Author: jmm-guest
Date: 2005-11-27 20:05:59 +0000 (Sun, 27 Nov 2005)
New Revision: 2875
Modified:
data/CVE/list
data/DSA/list
Log:
convert july 2003 to the new format
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-11-27 19:38:29 UTC (rev 2874)
+++ data/CVE/list 2005-11-27 20:05:59 UTC (rev 2875)
@@ -1,3 +1,6 @@
+CVE-2003-XXXX [Insecure tempfile in x-face-el]
+ - x-face-el 1.3.6.23-1
+ NOTE: DSA-340
CVE-2005-XXXX [Buffer overflow in unalz]
- unalz <unfixed> (bug #340842; medium)
CVE-2005-XXXX [potential dos against gaim-encryption]
@@ -17606,13 +17609,15 @@
- perl 5.8.0-19
CVE-2003-0614 (Cross-site scripting (XSS) vulnerability in search.php of
Gallery 1.1 ...)
{DSA-355}
- - zblast 1.2.1-7
+ - gallery 1.3.4-3
CVE-2003-0613 (Buffer overflow in zblast-svgalib of zblast 1.2.1 and earlier
allows ...)
{DSA-369}
+ - zblast 1.2.1-7
CVE-2003-0612 (Multiple buffer overflows in main.c for Crafty 19.3 allow local
users ...)
- crafty 19.3-1
CVE-2003-0611 (Multiple buffer overflows in xtokkaetama 1.0 allow local users
to ...)
{DSA-356}
+ - xtokkaetama 1.0b-8
CVE-2003-0610 (Directory traversal vulnerability in ePO agent for McAfee
ePolicy ...)
NOT-FOR-US: McAfee
CVE-2003-0609 (Stack-based buffer overflow in the runtime linker, ld.so.1, on
Solaris ...)
@@ -17621,6 +17626,7 @@
RESERVED
CVE-2003-0607 (Buffer overflow in xconq 7.4.1 allows local users to become
part of ...)
{DSA-354}
+ - xconq 7.4.1-2.1 (bug #202963)
CVE-2003-0606 (sup 1.8 and earlier does not properly create temporary files,
which ...)
{DSA-353}
- sup 1.8-9
@@ -17647,7 +17653,7 @@
NOT-FOR-US: Unixware
CVE-2003-0596 (FDclone 2.00a, and other versions before 2.02a, creates
temporary ...)
{DSA-352}
- - fdclone 2.02a
+ - fdclone 2.04-1
CVE-2003-0595 (Buffer overflow in WiTango Application Server and Tango 2000
allows ...)
NOT-FOR-US: WiTango Application Server and Tango 2000
CVE-2003-0594 (Mozilla allows remote attackers to bypass intended cookie
access ...)
@@ -17782,14 +17788,20 @@
- postfix 1.1.12
CVE-2003-0539 (skk (Simple Kana to Kanji conversion program) 12.1 and earlier,
and ...)
{DSA-343}
+ - skk 10.62a-6
+ - ddskk 12.1.cvs.20030622-1
CVE-2003-0538 (The mailcap file for mozart 1.2.5 and earlier causes Oz
applications ...)
{DSA-342}
+ - mozart 1.2.5.20030212-2
CVE-2003-0537 (The liece Emacs IRC client 2.0+0.20030527 and earlier creates
...)
{DSA-341}
+ - liece 2.0+0.20030527cvs-1
CVE-2003-0536 (Directory traversal vulnerability in phpSysInfo 2.1 and earlier
allows ...)
{DSA-346}
+ - phpsysinfo 2.1-1
CVE-2003-0535 (Buffer overflow in xbl 1.0k and earlier allows local users to
gain ...)
{DSA-345}
+ - xbl 1.0k-6
CVE-2003-0534
RESERVED
CVE-2003-0533 (Stack-based buffer overflow in certain Active Directory service
...)
@@ -17830,6 +17842,7 @@
- mgetty 1.1.29 (bug #199351)
CVE-2003-0515 (SQL injection vulnerabilities in the (1) PostgreSQL or (2)
MySQL ...)
{DSA-347}
+ - teapop 0.3.5-2
CVE-2003-0514 (Apple Safari allows remote attackers to bypass intended cookie
access ...)
NOT-FOR-US: Safari
CVE-2003-0513 (Microsoft Internet Explorer allows remote attackers to bypass
intended ...)
@@ -17862,6 +17875,7 @@
- kernel-source-2.4.27 <not-affected> (Fixed before upload in the
archive; 2.4.22-pre10)
CVE-2003-0500 (SQL injection vulnerability in the PostgreSQL authentication
module ...)
{DSA-338}
+ - proftpd 1.2.8-8
CVE-2003-0499 (Mantis 0.17.5 and earlier stores its database password in
cleartext in ...)
{DSA-335}
CVE-2003-0498 (CachÃ© Database 5.x installs the
/cachesys/csp directory with insecure ...)
@@ -17969,6 +17983,7 @@
{DSA-334}
CVE-2003-0453 (traceroute-nanog 6.1.1 allows local users to overwrite
unauthorized ...)
{DSA-348}
+ - traceroute-nanog 6.3.6-3
CVE-2003-0452 (Buffer overflows in osh before 1.7-11 allow local users to
execute ...)
{DSA-329}
CVE-2003-0451 (Multiple buffer overflows in xbl before 1.0k allow local users
to gain ...)
@@ -17987,14 +18002,18 @@
{DSA-328}
CVE-2003-0444 (Heap-based buffer overflow in GTKSee 0.5 and 0.5.1 allows
remote ...)
{DSA-337}
+ - gtksee 0.5.6-1
CVE-2003-0443
RESERVED
CVE-2003-0442 (Cross-site scripting (XSS) vulnerability in the transparent SID
...)
{DSA-351}
+ - php4 4:4.3.2+rc3-1
CVE-2003-0441 (Multiple buffer overflows in Orville Write (orville-write) 2.53
and ...)
{DSA-326}
CVE-2003-0440 (The (1) semi MIME library 1.14.5 and earlier, and (2) wemi
1.14.0 and ...)
{DSA-339}
+ - semi 1.14.5+20030609-1 (bug #223456)
+ - wemi <removed>
CVE-2003-0439
RESERVED
CVE-2003-0438 (eldav WebDAV client for Emacs, version 0.7.2 and earlier,
allows local ...)
@@ -18164,6 +18183,7 @@
{DSA-316}
CVE-2003-0358 (Buffer overflow in (1) nethack 3.4.0 and earlier, and (2)
falconseye ...)
{DSA-350 DSA-316}
+ - falconseye 1.9.3-9
CVE-2003-0357 (Multiple integer overflow vulnerabilities in Ethereal 0.9.11
and ...)
{DSA-313}
CVE-2003-0356 (Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and
earlier ...)
@@ -18328,6 +18348,7 @@
NOT-FOR-US: Phorum
CVE-2003-0282 (Directory traversal vulnerability in UnZip 5.50 allows
attackers to ...)
{DSA-344}
+ - unzip 5.50-3
CVE-2003-0281 (Buffer overflow in Firebird 1.0.2 and other versions before
1.5, and ...)
- firebird2 1.5.1-1
NOTE: firebird (1) in debian is very insecure and vulnerable, but
@@ -18390,6 +18411,7 @@
- apache2 2.0.47
CVE-2003-0252 (Off-by-one error in the xlog function of mountd in the Linux
NFS utils ...)
{DSA-349}
+ - nfs-utils 1:1.0.3-2
CVE-2003-0251 (ypserv NIS server before 2.7 allows remote attackers to cause a
denial ...)
NOTE: actually, we need ypserv 2.7, nis 3.11 has ypserv 2.13
- nis 3.11
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2005-11-27 19:38:29 UTC (rev 2874)
+++ data/DSA/list 2005-11-27 20:05:59 UTC (rev 2875)
@@ -2157,66 +2157,65 @@
[woody] - wu-ftpd 2.6.2-3woody1
[30 Jul 2003] DSA-356 xtokkaetama - buffer overflows
{CVE-2003-0611}
- - xtokkaetama 1.0b-8
+ [woody] - xtokkaetama 1.0b-6woody1
[30 Jul 2003] DSA-355 gallery - cross-site scripting
{CVE-2003-0614}
- - gallery 1.3.4-3
+ [woody] - gallery 1.25-8woody1
[29 Jul 2003] DSA-354 xconq - buffer overflows
{CVE-2003-0607}
- - xconq 7.4.1-2.1 (bug #202963)
+ [woody] - xconq 7.4.1-2woody2
[29 Jul 2003] DSA-353 sup - insecure temporary file
{CVE-2003-0606}
- - sup 1.8-9
+ [woody] - sup 1.8-8woody1
[22 Jul 2003] DSA-352 fdclone - insecure temporary directory
{CVE-2003-0596}
- - fdclone 2.04-1
+ [woody] - fdclone 2.00a-1woody3
[16 Jul 2003] DSA-351 php4 - cross-site scripting
{CVE-2003-0442}
- - php4 4:4.3.2+rc3-1
+ [woody] - php4 4:4.1.2-6woody3
[15 Jul 2003] DSA-350 falconseye - buffer overflow
{CVE-2003-0358}
- NOTE: not in testing, fixed in unstable
- - falconseye 1.9.3-9
+ [woody] - falconseye 1.9.3-7woody3
[14 Jul 2003] DSA-349 nfs-utils - buffer overflow
{CVE-2003-0252}
- - nfs-utils 1:1.0.3-2
+ [woody] - nfs-utils 1:1.0-2woody1
[11 Jul 2003] DSA-348 traceroute-nanog - integer overflow, buffer overflow
{CVE-2003-0453}
- - traceroute-nanog 6.1.1-1.3
+ [woody] - traceroute-nanog 6.1.1-1.3
[08 Jul 2003] DSA-347 teapop - SQL injection
{CVE-2003-0515}
- - teapop 0.3.5-2
+ [woody] - teapop 0.3.4-1woody2
[08 Jul 2003] DSA-346 phpsysinfo - directory traversal
{CVE-2003-0536}
- - phpsysinfo 2.1-1
+ [woody] - phpsysinfo 2.0-3woody1
[08 Jul 2003] DSA-345 xbl - buffer overflow
{CVE-2003-0535}
- - xbl 1.0k-6
+ [woody] - xbl 1.0k-3woody2
[08 Jul 2003] DSA-344 unzip - directory traversal
{CVE-2003-0282}
- - unzip 5.50-3
+ [woody] - unzip 5.50-1woody2
[08 Jul 2003] DSA-343 skk, ddskk - insecure temporary file
{CVE-2003-0539}
- - skk 10.62a-6
- - ddskk 12.1.cvs.20030622-1
+ [woody] - skk 10.62a-4woody1
+ [woody] - ddskk 11.6.rel.0-2woody1
[07 Jul 2003] DSA-342 mozart - unsafe mailcap configuration
{CVE-2003-0538}
- NOTE: mozart is not in sarge
- - mozart 1.2.5.20030212-2
+ [woody] - mozart 1.2.3.20011204-3woody1
[07 Jul 2003] DSA-341 liece - insecure temporary file
{CVE-2003-0537}
- - liece 2.0+0.20030527cvs-1
+ [woody] - liece 2.0+0.20020217cvs-2.1
[06 Jul 2003] DSA-340 x-face-el - insecure temporary file
- - x-face-el 1.3.6.23-1
+ [woody] - x-face-el 1.3.6.19-1woody1
[06 Jul 2003] DSA-339 semi - insecure temporary file
{CVE-2003-0440}
- - semi 1.14.5+20030609-1 (bug #223456)
+ [woody] - semi 1.14.3.cvs.2001.08.10-1woody2
+ [woody] - wemi 1.14.0.20010802wemiko-1.3
[29 Jun 2003] DSA-338 proftpd - SQL injection
{CVE-2003-0500}
- - proftpd 1.2.8-8
+ [woody] - proftpd 1.2.4+1.2.5rc1-5woody2
[29 Jun 2003] DSA-337 gtksee - buffer overflow
{CVE-2003-0444}
- - gtksee 0.5.6-1
+ [woody] - gtksee 0.5.0-6
[29 Jun 2003] DSA-336 linux-kernel-2.2.20 - several vulnerabilities
{CVE-2002-1380 CVE-2002-0429 CVE-2003-0001 CVE-2003-0127 CVE-2003-0364
CVE-2003-0246 CVE-2003-0244 CVE-2003-0247 CVE-2003-0248}
- kernel-source-2.2.25 2.2.25-3
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
