diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2005-10-24 14:36:16 +0000 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2005-10-24 14:36:16 +0000 |
commit | a428fbe62b99c81e0801d8cc5c2c7e9c78a21654 (patch) | |
tree | e6ed12e560a2dffc0a8c52269be56919b8f3a62f | |
parent | dd935844bf6a20019f34d5fe54ab3a3cbb8233b6 (diff) |
more DSA conversions
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@2553 e39458fd-73e7-0310-bf30-c45bca0a0e42
-rw-r--r-- | data/CVE/1999.list | 1 | ||||
-rw-r--r-- | data/CVE/2004.list | 21 | ||||
-rw-r--r-- | data/DSA/list | 37 |
3 files changed, 32 insertions, 27 deletions
diff --git a/data/CVE/1999.list b/data/CVE/1999.list index d365411a34..7c493e0950 100644 --- a/data/CVE/1999.list +++ b/data/CVE/1999.list @@ -2039,6 +2039,7 @@ CVE-1999-0713 (The dtlogin program in Compaq Tru64 UNIX allows local users to ga CVE-1999-0711 (The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix ...) CVE-1999-0710 (The RedHat squid program installs cachemgr.cgi in a public web ...) {DSA-576-1} + - squid 2.5.7-1 CVE-2000-0691 (The faxrunq and faxrunqd in the mgetty package allows local users to ...) CVE-2000-0690 (Auction Weaver CGI script 1.02 and earlier allows remote attackers to ...) CVE-2000-0689 (Account Manager LITE does not properly authenticate attempts to change ...) diff --git a/data/CVE/2004.list b/data/CVE/2004.list index 4008c53e94..e3db2fc66d 100644 --- a/data/CVE/2004.list +++ b/data/CVE/2004.list @@ -3318,7 +3318,6 @@ CVE-2004-0956 (MySQL before 4.0.20 allows remote attackers to cause a denial of NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge CVE-2004-0955 REJECTED - {DSA-571-1 DSA-570-1} CVE-2004-0954 REJECTED CVE-2004-0953 (Buffer overflow in the C2S module in the open source Jabber 2.x server ...) @@ -3390,6 +3389,7 @@ CVE-2004-0924 (NetInfo Manager on Mac OS X 10.3.x through 10.3.5, after an initi NOT-FOR-US: MacOS CVE-2004-0923 (CUPS 1.1.20 and earlier records authentication information for a ...) {DSA-566-1} + - cupsys 1.1.20final+rc1-9 CVE-2004-0922 (AFP Server on Mac OS X 10.3.x to 10.3.5, under certain conditions, ...) NOT-FOR-US: MacOS CVE-2004-0921 (AFP Server on Mac OS X 10.3.x to 10.3.5, when a guest has mounted an ...) @@ -3421,11 +3421,12 @@ CVE-2004-0914 (Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used - openmotif 2.2.3-1.1 (bug #309819; medium) CVE-2004-0913 (Unknown vulnerability in ecartis 0.x before ...) {DSA-572-1} - - squid 2.5.6-9 + - ecartis 1.0.0+cvs.20030911-8 CVE-2004-0912 RESERVED CVE-2004-0911 (telnetd for netkit 0.17 and earlier, and possibly other versions, on ...) {DSA-569-1 DSA-556-1} + - netkit-telnet-ssl 0.17.24+0.1-4 CVE-2004-0910 REJECTED CVE-2004-0909 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...) @@ -3487,10 +3488,13 @@ CVE-2004-0889 (Multiple integer overflows in xpdf 3.0, and other packages that u CVE-2004-0888 (Multiple integer overflows in xpdf 2.0 and 3.0, and other packages ...) {DSA-599-1 DSA-581-1 DSA-573-1} - koffice 1:1.3.4-1 - NOTE: only affects source package, not used in binary - - cupsys <unfixed> (bug #324460; unimportant) + NOTE: only affects cupsys source package, not used in binary + - cupsys 1.1.20final+rc1-10 (bug #324460; unimportant) - tetex-bin 2.0.2-23 - xpdf 3.00-9 + - kpdf 4:3.3.1-1 (bug #278173) + - gpdf 2.8.0-1 + - kfax 4:3.3.1-1 (bug #280373) CVE-2004-0887 (SUSE Linux Enterprise Server 9 on the S/390 platform does not properly ...) NOTE: waldi provided this info - linux-kernel-image-2.6.8-s390 2.6.8-3 @@ -3499,10 +3503,13 @@ CVE-2004-0887 (SUSE Linux Enterprise Server 9 on the S/390 platform does not pro CVE-2004-0886 (Multiple integer overflows in libtiff 3.6.1 and earlier allow remote ...) {DSA-567-1} - kdegraphics 3.3.2-1 + - tiff 3.6.1-2 CVE-2004-0885 (The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the ...) - apache2 2.0.52-2 CVE-2004-0884 (The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and ...) {DSA-568-1 DSA-563-1} + - cyrus-sasl-mit <removed> + NOTE: maintainer reports hole not in cyrus-sasl2-mit CVE-2004-0883 (Multiple vulnerabilities in the samba filesystem (smbfs) in Linux ...) - kernel-source-2.4.27 2.4.27-6 - kernel-source-2.6.8 2.6.8-13 @@ -3685,11 +3692,12 @@ CVE-2004-0805 (Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0 - mpg123 0.59r-16 CVE-2004-0804 (Vulnerability in tif_dirread.c for libtiff allows remote attackers to ...) {DSA-567-1} - NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge - kdegraphics 3.3.2-1 + - tiff 3.6.1-2 CVE-2004-0803 (Multiple vulnerabilities in the RLE (run length encoding) decoders for ...) {DSA-567-1} - kdegraphics 3.3.2-1 + - tiff 3.6.1-2 CVE-2004-0802 (Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote ...) {DSA-552-1} CVE-2004-0801 (Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows ...) @@ -4142,6 +4150,8 @@ CVE-2004-0600 (Buffer overflow in the Samba Web Administration Tool (SWAT) in Sa - samba 3.0.5 (bug #260838) CVE-2004-0599 (Multiple integer overflows in the (1) png_read_png in pngread.c or (2) ...) {DSA-536} + - libpng3 1.2.5.0-9 + - libpng 1.0.15-8 CVE-2004-0598 (The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote ...) {DSA-536} CVE-2004-0597 (Multiple buffer overflows in libpng 1.2.5 and earlier, as used in ...) @@ -4238,6 +4248,7 @@ CVE-2004-0558 (The Internet Printing Protocol (IPP) implementation in CUPS befor {DSA-545-1} CVE-2004-0557 (Multiple buffer overflows in the st_wavstartread function in wav.c for ...) {DSA-565-1} + - sox 12.17.4-9 (bug #262083) CVE-2004-0556 RESERVED CVE-2004-0555 (Buffer overflow in (1) queue.c and (2) queued.c in queue before 1.30.1 ...) diff --git a/data/DSA/list b/data/DSA/list index aaae5f3597..6fcba5c689 100644 --- a/data/DSA/list +++ b/data/DSA/list @@ -1240,50 +1240,43 @@ [woody] - mpg123 0.59r-13woody4 [29 Oct 2004] DSA-577-1 postgresql - symlink vulnerability {CVE-2004-0977} - - postgresql 7.4.6-1 + [woody] - postgresql 7.2.1-2woody6 [29 Oct 2004] DSA-576-1 squid - multiple {CVE-1999-0710 CVE-2004-0918} - - squid 2.5.7-1 + [woody] - squid 2.4.6-2woody4 [28 Oct 2004] DSA-575-1 catdoc - insecure temporary file {CVE-2003-0193} - - catdoc 0.91.5-2 + [woody] - catdoc 0.91.5-1.woody3 [28 Oct 2004] DSA-574-1 cabextract - missing directory sanitising {CVE-2004-0916} - - cabextract 1.1-1 + [woody] - cabextract 0.2-2b [21 Oct 2004] DSA-573-1 cupsys - integer overflows {CVE-2004-0888} - - cupsys 1.1.20final+rc1-10 - {CVE-2004-0889} - - xpdf 3.00-10 - NOTE: kpdf and kfax are fixed in sarge, bug #278173 and #280373 for reference - - kpdf 4:3.3.1-1 - - gpdf 2.8.0-1 - - kfax 4:3.3.1-1 + [woody] - cupsys 1.1.14-5woody10 [21 Oct 2004] DSA-572-1 ecartis - multiple {CVE-2004-0913} - - ecartis 1.0.0+cvs.20030911-8 + [woody] - ecartis 0.129a+1.0.0-snap20020514-1.3 [20 Oct 2004] DSA-571-1 libpng3 - buffer overflows, integer overflow - {CVE-2004-0955} - - libpng3 1.2.5.0-9 + {CVE-2004-0599} + [woody] - libpng3 1.2.1-1.1.woody.9 [20 Oct 2004] DSA-570-1 libpng - integer overflow - {CVE-2004-0955} - - libpng 1.0.15-8 + {CVE-2004-0599} + [woody] - libpng 1.0.12-3.woody.9 [18 Oct 2004] DSA-569-1 netkit-telnet-ssl - invalid free(3) {CVE-2004-0911} - - netkit-telnet-ssl 0.17.24+0.1-4 + [woody] - netkit-telnet-ssl 0.17.17+0.1-2woody2 [16 Oct 2004] DSA-568-1 cyrus-sasl-mit - unsanitised input {CVE-2004-0884} - NOTE: removed from testing - NOTE: maintainer reports hole not in cyrus-sasl2-mit + [woody] - cyrus-sasl-mit 1.5.24-15woody3 [15 Oct 2004] DSA-567-1 tiff - heap overflows {CVE-2004-0803 CVE-2004-0804 CVE-2004-0886} - - tiff 3.6.1-2 + [woody] - tiff 3.5.5-6woody1 [14 Oct 2004] DSA-566-1 cupsys - unsanitised input {CVE-2004-0923} - - cupsys 1.1.20final+rc1-9 + [woody] - cupsys 1.1.14-5woody7 [13 Oct 2004] DSA-565-1 sox - buffer overflows {CVE-2004-0557} - - sox 12.17.4-9 (bug #262083) + [woody] - sox 12.17.3-4woody2 (bug #262083) [13 Oct 2004] DSA-564-1 mpg123 - missing user input sanitising {CVE-2004-0805} - mpg123 0.59r-16 |