june 2003 converted to new DSA format

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@2890 e39458fd-73e7-0310-bf30-c45bca0a0e42

3 files changed, 54 insertions, 28 deletions

diff --git a/data/CVE/1999.list b/data/CVE/1999.list
index 493d5d923b..ce6ba05aae 100644
--- a/data/CVE/1999.list
+++ b/data/CVE/1999.list
@@ -1682,6 +1682,7 @@ CVE-1999-1335 (snmpd server in cmu-snmp SNMP package before 3.3-1 in Red Hat Lin
 CVE-1999-1333 (automatic download option in ncftp 2.4.2 FTP client in Red Hat Linux ...)
 CVE-1999-1332 (gzexe in the gzip package on Red Hat Linux 5.0 and earlier allows ...)
 	{DSA-308}
+	- gzip 1.3.5-6
 CVE-1999-1331 (netcfg 2.16-1 in Red Hat Linux 4.2 allows the Ethernet interface to be ...)
 CVE-1999-1330 (The snprintf function in the db library 1.85.4 ignores the size ...)
 CVE-1999-1329 (Buffer overflow in SysVInit in Red Hat Linux 5.1 and earlier allows ...)
diff --git a/data/CVE/2003.list b/data/CVE/2003.list
index ed4cc60ca2..7cbb4542c7 100644
--- a/data/CVE/2003.list
+++ b/data/CVE/2003.list
@@ -1820,10 +1820,13 @@ CVE-2003-0453 (traceroute-nanog 6.1.1 allows local users to overwrite unauthoriz
 	- traceroute-nanog 6.3.6-3
 CVE-2003-0452 (Buffer overflows in osh before 1.7-11 allow local users to execute ...)
 	{DSA-329}
+	- osh 1.7-12
 CVE-2003-0451 (Multiple buffer overflows in xbl before 1.0k allow local users to gain ...)
 	{DSA-327}
+	- xbl 1.0k-5
 CVE-2003-0450 (Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows ...)
 	{DSA-321}
+	- radiusd-cistron 1.6.6-2
 CVE-2003-0449 (Progress Database 9.1 to 9.1D06 trusts user input to find and load ...)
 	NOT-FOR-US: progress database
 CVE-2003-0448 (Portmon 1.7 and possibly earlier versions allows local users to read ...)
@@ -1834,6 +1837,7 @@ CVE-2003-0446 (Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, poss
 	NOT-FOR-US: microsoft
 CVE-2003-0445 (Buffer overflow in webfs before 1.17.1 allows remote attackers to ...)
 	{DSA-328}
+	- webfs 1.20
 CVE-2003-0444 (Heap-based buffer overflow in GTKSee 0.5 and 0.5.1 allows remote ...)
 	{DSA-337}
 	- gtksee 0.5.6-1
@@ -1844,6 +1848,7 @@ CVE-2003-0442 (Cross-site scripting (XSS) vulnerability in the transparent SID .
 	- php4 4:4.3.2+rc3-1
 CVE-2003-0441 (Multiple buffer overflows in Orville Write (orville-write) 2.53 and ...)
 	{DSA-326}
+	- orville-write 2.54-1
 CVE-2003-0440 (The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and ...)
 	{DSA-339}
 	- semi 1.14.5+20030609-1 (bug #223456)
@@ -1852,12 +1857,14 @@ CVE-2003-0439
 	RESERVED
 CVE-2003-0438 (eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local ...)
 	{DSA-325}
+	- eldav 0.7.2-1
 CVE-2003-0437 (Buffer overflow in search.cgi for mnoGoSearch 3.2.10 allows remote ...)
 	- mnogosearch-common 3.2.11
 CVE-2003-0436 (Buffer overflow in search.cgi for mnoGoSearch 3.1.20 allows remote ...)
 	- mnogosearch-common 3.2.11
 CVE-2003-0435 (Buffer overflow in net_swapscore for typespeed 0.4.1 and earlier ...)
 	{DSA-322}
+	- typespeed 0.4.4
 CVE-2003-0434 (Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 ...)
 	NOTE: various pdf viewers
 	NOTE: kpdf does not seem to support hyperlinks; so not vulnerable
@@ -1865,18 +1872,24 @@ CVE-2003-0434 (Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf
 	- xpdf 2.02pl1-1
 CVE-2003-0433 (Multiple buffer overflows in gnocatan 0.6.1 and earlier allow ...)
 	{DSA-315}
+	- gnocatan 0.8.0-1 (bug #328136)
+	- pioneers <not-affected> (bug #328136)
 CVE-2003-0432 (Ethereal 0.9.12 and earlier does not handle certain strings properly, ...)
 	{DSA-324}
+	- ethereal 0.9.13-1
 CVE-2003-0431 (The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not ...)
 	{DSA-324}
+	- ethereal 0.9.13-1
 CVE-2003-0430 (The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote ...)
-	- ethereal 0.9.13
+	- ethereal 0.9.13-1
 CVE-2003-0429 (The OSI dissector in Ethereal 0.9.12 and earlier allows remote ...)
 	{DSA-324}
+	- ethereal 0.9.13-1
 CVE-2003-0428 (Unknown vulnerability in the DCERPC (DCE/RPC) dissector in Ethereal ...)
 	{DSA-324}
 CVE-2003-0427 (Buffer overflow in mikmod 3.1.6 and earlier allows remote attackers to ...)
 	{DSA-320}
+	- mikmod 3.1.6-6
 CVE-2003-0426 (The installation of Apple QuickTime / Darwin Streaming Server before ...)
 	NOT-FOR-US: Apple
 CVE-2003-0425 (Directory traversal vulnerability in Apple QuickTime / Darwin ...)
@@ -1967,10 +1980,13 @@ CVE-2003-0384
 	RESERVED
 CVE-2003-0382 (Buffer overflow in Eterm 0.9.2 allows local users to gain privileges ...)
 	{DSA-309}
+	- eterm 0.9.2-1
 CVE-2003-0381 (Multiple vulnerabilities in noweb 2.9 and earlier creates temporary ...)
 	{DSA-323}
+	- noweb 2.10c-3.1 (bug #271146)
 CVE-2003-0380 (Buffer overflow in atftp daemon (atftpd) 0.6.1 and earlier, and ...)
 	{DSA-314}
+	- atftp 0.6.2
 CVE-2003-0379 (Unknown vulnerability in Apple File Service (AFP Server) for Mac OS X ...)
 	NOT-FOR-US: MaxOS
 CVE-2003-0378 (The Kerberos login authentication feature in Mac OS X, when used with ...)
@@ -1998,8 +2014,10 @@ CVE-2003-0368 (Nokia Gateway GPRS support node (GGSN) allows remote attackers to
 	NOT-FOR-US: Nokia Gateway GPRS
 CVE-2003-0367 (znew in the gzip package allows local users to overwrite arbitrary ...)
 	{DSA-308}
+	- gzip 1.3.5-6
 CVE-2003-0366 (lyskom-server 2.0.7 and earlier allows unauthenticated users to cause ...)
 	{DSA-318}
+	- lyskom-server 2.0.7-2
 CVE-2003-0365 (ICQLite 2003a creates the ICQ Lite directory with an ACE for &quot;Full ...)
 	NOT-FOR-US: ICQLite
 CVE-2003-0364 (The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows ...)
@@ -2015,13 +2033,20 @@ CVE-2003-0360 (Multiple buffer overflows in gPS before 1.0.0 allow attackers to
 	{DSA-307}
 CVE-2003-0359 (nethack 3.4.0 and earlier installs certain setgid binaries with ...)
 	{DSA-316}
+	- nethack 3.4.1-1
+	- jnethack 1.1.5-15
 CVE-2003-0358 (Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye ...)
 	{DSA-350 DSA-316}
 	- falconseye 1.9.3-9
+	- nethack 3.4.1-1
+	- slashem 0.0.6E4F8-6
+	- jnethack 1.1.5-15
 CVE-2003-0357 (Multiple integer overflow vulnerabilities in Ethereal 0.9.11 and ...)
 	{DSA-313}
+	- ethereal 0.9.12-1
 CVE-2003-0356 (Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier ...)
 	{DSA-313}
+	- ethereal 0.9.12-1
 CVE-2003-0355 (Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name ...)
 	NOT-FOR-US: Safari
 CVE-2003-0354 (Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers ...)
@@ -2365,6 +2390,7 @@ CVE-2003-0196 (Multiple buffer overflows in Samba before 2.2.8a may allow remote
 	{DSA-280}
 CVE-2003-0195 (CUPS before 1.1.19 allows remote attackers to cause a denial of ...)
 	{DSA-317}
+	- cupsys 1.1.19final-1
 CVE-2003-0194 (tcpdump does not properly drop privileges to the pcap user when ...)
 	NOTE: apparently a redhat specific compilation prolem of tcpdump
 CVE-2003-0193 (msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users ...)
@@ -2529,6 +2555,7 @@ CVE-2003-0105 (ServerMask 2.2 and earlier does not obfuscate (1) ETag, (2) HTTP
 	NOT-FOR-US: ServerMask
 CVE-2003-0101 (miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 ...)
 	{DSA-319}
+	- webmin 1.070-1
 CVE-2003-0099 (Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before ...)
 	{DSA-277}
 CVE-2003-0098 (Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before ...)
diff --git a/data/DSA/list b/data/DSA/list
index 5a5ea2f9fc..8b90d82383 100644
--- a/data/DSA/list
+++ b/data/DSA/list
@@ -2241,75 +2241,73 @@
 	[woody] - tcptraceroute 1.2-2
 [20 Jun 2003] DSA-329 osh - buffer overflows
 	{CVE-2003-0452}
-	- osh 1.7-12
+	[woody] - osh 1.7-11woody1
 [19 Jun 2003] DSA-328 webfs - buffer overflow
 	{CVE-2003-0445}
-	- webfs 1.20
+	[woody] - webfs 1.17.1
 [19 Jun 2003] DSA-327 xbl - buffer overflows
 	{CVE-2003-0451}
-	- xbl 1.0k-5
+	[woody] - xbl 1.0k-3woody1
 [19 Jun 2003] DSA-326 orville-write - buffer overflows
 	{CVE-2003-0441}
-	- orville-write 2.54-1
+	[woody] - orville-write 2.53-4woody1
 [19 Jun 2003] DSA-325 eldav - insecure temporary file
 	{CVE-2003-0438}
-	- eldav 0.7.2-1
+	[woody] - eldav 0.0.20020411-1woody1
 [18 Jun 2003] DSA-324 ethereal - several vulnerabilities
 	{CVE-2003-0428 CVE-2003-0429 CVE-2003-0431 CVE-2003-0432}
-	- ethereal 0.9.13-1.
+	[woody] - ethereal 0.9.4-1woody5
 [16 Jun 2003] DSA-323 noweb - insecure temporary files
 	{CVE-2003-0381}
-	- noweb 2.10c-3.1 (bug #271146)
+	[woody] - noweb 2.9a-7.3
 [16 Jun 2003] DSA-322 typespeed - buffer overflow
 	{CVE-2003-0435}
-	- typespeed 0.4.4
+	[woody] - typespeed 0.4.1-2.2
 [13 Jun 2003] DSA-321 radiusd-cistron - buffer overflow
 	{CVE-2003-0450}
-	- radiusd-cistron 1.6.6-2
+	[woody] - radiusd-cistron 1.6.6-1woody1
 [13 Jun 2003] DSA-320 mikmod - buffer overflow
 	{CVE-2003-0427}
-	- mikmod 3.1.6-6
+	[woody] - mikmod 3.1.6-4woody3
 [12 Jun 2003] DSA-319 webmin - session ID spoofing
 	{CVE-2003-0101}
-	- webmin 1.070-1
+	[woody] - webmin 0.94-7woody1
 [12 Jun 2003] DSA-318 lyskom-server - denial of service
 	{CVE-2003-0366}
-	- lyskom-server 2.0.7-2
+	[woody] - lyskom-server 2.0.6-1woody1
 [11 Jun 2003] DSA-317 cupsys - denial of service
 	{CVE-2003-0195}
-	- cupsys 1.1.19final-1
+	[woody] - cupsys 1.1.14-5
 [11 Jun 2003] DSA-316 nethack - buffer overflow, incorrect permissions
 	{CVE-2003-0358 CVE-2003-0359}
-	- nethack 3.4.1-1
-	- slashem 0.0.6E4F8-6
-	- jnethack 1.1.5-15
-	NOTE: DSA contains some strange non-nethack version numbers
+	[woody] - nethack 3.4.0-3.0woody3
+	[woody] - slashem 0.0.6E4F8-4.0woody3
 [11 Jun 2003] DSA-315 gnocatan - buffer overflows, denial of service
 	{CVE-2003-0433}
-	- gnocatan 0.8.0-1 (bug #328136)
-	- pioneers <not-affected> (bug #328136)
-	NOTE: maintainer confirmed that the security fixes are included
+	[woody] - gnocatan 0.6.1-5woody2
 [11 Jun 2003] DSA-314 atftp - buffer overflow
 	{CVE-2003-0380}
-	- atftp 0.6.2
+	[woody] - atftp 0.6.1.1.0woody1
 [11 Jun 2003] DSA-313 ethereal - buffer overflows, integer overflows
 	{CVE-2003-0356 CVE-2003-0357}
-	- ethereal 0.9.12-1
+	[woody] - ethereal 0.9.4-1woody4
 [09 Jun 2003] DSA-312 kernel-patch-2.4.18-powerpc - several vulnerabilities
 	{CVE-2002-0429 CVE-2003-0001 CVE-2003-0127 CVE-2003-0244 CVE-2003-0246 CVE-2003-0247 CVE-2003-0248}
-	NOTE: not in unstable/testing. Did not check other versions.
+	[woody] - kernel-patch-2.4.18-powerpc 2.4.18-1woody1
 [08 Jun 2003] DSA-311 linux-kernel-2.4.18 - several vulnerabilities
 	{CVE-2002-0429 CVE-2003-0001 CVE-2003-0127 CVE-2003-0244 CVE-2003-0246 CVE-2003-0247 CVE-2003-0248 CVE-2003-0364}
-	NOTE: not in unstable/testing. Did not check other versions.
+	[woody] - kernel-source-2.4.18 2.4.18-9
+	[woody] - kernel-image-2.4.18-1-i386 2.4.18-8
+	[woody] - kernel-image-2.4.18-i386bf 2.4.18-5woody1.
 [08 Jun 2003] DSA-310 xaos - improper setuid-root execution
 	{CVE-2003-0385}
-	- xaos 3.1r-4
+	[woody] - xaos 3.0-23woody1
 [06 Jun 2003] DSA-309 eterm - buffer overflow
 	{CVE-2003-0382}
-	- eterm 0.9.2-1
+	[woody] - eterm 0.9.2-0pre2002042903.1
 [06 Jun 2003] DSA-308 gzip - insecure temporary files
 	{CVE-1999-1332 CVE-2003-0367}
-	- gzip 1.3.5-6
+	[woody] - gzip 1.3.2-3woody1
 [27 May 2003] DSA-307 gps - multiple vulnerabilities
 	{CVE-2003-0361 CVE-2003-0360 CVE-2003-0362}
 	- gps 1.1.0-1