 [17 Apr 2003] DSA-289 rinetd - incorrect memory resizing
 	{CVE-2003-0212}
-	- rinetd 0.61-2
+	[woody] - rinetd 0.61-1.1
 [17 Apr 2003] DSA-288 openssl - several vulnerabilities
 	{CVE-2003-0147 CVE-2003-0131}
-	- openssl 0.9.7b-1
-	- openssl096 0.9.6j-1
+	[woody] - openssl 0.9.6c-2.woody.3
 [15 Apr 2003] DSA-287 epic - buffer overflows
 	{CVE-2003-0324}
-	- epic4 1:1.1.11.20030409-1
+	[woody] - epic 3.004-17.1
 [14 Apr 2003] DSA-286 gs-common - insecure temporary file
 	{CVE-2003-0207}
-	- gs-common 0.3.3.1
+	[woody] - gs-common 0.3.3.0woody1
 [14 Apr 2003] DSA-285 lprng - insecure temporary file
 	{CVE-2003-0136}
-	- lprng 3.8.20-4.
+	[woody] - lprng 3.8.10-1.2
 [12 Apr 2003] DSA-284 kdegraphics - insecure execution
 	{CVE-2003-0204}
-	- kdegraphics 4:3.1.0-1
+	[woody] - kdegraphics 3.8.10-1.2
 [11 Apr 2003] DSA-283 xfsdump - insecure file creation
 	{CVE-2003-0173}
-	- xfsdump 2.2.8-1
+	[woody] - xfsdump 2.0.1-2
 [09 Apr 2003] DSA-282 glibc - integer overflow
 	{CVE-2003-0028}
-	- glibc 2.3.1-16
+	[woody] - glibc 2.2.5-11.5
 [08 Apr 2003] DSA-281 moxftp - buffer overflow
 	{CVE-2003-0203}
-	- moxftp 2.2-18.20
+	[woody] - moxftp 2.2-18.1
 [07 Apr 2003] DSA-280 samba - buffer overflow
 	{CVE-2003-0201 CVE-2003-0196}
-	- samba 3.0
+	[woody] - samba 2.2.3a-12.3
 [07 Apr 2003] DSA-279 metrics - insecure temporary file creation
 	{CVE-2003-0202}
-	NOTE: note in unstable/testing
+	[woody] - metrics <removed>
 [04 Apr 2003] DSA-278 sendmail - char-to-int conversion
 	{CVE-2003-0161}
-	- sendmail 8.12.9-1
+	[woody] - sendmail 8.12.3-6.3
 [03 Apr 2003] DSA-277 apcupsd - buffer overflows, format string
 	{CVE-2003-0098 CVE-2003-0099}
-	- apcupsd 3.8.5-1.2
+	[woody] - apcupsd 3.8.5-1.1.1
 [03 Apr 2003] DSA-276 linux-kernel-s390 - local privilege escalation
 	{CVE-2003-0127}
-	NOTE: this version is not in sarge, did not check others
+	[woody] - kernel-patch-2.4.17-s390 0.0.20020816-0.woody.1.1
+	[woody] - kernel-image-2.4.17-s390 2.4.17-2.woody.2.2
 [02 Apr 2003] DSA-275 lpr-ppd - buffer overflow
 	{CVE-2003-0144}
-	- lpr-ppd 1:0.72-3
+	[woody] - lpr-ppd 0.72-2.1
 [28 Mar 2003] DSA-274 mutt - buffer overflow
 	{CVE-2003-0167}
 	- mutt 1.4.0
Secure testing commits - Dec 2005 - r2929 - in data: CVE DSA

[Secure-testing-commits] r2929 - in data: CVE DSA
