Moritz Muehlenhoff
2005-Dec-06 14:27 UTC
[Secure-testing-commits] r2952 - in data: CVE DSA
Author: jmm-guest
Date: 2005-12-06 14:26:51 +0000 (Tue, 06 Dec 2005)
New Revision: 2952
Modified:
data/CVE/list
data/DSA/list
Log:
DSA conversions
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-12-06 13:34:57 UTC (rev 2951)
+++ data/CVE/list 2005-12-06 14:26:51 UTC (rev 2952)
@@ -19454,6 +19454,7 @@
- krb5 1.2.4
CVE-2003-0057 (Multiple buffer overflows in Hypermail 2 before 2.1.6 allows
remote ...)
{DSA-248}
+ - hypermail 2.1.6-1
CVE-2003-0056 (Buffer overflow in secure locate (slocate) before 2.7 allows
local ...)
{DSA-252}
- slocate 2.7-1
@@ -19467,8 +19468,10 @@
NOT-FOR-US: commercial ssh clients
CVE-2003-0044 (Multiple cross-site scripting (XSS) vulnerabilities in the (1)
...)
{DSA-246}
+ - tomcat <removed>
CVE-2003-0042 (Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or
earlier, ...)
{DSA-246}
+ - tomcat <removed>
CVE-2003-0041 (Kerberos FTP client allows remote FTP sites to execute arbitrary
code ...)
NOTE: verified sarge version of krb5-clients not vulnerable
NOTE: nothing in changelogs
@@ -19477,6 +19480,7 @@
- mailman 2.1.1-1
CVE-2003-0037 (Buffer overflows in noffle news server 1.0.1 and earlier allow
remote ...)
{DSA-244}
+ - noffle 1.1.2-1
CVE-2003-0036 (ml85p, as included in the printer-drivers package for Mandrake
Linux, ...)
NOT-FOR-US: ml85p, as included in the printer-drivers package for Mandrake
Linux
CVE-2003-0035 (Buffer overflow in escputil, as included in the printer-drivers
...)
@@ -19487,6 +19491,7 @@
NOTE: it''s not installed setuid or setgid, so this is not exploitable
CVE-2003-0031 (Multiple buffer overflows in libmcrypt before 2.5.5 allow
attackers to ...)
{DSA-228}
+ - libmcrypt 2.5.5-1
CVE-2003-0030 (Buffer overflows in protegrity.dll of Protegrity Secure.Data
Extension ...)
NOT-FOR-US: Protegrity Secure.Data Extension Feature
CVE-2003-0029
@@ -19499,8 +19504,11 @@
NOTE: krb5: changelog does not mention this one, verified patch from Tom Yu
was applied to this version.
CVE-2003-0026 (Multiple stack-based buffer overflows in the error handling
routines ...)
{DSA-231}
+ - dhcp3 3.0+3.0.1rc11-1
CVE-2003-0025 (Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier
allow ...)
{DSA-229}
+ - imp 2.2.6-7
+ - imp3 <not-affected>
CVE-2003-0014 (gsinterf.c in bmv 1.2 and earlier allows local users to
overwrite ...)
{DSA-633-1}
- bmv 1.2-17
@@ -19775,7 +19783,16 @@
- im 1:141-20
CVE-2002-1393 (Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do
not ...)
{DSA-243 DSA-242 DSA-241 DSA-240 DSA-239 DSA-238 DSA-237 DSA-236 DSA-235
DSA-234}
- NOTE: KDE2 not in sarge
+ - kdemultimedia 4:3.0.5a
+ - kdebase 4:3.0.5a
+ - kdeutils 4:3.0.5a
+ - kdegames 4:3.0.5a
+ - kdesdk 4:3.0.5a
+ - kdepim 4:3.0.5a
+ - kdelibs 4:3.0.5a
+ - kdenetwork 4:3.0.5a
+ - kdegraphics 4:3.0.5a
+ - kdeadmin 4:3.0.5a
CVE-2002-1387 (The spray mode in traceroute-nanog (aka traceroute-ng) may allow
local ...)
{DSA-254}
- traceroute-nanog 6.3.0-1
Modified: data/DSA/list
==================================================================---
data/DSA/list 2005-12-06 13:34:57 UTC (rev 2951)
+++ data/DSA/list 2005-12-06 14:26:51 UTC (rev 2952)
@@ -2513,71 +2513,67 @@
[woody] - w3mmee 0.3-2.4
[31 Jan 2003] DSA-248 hypermail - buffer overflows
{CVE-2003-0057}
- - hypermail 2.1.6-1
+ [woody] - hypermail 2.1.3-2.0
[30 Jan 2003] DSA-247 courier-ssl - missing input sanitizing
{CVE-2003-0040}
- - courier 0.40.2-3
+ [woody] - courier 0.37.3-3.3
[29 Jan 2003] DSA-246 tomcat - information exposure, cross site scripting
{CVE-2003-0042 CVE-2003-0043 CVE-2003-0044}
- NOTE: tomcat not in sid/sarge
- NOTE: tomcat4 not affected
+ [woody] - tomcat 3.3a-4woody.1
[28 Jan 2003] DSA-245 dhcp3 - ignored counter boundary
{CVE-2003-0039}
- - dhcp3 1.1.2-1
+ [woody] - dhcp3 3.0+3.0.1rc9-2.2
[27 Jan 2003] DSA-244 noffle - buffer overflows
{CVE-2003-0037}
- - noffle 1.1.2-1
+ [woody] - noffle 1.0.1-1.1
[24 Jan 2003] DSA-243 kdemultimedia - several vulnerabilities
{CVE-2002-1393}
- - kdemultimedia 4:3.1
+ [woody] - kdemultimedia 2.2.2-8.2
[24 Jan 2003] DSA-242 kdebase - several vulnerabilities
{CVE-2002-1393}
- - kdebase 4:3.1
+ [woody] - kdebase 2.2.2-14.2
[24 Jan 2003] DSA-241 kdeutils - several vulnerabilities
{CVE-2002-1393}
- - kdeutils 4:3.1
+ [woody] - kdeutils 2.2.2-9.2
[23 Jan 2003] DSA-240 kdegames - several vulnerabilities
{CVE-2002-1393}
- - kdegames 4:3.1
+ [woody] - kdegames 2.2.2-2.2
[23 Jan 2003] DSA-239 kdesdk - several vulnerabilities
{CVE-2002-1393}
- - kdesdk 4:3.1
+ [woody] - kdesdk 2.2.2-3.2
[23 Jan 2003] DSA-238 kdepim - several vulnerabilities
{CVE-2002-1393}
- - kdepim 4:3.1
+ [woody] - kdepim 2.2.2-5.2
[22 Jan 2003] DSA-237 kdenetwork - several vulnerabilities
{CVE-2002-1393}
- - kdenetwork 4:3.1
+ [woody] - kdenetwork 2.2.2-14.6
[22 Jan 2003] DSA-236 kdelibs - several vulnerabilities
{CVE-2002-1393}
- - kdelibs 4:3.1
+ [woody] - kdelibs 2.2.2-13.woody.6
[22 Jan 2003] DSA-235 kdegraphics - several vulnerabilities
{CVE-2002-1393}
- - kdegraphics 4:3.1
+ [woody] - kdegraphics 2.2.2-6.10
[22 Jan 2003] DSA-234 kdeadmin - several vulnerabilities
{CVE-2002-1393}
- - kdeadmin 4:3.1
+ [woody] - kdeadmin 2.2.2-7.2
[21 Jan 2003] DSA-233 cvs - doubly freed memory
{CVE-2003-0015}
- - cvs 1.11.2-5.1
+ [woody] - cvs 1.11.1p1debian-8.1
[20 Jan 2003] DSA-232 cupsys - several vulnerabilities
{CVE-2002-1366 CVE-2002-1367 CVE-2002-1368 CVE-2002-1369 CVE-2002-1371
CVE-2002-1372 CVE-2002-1383 CVE-2002-1384}
- - cupsys 1.1.18-1
+ [woody] - cupsys 1.1.14-4.3
[17 Jan 2003] DSA-231 dhcp3 - stack overflows
{CVE-2003-0026}
- - dhcp3 3.0+3.0.1rc11-1
+ [woody] - dhcp3 3.0+3.0.1rc9-2.1
[16 Jan 2003] DSA-230 bugzilla - insecure permissions, spurious backup files
- NOTE: not in testing due to 3 newer security holes
- {CVE-2003-0012}
- - bugzilla 2.16.2
- {CVE-2003-0013}
- - bugzilla 2.16.2
+ {CVE-2003-0012 CVE-2003-0013}
+ [woody] - bugzilla 2.14.2-0woody4
[15 Jan 2003] DSA-229 imp - SQL injection
{CVE-2003-0025}
- NOTE: I think imp3 is ok.
+ [woody] - imp 2.2.6-5.1
[14 Jan 2003] DSA-228 libmcrypt - buffer overflows and memory leak
{CVE-2003-0031 CVE-2003-0032}
- - libmcrypt 2.5.5-1
+ [woody] - libmcrypt 2.5.0-1woody1
[13 Jan 2003] DSA-227 openldap2 - buffer overflows and other bugs
{CVE-2002-1378 CVE-2002-1379 CVE-2002-1508}
- openldap2 2.0.27-3