From 869113068c245cca2e4eadcc5d6aa1122a48b80a Mon Sep 17 00:00:00 2001
From: Stefan Fritsch <sf@sfritsch.de>
Date: Fri, 29 Jun 2007 16:34:06 +0000
Subject: krb5 fixed

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@6075 e39458fd-73e7-0310-bf30-c45bca0a0e42
---
 bin/updatehtmllist |  50 ++++++++------
 data/CVE/2007.list |   6 +-
 website/list.html  | 197 ++++++++++++++++++++++++++++++++---------------------
 website/style.css  |   4 ++
 4 files changed, 154 insertions(+), 103 deletions(-)
diff --git a/bin/updatehtmllist b/bin/updatehtmllist
index 977b378dd4..d3f50f5aed 100755
--- a/bin/updatehtmllist
+++ b/bin/updatehtmllist
@@ -23,7 +23,7 @@ while(<HEAD>) {
 }
 close HEAD;	
 
-print OUT "<dl>\n";
+print OUT "<table class='.list'>\n";
 
 my $pack = 0;
 my $date = "";
@@ -31,30 +31,25 @@ my $dtsa = "";
 my $package = "";
 my $desc = "";
 open (LIST,@ARGV[0]) || die("Could not open list ".@ARGV[0].": $!");
-while(<LIST>) {
-	$line = $_ ;
-	if ($line=~/^(\[.+\]) (DTSA-[0-9]+-[0-9]+) ([^ ].+) - (.+)$/) {
-		if ($pack == 1) {
-			# print the previous acvisory, as it wasn't unreleased
-			print OUT "<dt>$date <a href='DTSA/$dtsa.html'>$dtsa $package</a></dt>\n";
-			print OUT "<dd>$desc</dd>\n";
-		}
-		$date = $1;
-		$dtsa = $2;
-		$package = $3;
-		$desc = $4;
-		$pack = 1;
+my @list;
+{
+	local $/="\n\[";
+	@list = reverse <LIST>;
+}
+close LIST;
+
+foreach my $entry (@list) {
+	next if $entry =~ /TODO: unreleased/;
+	if ($entry=~/^\[?(.+)\] (DTSA-[0-9]+-[0-9]+) ([^ ].+) - (.+)$/m) {
+		print OUT htmlentry($1, $2, $3, $4);
 	}
-	if ($line=~/TODO: unreleased$/) {
-		$pack = 0;
+	else {
+		print STDERR "invalid entry:\n$entry";
 	}
 }
-if ($pack == 1) {
-	# print the previous acvisory, as it wasn't unreleased
-	print OUT "<dt>$date <a href='DTSA/$dtsa.html'>$dtsa $package</a></dt>\n";
-	print OUT "<dd>$desc</dd>\n";
-}
-print OUT "</dl>\n";
+
+print OUT "</table>\n";
+
 
 open (FOOT,"footer.html") || die("Could not open footer.html: $!"); ;
 while(<FOOT>) {
@@ -68,3 +63,14 @@ if (defined $output) {
 	rename("$output.tmp.$$", $output) || die "rename: $!";
 }
 
+
+
+sub htmlentry {
+	my ($date, $dtsa, $package, $desc) = @_;
+	return << "EOF";
+<tr><td>$date</td><td> <a href='DTSA/$dtsa.html'>$dtsa $package</a></td>\n
+<td>$desc</td></tr>
+EOF
+}
+
+
diff --git a/data/CVE/2007.list b/data/CVE/2007.list
index e691cbf33b..d33600b01e 100644
--- a/data/CVE/2007.list
+++ b/data/CVE/2007.list
@@ -1458,7 +1458,7 @@ CVE-2007-2800
 CVE-2007-2799 (Integer overflow in the &quot;file&quot; program 4.20, when running on 32-bit ...)
 	- file 4.21-1 (medium)	
 CVE-2007-2798 (Stack-based buffer overflow in the rename_principal_2_svc function in ...)
-	- krb5 <unfixed> (high; bug #430785)
+	- krb5 1.6.dfsg.1-5 (high; bug #430785)
 CVE-2007-XXXX [mantis multiple issues fixed in 1.0.7]
 	- mantis 1.0.7+dfsg-1
 	NOTE: "email notifications bypass security on custom fields" and "XSS vulnerabilities"
@@ -2232,9 +2232,9 @@ CVE-2007-2444 (Logic error in the SID/Name translation functionality in smbd in
 	{DSA-1291-2 DTSA-41-1}
 	- samba 3.0.25-1
 CVE-2007-2443 (Integer signedness error in the gssrpc__svcauth_unix function in ...)
-	- krb5 <unfixed> (bug #430787; medium)
+	- krb5 1.6.dfsg.1-5 (bug #430787; medium)
 CVE-2007-2442 (The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos ...)
-	- krb5 <unfixed> (bug #430787; high)
+	- krb5 1.6.dfsg.1-5 (bug #430787; high)
 CVE-2007-2441 (Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for ...)
 	NOT-FOR-US: Caucho Resin Professional
 CVE-2007-2440 (Directory traversal vulnerability in Caucho Resin Professional 3.1.0 ...)
diff --git a/website/list.html b/website/list.html
index bbeeb6f734..63c7613387 100644
--- a/website/list.html
+++ b/website/list.html
@@ -36,84 +36,125 @@
     </table>
 
 <!-- header -->
-<dl>
-<dt>[August 26th, 2005] <a href='DTSA/DTSA-1-1.html'>DTSA-1-1 kismet</a></dt>
-<dd>various</dd>
-<dt>[August 28th, 2005] <a href='DTSA/DTSA-2-1.html'>DTSA-2-1 centericq</a></dt>
-<dd>multiple vulnerabilities</dd>
-<dt>[August 28th, 2005] <a href='DTSA/DTSA-3-1.html'>DTSA-3-1 clamav</a></dt>
-<dd>denial of service and privilege escalation</dd>
-<dt>[August 28th, 2005] <a href='DTSA/DTSA-4-1.html'>DTSA-4-1 ekg</a></dt>
-<dd>multiple vulnerabilities</dd>
-<dt>[August 28th, 2005] <a href='DTSA/DTSA-5-1.html'>DTSA-5-1 gaim</a></dt>
-<dd>multiple remote vulnerabilities</dd>
-<dt>[August 28th, 2005] <a href='DTSA/DTSA-6-1.html'>DTSA-6-1 cgiwrap</a></dt>
-<dd>multiple vulnerabilities</dd>
-<dt>[August 28th, 2005] <a href='DTSA/DTSA-7-1.html'>DTSA-7-1 mozilla</a></dt>
-<dd>frame injection spoofing</dd>
-<dt>[September 1st, 2005] <a href='DTSA/DTSA-8-2.html'>DTSA-8-2 mozilla-firefox</a></dt>
-<dd>several vulnerabilities (update)</dd>
-<dt>[August 31st, 2005] <a href='DTSA/DTSA-9-1.html'>DTSA-9-1 bluez-utils</a></dt>
-<dd>bad device name escaping</dd>
-<dt>[August 29th, 2005] <a href='DTSA/DTSA-10-1.html'>DTSA-10-1 pcre3</a></dt>
-<dd>buffer overflow</dd>
-<dt>[August 29th, 2005] <a href='DTSA/DTSA-11-1.html'>DTSA-11-1 maildrop</a></dt>
-<dd>local privilege escalation</dd>
-<dt>[September 8th, 2005] <a href='DTSA/DTSA-12-1.html'>DTSA-12-1 vim</a></dt>
-<dd>modeline exploits</dd>
-<dt>[September 8th, 2005] <a href='DTSA/DTSA-13-1.html'>DTSA-13-1 evolution</a></dt>
-<dd>format string vulnerabilities</dd>
-<dt>[September 13th, 2005] <a href='DTSA/DTSA-14-1.html'>DTSA-14-1 mozilla</a></dt>
-<dd>several</dd>
-<dt>[September 13th, 2005] <a href='DTSA/DTSA-15-1.html'>DTSA-15-1 php4</a></dt>
-<dd>several vulnerabilities</dd>
-<dt>[September 15th, 2005] <a href='DTSA/DTSA-16-1.html'>DTSA-16-1 linux-2.6</a></dt>
-<dd>various</dd>
-<dt>[September 15th, 2005] <a href='DTSA/DTSA-17-1.html'>DTSA-17-1 lm-sensors</a></dt>
-<dd>insecure temporary file</dd>
-<dt>[September 22nd, 2005] <a href='DTSA/DTSA-19-1.html'>DTSA-19-1 clamav</a></dt>
-<dd>buffer overflow and infinate loop problems</dd>
-<dt>[October 13th, 2005] <a href='DTSA/DTSA-20-1.html'>DTSA-20-1 mailutils</a></dt>
-<dd>Format string vulnerability</dd>
-<dt>[November 3rd, 2005] <a href='DTSA/DTSA-21-1.html'>DTSA-21-1 clamav</a></dt>
-<dd>Denial of service vulnerabilities and buffer overflow</dd>
-<dt>[December 5th, 2005] <a href='DTSA/DTSA-22-1.html'>DTSA-22-1 uim</a></dt>
-<dd>local privilege escalation</dd>
-<dt>[December 5th, 2005] <a href='DTSA/DTSA-23-1.html'>DTSA-23-1 centericq</a></dt>
-<dd>buffer overflow</dd>
-<dt>[December 5th, 2005] <a href='DTSA/DTSA-24-1.html'>DTSA-24-1 inkscape</a></dt>
-<dd>buffer overflow</dd>
-<dt>[December 5th, 2005] <a href='DTSA/DTSA-25-1.html'>DTSA-25-1 smb4k</a></dt>
-<dd>access validation error</dd>
-<dt>[December 5th, 2005] <a href='DTSA/DTSA-26-1.html'>DTSA-26-1 trackballs</a></dt>
-<dd>symlink attack</dd>
-<dt>[January 20th, 2006] <a href='DTSA/DTSA-27-1.html'>DTSA-27-1 fuse</a></dt>
-<dd>potential data corruption when installed seduid root</dd>
-<dt>[January 25th, 2005] <a href='DTSA/DTSA-28-1.html'>DTSA-28-1 gpdf</a></dt>
-<dd>multiple vulnerabilities</dd>
-<dt>[June 15th, 2006] <a href='DTSA/DTSA-29-1.html'>DTSA-29-1 blender</a></dt>
-<dd>heap-based buffer overflow</dd>
-<dt>[September 27th, 2006] <a href='DTSA/DTSA-31-1.html'>DTSA-31-1 hyperestraier</a></dt>
-<dd>cross-site request forgery (CSRF) vulnerability</dd>
-<dt>[February 1st, 2007] <a href='DTSA/DTSA-32-1.html'>DTSA-32-1 bcfg2</a></dt>
-<dd>programming error</dd>
-<dt>[February 12th, 2007] <a href='DTSA/DTSA-33-1.html'>DTSA-33-1 wordpress</a></dt>
-<dd>multiple vulnerabilities</dd>
-<dt>[March 3rd, 2007] <a href='DTSA/DTSA-34-1.html'>DTSA-34-1 wordpress</a></dt>
-<dd>cross-site scripting</dd>
-<dt>[May 22th, 2007] <a href='DTSA/DTSA-35-1.html'>DTSA-35-1 aircrack-ng</a></dt>
-<dd>programming error</dd>
-<dt>[May 22th, 2007] <a href='DTSA/DTSA-36-1.html'>DTSA-36-1 mydns</a></dt>
-<dd>multiple buffer overflows</dd>
-<dt>[May 22th, 2007] <a href='DTSA/DTSA-37-1.html'>DTSA-37-1 clamav</a></dt>
-<dd>several vulnerabilities</dd>
-<dt>[May 26th, 2007] <a href='DTSA/DTSA-38-1.html'>DTSA-38-1 qemu</a></dt>
-<dd>several vulnerabilities</dd>
-<dt>[May 28th, 2007] <a href='DTSA/DTSA-39-1.html'>DTSA-39-1 php5</a></dt>
-<dd>several vulnerabilities</dd>
-<dt>[May 28th, 2007] <a href='DTSA/DTSA-40-1.html'>DTSA-40-1 php4</a></dt>
-<dd>several vulnerabilities</dd>
-</dl>
+<table class='.list'>
+<tr><td>May 31th, 2007</td><td> <a href='DTSA/DTSA-41-1.html'>DTSA-41-1 samba</a></td>
+
+<td>several vulnerabilities</td></tr>
+<tr><td>May 28th, 2007</td><td> <a href='DTSA/DTSA-40-1.html'>DTSA-40-1 php4</a></td>
+
+<td>several vulnerabilities</td></tr>
+<tr><td>May 28th, 2007</td><td> <a href='DTSA/DTSA-39-1.html'>DTSA-39-1 php5</a></td>
+
+<td>several vulnerabilities</td></tr>
+<tr><td>May 26th, 2007</td><td> <a href='DTSA/DTSA-38-1.html'>DTSA-38-1 qemu</a></td>
+
+<td>several vulnerabilities</td></tr>
+<tr><td>May 22th, 2007</td><td> <a href='DTSA/DTSA-37-1.html'>DTSA-37-1 clamav</a></td>
+
+<td>several vulnerabilities</td></tr>
+<tr><td>May 22th, 2007</td><td> <a href='DTSA/DTSA-36-1.html'>DTSA-36-1 mydns</a></td>
+
+<td>multiple buffer overflows</td></tr>
+<tr><td>May 22th, 2007</td><td> <a href='DTSA/DTSA-35-1.html'>DTSA-35-1 aircrack-ng</a></td>
+
+<td>programming error</td></tr>
+<tr><td>March 3rd, 2007</td><td> <a href='DTSA/DTSA-34-1.html'>DTSA-34-1 wordpress</a></td>
+
+<td>cross-site scripting</td></tr>
+<tr><td>February 12th, 2007</td><td> <a href='DTSA/DTSA-33-1.html'>DTSA-33-1 wordpress</a></td>
+
+<td>multiple vulnerabilities</td></tr>
+<tr><td>February 1st, 2007</td><td> <a href='DTSA/DTSA-32-1.html'>DTSA-32-1 bcfg2</a></td>
+
+<td>programming error</td></tr>
+<tr><td>September 27th, 2006</td><td> <a href='DTSA/DTSA-31-1.html'>DTSA-31-1 hyperestraier</a></td>
+
+<td>cross-site request forgery (CSRF) vulnerability</td></tr>
+<tr><td>June 15th, 2006</td><td> <a href='DTSA/DTSA-29-1.html'>DTSA-29-1 blender</a></td>
+
+<td>heap-based buffer overflow</td></tr>
+<tr><td>January 25th, 2005</td><td> <a href='DTSA/DTSA-28-1.html'>DTSA-28-1 gpdf</a></td>
+
+<td>multiple vulnerabilities</td></tr>
+<tr><td>January 20th, 2006</td><td> <a href='DTSA/DTSA-27-1.html'>DTSA-27-1 fuse</a></td>
+
+<td>potential data corruption when installed seduid root</td></tr>
+<tr><td>December 5th, 2005</td><td> <a href='DTSA/DTSA-26-1.html'>DTSA-26-1 trackballs</a></td>
+
+<td>symlink attack</td></tr>
+<tr><td>December 5th, 2005</td><td> <a href='DTSA/DTSA-25-1.html'>DTSA-25-1 smb4k</a></td>
+
+<td>access validation error</td></tr>
+<tr><td>December 5th, 2005</td><td> <a href='DTSA/DTSA-24-1.html'>DTSA-24-1 inkscape</a></td>
+
+<td>buffer overflow</td></tr>
+<tr><td>December 5th, 2005</td><td> <a href='DTSA/DTSA-23-1.html'>DTSA-23-1 centericq</a></td>
+
+<td>buffer overflow</td></tr>
+<tr><td>December 5th, 2005</td><td> <a href='DTSA/DTSA-22-1.html'>DTSA-22-1 uim</a></td>
+
+<td>local privilege escalation</td></tr>
+<tr><td>November 3rd, 2005</td><td> <a href='DTSA/DTSA-21-1.html'>DTSA-21-1 clamav</a></td>
+
+<td>Denial of service vulnerabilities and buffer overflow</td></tr>
+<tr><td>October 13th, 2005</td><td> <a href='DTSA/DTSA-20-1.html'>DTSA-20-1 mailutils</a></td>
+
+<td>Format string vulnerability</td></tr>
+<tr><td>September 22nd, 2005</td><td> <a href='DTSA/DTSA-19-1.html'>DTSA-19-1 clamav</a></td>
+
+<td>buffer overflow and infinate loop problems</td></tr>
+<tr><td>September 15th, 2005</td><td> <a href='DTSA/DTSA-17-1.html'>DTSA-17-1 lm-sensors</a></td>
+
+<td>insecure temporary file</td></tr>
+<tr><td>September 15th, 2005</td><td> <a href='DTSA/DTSA-16-1.html'>DTSA-16-1 linux-2.6</a></td>
+
+<td>various</td></tr>
+<tr><td>September 13th, 2005</td><td> <a href='DTSA/DTSA-15-1.html'>DTSA-15-1 php4</a></td>
+
+<td>several vulnerabilities</td></tr>
+<tr><td>September 13th, 2005</td><td> <a href='DTSA/DTSA-14-1.html'>DTSA-14-1 mozilla</a></td>
+
+<td>several</td></tr>
+<tr><td>September 8th, 2005</td><td> <a href='DTSA/DTSA-13-1.html'>DTSA-13-1 evolution</a></td>
+
+<td>format string vulnerabilities</td></tr>
+<tr><td>September 8th, 2005</td><td> <a href='DTSA/DTSA-12-1.html'>DTSA-12-1 vim</a></td>
+
+<td>modeline exploits</td></tr>
+<tr><td>August 29th, 2005</td><td> <a href='DTSA/DTSA-11-1.html'>DTSA-11-1 maildrop</a></td>
+
+<td>local privilege escalation</td></tr>
+<tr><td>August 29th, 2005</td><td> <a href='DTSA/DTSA-10-1.html'>DTSA-10-1 pcre3</a></td>
+
+<td>buffer overflow</td></tr>
+<tr><td>August 31st, 2005</td><td> <a href='DTSA/DTSA-9-1.html'>DTSA-9-1 bluez-utils</a></td>
+
+<td>bad device name escaping</td></tr>
+<tr><td>September 1st, 2005</td><td> <a href='DTSA/DTSA-8-2.html'>DTSA-8-2 mozilla-firefox</a></td>
+
+<td>several vulnerabilities (update)</td></tr>
+<tr><td>August 28th, 2005</td><td> <a href='DTSA/DTSA-7-1.html'>DTSA-7-1 mozilla</a></td>
+
+<td>frame injection spoofing</td></tr>
+<tr><td>August 28th, 2005</td><td> <a href='DTSA/DTSA-6-1.html'>DTSA-6-1 cgiwrap</a></td>
+
+<td>multiple vulnerabilities</td></tr>
+<tr><td>August 28th, 2005</td><td> <a href='DTSA/DTSA-5-1.html'>DTSA-5-1 gaim</a></td>
+
+<td>multiple remote vulnerabilities</td></tr>
+<tr><td>August 28th, 2005</td><td> <a href='DTSA/DTSA-4-1.html'>DTSA-4-1 ekg</a></td>
+
+<td>multiple vulnerabilities</td></tr>
+<tr><td>August 28th, 2005</td><td> <a href='DTSA/DTSA-3-1.html'>DTSA-3-1 clamav</a></td>
+
+<td>denial of service and privilege escalation</td></tr>
+<tr><td>August 28th, 2005</td><td> <a href='DTSA/DTSA-2-1.html'>DTSA-2-1 centericq</a></td>
+
+<td>multiple vulnerabilities</td></tr>
+<tr><td>August 26th, 2005</td><td> <a href='DTSA/DTSA-1-1.html'>DTSA-1-1 kismet</a></td>
+
+<td>various</td></tr>
+</table>
 <!-- footer -->
 <hr>
 <a href="http://validator.w3.org/check?uri=referer">
diff --git a/website/style.css b/website/style.css
index ec13c9e885..931d063aca 100644
--- a/website/style.css
+++ b/website/style.css
@@ -104,6 +104,10 @@ th {
  padding-right: 6px;
 }
 
+td.list {
+ border 0px;
+}
+
 td {
  font-size: 11px;
  border: 0px solid #000;
-- 
cgit v1.2.3


May 31th, 2007	DTSA-41-1 samba	several vulnerabilities
May 28th, 2007	DTSA-40-1 php4	several vulnerabilities
May 28th, 2007	DTSA-39-1 php5	several vulnerabilities
May 26th, 2007	DTSA-38-1 qemu	several vulnerabilities
May 22th, 2007	DTSA-37-1 clamav	several vulnerabilities
May 22th, 2007	DTSA-36-1 mydns	multiple buffer overflows
May 22th, 2007	DTSA-35-1 aircrack-ng	programming error
March 3rd, 2007	DTSA-34-1 wordpress	cross-site scripting
February 12th, 2007	DTSA-33-1 wordpress	multiple vulnerabilities
February 1st, 2007	DTSA-32-1 bcfg2	programming error
September 27th, 2006	DTSA-31-1 hyperestraier	cross-site request forgery (CSRF) vulnerability
June 15th, 2006	DTSA-29-1 blender	heap-based buffer overflow
January 25th, 2005	DTSA-28-1 gpdf	multiple vulnerabilities
January 20th, 2006	DTSA-27-1 fuse	potential data corruption when installed seduid root
December 5th, 2005	DTSA-26-1 trackballs	symlink attack
December 5th, 2005	DTSA-25-1 smb4k	access validation error
December 5th, 2005	DTSA-24-1 inkscape	buffer overflow
December 5th, 2005	DTSA-23-1 centericq	buffer overflow
December 5th, 2005	DTSA-22-1 uim	local privilege escalation
November 3rd, 2005	DTSA-21-1 clamav	Denial of service vulnerabilities and buffer overflow
October 13th, 2005	DTSA-20-1 mailutils	Format string vulnerability
September 22nd, 2005	DTSA-19-1 clamav	buffer overflow and infinate loop problems
September 15th, 2005	DTSA-17-1 lm-sensors	insecure temporary file
September 15th, 2005	DTSA-16-1 linux-2.6	various
September 13th, 2005	DTSA-15-1 php4	several vulnerabilities
September 13th, 2005	DTSA-14-1 mozilla	several
September 8th, 2005	DTSA-13-1 evolution	format string vulnerabilities
September 8th, 2005	DTSA-12-1 vim	modeline exploits
August 29th, 2005	DTSA-11-1 maildrop	local privilege escalation
August 29th, 2005	DTSA-10-1 pcre3	buffer overflow
August 31st, 2005	DTSA-9-1 bluez-utils	bad device name escaping
September 1st, 2005	DTSA-8-2 mozilla-firefox	several vulnerabilities (update)
August 28th, 2005	DTSA-7-1 mozilla	frame injection spoofing
August 28th, 2005	DTSA-6-1 cgiwrap	multiple vulnerabilities
August 28th, 2005	DTSA-5-1 gaim	multiple remote vulnerabilities
August 28th, 2005	DTSA-4-1 ekg	multiple vulnerabilities
August 28th, 2005	DTSA-3-1 clamav	denial of service and privilege escalation
August 28th, 2005	DTSA-2-1 centericq	multiple vulnerabilities
August 26th, 2005	DTSA-1-1 kismet	various