From 990993174b381f1b5e2b8455878c386d0869c6f9 Mon Sep 17 00:00:00 2001 From: Neil McGovern Date: Tue, 13 Sep 2005 19:06:17 +0000 Subject: Moved DTSA-16 to -15 Added missing epoch :P git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@1962 e39458fd-73e7-0310-bf30-c45bca0a0e42 --- website/DTSA/DTSA-15-1.html | 111 ++++++++++++++++++++++++++++++++++++++++++++ website/DTSA/DTSA-16-1.html | 111 -------------------------------------------- website/list.html | 4 +- 3 files changed, 113 insertions(+), 113 deletions(-) create mode 100644 website/DTSA/DTSA-15-1.html delete mode 100644 website/DTSA/DTSA-16-1.html (limited to 'website') diff --git a/website/DTSA/DTSA-15-1.html b/website/DTSA/DTSA-15-1.html new file mode 100644 index 0000000000..7adf507256 --- /dev/null +++ b/website/DTSA/DTSA-15-1.html @@ -0,0 +1,111 @@ + + + Debian testing security team - Advisory + + + + +
+ + + + + Debian Project +
+
+ + + + + + + + + + + +
+ Debian testing security team - Advisory +
+ + +
+ + +

DTSA-16-1

+
+
Date Reported:
+
September 10th, 2005
+
Affected Package:
+
php4
+
Vulnerability:
+
several vulnerabilities
+
Problem-Scope:
+
remote/local
+
Debian-specific:
+
No
+
CVE:
+
+CAN-2005-1751 +CAN-2005-1921 +CAN-2005-2498 +
+
More information:
+
Several security related problems have been found in PHP4, the 
+server-side, HTML-embedded scripting language. The Common 
+Vulnerabilities and Exposures project identifies the following 
+problems: 

+CAN-2005-1751 

+Eric Romang discovered insecure temporary files in the shtool 
+utility shipped with PHP that can exploited by a local attacker to 
+overwrite arbitrary files. Only this vulnerability affects 
+packages in oldstable. 

+CAN-2005-1921 

+GulfTech has discovered that PEAR XML_RPC is vulnerable to a 
+remote PHP code execution vulnerability that may allow an attacker 
+to compromise a vulnerable server. 

+CAN-2005-2498 

+Stefan Esser discovered another vulnerability in the XML-RPC 
+libraries that allows injection of arbitrary PHP code into eval() 
+statements. 
+
+
For the testing distribution (etch) this is fixed in version 4.3.10-16etch1
+
For the unstable distribution (sid) this is fixed in version 4.4.0-2
+
This upgrade is recommended if you use php4.
+
If you have the secure testing lines in your sources.list, you can update by running this command as root:
+ +
apt-get update && apt-get upgrade
+
+ +
+
To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:
+
+
deb http://secure-testing-mirrors.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free
+
deb-src http://secure-testing-mirrors.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free
+
+
The archive signing key can be downloaded from
+
http://secure-testing.debian.net/ziyi-2005-7.asc
+ +
+ + +
+ + Valid HTML 4.01! + + Valid CSS! + + + + diff --git a/website/DTSA/DTSA-16-1.html b/website/DTSA/DTSA-16-1.html deleted file mode 100644 index 7adf507256..0000000000 --- a/website/DTSA/DTSA-16-1.html +++ /dev/null @@ -1,111 +0,0 @@ - - - Debian testing security team - Advisory - - - - -
- - - - - Debian Project -
-
- - - - - - - - - - - -
- Debian testing security team - Advisory -
- - -
- - -

DTSA-16-1

-
-
Date Reported:
-
September 10th, 2005
-
Affected Package:
-
php4
-
Vulnerability:
-
several vulnerabilities
-
Problem-Scope:
-
remote/local
-
Debian-specific:
-
No
-
CVE:
-
-CAN-2005-1751 -CAN-2005-1921 -CAN-2005-2498 -
-
More information:
-
Several security related problems have been found in PHP4, the 
-server-side, HTML-embedded scripting language. The Common 
-Vulnerabilities and Exposures project identifies the following 
-problems: 

-CAN-2005-1751 

-Eric Romang discovered insecure temporary files in the shtool 
-utility shipped with PHP that can exploited by a local attacker to 
-overwrite arbitrary files. Only this vulnerability affects 
-packages in oldstable. 

-CAN-2005-1921 

-GulfTech has discovered that PEAR XML_RPC is vulnerable to a 
-remote PHP code execution vulnerability that may allow an attacker 
-to compromise a vulnerable server. 

-CAN-2005-2498 

-Stefan Esser discovered another vulnerability in the XML-RPC 
-libraries that allows injection of arbitrary PHP code into eval() 
-statements. 
-
-
For the testing distribution (etch) this is fixed in version 4.3.10-16etch1
-
For the unstable distribution (sid) this is fixed in version 4.4.0-2
-
This upgrade is recommended if you use php4.
-
If you have the secure testing lines in your sources.list, you can update by running this command as root:
- -
apt-get update && apt-get upgrade
-
- -
-
To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:
-
-
deb http://secure-testing-mirrors.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free
-
deb-src http://secure-testing-mirrors.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free
-
-
The archive signing key can be downloaded from
-
http://secure-testing.debian.net/ziyi-2005-7.asc
- -
- - -
- - Valid HTML 4.01! - - Valid CSS! - - - - diff --git a/website/list.html b/website/list.html index 6bcd4993ac..3c35089c04 100644 --- a/website/list.html +++ b/website/list.html @@ -63,10 +63,10 @@
modeline exploits
[September 8th, 2005] DTSA-13-1 evolution
format string vulnerabilities
-
[September 10th, 2005] DTSA-16-1 php4
-
several vulnerabilities
[September 13th, 2005] DTSA-14-1 mozilla
several
+
[September 13th, 2005] DTSA-15-1 php4
+
several vulnerabilities
-- cgit v1.2.3