Author: jmm-guest
Date: 2005-11-14 11:29:37 +0000 (Mon, 14 Nov 2005)
New Revision: 2734
Modified:
data/CVE/list
data/DSA/list
Log:
more DSA conversion work
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-11-14 11:02:45 UTC (rev 2733)
+++ data/CVE/list 2005-11-14 11:29:37 UTC (rev 2734)
@@ -14841,6 +14841,8 @@
- flim 1:1.14.6+0.20040415-1
CVE-2004-0421 (The Portable Network Graphics library (libpng) 1.0.15 and
earlier ...)
{DSA-498}
+ - libpng 1.0.15-5
+ - libpng3 1.2.5.0-6
CVE-2004-0420 (The Windows Shell application in Windows 98, Windows ME,
Windows NT ...)
NOT-FOR-US: windows
CVE-2004-0419 (XDM in XFree86 opens a chooserFd TCP socket even when ...)
@@ -14874,6 +14876,7 @@
- xchat 2.0.8-1
CVE-2004-0408 (Buffer overflow in the child_service function in the ident2
ident ...)
{DSA-494}
+ - ident2 1.04-2
CVE-2004-0407 (The HTML form upload capability in ColdFusion MX 6.1 does not
reclaim ...)
NOT-FOR-US: ColdFusion
CVE-2004-0406
@@ -14883,6 +14886,7 @@
- cvs 1:1.12.5-4
CVE-2004-0404 (logcheck before 1.1.1 allows local users to overwrite arbitrary
files ...)
{DSA-488}
+ - logcheck 1.1.1-13.2
CVE-2004-0403 (Racoon before 20040408a allows remote attackers to cause a
denial of ...)
- racoon 0.3.1-3
CVE-2004-0402 (Buffer overflow in xpcd-svga in xpcd before 2.08, and possibly
other ...)
@@ -15222,8 +15226,10 @@
NOT-FOR-US: utempter
CVE-2004-0232 (Multiple format string vulnerabilities in Midnight Commander
(mc) ...)
{DSA-497}
+ - mc 1:4.6.0-4.6.1-pre1-2
CVE-2004-0231 (Multiple vulnerabilities in Midnight Commander (mc) before
4.6.0, with ...)
{DSA-497}
+ - mc 1:4.6.0-4.6.1-pre1-2
CVE-2004-0230 (TCP, when using a large Window Size, makes it easier for remote
...)
NOT-FOR-US: famous TCP RST bug
CVE-2004-0229 (The framebuffer driver in Linux kernel 2.6.x does not properly
use the ...)
@@ -15234,6 +15240,7 @@
NOT-FOR-US: ZoneMinder
CVE-2004-0226 (Multiple buffer overflows in Midnight Commander (mc) before
4.6.0 may ...)
{DSA-497}
+ - mc 1:4.6.0-4.6.1-pre1-2
CVE-2004-0225
RESERVED
CVE-2004-0224 (Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c
for ...)
@@ -15316,9 +15323,11 @@
{DSA-487}
CVE-2004-0178 (The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x
before ...)
{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
+ - kernel-source-2.4.27 2.4.27-1
NOTE: fixed in 2.4.26-pre3
CVE-2004-0177 (The ext3 code in Linux 2.4.x before 2.4.26 does not properly
...)
{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
+ - kernel-source-2.4.27 2.4.27-1
NOTE: fixed in 2.4.26-pre4
CVE-2004-0176 (Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow
remote ...)
{DSA-511}
@@ -15426,6 +15435,7 @@
{DSA-455}
CVE-2004-0109 (Buffer overflow in the ISO9660 file system component for Linux
kernel ...)
{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
+ - kernel-source-2.4.27 2.4.27-1
NOTE: fixed in 2.4.26-rc4
CVE-2004-0107 (The (1) post and (2) trigger scripts in sysstat 4.0.7 and
earlier ...)
- sysstat 5.0.2-1
@@ -15570,6 +15580,7 @@
RESERVED
CVE-2004-0010 (Stack-based buffer overflow in the ncp_lookup function for
ncpfs in ...)
{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
+ - kernel-source-2.4.27 2.4.27-1
NOTE: fixed in 2.4.25-pre7
CVE-2004-0008 (Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic
before ...)
{DSA-434}
@@ -15584,6 +15595,7 @@
{DSA-434}
CVE-2004-0003 (Unknown vulnerability in Linux kernel before 2.4.22 allows
local users ...)
{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
+ - kernel-source-2.4.27 2.4.27-1
NOTE: fixed in 2.4.26-rc4
CVE-2004-0002 (The TCP MSS (maximum segment size) functionality in netinet
allows ...)
NOT-FOR-US: FreeBSD netinet
@@ -17490,6 +17502,7 @@
- evolution 1.2.3
CVE-2003-0127 (The kernel module loader in Linux kernel 2.2.x before 2.2.25,
and ...)
{DSA-495 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311 DSA-276 DSA-270}
+ TODO: Map this on current kernels
CVE-2003-0126 (The web interface for SOHO Routefinder 550 firmware 4.63 and
earlier, ...)
NOT-FOR-US: SOHO Routefinder 550 firmware
CVE-2003-0121 (Clearswift MAILsweeper 4.x allows remote attackers to bypass
...)
@@ -19951,6 +19964,7 @@
NOT-FOR-US: Microsoft
CVE-2002-0688 (ZCatalog plug-in index support capability for Zope 2.4.0
through 2.5.1 ...)
{DSA-490}
+ - zope 2.6.0-0.1
CVE-2002-0687 (The "through the web code" capability for Zope 2.0
through 2.5.1 b1 ...)
- zope 2.5.1b2
CVE-2002-0685 (Heap-based buffer overflow in the message decoding
functionality for ...)
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2005-11-14 11:02:45 UTC (rev 2733)
+++ data/DSA/list 2005-11-14 11:29:37 UTC (rev 2734)
@@ -1597,38 +1597,45 @@
[woody] - rsync 2.5.5-0.5
[30 Apr 2004] DSA-498 libpng - out of bound access
{CVE-2004-0421}
- - libpng 1.0.15-5
- - libpng3 1.2.5.0-6
+ [woody] - libpng 1.0.12-3.woody.5
+ [woody] - libpng3 1.2.1-1.1.woody.5
[29 Apr 2004] DSA-497 mc - several vulnerabilities
{CVE-2004-0226 CVE-2004-0231 CVE-2004-0232}
- - mc 1:4.6.0-4.6.1-pre1-2
+ [woody] - mc 4.5.55-1.2woody3
[29 Apr 2004] DSA-496 eterm - missing input sanitising
{CVE-2003-0068}
- - eterm 0.9.2-6
+ [woody] - eterm 0.9.2-0pre2002042903.3
[26 Apr 2004] DSA-495 linux-kernel-2.4.16-arm - several vulnerabilities
{CVE-2003-0127 CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177
CVE-2004-0178}
- NOTE: 2.4.16 not present. Did not check newer kernels.
+ [woody] - kernel-source-2.4.16 2.4.16-1woody2
+ [woody] - kernel-patch-2.4.16-arm 20040419
+ [woody] - kernel-image-2.4.16-lart 20040419
+ [woody] - kernel-image-2.4.16-netwinder 20040419
+ [woody] - kernel-image-2.4.16-riscpc 20040419
[21 Apr 2004] DSA-494 ident2 - buffer overflow
{CVE-2004-0408}
- - ident2 1.04-2
+ [woody] - ident2 1.03-3woody1
[21 Apr 2004] DSA-493 xchat - buffer overflow
{CVE-2004-0409}
- - xchat 2.0.8-1
+ [woody] - xchat 1.8.9-0woody3
[18 Apr 2004] DSA-492 iproute - denial of service
{CVE-2003-0856}
- - iproute 20010824-13.1
+ [woody] - iproute 20010824-8woody1
[17 Apr 2004] DSA-491 linux-kernel-2.4.19-mips - several vulnerabilities
{CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178}
- NOTE: 2.4.19 not present. Did not check newer kernels.
+ [woody] - kernel-source-2.4.19 2.4.19-4.woody2
+ [woody] - kernel-patch-2.4.19-mips 2.4.19-0.020911.1.woody4
[17 Apr 2004] DSA-490 zope - arbitrary code execution
{CVE-2002-0688}
- - zope 2.6.0-0.1
+ [woody] - zope 2.5.1-1woody1
[17 Apr 2004] DSA-489 linux-kernel-2.4.17-mips+mipsel - several vulnerabilities
{CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178}
- NOTE: 2.4.17 not present. Did not check newer kernels.
+ [woody] - kernel-source-2.4.17 2.4.17-1woody3
+ [woody] - kernel-patch-2.4.17-mips 2.4.17-0.020226.2.woody6
+ [woody] - kernel-patch-2.4.17-mipsel 2.4.17-0.020226.2.woody6
[16 Apr 2004] DSA-488 logcheck - insecure temporary directory
{CVE-2004-0404}
- - logcheck 1.1.1-13.2
+ [woody] - logcheck 1.1.1-13.1woody1
[16 Apr 2004] DSA-487 neon - format string
{CVE-2004-0179}
- neon 0.24.5-1
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
