diff options
author | Stefan Fritsch <sf@sfritsch.de> | 2007-06-29 16:34:06 +0000 |
---|---|---|
committer | Stefan Fritsch <sf@sfritsch.de> | 2007-06-29 16:34:06 +0000 |
commit | 869113068c245cca2e4eadcc5d6aa1122a48b80a (patch) | |
tree | 52e00a6fcbd4a8821fd3719a6e349de3f690db1c | |
parent | f8ba502facf13ce7daf29010612e66c01db26523 (diff) |
krb5 fixed
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@6075 e39458fd-73e7-0310-bf30-c45bca0a0e42
-rwxr-xr-x | bin/updatehtmllist | 50 | ||||
-rw-r--r-- | data/CVE/2007.list | 6 | ||||
-rw-r--r-- | website/list.html | 197 | ||||
-rw-r--r-- | website/style.css | 4 |
4 files changed, 154 insertions, 103 deletions
diff --git a/bin/updatehtmllist b/bin/updatehtmllist index 977b378dd4..d3f50f5aed 100755 --- a/bin/updatehtmllist +++ b/bin/updatehtmllist @@ -23,7 +23,7 @@ while(<HEAD>) { } close HEAD; -print OUT "<dl>\n"; +print OUT "<table class='.list'>\n"; my $pack = 0; my $date = ""; @@ -31,30 +31,25 @@ my $dtsa = ""; my $package = ""; my $desc = ""; open (LIST,@ARGV[0]) || die("Could not open list ".@ARGV[0].": $!"); -while(<LIST>) { - $line = $_ ; - if ($line=~/^(\[.+\]) (DTSA-[0-9]+-[0-9]+) ([^ ].+) - (.+)$/) { - if ($pack == 1) { - # print the previous acvisory, as it wasn't unreleased - print OUT "<dt>$date <a href='DTSA/$dtsa.html'>$dtsa $package</a></dt>\n"; - print OUT "<dd>$desc</dd>\n"; - } - $date = $1; - $dtsa = $2; - $package = $3; - $desc = $4; - $pack = 1; +my @list; +{ + local $/="\n\["; + @list = reverse <LIST>; +} +close LIST; + +foreach my $entry (@list) { + next if $entry =~ /TODO: unreleased/; + if ($entry=~/^\[?(.+)\] (DTSA-[0-9]+-[0-9]+) ([^ ].+) - (.+)$/m) { + print OUT htmlentry($1, $2, $3, $4); } - if ($line=~/TODO: unreleased$/) { - $pack = 0; + else { + print STDERR "invalid entry:\n$entry"; } } -if ($pack == 1) { - # print the previous acvisory, as it wasn't unreleased - print OUT "<dt>$date <a href='DTSA/$dtsa.html'>$dtsa $package</a></dt>\n"; - print OUT "<dd>$desc</dd>\n"; -} -print OUT "</dl>\n"; + +print OUT "</table>\n"; + open (FOOT,"footer.html") || die("Could not open footer.html: $!"); ; while(<FOOT>) { @@ -68,3 +63,14 @@ if (defined $output) { rename("$output.tmp.$$", $output) || die "rename: $!"; } + + +sub htmlentry { + my ($date, $dtsa, $package, $desc) = @_; + return << "EOF"; +<tr><td>$date</td><td> <a href='DTSA/$dtsa.html'>$dtsa $package</a></td>\n +<td>$desc</td></tr> +EOF +} + + diff --git a/data/CVE/2007.list b/data/CVE/2007.list index e691cbf33b..d33600b01e 100644 --- a/data/CVE/2007.list +++ b/data/CVE/2007.list @@ -1458,7 +1458,7 @@ CVE-2007-2800 CVE-2007-2799 (Integer overflow in the "file" program 4.20, when running on 32-bit ...) - file 4.21-1 (medium) CVE-2007-2798 (Stack-based buffer overflow in the rename_principal_2_svc function in ...) - - krb5 <unfixed> (high; bug #430785) + - krb5 1.6.dfsg.1-5 (high; bug #430785) CVE-2007-XXXX [mantis multiple issues fixed in 1.0.7] - mantis 1.0.7+dfsg-1 NOTE: "email notifications bypass security on custom fields" and "XSS vulnerabilities" @@ -2232,9 +2232,9 @@ CVE-2007-2444 (Logic error in the SID/Name translation functionality in smbd in {DSA-1291-2 DTSA-41-1} - samba 3.0.25-1 CVE-2007-2443 (Integer signedness error in the gssrpc__svcauth_unix function in ...) - - krb5 <unfixed> (bug #430787; medium) + - krb5 1.6.dfsg.1-5 (bug #430787; medium) CVE-2007-2442 (The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos ...) - - krb5 <unfixed> (bug #430787; high) + - krb5 1.6.dfsg.1-5 (bug #430787; high) CVE-2007-2441 (Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for ...) NOT-FOR-US: Caucho Resin Professional CVE-2007-2440 (Directory traversal vulnerability in Caucho Resin Professional 3.1.0 ...) diff --git a/website/list.html b/website/list.html index bbeeb6f734..63c7613387 100644 --- a/website/list.html +++ b/website/list.html @@ -36,84 +36,125 @@ </table> <!-- header --> -<dl> -<dt>[August 26th, 2005] <a href='DTSA/DTSA-1-1.html'>DTSA-1-1 kismet</a></dt> -<dd>various</dd> -<dt>[August 28th, 2005] <a href='DTSA/DTSA-2-1.html'>DTSA-2-1 centericq</a></dt> -<dd>multiple vulnerabilities</dd> -<dt>[August 28th, 2005] <a href='DTSA/DTSA-3-1.html'>DTSA-3-1 clamav</a></dt> -<dd>denial of service and privilege escalation</dd> -<dt>[August 28th, 2005] <a href='DTSA/DTSA-4-1.html'>DTSA-4-1 ekg</a></dt> -<dd>multiple vulnerabilities</dd> -<dt>[August 28th, 2005] <a href='DTSA/DTSA-5-1.html'>DTSA-5-1 gaim</a></dt> -<dd>multiple remote vulnerabilities</dd> -<dt>[August 28th, 2005] <a href='DTSA/DTSA-6-1.html'>DTSA-6-1 cgiwrap</a></dt> -<dd>multiple vulnerabilities</dd> -<dt>[August 28th, 2005] <a href='DTSA/DTSA-7-1.html'>DTSA-7-1 mozilla</a></dt> -<dd>frame injection spoofing</dd> -<dt>[September 1st, 2005] <a href='DTSA/DTSA-8-2.html'>DTSA-8-2 mozilla-firefox</a></dt> -<dd>several vulnerabilities (update)</dd> -<dt>[August 31st, 2005] <a href='DTSA/DTSA-9-1.html'>DTSA-9-1 bluez-utils</a></dt> -<dd>bad device name escaping</dd> -<dt>[August 29th, 2005] <a href='DTSA/DTSA-10-1.html'>DTSA-10-1 pcre3</a></dt> -<dd>buffer overflow</dd> -<dt>[August 29th, 2005] <a href='DTSA/DTSA-11-1.html'>DTSA-11-1 maildrop</a></dt> -<dd>local privilege escalation</dd> -<dt>[September 8th, 2005] <a href='DTSA/DTSA-12-1.html'>DTSA-12-1 vim</a></dt> -<dd>modeline exploits</dd> -<dt>[September 8th, 2005] <a href='DTSA/DTSA-13-1.html'>DTSA-13-1 evolution</a></dt> -<dd>format string vulnerabilities</dd> -<dt>[September 13th, 2005] <a href='DTSA/DTSA-14-1.html'>DTSA-14-1 mozilla</a></dt> -<dd>several</dd> -<dt>[September 13th, 2005] <a href='DTSA/DTSA-15-1.html'>DTSA-15-1 php4</a></dt> -<dd>several vulnerabilities</dd> -<dt>[September 15th, 2005] <a href='DTSA/DTSA-16-1.html'>DTSA-16-1 linux-2.6</a></dt> -<dd>various</dd> -<dt>[September 15th, 2005] <a href='DTSA/DTSA-17-1.html'>DTSA-17-1 lm-sensors</a></dt> -<dd>insecure temporary file</dd> -<dt>[September 22nd, 2005] <a href='DTSA/DTSA-19-1.html'>DTSA-19-1 clamav</a></dt> -<dd>buffer overflow and infinate loop problems</dd> -<dt>[October 13th, 2005] <a href='DTSA/DTSA-20-1.html'>DTSA-20-1 mailutils</a></dt> -<dd>Format string vulnerability</dd> -<dt>[November 3rd, 2005] <a href='DTSA/DTSA-21-1.html'>DTSA-21-1 clamav</a></dt> -<dd>Denial of service vulnerabilities and buffer overflow</dd> -<dt>[December 5th, 2005] <a href='DTSA/DTSA-22-1.html'>DTSA-22-1 uim</a></dt> -<dd>local privilege escalation</dd> -<dt>[December 5th, 2005] <a href='DTSA/DTSA-23-1.html'>DTSA-23-1 centericq</a></dt> -<dd>buffer overflow</dd> -<dt>[December 5th, 2005] <a href='DTSA/DTSA-24-1.html'>DTSA-24-1 inkscape</a></dt> -<dd>buffer overflow</dd> -<dt>[December 5th, 2005] <a href='DTSA/DTSA-25-1.html'>DTSA-25-1 smb4k</a></dt> -<dd>access validation error</dd> -<dt>[December 5th, 2005] <a href='DTSA/DTSA-26-1.html'>DTSA-26-1 trackballs</a></dt> -<dd>symlink attack</dd> -<dt>[January 20th, 2006] <a href='DTSA/DTSA-27-1.html'>DTSA-27-1 fuse</a></dt> -<dd>potential data corruption when installed seduid root</dd> -<dt>[January 25th, 2005] <a href='DTSA/DTSA-28-1.html'>DTSA-28-1 gpdf</a></dt> -<dd>multiple vulnerabilities</dd> -<dt>[June 15th, 2006] <a href='DTSA/DTSA-29-1.html'>DTSA-29-1 blender</a></dt> -<dd>heap-based buffer overflow</dd> -<dt>[September 27th, 2006] <a href='DTSA/DTSA-31-1.html'>DTSA-31-1 hyperestraier</a></dt> -<dd>cross-site request forgery (CSRF) vulnerability</dd> -<dt>[February 1st, 2007] <a href='DTSA/DTSA-32-1.html'>DTSA-32-1 bcfg2</a></dt> -<dd>programming error</dd> -<dt>[February 12th, 2007] <a href='DTSA/DTSA-33-1.html'>DTSA-33-1 wordpress</a></dt> -<dd>multiple vulnerabilities</dd> -<dt>[March 3rd, 2007] <a href='DTSA/DTSA-34-1.html'>DTSA-34-1 wordpress</a></dt> -<dd>cross-site scripting</dd> -<dt>[May 22th, 2007] <a href='DTSA/DTSA-35-1.html'>DTSA-35-1 aircrack-ng</a></dt> -<dd>programming error</dd> -<dt>[May 22th, 2007] <a href='DTSA/DTSA-36-1.html'>DTSA-36-1 mydns</a></dt> -<dd>multiple buffer overflows</dd> -<dt>[May 22th, 2007] <a href='DTSA/DTSA-37-1.html'>DTSA-37-1 clamav</a></dt> -<dd>several vulnerabilities</dd> -<dt>[May 26th, 2007] <a href='DTSA/DTSA-38-1.html'>DTSA-38-1 qemu</a></dt> -<dd>several vulnerabilities</dd> -<dt>[May 28th, 2007] <a href='DTSA/DTSA-39-1.html'>DTSA-39-1 php5</a></dt> -<dd>several vulnerabilities</dd> -<dt>[May 28th, 2007] <a href='DTSA/DTSA-40-1.html'>DTSA-40-1 php4</a></dt> -<dd>several vulnerabilities</dd> -</dl> +<table class='.list'> +<tr><td>May 31th, 2007</td><td> <a href='DTSA/DTSA-41-1.html'>DTSA-41-1 samba</a></td> + +<td>several vulnerabilities</td></tr> +<tr><td>May 28th, 2007</td><td> <a href='DTSA/DTSA-40-1.html'>DTSA-40-1 php4</a></td> + +<td>several vulnerabilities</td></tr> +<tr><td>May 28th, 2007</td><td> <a href='DTSA/DTSA-39-1.html'>DTSA-39-1 php5</a></td> + +<td>several vulnerabilities</td></tr> +<tr><td>May 26th, 2007</td><td> <a href='DTSA/DTSA-38-1.html'>DTSA-38-1 qemu</a></td> + +<td>several vulnerabilities</td></tr> +<tr><td>May 22th, 2007</td><td> <a href='DTSA/DTSA-37-1.html'>DTSA-37-1 clamav</a></td> + +<td>several vulnerabilities</td></tr> +<tr><td>May 22th, 2007</td><td> <a href='DTSA/DTSA-36-1.html'>DTSA-36-1 mydns</a></td> + +<td>multiple buffer overflows</td></tr> +<tr><td>May 22th, 2007</td><td> <a href='DTSA/DTSA-35-1.html'>DTSA-35-1 aircrack-ng</a></td> + +<td>programming error</td></tr> +<tr><td>March 3rd, 2007</td><td> <a href='DTSA/DTSA-34-1.html'>DTSA-34-1 wordpress</a></td> + +<td>cross-site scripting</td></tr> +<tr><td>February 12th, 2007</td><td> <a href='DTSA/DTSA-33-1.html'>DTSA-33-1 wordpress</a></td> + +<td>multiple vulnerabilities</td></tr> +<tr><td>February 1st, 2007</td><td> <a href='DTSA/DTSA-32-1.html'>DTSA-32-1 bcfg2</a></td> + +<td>programming error</td></tr> +<tr><td>September 27th, 2006</td><td> <a href='DTSA/DTSA-31-1.html'>DTSA-31-1 hyperestraier</a></td> + +<td>cross-site request forgery (CSRF) vulnerability</td></tr> +<tr><td>June 15th, 2006</td><td> <a href='DTSA/DTSA-29-1.html'>DTSA-29-1 blender</a></td> + +<td>heap-based buffer overflow</td></tr> +<tr><td>January 25th, 2005</td><td> <a href='DTSA/DTSA-28-1.html'>DTSA-28-1 gpdf</a></td> + +<td>multiple vulnerabilities</td></tr> +<tr><td>January 20th, 2006</td><td> <a href='DTSA/DTSA-27-1.html'>DTSA-27-1 fuse</a></td> + +<td>potential data corruption when installed seduid root</td></tr> +<tr><td>December 5th, 2005</td><td> <a href='DTSA/DTSA-26-1.html'>DTSA-26-1 trackballs</a></td> + +<td>symlink attack</td></tr> +<tr><td>December 5th, 2005</td><td> <a href='DTSA/DTSA-25-1.html'>DTSA-25-1 smb4k</a></td> + +<td>access validation error</td></tr> +<tr><td>December 5th, 2005</td><td> <a href='DTSA/DTSA-24-1.html'>DTSA-24-1 inkscape</a></td> + +<td>buffer overflow</td></tr> +<tr><td>December 5th, 2005</td><td> <a href='DTSA/DTSA-23-1.html'>DTSA-23-1 centericq</a></td> + +<td>buffer overflow</td></tr> +<tr><td>December 5th, 2005</td><td> <a href='DTSA/DTSA-22-1.html'>DTSA-22-1 uim</a></td> + +<td>local privilege escalation</td></tr> +<tr><td>November 3rd, 2005</td><td> <a href='DTSA/DTSA-21-1.html'>DTSA-21-1 clamav</a></td> + +<td>Denial of service vulnerabilities and buffer overflow</td></tr> +<tr><td>October 13th, 2005</td><td> <a href='DTSA/DTSA-20-1.html'>DTSA-20-1 mailutils</a></td> + +<td>Format string vulnerability</td></tr> +<tr><td>September 22nd, 2005</td><td> <a href='DTSA/DTSA-19-1.html'>DTSA-19-1 clamav</a></td> + +<td>buffer overflow and infinate loop problems</td></tr> +<tr><td>September 15th, 2005</td><td> <a href='DTSA/DTSA-17-1.html'>DTSA-17-1 lm-sensors</a></td> + +<td>insecure temporary file</td></tr> +<tr><td>September 15th, 2005</td><td> <a href='DTSA/DTSA-16-1.html'>DTSA-16-1 linux-2.6</a></td> + +<td>various</td></tr> +<tr><td>September 13th, 2005</td><td> <a href='DTSA/DTSA-15-1.html'>DTSA-15-1 php4</a></td> + +<td>several vulnerabilities</td></tr> +<tr><td>September 13th, 2005</td><td> <a href='DTSA/DTSA-14-1.html'>DTSA-14-1 mozilla</a></td> + +<td>several</td></tr> +<tr><td>September 8th, 2005</td><td> <a href='DTSA/DTSA-13-1.html'>DTSA-13-1 evolution</a></td> + +<td>format string vulnerabilities</td></tr> +<tr><td>September 8th, 2005</td><td> <a href='DTSA/DTSA-12-1.html'>DTSA-12-1 vim</a></td> + +<td>modeline exploits</td></tr> +<tr><td>August 29th, 2005</td><td> <a href='DTSA/DTSA-11-1.html'>DTSA-11-1 maildrop</a></td> + +<td>local privilege escalation</td></tr> +<tr><td>August 29th, 2005</td><td> <a href='DTSA/DTSA-10-1.html'>DTSA-10-1 pcre3</a></td> + +<td>buffer overflow</td></tr> +<tr><td>August 31st, 2005</td><td> <a href='DTSA/DTSA-9-1.html'>DTSA-9-1 bluez-utils</a></td> + +<td>bad device name escaping</td></tr> +<tr><td>September 1st, 2005</td><td> <a href='DTSA/DTSA-8-2.html'>DTSA-8-2 mozilla-firefox</a></td> + +<td>several vulnerabilities (update)</td></tr> +<tr><td>August 28th, 2005</td><td> <a href='DTSA/DTSA-7-1.html'>DTSA-7-1 mozilla</a></td> + +<td>frame injection spoofing</td></tr> +<tr><td>August 28th, 2005</td><td> <a href='DTSA/DTSA-6-1.html'>DTSA-6-1 cgiwrap</a></td> + +<td>multiple vulnerabilities</td></tr> +<tr><td>August 28th, 2005</td><td> <a href='DTSA/DTSA-5-1.html'>DTSA-5-1 gaim</a></td> + +<td>multiple remote vulnerabilities</td></tr> +<tr><td>August 28th, 2005</td><td> <a href='DTSA/DTSA-4-1.html'>DTSA-4-1 ekg</a></td> + +<td>multiple vulnerabilities</td></tr> +<tr><td>August 28th, 2005</td><td> <a href='DTSA/DTSA-3-1.html'>DTSA-3-1 clamav</a></td> + +<td>denial of service and privilege escalation</td></tr> +<tr><td>August 28th, 2005</td><td> <a href='DTSA/DTSA-2-1.html'>DTSA-2-1 centericq</a></td> + +<td>multiple vulnerabilities</td></tr> +<tr><td>August 26th, 2005</td><td> <a href='DTSA/DTSA-1-1.html'>DTSA-1-1 kismet</a></td> + +<td>various</td></tr> +</table> <!-- footer --> <hr> <a href="http://validator.w3.org/check?uri=referer"> diff --git a/website/style.css b/website/style.css index ec13c9e885..931d063aca 100644 --- a/website/style.css +++ b/website/style.css @@ -104,6 +104,10 @@ th { padding-right: 6px; } +td.list { + border 0px; +} + td { font-size: 11px; border: 0px solid #000; |