Moritz Muehlenhoff
2005-Dec-05 11:56 UTC
[Secure-testing-commits] r2944 - in data: CVE DSA
Author: jmm-guest
Date: 2005-12-05 11:56:05 +0000 (Mon, 05 Dec 2005)
New Revision: 2944
Modified:
data/CVE/list
data/DSA/list
Log:
converted feb 2003 to the new DSA format
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-12-05 11:55:21 UTC (rev 2943)
+++ data/CVE/list 2005-12-05 11:56:05 UTC (rev 2944)
@@ -10576,10 +10576,9 @@
CVE-2005-1042 (Integer overflow in the exif_process_IFD_TAG function in exif.c
in PHP ...)
- php4 4:4.3.10-10 (bug #306003)
CVE-2005-1041 (The fib_seq_start function in fib_hash.c in Linux kernel allows
local ...)
- - linux-2.6 <not-affected> (Fixed before upload into archive)
+ - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.5)
[sarge] - kernel-source-2.6.8 2.6.8-16
- kernel-source-2.4.27 <not-affected>
- TODO: Check, when this was fixed
CVE-2005-1040 (Multiple unknown vulnerabilities in netapplet in Novell Linux
Desktop ...)
- netapplet <not-affected> (Not vulerable, see bug #310833)
CVE-2005-1039 (Race condition in Core Utilities (coreutils) 5.2.1, when (1)
mkdir, ...)
@@ -19448,6 +19447,7 @@
{DSA-248}
CVE-2003-0056 (Buffer overflow in secure locate (slocate) before 2.7 allows
local ...)
{DSA-252}
+ - slocate 2.7-1
CVE-2003-0049 (Apple File Protocol (AFP) in Mac OS X before 10.2.4 allows ...)
NOT-FOR-US: MacOS
CVE-2003-0048 (PuTTY 0.53b and earlier does not clear logon credentials from
memory, ...)
@@ -19836,7 +19836,9 @@
NOT-FOR-US: Office Web Components
CVE-2002-1335 (Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not
escape ...)
{DSA-251 DSA-250 DSA-249}
+ - w3m 0.3.2.2-1
- w3mmee 0.3.p24.17-3
+ - w3m-ssl <removed>
CVE-2002-1334 (Cross-site scripting (XSS) vulnerability in BizDesign ImageFolio
3.01 ...)
NOT-FOR-US: BizDesign
CVE-2002-1333
@@ -21262,6 +21264,7 @@
NOT-FOR-US: PC-cillin
CVE-2002-1348 (w3m before 0.3.2.2 does not properly escape HTML tags in the ALT
...)
{DSA-251 DSA-250 DSA-249}
+ - w3m 0.3.2.2-1
- w3mmee 0.3.p24.17-3
CVE-2002-1337 (Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote
attackers to ...)
{DSA-257}
@@ -21991,6 +21994,7 @@
CVE-2002-0381 (The TCP implementation in various BSD operating systems
(tcp_input.c) ...)
CVE-2002-0380 (Buffer overflow in tcpdump 3.6.2 and earlier allows remote
attackers ...)
{DSA-255}
+ - tcpdump 3.7.1-1.2
CVE-2002-0379 (Buffer overflow in University of Washington imap server
(uw-imapd) ...)
CVE-2002-0377 (Gaim 0.57 stores sensitive information in world-readable and
...)
CVE-2002-0376 (Buffer overflow in Apple QuickTime 5.0 ActiveX component allows
remote ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2005-12-05 11:55:21 UTC (rev 2943)
+++ data/DSA/list 2005-12-05 11:56:05 UTC (rev 2944)
@@ -2489,28 +2489,28 @@
[woody] - sendmail-wide 8.12.3+3.5Wbeta-5.2
[28 Feb 2003] DSA-256 mhc - insecure temporary file
{CVE-2003-0120}
- - mhc 0.25+20030224-1
+ [woody] - mhc 0.25+20010625-7.1
[27 Feb 2003] DSA-255 tcpdump - infinite loop
{CVE-2003-0108 CVE-2002-0380}
- - tcpdump 3.7.1-1.2
+ [woody] - tcpdump 3.6.2-2.3
[27 Feb 2003] DSA-254 traceroute-nanog - buffer overflow
{CVE-2002-1051 CVE-2002-1364 CVE-2002-1386 CVE-2002-1387}
- - traceroute-nanog 6.3.0-1
+ [woody] - traceroute-nanog 6.1.1-1.2
[24 Feb 2003] DSA-253 openssl - information leak
{CVE-2003-0078}
- - openssl 0.9.7a-1
+ [woody] - openssl 0.9.6c-2.woody.2
[21 Feb 2003] DSA-252 slocate - buffer overflow
{CVE-2003-0056}
- - slocate 2.7-1
+ [woody] - slocate 2.6-1.3.1
[14 Feb 2003] DSA-251 w3m - missing HTML quoting
{CVE-2002-1335 CVE-2002-1348}
- - w3m 0.3.2.2-1
+ [woody] - w3m 0.3-2.4
[12 Feb 2003] DSA-250 w3mmee-ssl - missing HTML quoting
{CVE-2002-1335 CVE-2002-1348}
NOTE: not in sid/sarge
[11 Feb 2003] DSA-249 w3mmee - missing HTML quoting
{CVE-2002-1335 CVE-2002-1348}
- - w3mmee 0.3.p24.17-3
+ [woody] - w3mmee 0.3-2.4
[31 Jan 2003] DSA-248 hypermail - buffer overflows
{CVE-2003-0057}
- hypermail 2.1.6-1