diff options
| author | Joey Hess <joeyh@debian.org> | 2005-10-19 22:57:32 +0000 |
|---|---|---|
| committer | Joey Hess <joeyh@debian.org> | 2005-10-19 22:57:32 +0000 |
| commit | 9e0793c900bc0b03abadda43eb2bc54c7a9dc9ff (patch) | |
| tree | ff78b58c95ccd913e4acac51bf4edcefeccce539 /website | |
| parent | d31454f2569ac01179b429a148e17242a23da85f (diff) | |
update website to use only CVE references
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@2459 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'website')
| -rw-r--r-- | website/DTSA/DTSA-1-1.html | 8 | ||||
| -rw-r--r-- | website/DTSA/DTSA-10-1.html | 2 | ||||
| -rw-r--r-- | website/DTSA/DTSA-11-1.html | 2 | ||||
| -rw-r--r-- | website/DTSA/DTSA-12-1.html | 2 | ||||
| -rw-r--r-- | website/DTSA/DTSA-13-1.html | 8 | ||||
| -rw-r--r-- | website/DTSA/DTSA-14-1.html | 38 | ||||
| -rw-r--r-- | website/DTSA/DTSA-15-1.html | 12 | ||||
| -rw-r--r-- | website/DTSA/DTSA-16-1.html | 60 | ||||
| -rw-r--r-- | website/DTSA/DTSA-17-1.html | 2 | ||||
| -rw-r--r-- | website/DTSA/DTSA-19-1.html | 8 | ||||
| -rw-r--r-- | website/DTSA/DTSA-2-1.html | 16 | ||||
| -rw-r--r-- | website/DTSA/DTSA-20-1.html | 4 | ||||
| -rw-r--r-- | website/DTSA/DTSA-3-1.html | 20 | ||||
| -rw-r--r-- | website/DTSA/DTSA-4-1.html | 20 | ||||
| -rw-r--r-- | website/DTSA/DTSA-5-1.html | 12 | ||||
| -rw-r--r-- | website/DTSA/DTSA-7-1.html | 4 | ||||
| -rw-r--r-- | website/DTSA/DTSA-8-2.html | 50 | ||||
| -rw-r--r-- | website/DTSA/DTSA-9-1.html | 2 | ||||
| -rw-r--r-- | website/index.html | 4 |
19 files changed, 137 insertions, 137 deletions
diff --git a/website/DTSA/DTSA-1-1.html b/website/DTSA/DTSA-1-1.html index dba0909826..349f5cca08 100644 --- a/website/DTSA/DTSA-1-1.html +++ b/website/DTSA/DTSA-1-1.html @@ -50,19 +50,19 @@ <dd>No<br></dd> <dt>CVE:</dt> <dd> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2626'>CAN-2005-2626</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2627'>CAN-2005-2627</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2626'>CVE-2005-2626</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2627'>CVE-2005-2627</a> <br></dd> <br><dt>More information:</dt> <dd>Multiple security holes have been discovered in kismet: <br> <br> -CAN-2005-2627 <br> +CVE-2005-2627 <br> <br> Multiple integer underflows in Kismet allow remote attackers to execute <br> arbitrary code via (1) kernel headers in a pcap file or (2) data frame <br> dissection, which leads to heap-based buffer overflows. <br> <br> -CAN-2005-2626 <br> +CVE-2005-2626 <br> <br> Unspecified vulnerability in Kismet allows remote attackers to have an <br> unknown impact via unprintable characters in the SSID. <br> diff --git a/website/DTSA/DTSA-10-1.html b/website/DTSA/DTSA-10-1.html index 8a3f9aabff..1c70b3db7c 100644 --- a/website/DTSA/DTSA-10-1.html +++ b/website/DTSA/DTSA-10-1.html @@ -50,7 +50,7 @@ <dd>No<br></dd> <dt>CVE:</dt> <dd> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491'>CAN-2005-2491</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2491'>CVE-2005-2491</a> <br></dd> <br><dt>More information:</dt> <dd>An integer overflow in pcre_compile.c in Perl Compatible Regular Expressions <br> diff --git a/website/DTSA/DTSA-11-1.html b/website/DTSA/DTSA-11-1.html index 4e22012fb1..bc58324f0f 100644 --- a/website/DTSA/DTSA-11-1.html +++ b/website/DTSA/DTSA-11-1.html @@ -50,7 +50,7 @@ <dd>Yes<br></dd> <dt>CVE:</dt> <dd> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2655'>CAN-2005-2655</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2655'>CVE-2005-2655</a> <br></dd> <br><dt>More information:</dt> <dd>The lockmail binary shipped with maildrop allows for an attacker to <br> diff --git a/website/DTSA/DTSA-12-1.html b/website/DTSA/DTSA-12-1.html index 6f82bf0a16..5056265ead 100644 --- a/website/DTSA/DTSA-12-1.html +++ b/website/DTSA/DTSA-12-1.html @@ -50,7 +50,7 @@ <dd>No<br></dd> <dt>CVE:</dt> <dd> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2368'>CAN-2005-2368</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2368'>CVE-2005-2368</a> <br></dd> <br><dt>More information:</dt> <dd>vim modelines allow files to execute arbitrary commands via shell <br> diff --git a/website/DTSA/DTSA-13-1.html b/website/DTSA/DTSA-13-1.html index acbb505500..7c838cc89e 100644 --- a/website/DTSA/DTSA-13-1.html +++ b/website/DTSA/DTSA-13-1.html @@ -50,20 +50,20 @@ <dd>No<br></dd> <dt>CVE:</dt> <dd> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2549'>CAN-2005-2549</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2550'>CAN-2005-2550</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2549'>CVE-2005-2549</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2550'>CVE-2005-2550</a> <br></dd> <br><dt>More information:</dt> <dd>Multiple vulnerabilities were discovered in evolution: <br> <br> -CAN-2005-2549 <br> +CVE-2005-2549 <br> <br> Multiple format string vulnerabilities in Evolution allow remote attackers <br> to cause a denial of service (crash) and possibly execute arbitrary code via <br> (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task <br> list data from remote servers. <br> <br> -CAN-2005-2550 <br> +CVE-2005-2550 <br> <br> Format string vulnerability in Evolution allows remote attackers to cause a <br> denial of service (crash) and possibly execute arbitrary code via the <br> diff --git a/website/DTSA/DTSA-14-1.html b/website/DTSA/DTSA-14-1.html index c4cb57c5df..94f72f44d3 100644 --- a/website/DTSA/DTSA-14-1.html +++ b/website/DTSA/DTSA-14-1.html @@ -50,16 +50,16 @@ <dd>No<br></dd> <dt>CVE:</dt> <dd> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0718'>CAN-2004-0718</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1937'>CAN-2005-1937</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2260'>CAN-2005-2260</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2261'>CAN-2005-2261</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2263'>CAN-2005-2263</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2265'>CAN-2005-2265</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2266'>CAN-2005-2266</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2268'>CAN-2005-2268</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2269'>CAN-2005-2269</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2270'>CAN-2005-2270</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0718'>CVE-2004-0718</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1937'>CVE-2005-1937</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2260'>CVE-2005-2260</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2261'>CVE-2005-2261</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2263'>CVE-2005-2263</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2265'>CVE-2005-2265</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2266'>CVE-2005-2266</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2268'>CVE-2005-2268</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2269'>CVE-2005-2269</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2270'>CVE-2005-2270</a> <br></dd> <br><dt>More information:</dt> <dd>Several problems have been discovered in Mozilla. Since the usual praxis of <br> @@ -68,49 +68,49 @@ basically version 1.7.10 with the version number rolled back, and hence still&nb named 1.7.8. The Common Vulnerabilities and Exposures project identifies the <br> following problems: <br> <br> -CAN-2004-0718, CAN-2005-1937 <br> +CVE-2004-0718, CVE-2005-1937 <br> <br> A vulnerability has been discovered in Mozilla that allows remote <br> attackers to inject arbitrary Javascript from one page into the <br> frameset of another site. <br> <br> -CAN-2005-2260 <br> +CVE-2005-2260 <br> <br> The browser user interface does not properly distinguish between <br> user-generated events and untrusted synthetic events, which makes <br> it easier for remote attackers to perform dangerous actions that <br> normally could only be performed manually by the user. <br> <br> -CAN-2005-2261 <br> +CVE-2005-2261 <br> <br> XML scripts ran even when Javascript disabled. <br> <br> -CAN-2005-2263 <br> +CVE-2005-2263 <br> <br> It is possible for a remote attacker to execute a callback <br> function in the context of another domain (i.e. frame). <br> <br> -CAN-2005-2265 <br> +CVE-2005-2265 <br> <br> Missing input sanitising of InstallVersion.compareTo() can cause <br> the application to crash. <br> <br> -CAN-2005-2266 <br> +CVE-2005-2266 <br> <br> Remote attackers could steal sensitive information such as cookies <br> and passwords from web sites by accessing data in alien frames. <br> <br> -CAN-2005-2268 <br> +CVE-2005-2268 <br> <br> It is possible for a Javascript dialog box to spoof a dialog box <br> from a trusted site and facilitates phishing attacks. <br> <br> -CAN-2005-2269 <br> +CVE-2005-2269 <br> <br> Remote attackers could modify certain tag properties of DOM nodes <br> that could lead to the execution of arbitrary script or code. <br> <br> -CAN-2005-2270 <br> +CVE-2005-2270 <br> <br> The Mozilla browser family does not properly clone base objects, <br> which allows remote attackers to execute arbitrary code. <br> diff --git a/website/DTSA/DTSA-15-1.html b/website/DTSA/DTSA-15-1.html index b3e9063a33..57d61d3d1f 100644 --- a/website/DTSA/DTSA-15-1.html +++ b/website/DTSA/DTSA-15-1.html @@ -50,9 +50,9 @@ <dd>No<br></dd> <dt>CVE:</dt> <dd> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1751'>CAN-2005-1751</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1921'>CAN-2005-1921</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498'>CAN-2005-2498</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1751'>CVE-2005-1751</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1921'>CVE-2005-1921</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2498'>CVE-2005-2498</a> <br></dd> <br><dt>More information:</dt> <dd>Several security related problems have been found in PHP4, the <br> @@ -60,20 +60,20 @@ server-side, HTML-embedded scripting language. The Common <br> Vulnerabilities and Exposures project identifies the following <br> problems: <br> <br> -CAN-2005-1751 <br> +CVE-2005-1751 <br> <br> Eric Romang discovered insecure temporary files in the shtool <br> utility shipped with PHP that can exploited by a local attacker to <br> overwrite arbitrary files. Only this vulnerability affects <br> packages in oldstable. <br> <br> -CAN-2005-1921 <br> +CVE-2005-1921 <br> <br> GulfTech has discovered that PEAR XML_RPC is vulnerable to a <br> remote PHP code execution vulnerability that may allow an attacker <br> to compromise a vulnerable server. <br> <br> -CAN-2005-2498 <br> +CVE-2005-2498 <br> <br> Stefan Esser discovered another vulnerability in the XML-RPC <br> libraries that allows injection of arbitrary PHP code into eval() <br> diff --git a/website/DTSA/DTSA-16-1.html b/website/DTSA/DTSA-16-1.html index 103420c21b..0e2726b487 100644 --- a/website/DTSA/DTSA-16-1.html +++ b/website/DTSA/DTSA-16-1.html @@ -50,57 +50,57 @@ <dd>No<br></dd> <dt>CVE:</dt> <dd> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2098'>CAN-2005-2098</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2099'>CAN-2005-2099</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2456'>CAN-2005-2456</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2617'>CAN-2005-2617</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1913'>CAN-2005-1913</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1761'>CAN-2005-1761</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2457'>CAN-2005-2457</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2458'>CAN-2005-2458</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2459'>CAN-2005-2459</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2548'>CAN-2005-2548</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-2302'>CAN-2004-2302</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1765'>CAN-2005-1765</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1762'>CAN-2005-1762</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1761'>CAN-2005-1761</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2555'>CAN-2005-2555</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2098'>CVE-2005-2098</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2099'>CVE-2005-2099</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2456'>CVE-2005-2456</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2617'>CVE-2005-2617</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1913'>CVE-2005-1913</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1761'>CVE-2005-1761</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2457'>CVE-2005-2457</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2458'>CVE-2005-2458</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2459'>CVE-2005-2459</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2548'>CVE-2005-2548</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2302'>CVE-2004-2302</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1765'>CVE-2005-1765</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1762'>CVE-2005-1762</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1761'>CVE-2005-1761</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2555'>CVE-2005-2555</a> <br></dd> <br><dt>More information:</dt> <dd>Several security related problems have been found in version 2.6 of the <br> linux kernel. The Common Vulnerabilities and Exposures project identifies <br> the following problems: <br> <br> -CAN-2004-2302 <br> +CVE-2004-2302 <br> <br> Race condition in the sysfs_read_file and sysfs_write_file functions in <br> Linux kernel before 2.6.10 allows local users to read kernel memory and <br> cause a denial of service (crash) via large offsets in sysfs files. <br> <br> -CAN-2005-1761 <br> +CVE-2005-1761 <br> <br> Vulnerability in the Linux kernel allows local users to cause a <br> denial of service (kernel crash) via ptrace. <br> <br> -CAN-2005-1762 <br> +CVE-2005-1762 <br> <br> The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 <br> platform allows local users to cause a denial of service (kernel crash) via <br> a "non-canonical" address. <br> <br> -CAN-2005-1765 <br> +CVE-2005-1765 <br> <br> syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, when <br> running in 32-bit compatibility mode, allows local users to cause a denial <br> of service (kernel hang) via crafted arguments. <br> <br> -CAN-2005-1913 <br> +CVE-2005-1913 <br> <br> When a non group-leader thread called exec() to execute a different program <br> while an itimer was pending, the timer expiry would signal the old group <br> leader task, which did not exist any more. This caused a kernel panic. <br> <br> -CAN-2005-2098 <br> +CVE-2005-2098 <br> <br> The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before <br> 2.6.12.5 contains an error path that does not properly release the session <br> @@ -109,7 +109,7 @@ CAN-2005-2098 <br> empty name string, (2) with a long name string, (3) with the key quota <br> reached, or (4) ENOMEM. <br> <br> -CAN-2005-2099 <br> +CVE-2005-2099 <br> <br> The Linux kernel before 2.6.12.5 does not properly destroy a keyring that <br> is not instantiated properly, which allows local users or remote attackers <br> @@ -117,7 +117,7 @@ CAN-2005-2099 <br> that is not empty, which causes the creation to fail, leading to a null <br> dereference in the keyring destructor. <br> <br> -CAN-2005-2456 <br> +CVE-2005-2456 <br> <br> Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c <br> in Linux kernel 2.6 allows local users to cause a denial of service (oops <br> @@ -125,41 +125,41 @@ CAN-2005-2456 <br> larger than XFRM_POLICY_OUT, which is used as an index in the <br> sock->sk_policy array. <br> <br> -CAN-2005-2457 <br> +CVE-2005-2457 <br> <br> The driver for compressed ISO file systems (zisofs) in the Linux kernel <br> before 2.6.12.5 allows local users and remote attackers to cause a denial <br> of service (kernel crash) via a crafted compressed ISO file system. <br> <br> -CAN-2005-2458 <br> +CVE-2005-2458 <br> <br> inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 allows <br> remote attackers to cause a denial of service (kernel crash) via a <br> compressed file with "improper tables". <br> <br> -CAN-2005-2459 <br> +CVE-2005-2459 <br> <br> The huft_build function in inflate.c in the zlib routines in the Linux <br> kernel before 2.6.12.5 returns the wrong value, which allows remote <br> attackers to cause a denial of service (kernel crash) via a certain <br> compressed file that leads to a null pointer dereference, a different <br> - vulnerbility than CAN-2005-2458. <br> + vulnerbility than CVE-2005-2458. <br> <br> -CAN-2005-2548 <br> +CVE-2005-2548 <br> <br> vlan_dev.c in Linux kernel 2.6.8 allows remote attackers to cause a denial <br> of service (kernel oops from null dereference) via certain UDP packets that <br> lead to a function call with the wrong argument, as demonstrated using <br> snmpwalk on snmpd. <br> <br> -CAN-2005-2555 <br> +CVE-2005-2555 <br> <br> Linux kernel 2.6.x does not properly restrict socket policy access to users <br> with the CAP_NET_ADMIN capability, which could allow local users to conduct <br> unauthorized activities via (1) ipv4/ip_sockglue.c and (2) <br> ipv6/ipv6_sockglue.c. <br> <br> -CAN-2005-2617 <br> +CVE-2005-2617 <br> <br> The syscall32_setup_pages function in syscall32.c for Linux kernel 2.6.12 <br> and later, on the amd64 architecture, does not check the return value of <br> diff --git a/website/DTSA/DTSA-17-1.html b/website/DTSA/DTSA-17-1.html index 5ad4425568..33e9aea2e9 100644 --- a/website/DTSA/DTSA-17-1.html +++ b/website/DTSA/DTSA-17-1.html @@ -50,7 +50,7 @@ <dd>No<br></dd> <dt>CVE:</dt> <dd> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2672'>CAN-2005-2672</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2672'>CVE-2005-2672</a> <br></dd> <br><dt>More information:</dt> <dd>Javier Fernández-Sanguino Peña discovered that a script included in <br> diff --git a/website/DTSA/DTSA-19-1.html b/website/DTSA/DTSA-19-1.html index 8fa9a17838..491fe9dac8 100644 --- a/website/DTSA/DTSA-19-1.html +++ b/website/DTSA/DTSA-19-1.html @@ -50,17 +50,17 @@ <dd>No<br></dd> <dt>CVE:</dt> <dd> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2919'>CAN-2005-2919</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2920'>CAN-2005-2920</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2919'>CVE-2005-2919</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2920'>CVE-2005-2920</a> <br></dd> <br><dt>More information:</dt> <dd>Multiple security holes were found in clamav: <br> <br> -CAN-2005-2919 <br> +CVE-2005-2919 <br> <br> A possible infinate loop has been discovered in libclamav/fsg.c <br> <br> -CAN-2005-2920 <br> +CVE-2005-2920 <br> <br> A possible buffer overflow has been found in libclamav/upx.c <br> <br> diff --git a/website/DTSA/DTSA-2-1.html b/website/DTSA/DTSA-2-1.html index 67378fc896..ffd77f9704 100644 --- a/website/DTSA/DTSA-2-1.html +++ b/website/DTSA/DTSA-2-1.html @@ -50,33 +50,33 @@ <dd>No<br></dd> <dt>CVE:</dt> <dd> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2448'>CAN-2005-2448</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2370'>CAN-2005-2370</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2369'>CAN-2005-2369</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1914'>CAN-2005-1914</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2448'>CVE-2005-2448</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2370'>CVE-2005-2370</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2369'>CVE-2005-2369</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1914'>CVE-2005-1914</a> <br></dd> <br><dt>More information:</dt> <dd>centericq in testing is vulnerable to multiple security holes: <br> <br> -CAN-2005-2448 <br> +CVE-2005-2448 <br> <br> Multiple endianness errors in libgadu, which is embedded in centericq, <br> allow remote attackers to cause a denial of service (invalid behaviour in <br> applications) on big-endian systems. <br> <br> -CAN-2005-2370 <br> +CVE-2005-2370 <br> <br> Multiple memory alignment errors in libgadu, which is embedded in <br> centericq, allows remote attackers to cause a denial of service (bus error) <br> on certain architectures such as SPARC via an incoming message. <br> <br> -CAN-2005-2369 <br> +CVE-2005-2369 <br> <br> Multiple integer signedness errors in libgadu, which is embedded in <br> centericq, may allow remote attackers to cause a denial of service <br> or execute arbitrary code. <br> <br> -CAN-2005-1914 <br> +CVE-2005-1914 <br> <br> centericq creates temporary files with predictable file names, which <br> allows local users to overwrite arbitrary files via a symlink attack. <br> diff --git a/website/DTSA/DTSA-20-1.html b/website/DTSA/DTSA-20-1.html index 6c00538b7e..ce67a49b85 100644 --- a/website/DTSA/DTSA-20-1.html +++ b/website/DTSA/DTSA-20-1.html @@ -50,12 +50,12 @@ <dd>No<br></dd> <dt>CVE:</dt> <dd> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2878'>CAN-2005-2878</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2878'>CVE-2005-2878</a> <br></dd> <br><dt>More information:</dt> <dd>A format string vulnerability has been discovered in Mailutils. <br> <br> -CAN-2005-2878 <br> +CVE-2005-2878 <br> A format string vulnerability in search.c in the imap4d server in GNU <br> Mailutils 0.6 allows remote authenticated users to execute arbitrary code via <br> format string specifiers in the SEARCH command. <br> diff --git a/website/DTSA/DTSA-3-1.html b/website/DTSA/DTSA-3-1.html index 6051d99f47..166b913702 100644 --- a/website/DTSA/DTSA-3-1.html +++ b/website/DTSA/DTSA-3-1.html @@ -50,42 +50,42 @@ <dd>No<br></dd> <dt>CVE:</dt> <dd> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2070'>CAN-2005-2070</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1923'>CAN-2005-1923</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2056'>CAN-2005-2056</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1922'>CAN-2005-1922</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2450'>CAN-2005-2450</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2070'>CVE-2005-2070</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1923'>CVE-2005-1923</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2056'>CVE-2005-2056</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1922'>CVE-2005-1922</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2450'>CVE-2005-2450</a> <br></dd> <br><dt>More information:</dt> <dd>Multiple security holes were found in clamav: <br> <br> -CAN-2005-2070 <br> +CVE-2005-2070 <br> <br> The ClamAV Mail fILTER (clamav-milter), when used in Sendmail using long <br> timeouts, allows remote attackers to cause a denial of service by keeping <br> an open connection, which prevents ClamAV from reloading. <br> <br> -CAN-2005-1923 <br> +CVE-2005-1923 <br> <br> The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) allows remote <br> attackers to cause a denial of service (CPU consumption by infinite loop) <br> via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff, <br> which causes a zero-length read. <br> <br> -CAN-2005-2056 <br> +CVE-2005-2056 <br> <br> The Quantum archive decompressor in Clam AntiVirus (ClamAV) allows remote <br> attackers to cause a denial of service (application crash) via a crafted <br> Quantum archive. <br> <br> -CAN-2005-1922 <br> +CVE-2005-1922 <br> <br> The MS-Expand file handling in Clam AntiVirus (ClamAV) allows remote <br> attackers to cause a denial of service (file descriptor and memory <br> consumption) via a crafted file that causes repeated errors in the <br> cli_msexpand function. <br> <br> -CAN-2005-2450 <br> +CVE-2005-2450 <br> <br> Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file <br> format processors in libclamav for Clam AntiVirus (ClamAV) allow remote <br> diff --git a/website/DTSA/DTSA-4-1.html b/website/DTSA/DTSA-4-1.html index cc986a68d9..910fa05ece 100644 --- a/website/DTSA/DTSA-4-1.html +++ b/website/DTSA/DTSA-4-1.html @@ -50,38 +50,38 @@ <dd>No<br></dd> <dt>CVE:</dt> <dd> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1916'>CAN-2005-1916</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1851'>CAN-2005-1851</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1850'>CAN-2005-1850</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1852'>CAN-2005-1852</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2448'>CAN-2005-2448</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1916'>CVE-2005-1916</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1851'>CVE-2005-1851</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1850'>CVE-2005-1850</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1852'>CVE-2005-1852</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2448'>CVE-2005-2448</a> <br></dd> <br><dt>More information:</dt> <dd>Multiple vulnerabilities were discovered in ekg: <br> <br> -CAN-2005-1916 <br> +CVE-2005-1916 <br> <br> Eric Romang discovered insecure temporary file creation and arbitrary <br> command execution in a contributed script that can be exploited by a local <br> attacker. <br> <br> -CAN-2005-1851 <br> +CVE-2005-1851 <br> <br> Marcin Owsiany and Wojtek Kaniewski discovered potential shell command <br> injection in a contributed script. <br> <br> -CAN-2005-1850 <br> +CVE-2005-1850 <br> <br> Marcin Owsiany and Wojtek Kaniewski discovered insecure temporary file <br> creation in contributed scripts. <br> <br> -CAN-2005-1852 <br> +CVE-2005-1852 <br> <br> Multiple integer overflows in libgadu, as used in ekg, allows remote <br> attackers to cause a denial of service (crash) and possibly execute <br> arbitrary code via an incoming message. <br> <br> -CAN-2005-2448 <br> +CVE-2005-2448 <br> <br> Multiple endianness errors in libgadu in ekg allow remote attackers to <br> cause a denial of service (invalid behaviour in applications) on <br> diff --git a/website/DTSA/DTSA-5-1.html b/website/DTSA/DTSA-5-1.html index ceace6bdeb..07d90a7ac3 100644 --- a/website/DTSA/DTSA-5-1.html +++ b/website/DTSA/DTSA-5-1.html @@ -50,26 +50,26 @@ <dd>No<br></dd> <dt>CVE:</dt> <dd> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2102'>CAN-2005-2102</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2370'>CAN-2005-2370</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2103'>CAN-2005-2103</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2102'>CVE-2005-2102</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2370'>CVE-2005-2370</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2103'>CVE-2005-2103</a> <br></dd> <br><dt>More information:</dt> <dd>Multiple security holes were found in gaim: <br> <br> -CAN-2005-2102 <br> +CVE-2005-2102 <br> <br> The AIM/ICQ module in Gaim allows remote attackers to cause a denial of <br> service (application crash) via a filename that contains invalid UTF-8 <br> characters. <br> <br> -CAN-2005-2370 <br> +CVE-2005-2370 <br> <br> Multiple memory alignment errors in libgadu, as used in gaim and other <br> packages, allow remote attackers to cause a denial of service (bus error) <br> on certain architectures such as SPARC via an incoming message. <br> <br> -CAN-2005-2103 <br> +CVE-2005-2103 <br> <br> Buffer overflow in the AIM and ICQ module in Gaim allows remote attackers <br> to cause a denial of service (application crash) and possibly execute <br> diff --git a/website/DTSA/DTSA-7-1.html b/website/DTSA/DTSA-7-1.html index 65541319f5..efc3726e1a 100644 --- a/website/DTSA/DTSA-7-1.html +++ b/website/DTSA/DTSA-7-1.html @@ -50,8 +50,8 @@ <dd>No<br></dd> <dt>CVE:</dt> <dd> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0718'>CAN-2004-0718</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1937'>CAN-2005-1937</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0718'>CVE-2004-0718</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1937'>CVE-2005-1937</a> <br></dd> <br><dt>More information:</dt> <dd>A vulnerability has been discovered in Mozilla that allows remote attackers <br> diff --git a/website/DTSA/DTSA-8-2.html b/website/DTSA/DTSA-8-2.html index 88d4ff4cbf..71fcce7a34 100644 --- a/website/DTSA/DTSA-8-2.html +++ b/website/DTSA/DTSA-8-2.html @@ -50,19 +50,19 @@ <dd>No<br></dd> <dt>CVE:</dt> <dd> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0718'>CAN-2004-0718</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1937'>CAN-2005-1937</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2260'>CAN-2005-2260</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2261'>CAN-2005-2261</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2262'>CAN-2005-2262</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2263'>CAN-2005-2263</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2264'>CAN-2005-2264</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2265'>CAN-2005-2265</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2266'>CAN-2005-2266</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2267'>CAN-2005-2267</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2268'>CAN-2005-2268</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2269'>CAN-2005-2269</a> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2270'>CAN-2005-2270</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0718'>CVE-2004-0718</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1937'>CVE-2005-1937</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2260'>CVE-2005-2260</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2261'>CVE-2005-2261</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2262'>CVE-2005-2262</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2263'>CVE-2005-2263</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2264'>CVE-2005-2264</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2265'>CVE-2005-2265</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2266'>CVE-2005-2266</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2267'>CVE-2005-2267</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2268'>CVE-2005-2268</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2269'>CVE-2005-2269</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2270'>CVE-2005-2270</a> <br></dd> <br><dt>More information:</dt> <dd>We experienced that the update for Mozilla Firefox from DTSA-8-1 <br> @@ -74,65 +74,65 @@ text: <br> <br> Several problems were discovered in Mozilla Firefox: <br> <br> -CAN-2004-0718 CAN-2005-1937 <br> +CVE-2004-0718 CVE-2005-1937 <br> <br> A vulnerability has been discovered in Mozilla Firefox that allows remote <br> attackers to inject arbitrary Javascript from one page into the frameset of <br> another site. <br> <br> -CAN-2005-2260 <br> +CVE-2005-2260 <br> <br> The browser user interface does not properly distinguish between <br> user-generated events and untrusted synthetic events, which makes it easier <br> for remote attackers to perform dangerous actions that normally could only be <br> performed manually by the user. <br> <br> -CAN-2005-2261 <br> +CVE-2005-2261 <br> <br> XML scripts ran even when Javascript disabled. <br> <br> -CAN-2005-2262 <br> +CVE-2005-2262 <br> <br> The user can be tricked to executing arbitrary JavaScript code by using a <br> JavaScript URL as wallpaper. <br> <br> -CAN-2005-2263 <br> +CVE-2005-2263 <br> <br> It is possible for a remote attacker to execute a callback function in the <br> context of another domain (i.e. frame). <br> <br> -CAN-2005-2264 <br> +CVE-2005-2264 <br> <br> By opening a malicious link in the sidebar it is possible for remote <br> attackers to steal sensitive information. <br> <br> -CAN-2005-2265 <br> +CVE-2005-2265 <br> <br> Missing input sanitising of InstallVersion.compareTo() can cause the <br> application to crash. <br> <br> -CAN-2005-2266 <br> +CVE-2005-2266 <br> <br> Remote attackers could steal sensitive information such as cookies and <br> passwords from web sites by accessing data in alien frames. <br> <br> -CAN-2005-2267 <br> +CVE-2005-2267 <br> <br> By using standalone applications such as Flash and QuickTime to open a <br> javascript: URL, it is possible for a remote attacker to steal sensitive <br> information and possibly execute arbitrary code. <br> <br> -CAN-2005-2268 <br> +CVE-2005-2268 <br> <br> It is possible for a Javascript dialog box to spoof a dialog box from a <br> trusted site and facilitates phishing attacks. <br> <br> -CAN-2005-2269 <br> +CVE-2005-2269 <br> <br> Remote attackers could modify certain tag properties of DOM nodes that could <br> lead to the execution of arbitrary script or code. <br> <br> -CAN-2005-2270 <br> +CVE-2005-2270 <br> <br> The Mozilla browser family does not properly clone base objects, which allows <br> remote attackers to execute arbitrary code. <br> diff --git a/website/DTSA/DTSA-9-1.html b/website/DTSA/DTSA-9-1.html index 0bd05c0239..d578a54ff0 100644 --- a/website/DTSA/DTSA-9-1.html +++ b/website/DTSA/DTSA-9-1.html @@ -50,7 +50,7 @@ <dd>No<br></dd> <dt>CVE:</dt> <dd> -<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2547'>CAN-2005-2547</a> +<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2547'>CVE-2005-2547</a> <br></dd> <br><dt>More information:</dt> <dd>A bug in bluez-utils allows remote attackers to execute arbitrary commands <br> diff --git a/website/index.html b/website/index.html index 3367188c8f..79bae68284 100644 --- a/website/index.html +++ b/website/index.html @@ -92,7 +92,7 @@ <p> The team maintains a database (actually some files) that contain - our notes about all CVEs, CANs, and DSAs. This database is available + our notes about all CVEs and DSAs. This database is available <a href="http://svn.debian.org/wsvn/secure-testing">from subversion</a>, and may be checked out from <tt>svn://svn.debian.org/secure-testing/</tt>. @@ -191,7 +191,7 @@ then check the <a href="logs/dtsasync">log file</a> and/or upgrade a test machine.</li> <li>cd data/DTSA; ./sndadvisory DTSA-n-1</li> - <li>Edit CAN/list and DSA/list to list the version of the + <li>Edit CVE/list and DSA/list to list the version of the package that is in the secure-testing archive as fixing the holes. This is unfortunatly currently necessary for the fix to appear as a fix on the tracking page.</li> |